code cleaning

remove development logs
remove unused engine listener
2026-04-16 23:36:39 +00:00 · 2023-12-07 18:29:00 +01:00 · 2023-12-06 16:57:56 +01:00 · 2023-12-06 16:32:39 +01:00 · 2023-12-06 16:13:31 +01:00 · 2023-12-06 15:46:38 +01:00
184 changed files with 5193 additions and 1315 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -0,0 +1,15 @@
+FROM golang:1.20-bullseye
+
+RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y install --no-install-recommends\
+        gettext-base=0.21-4 \ 
+        iptables=1.8.7-1 \
+        libgl1-mesa-dev=20.3.5-1 \
+        xorg-dev=1:7.7+22 \
+        libayatana-appindicator3-dev=0.5.5-2+deb11u2 \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && go install -v golang.org/x/tools/gopls@latest
+
+
+WORKDIR /app
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,20 @@
+{
+	"name": "NetBird",
+	"build": {
+		"context": "..",
+		"dockerfile": "Dockerfile"
+	},
+	"features": {
+		"ghcr.io/devcontainers/features/docker-in-docker:2": {},
+		"ghcr.io/devcontainers/features/go:1": {
+			"version": "1.20"
+		}
+	},
+	"workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
+	"capAdd": [
+		"NET_ADMIN",
+		"SYS_ADMIN",
+		"SYS_RESOURCE"
+	],
+	"privileged": true
+}
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -10,6 +10,18 @@ concurrency:
  cancel-in-progress: true

 jobs:
+  codespell:
+    name: codespell
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: codespell
+        uses: codespell-project/actions-codespell@v2
+        with:
+          ignore_words_list: erro,clienta
+          skip: go.mod,go.sum
+          only_warn: 1
  golangci:
    strategy:
      fail-fast: false
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -20,7 +20,7 @@ on:
      - 'client/ui/**'

 env:
-  SIGN_PIPE_VER: "v0.0.9"
+  SIGN_PIPE_VER: "v0.0.10"
  GORELEASER_VER: "v1.14.1"

 concurrency:
--- a/.gitignore
+++ b/.gitignore
@@ -20,4 +20,4 @@ infrastructure_files/setup.env
 infrastructure_files/setup-*.env
 .vscode
 .DS_Store
-*.db
+*.db
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -12,6 +12,50 @@ linters-settings:
    # Default: false
    check-type-assertions: false

+  gosec:
+    includes:
+      - G101 # Look for hard coded credentials
+      #- G102 # Bind to all interfaces
+      - G103 # Audit the use of unsafe block
+      - G104 # Audit errors not checked
+      - G106 # Audit the use of ssh.InsecureIgnoreHostKey
+      #- G107 # Url provided to HTTP request as taint input
+      - G108 # Profiling endpoint automatically exposed on /debug/pprof
+      - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
+      - G110 # Potential DoS vulnerability via decompression bomb
+      - G111 # Potential directory traversal
+      #- G112 # Potential slowloris attack
+      - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772)
+      #- G114 # Use of net/http serve function that has no support for setting timeouts
+      - G201 # SQL query construction using format string
+      - G202 # SQL query construction using string concatenation
+      - G203 # Use of unescaped data in HTML templates
+      #- G204 # Audit use of command execution
+      - G301 # Poor file permissions used when creating a directory
+      - G302 # Poor file permissions used with chmod
+      - G303 # Creating tempfile using a predictable path
+      - G304 # File path provided as taint input
+      - G305 # File traversal when extracting zip/tar archive
+      - G306 # Poor file permissions used when writing to a new file
+      - G307 # Poor file permissions used when creating a file with os.Create
+      #- G401 # Detect the usage of DES, RC4, MD5 or SHA1
+      #- G402 # Look for bad TLS connection settings
+      - G403 # Ensure minimum RSA key length of 2048 bits
+      #- G404 # Insecure random number source (rand)
+      #- G501 # Import blocklist: crypto/md5
+      - G502 # Import blocklist: crypto/des
+      - G503 # Import blocklist: crypto/rc4
+      - G504 # Import blocklist: net/http/cgi
+      #- G505 # Import blocklist: crypto/sha1
+      - G601 # Implicit memory aliasing of items from a range statement
+      - G602 # Slice access out of bounds
+
+  gocritic:
+    disabled-checks:
+      - commentFormatting
+      - captLocal
+      - deprecatedComment
+
  govet:
    # Enable all analyzers.
    # Default: false
@@ -19,6 +63,12 @@ linters-settings:
    enable:
      - nilness

+  tenv:
+    # The option `all` will run against whole test files (`_test.go`) regardless of method/function signatures.
+    # Otherwise, only methods that take `*testing.T`, `*testing.B`, and `testing.TB` as arguments are checked.
+    # Default: false
+    all: true
+
 linters:
  disable-all: true
  enable:
@@ -28,13 +78,23 @@ linters:
    - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
    - ineffassign # detects when assignments to existing variables are not used
    - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
+    - tenv # Tenv is analyzer that detects using os.Setenv instead of t.Setenv since Go1.17.
    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
    - unused # checks for unused constants, variables, functions and types
    ## disable by default but the have interesting results so lets add them
    - bodyclose # checks whether HTTP response body is closed successfully
+    - dupword # dupword checks for duplicate words in the source code
+    - durationcheck # durationcheck checks for two durations multiplied together
+    - forbidigo # forbidigo forbids identifiers
+    - gocritic # provides diagnostics that check for bugs, performance and style issues
+    - gosec # inspects source code for security problems
+    - mirror # mirror reports wrong mirror patterns of bytes/strings usage
+    - misspell # misspess finds commonly misspelled English words in comments
    - nilerr # finds the code that returns nil even if it checks that the error is not nil
    - nilnil # checks that there is no simultaneous return of nil error and an invalid value
+    - predeclared # predeclared finds code that shadows one of Go's predeclared identifiers
    - sqlclosecheck # checks that sql.Rows and sql.Stmt are closed
+    - thelper # thelper detects Go test helpers without t.Helper() call and checks the consistency of test helpers.
    - wastedassign # wastedassign finds wasted assignment statements
 issues:
  # Maximum count of issues with the same text.
@@ -43,12 +103,21 @@ issues:
  max-same-issues: 5

  exclude-rules:
-    - path: sharedsock/filter.go
+    # allow fmt
+    - path: management/cmd/root\.go
+      linters: forbidigo
+    - path: signal/cmd/root\.go
+      linters: forbidigo
+    - path: sharedsock/filter\.go
      linters:
      - unused
-    - path: client/firewall/iptables/rule.go
+    - path: client/firewall/iptables/rule\.go
      linters:
      - unused
-    - path: mock.go
+    - path: test\.go
      linters:
-      - nilnil
+      - mirror
+      - gosec
+    - path: mock\.go
+      linters:
+      - nilnil
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -183,6 +183,42 @@ To start NetBird the management service:
 ./management management --log-level debug --log-file console --config ./management.json
 ```

+#### Windows Netbird Installer
+Create dist directory
+```shell
+mkdir -p dist/netbird_windows_amd64
+```
+
+UI client
+```shell
+CC=x86_64-w64-mingw32-gcc CGO_ENABLED=1 GOOS=windows GOARCH=amd64 go build -o netbird-ui.exe -ldflags "-s -w -H windowsgui" ./client/ui
+mv netbird-ui.exe ./dist/netbird_windows_amd64/
+```
+
+Client
+```shell
+CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o netbird.exe ./client/
+mv netbird.exe ./dist/netbird_windows_amd64/
+```
+> Windows clients have a Wireguard driver requirement. You can download the wintun driver from https://www.wintun.net/builds/wintun-0.14.1.zip, after decompressing, you can copy the file `windtun\bin\ARCH\wintun.dll` to `./dist/netbird_windows_amd64/`.
+
+NSIS compiler
+- [Windows-nsis]( https://nsis.sourceforge.io/Download)
+- [MacOS-makensis](https://formulae.brew.sh/formula/makensis#default)
+- [Linux-makensis](https://manpages.ubuntu.com/manpages/trusty/man1/makensis.1.html)
+
+NSIS Plugins. Download and move them to the NSIS plugins folder.
+- [EnVar](https://nsis.sourceforge.io/mediawiki/images/7/7f/EnVar_plugin.zip)
+- [ShellExecAsUser](https://nsis.sourceforge.io/mediawiki/images/6/68/ShellExecAsUser_amd64-Unicode.7z)
+
+Windows Installer
+```shell
+export APPVER=0.0.0.1
+makensis -V4 client/installer.nsis
+```
+
+The installer `netbird-installer.exe` will be created in root directory.
+
 ### Test suite

 The tests can be started via:
--- a/client/android/login.go
+++ b/client/android/login.go
@@ -205,8 +205,8 @@ func (a *Auth) foregroundGetTokenInfo(urlOpener URLOpener) (*auth.TokenInfo, err

 	go urlOpener.Open(flowInfo.VerificationURIComplete)

-	waitTimeout := time.Duration(flowInfo.ExpiresIn)
-	waitCTX, cancel := context.WithTimeout(a.ctx, waitTimeout*time.Second)
+	waitTimeout := time.Duration(flowInfo.ExpiresIn) * time.Second
+	waitCTX, cancel := context.WithTimeout(a.ctx, waitTimeout)
 	defer cancel()
 	tokenInfo, err := oAuthFlow.WaitToken(waitCTX, flowInfo)
 	if err != nil {
--- a/client/cmd/login.go
+++ b/client/cmd/login.go
@@ -85,6 +85,7 @@ var loginCmd = &cobra.Command{
 			PreSharedKey:         preSharedKey,
 			ManagementUrl:        managementURL,
 			IsLinuxDesktopClient: isLinuxRunningDesktop(),
+			Hostname:             hostName,
 		}

 		var loginErr error
@@ -114,7 +115,7 @@ var loginCmd = &cobra.Command{
 		if loginResp.NeedsSSOLogin {
 			openURL(cmd, loginResp.VerificationURIComplete, loginResp.UserCode)

-			_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode})
+			_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode, Hostname: hostName})
 			if err != nil {
 				return fmt.Errorf("waiting sso login failed with: %v", err)
 			}
@@ -177,8 +178,8 @@ func foregroundGetTokenInfo(ctx context.Context, cmd *cobra.Command, config *int

 	openURL(cmd, flowInfo.VerificationURIComplete, flowInfo.UserCode)

-	waitTimeout := time.Duration(flowInfo.ExpiresIn)
-	waitCTX, c := context.WithTimeout(context.TODO(), waitTimeout*time.Second)
+	waitTimeout := time.Duration(flowInfo.ExpiresIn) * time.Second
+	waitCTX, c := context.WithTimeout(context.TODO(), waitTimeout)
 	defer c()

 	tokenInfo, err := oAuthFlow.WaitToken(waitCTX, flowInfo)
--- a/client/cmd/root.go
+++ b/client/cmd/root.go
@@ -92,7 +92,7 @@ func init() {
 	rootCmd.PersistentFlags().StringVar(&adminURL, "admin-url", "", fmt.Sprintf("Admin Panel URL [http|https]://[host]:[port] (default \"%s\")", internal.DefaultAdminURL))
 	rootCmd.PersistentFlags().StringVarP(&configPath, "config", "c", defaultConfigPath, "Netbird config file location")
 	rootCmd.PersistentFlags().StringVarP(&logLevel, "log-level", "l", "info", "sets Netbird log level")
-	rootCmd.PersistentFlags().StringVar(&logFile, "log-file", defaultLogFile, "sets Netbird log path. If console is specified the the log will be output to stdout")
+	rootCmd.PersistentFlags().StringVar(&logFile, "log-file", defaultLogFile, "sets Netbird log path. If console is specified the log will be output to stdout")
 	rootCmd.PersistentFlags().StringVarP(&setupKey, "setup-key", "k", "", "Setup key obtained from the Management Service Dashboard (used to register peer)")
 	rootCmd.PersistentFlags().StringVar(&preSharedKey, "preshared-key", "", "Sets Wireguard PreSharedKey property. If set, then only peers that have the same key can communicate.")
 	rootCmd.PersistentFlags().StringVarP(&hostName, "hostname", "n", "", "Sets a custom hostname for the device")
--- a/client/cmd/status.go
+++ b/client/cmd/status.go
@@ -234,7 +234,7 @@ func mapPeers(peers []*proto.PeerState) peersStateOutput {
 			continue
 		}
 		if isPeerConnected {
-			peersConnected = peersConnected + 1
+			peersConnected++

 			localICE = pbPeerState.GetLocalIceCandidateType()
 			remoteICE = pbPeerState.GetRemoteIceCandidateType()
@@ -407,7 +407,7 @@ func parsePeers(peers peersStateOutput) string {
 			peerState.LastStatusUpdate.Format("2006-01-02 15:04:05"),
 		)

-		peersString = peersString + peerString
+		peersString += peerString
 	}
 	return peersString
 }
--- a/client/cmd/testutil.go
+++ b/client/cmd/testutil.go
@@ -22,6 +22,7 @@ import (
 )

 func startTestingServices(t *testing.T) string {
+	t.Helper()
 	config := &mgmt.Config{}
 	_, err := util.ReadJson("../testdata/management.json", config)
 	if err != nil {
@@ -44,6 +45,7 @@ func startTestingServices(t *testing.T) string {
 }

 func startSignal(t *testing.T) (*grpc.Server, net.Listener) {
+	t.Helper()
 	lis, err := net.Listen("tcp", ":0")
 	if err != nil {
 		t.Fatal(err)
@@ -60,6 +62,7 @@ func startSignal(t *testing.T) (*grpc.Server, net.Listener) {
 }

 func startManagement(t *testing.T, config *mgmt.Config) (*grpc.Server, net.Listener) {
+	t.Helper()
 	lis, err := net.Listen("tcp", ":0")
 	if err != nil {
 		t.Fatal(err)
@@ -70,7 +73,7 @@ func startManagement(t *testing.T, config *mgmt.Config) (*grpc.Server, net.Liste
 		t.Fatal(err)
 	}

-	peersUpdateManager := mgmt.NewPeersUpdateManager()
+	peersUpdateManager := mgmt.NewPeersUpdateManager(nil)
 	eventStore := &activity.InMemoryEventStore{}
 	if err != nil {
 		return nil, nil
@@ -98,6 +101,7 @@ func startManagement(t *testing.T, config *mgmt.Config) (*grpc.Server, net.Liste
 func startClientDaemon(
 	t *testing.T, ctx context.Context, managementURL, configPath string,
 ) (*grpc.Server, net.Listener) {
+	t.Helper()
 	lis, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		t.Fatal(err)
--- a/client/cmd/up.go
+++ b/client/cmd/up.go
@@ -149,6 +149,7 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {
 		CleanNATExternalIPs:  natExternalIPs != nil && len(natExternalIPs) == 0,
 		CustomDNSAddress:     customDNSAddressConverted,
 		IsLinuxDesktopClient: isLinuxRunningDesktop(),
+		Hostname:             hostName,
 	}

 	var loginErr error
@@ -179,7 +180,7 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {

 		openURL(cmd, loginResp.VerificationURIComplete, loginResp.UserCode)

-		_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode})
+		_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode, Hostname: hostName})
 		if err != nil {
 			return fmt.Errorf("waiting sso login failed with: %v", err)
 		}
--- a/client/firewall/iptables/manager_linux.go
+++ b/client/firewall/iptables/manager_linux.go
@@ -463,14 +463,16 @@ func (m *Manager) actionToStr(action fw.Action) string {
 }

 func (m *Manager) transformIPsetName(ipsetName string, sPort, dPort string) string {
-	if ipsetName == "" {
+	switch {
+	case ipsetName == "":
 		return ""
-	} else if sPort != "" && dPort != "" {
+	case sPort != "" && dPort != "":
 		return ipsetName + "-sport-dport"
-	} else if sPort != "" {
+	case sPort != "":
 		return ipsetName + "-sport"
-	} else if dPort != "" {
+	case dPort != "":
 		return ipsetName + "-dport"
+	default:
+		return ipsetName
 	}
-	return ipsetName
 }
--- a/client/firewall/iptables/manager_linux_test.go
+++ b/client/firewall/iptables/manager_linux_test.go
@@ -206,6 +206,7 @@ func TestIptablesManagerIPSet(t *testing.T) {
 }

 func checkRuleSpecs(t *testing.T, ipv4Client *iptables.IPTables, chainName string, mustExists bool, rulespec ...string) {
+    t.Helper()
 	exists, err := ipv4Client.Exists("filter", chainName, rulespec...)
 	require.NoError(t, err, "failed to check rule")
 	require.Falsef(t, !exists && mustExists, "rule '%v' does not exist", rulespec)
--- a/client/firewall/nftables/manager_linux.go
+++ b/client/firewall/nftables/manager_linux.go
@@ -791,7 +791,7 @@ func (m *Manager) flushWithBackoff() (err error) {
 				return err
 			}
 			time.Sleep(backoffTime)
-			backoffTime = backoffTime * 2
+			backoffTime *= 2
 			continue
 		}
 		break
--- a/client/firewall/uspfilter/uspfilter.go
+++ b/client/firewall/uspfilter/uspfilter.go
@@ -355,14 +355,16 @@ func (m *Manager) RemovePacketHook(hookID string) error {
 	for _, arr := range m.incomingRules {
 		for _, r := range arr {
 			if r.id == hookID {
-				return m.DeleteRule(&r)
+				rule := r
+				return m.DeleteRule(&rule)
 			}
 		}
 	}
 	for _, arr := range m.outgoingRules {
 		for _, r := range arr {
 			if r.id == hookID {
-				return m.DeleteRule(&r)
+				rule := r
+				return m.DeleteRule(&rule)
 			}
 		}
 	}
--- a/client/installer.nsis
+++ b/client/installer.nsis
@@ -166,10 +166,9 @@ WriteRegStr ${REG_ROOT} "${UI_REG_APP_PATH}" "" "$INSTDIR\${UI_APP_EXE}"
 EnVar::SetHKLM
 EnVar::AddValueEx "path" "$INSTDIR"

-SetShellVarContext current
+SetShellVarContext all
 CreateShortCut "$SMPROGRAMS\${APP_NAME}.lnk" "$INSTDIR\${UI_APP_EXE}"
 CreateShortCut "$DESKTOP\${APP_NAME}.lnk" "$INSTDIR\${UI_APP_EXE}"
-SetShellVarContext all
 SectionEnd

 Section -Post
@@ -196,10 +195,9 @@ Delete "$INSTDIR\${MAIN_APP_EXE}"
 Delete "$INSTDIR\wintun.dll"
 RmDir /r "$INSTDIR"

-SetShellVarContext current
+SetShellVarContext all
 Delete "$DESKTOP\${APP_NAME}.lnk"
 Delete "$SMPROGRAMS\${APP_NAME}.lnk"
-SetShellVarContext all

 DeleteRegKey ${REG_ROOT} "${REG_APP_PATH}"
 DeleteRegKey ${REG_ROOT} "${UNINSTALL_PATH}"
@@ -209,8 +207,7 @@ SectionEnd


 Function LaunchLink
-SetShellVarContext current
+SetShellVarContext all
   SetOutPath $INSTDIR
   ShellExecAsUser::ShellExecAsUser "" "$DESKTOP\${APP_NAME}.lnk"
-SetShellVarContext all
 FunctionEnd
--- a/client/internal/acl/manager_test.go
+++ b/client/internal/acl/manager_test.go
@@ -189,31 +189,33 @@ func TestDefaultManagerSquashRules(t *testing.T) {
 	}

 	r := rules[0]
-	if r.PeerIP != "0.0.0.0" {
+	switch {
+	case r.PeerIP != "0.0.0.0":
 		t.Errorf("IP should be 0.0.0.0, got: %v", r.PeerIP)
 		return
-	} else if r.Direction != mgmProto.FirewallRule_IN {
+	case r.Direction != mgmProto.FirewallRule_IN:
 		t.Errorf("direction should be IN, got: %v", r.Direction)
 		return
-	} else if r.Protocol != mgmProto.FirewallRule_ALL {
+	case r.Protocol != mgmProto.FirewallRule_ALL:
 		t.Errorf("protocol should be ALL, got: %v", r.Protocol)
 		return
-	} else if r.Action != mgmProto.FirewallRule_ACCEPT {
+	case r.Action != mgmProto.FirewallRule_ACCEPT:
 		t.Errorf("action should be ACCEPT, got: %v", r.Action)
 		return
 	}

 	r = rules[1]
-	if r.PeerIP != "0.0.0.0" {
+	switch {
+	case r.PeerIP != "0.0.0.0":
 		t.Errorf("IP should be 0.0.0.0, got: %v", r.PeerIP)
 		return
-	} else if r.Direction != mgmProto.FirewallRule_OUT {
+	case r.Direction != mgmProto.FirewallRule_OUT:
 		t.Errorf("direction should be OUT, got: %v", r.Direction)
 		return
-	} else if r.Protocol != mgmProto.FirewallRule_ALL {
+	case r.Protocol != mgmProto.FirewallRule_ALL:
 		t.Errorf("protocol should be ALL, got: %v", r.Protocol)
 		return
-	} else if r.Action != mgmProto.FirewallRule_ACCEPT {
+	case r.Action != mgmProto.FirewallRule_ACCEPT:
 		t.Errorf("action should be ACCEPT, got: %v", r.Action)
 		return
 	}
@@ -281,7 +283,7 @@ func TestDefaultManagerSquashRulesNoAffect(t *testing.T) {

 	manager := &DefaultManager{}
 	if rules, _ := manager.squashAcceptRules(networkMap); len(rules) != len(networkMap.FirewallRules) {
-		t.Errorf("we should got same amount of rules as intput, got %v", len(rules))
+		t.Errorf("we should get the same amount of rules as output, got %v", len(rules))
 	}
 }

--- a/client/internal/auth/device_flow.go
+++ b/client/internal/auth/device_flow.go
@@ -4,12 +4,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/netbirdio/netbird/client/internal"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
 	"time"
+
+	"github.com/netbirdio/netbird/client/internal"
 )

 // HostedGrantType grant type for device flow on Hosted
@@ -174,7 +175,7 @@ func (d *DeviceAuthorizationFlow) WaitToken(ctx context.Context, info AuthFlowIn
 				if tokenResponse.Error == "authorization_pending" {
 					continue
 				} else if tokenResponse.Error == "slow_down" {
-					interval = interval + (3 * time.Second)
+					interval += (3 * time.Second)
 					ticker.Reset(interval)
 					continue
 				}
--- a/client/internal/auth/oauth.go
+++ b/client/internal/auth/oauth.go
@@ -92,15 +92,15 @@ func authenticateWithPKCEFlow(ctx context.Context, config *internal.Config) (OAu
 func authenticateWithDeviceCodeFlow(ctx context.Context, config *internal.Config) (OAuthFlow, error) {
 	deviceFlowInfo, err := internal.GetDeviceAuthorizationFlowInfo(ctx, config.PrivateKey, config.ManagementURL)
 	if err != nil {
-		s, ok := gstatus.FromError(err)
-		if ok && s.Code() == codes.NotFound {
+		switch s, ok := gstatus.FromError(err); {
+		case ok && s.Code() == codes.NotFound:
 			return nil, fmt.Errorf("no SSO provider returned from management. " +
 				"Please proceed with setting up this device using setup keys " +
 				"https://docs.netbird.io/how-to/register-machines-using-setup-keys")
-		} else if ok && s.Code() == codes.Unimplemented {
+		case ok && s.Code() == codes.Unimplemented:
 			return nil, fmt.Errorf("the management server, %s, does not support SSO providers, "+
 				"please update your server or use Setup Keys to login", config.ManagementURL)
-		} else {
+		default:
 			return nil, fmt.Errorf("getting device authorization flow info failed with error: %v", err)
 		}
 	}
--- a/client/internal/config.go
+++ b/client/internal/config.go
@@ -273,9 +273,9 @@ func parseURL(serviceName, serviceURL string) (*url.URL, error) {
 	if parsedMgmtURL.Port() == "" {
 		switch parsedMgmtURL.Scheme {
 		case "https":
-			parsedMgmtURL.Host = parsedMgmtURL.Host + ":443"
+			parsedMgmtURL.Host += ":443"
 		case "http":
-			parsedMgmtURL.Host = parsedMgmtURL.Host + ":80"
+			parsedMgmtURL.Host += ":80"
 		default:
 			log.Infof("unable to determine a default port for schema %s in URL %s", parsedMgmtURL.Scheme, serviceURL)
 		}
--- a/client/internal/connect.go
+++ b/client/internal/connect.go
@@ -43,6 +43,16 @@ func RunClientMobile(ctx context.Context, config *Config, statusRecorder *peer.S
 	return runClient(ctx, config, statusRecorder, mobileDependency)
 }

+func RunClientiOS(ctx context.Context, config *Config, statusRecorder *peer.Status, fileDescriptor int32, networkChangeListener listener.NetworkChangeListener, dnsManager dns.IosDnsManager, interfaceName string) error {
+	mobileDependency := MobileDependency{
+		FileDescriptor:        fileDescriptor,
+		InterfaceName:         interfaceName,
+		NetworkChangeListener: networkChangeListener,
+		DnsManager:            dnsManager,
+	}
+	return runClient(ctx, config, statusRecorder, mobileDependency)
+}
+
 func runClient(ctx context.Context, config *Config, statusRecorder *peer.Status, mobileDependency MobileDependency) error {
 	log.Infof("starting NetBird client version %s", version.NetbirdVersion())

--- a/client/internal/dns/file_linux.go
+++ b/client/internal/dns/file_linux.go
@@ -3,29 +3,25 @@
 package dns

 import (
+	"bufio"
 	"bytes"
 	"fmt"
 	"os"
+	"strings"

 	log "github.com/sirupsen/logrus"
 )

 const (
-	fileGeneratedResolvConfContentHeader      = "# Generated by NetBird"
-	fileGeneratedResolvConfSearchBeginContent = "search "
-	fileGeneratedResolvConfContentFormat      = fileGeneratedResolvConfContentHeader +
-		"\n# If needed you can restore the original file by copying back %s\n\nnameserver %s\n" +
-		fileGeneratedResolvConfSearchBeginContent + "%s\n\n" +
-		"%s\n"
-)
+	fileGeneratedResolvConfContentHeader         = "# Generated by NetBird"
+	fileGeneratedResolvConfContentHeaderNextLine = fileGeneratedResolvConfContentHeader + `
+# If needed you can restore the original file by copying back ` + fileDefaultResolvConfBackupLocation + "\n\n"

-const (
 	fileDefaultResolvConfBackupLocation = defaultResolvConfPath + ".original.netbird"
-	fileMaxLineCharsLimit               = 256
-	fileMaxNumberOfSearchDomains        = 6
-)

-var fileSearchLineBeginCharCount = len(fileGeneratedResolvConfSearchBeginContent)
+	fileMaxLineCharsLimit        = 256
+	fileMaxNumberOfSearchDomains = 6
+)

 type fileConfigurator struct {
 	originalPerms os.FileMode
@@ -55,58 +51,39 @@ func (f *fileConfigurator) applyDNSConfig(config hostDNSConfig) error {
 		}
 		return fmt.Errorf("unable to configure DNS for this peer using file manager without a nameserver group with all domains configured")
 	}
-	managerType, err := getOSDNSManagerType()
-	if err != nil {
-		return err
-	}
-	switch managerType {
-	case fileManager, netbirdManager:
-		if !backupFileExist {
-			err = f.backup()
-			if err != nil {
-				return fmt.Errorf("unable to backup the resolv.conf file")
-			}
-		}
-	default:
-		// todo improve this and maybe restart DNS manager from scratch
-		return fmt.Errorf("something happened and file manager is not your preferred host dns configurator, restart the agent")
-	}

-	var searchDomains string
-	appendedDomains := 0
-	for _, dConf := range config.domains {
-		if dConf.matchOnly || dConf.disabled {
-			continue
-		}
-		if appendedDomains >= fileMaxNumberOfSearchDomains {
-			// lets log all skipped domains
-			log.Infof("already appended %d domains to search list. Skipping append of %s domain", fileMaxNumberOfSearchDomains, dConf.domain)
-			continue
-		}
-		if fileSearchLineBeginCharCount+len(searchDomains) > fileMaxLineCharsLimit {
-			// lets log all skipped domains
-			log.Infof("search list line is larger than %d characters. Skipping append of %s domain", fileMaxLineCharsLimit, dConf.domain)
-			continue
-		}
-
-		searchDomains += " " + dConf.domain
-		appendedDomains++
-	}
-
-	originalContent, err := os.ReadFile(fileDefaultResolvConfBackupLocation)
-	if err != nil {
-		log.Errorf("Could not read existing resolv.conf")
-	}
-	content := fmt.Sprintf(fileGeneratedResolvConfContentFormat, fileDefaultResolvConfBackupLocation, config.serverIP, searchDomains, string(originalContent))
-	err = writeDNSConfig(content, defaultResolvConfPath, f.originalPerms)
-	if err != nil {
-		err = f.restore()
+	if !backupFileExist {
+		err = f.backup()
 		if err != nil {
+			return fmt.Errorf("unable to backup the resolv.conf file")
+		}
+	}
+
+	searchDomainList := searchDomains(config)
+
+	originalSearchDomains, nameServers, others, err := originalDNSConfigs(fileDefaultResolvConfBackupLocation)
+	if err != nil {
+		log.Error(err)
+	}
+
+	searchDomainList = mergeSearchDomains(searchDomainList, originalSearchDomains)
+
+	buf := prepareResolvConfContent(
+		searchDomainList,
+		append([]string{config.serverIP}, nameServers...),
+		others)
+
+	log.Debugf("creating managed file %s", defaultResolvConfPath)
+	err = os.WriteFile(defaultResolvConfPath, buf.Bytes(), f.originalPerms)
+	if err != nil {
+		restoreErr := f.restore()
+		if restoreErr != nil {
 			log.Errorf("attempt to restore default file failed with error: %s", err)
 		}
-		return err
+		return fmt.Errorf("got an creating resolver file %s. Error: %s", defaultResolvConfPath, err)
 	}
-	log.Infof("created a NetBird managed %s file with your DNS settings. Added %d search domains. Search list: %s", defaultResolvConfPath, appendedDomains, searchDomains)
+
+	log.Infof("created a NetBird managed %s file with your DNS settings. Added %d search domains. Search list: %s", defaultResolvConfPath, len(searchDomainList), searchDomainList)
 	return nil
 }

@@ -138,15 +115,138 @@ func (f *fileConfigurator) restore() error {
 	return os.RemoveAll(fileDefaultResolvConfBackupLocation)
 }

-func writeDNSConfig(content, fileName string, permissions os.FileMode) error {
-	log.Debugf("creating managed file %s", fileName)
+func prepareResolvConfContent(searchDomains, nameServers, others []string) bytes.Buffer {
 	var buf bytes.Buffer
-	buf.WriteString(content)
-	err := os.WriteFile(fileName, buf.Bytes(), permissions)
-	if err != nil {
-		return fmt.Errorf("got an creating resolver file %s. Error: %s", fileName, err)
+	buf.WriteString(fileGeneratedResolvConfContentHeaderNextLine)
+
+	for _, cfgLine := range others {
+		buf.WriteString(cfgLine)
+		buf.WriteString("\n")
 	}
-	return nil
+
+	if len(searchDomains) > 0 {
+		buf.WriteString("search ")
+		buf.WriteString(strings.Join(searchDomains, " "))
+		buf.WriteString("\n")
+	}
+
+	for _, ns := range nameServers {
+		buf.WriteString("nameserver ")
+		buf.WriteString(ns)
+		buf.WriteString("\n")
+	}
+	return buf
+}
+
+func searchDomains(config hostDNSConfig) []string {
+	listOfDomains := make([]string, 0)
+	for _, dConf := range config.domains {
+		if dConf.matchOnly || dConf.disabled {
+			continue
+		}
+
+		listOfDomains = append(listOfDomains, dConf.domain)
+	}
+	return listOfDomains
+}
+
+func originalDNSConfigs(resolvconfFile string) (searchDomains, nameServers, others []string, err error) {
+	file, err := os.Open(resolvconfFile)
+	if err != nil {
+		err = fmt.Errorf(`could not read existing resolv.conf`)
+		return
+	}
+	defer file.Close()
+
+	reader := bufio.NewReader(file)
+
+	for {
+		lineBytes, isPrefix, readErr := reader.ReadLine()
+		if readErr != nil {
+			break
+		}
+
+		if isPrefix {
+			err = fmt.Errorf(`resolv.conf line too long`)
+			return
+		}
+
+		line := strings.TrimSpace(string(lineBytes))
+
+		if strings.HasPrefix(line, "#") {
+			continue
+		}
+
+		if strings.HasPrefix(line, "domain") {
+			continue
+		}
+
+		if strings.HasPrefix(line, "options") && strings.Contains(line, "rotate") {
+			line = strings.ReplaceAll(line, "rotate", "")
+			splitLines := strings.Fields(line)
+			if len(splitLines) == 1 {
+				continue
+			}
+			line = strings.Join(splitLines, " ")
+		}
+
+		if strings.HasPrefix(line, "search") {
+			splitLines := strings.Fields(line)
+			if len(splitLines) < 2 {
+				continue
+			}
+
+			searchDomains = splitLines[1:]
+			continue
+		}
+
+		if strings.HasPrefix(line, "nameserver") {
+			splitLines := strings.Fields(line)
+			if len(splitLines) != 2 {
+				continue
+			}
+			nameServers = append(nameServers, splitLines[1])
+			continue
+		}
+
+		others = append(others, line)
+	}
+	return
+}
+
+// merge search domains lists and cut off the list if it is too long
+func mergeSearchDomains(searchDomains []string, originalSearchDomains []string) []string {
+	lineSize := len("search")
+	searchDomainsList := make([]string, 0, len(searchDomains)+len(originalSearchDomains))
+
+	lineSize = validateAndFillSearchDomains(lineSize, &searchDomainsList, searchDomains)
+	_ = validateAndFillSearchDomains(lineSize, &searchDomainsList, originalSearchDomains)
+
+	return searchDomainsList
+}
+
+// validateAndFillSearchDomains checks if the search domains list is not too long and if the line is not too long
+// extend s slice with vs elements
+// return with the number of characters in the searchDomains line
+func validateAndFillSearchDomains(initialLineChars int, s *[]string, vs []string) int {
+	for _, sd := range vs {
+		tmpCharsNumber := initialLineChars + 1 + len(sd)
+		if tmpCharsNumber > fileMaxLineCharsLimit {
+			// lets log all skipped domains
+			log.Infof("search list line is larger than %d characters. Skipping append of %s domain", fileMaxLineCharsLimit, sd)
+			continue
+		}
+
+		initialLineChars = tmpCharsNumber
+
+		if len(*s) >= fileMaxNumberOfSearchDomains {
+			// lets log all skipped domains
+			log.Infof("already appended %d domains to search list. Skipping append of %s domain", fileMaxNumberOfSearchDomains, sd)
+			continue
+		}
+		*s = append(*s, sd)
+	}
+	return initialLineChars
 }

 func copyFile(src, dest string) error {
--- a/client/internal/dns/file_linux_test.go
+++ b/client/internal/dns/file_linux_test.go
@@ -0,0 +1,62 @@
+package dns
+
+import (
+	"fmt"
+	"testing"
+)
+
+func Test_mergeSearchDomains(t *testing.T) {
+	searchDomains := []string{"a", "b"}
+	originDomains := []string{"a", "b"}
+	mergedDomains := mergeSearchDomains(searchDomains, originDomains)
+	if len(mergedDomains) != 4 {
+		t.Errorf("invalid len of result domains: %d, want: %d", len(mergedDomains), 4)
+	}
+}
+
+func Test_mergeSearchTooMuchDomains(t *testing.T) {
+	searchDomains := []string{"a", "b", "c", "d", "e", "f", "g"}
+	originDomains := []string{"h", "i"}
+	mergedDomains := mergeSearchDomains(searchDomains, originDomains)
+	if len(mergedDomains) != 6 {
+		t.Errorf("invalid len of result domains: %d, want: %d", len(mergedDomains), 6)
+	}
+}
+
+func Test_mergeSearchTooMuchDomainsInOrigin(t *testing.T) {
+	searchDomains := []string{"a", "b"}
+	originDomains := []string{"c", "d", "e", "f", "g"}
+	mergedDomains := mergeSearchDomains(searchDomains, originDomains)
+	if len(mergedDomains) != 6 {
+		t.Errorf("invalid len of result domains: %d, want: %d", len(mergedDomains), 6)
+	}
+}
+
+func Test_mergeSearchTooLongDomain(t *testing.T) {
+	searchDomains := []string{getLongLine()}
+	originDomains := []string{"b"}
+	mergedDomains := mergeSearchDomains(searchDomains, originDomains)
+	if len(mergedDomains) != 1 {
+		t.Errorf("invalid len of result domains: %d, want: %d", len(mergedDomains), 1)
+	}
+
+	searchDomains = []string{"b"}
+	originDomains = []string{getLongLine()}
+
+	mergedDomains = mergeSearchDomains(searchDomains, originDomains)
+	if len(mergedDomains) != 1 {
+		t.Errorf("invalid len of result domains: %d, want: %d", len(mergedDomains), 1)
+	}
+}
+
+func getLongLine() string {
+	x := "search "
+	for {
+		for i := 0; i <= 9; i++ {
+			if len(x) > fileMaxLineCharsLimit {
+				return x
+			}
+			x = fmt.Sprintf("%s%d", x, i)
+		}
+	}
+}
--- a/client/internal/dns/host.go
+++ b/client/internal/dns/host.go
@@ -61,7 +61,7 @@ func newNoopHostMocker() hostManager {
 	}
 }

-func dnsConfigToHostDNSConfig(dnsConfig nbdns.Config, ip string, port int) hostDNSConfig {
+func dnsConfigTohostDNSConfig(dnsConfig nbdns.Config, ip string, port int) hostDNSConfig {
 	config := hostDNSConfig{
 		routeAll:   false,
 		serverIP:   ip,
--- a/client/internal/dns/host_android.go
+++ b/client/internal/dns/host_android.go
@@ -3,7 +3,7 @@ package dns
 type androidHostManager struct {
 }

-func newHostManager(wgInterface WGIface) (hostManager, error) {
+func newHostManager() (hostManager, error) {
 	return &androidHostManager{}, nil
 }

--- a/client/internal/dns/host_darwin.go
+++ b/client/internal/dns/host_darwin.go
@@ -1,3 +1,5 @@
+//go:build !ios
+
 package dns

 import (
@@ -32,7 +34,7 @@ type systemConfigurator struct {
 	createdKeys      map[string]struct{}
 }

-func newHostManager(_ WGIface) (hostManager, error) {
+func newHostManager() (hostManager, error) {
 	return &systemConfigurator{
 		createdKeys: make(map[string]struct{}),
 	}, nil
--- a/client/internal/dns/host_ios.go
+++ b/client/internal/dns/host_ios.go
@@ -0,0 +1,45 @@
+package dns
+
+import (
+	"strconv"
+	"strings"
+)
+
+type iosHostManager struct {
+	dnsManager IosDnsManager
+	config     hostDNSConfig
+}
+
+func newHostManager(dnsManager IosDnsManager) (hostManager, error) {
+	return &iosHostManager{
+		dnsManager: dnsManager,
+	}, nil
+}
+
+func (a iosHostManager) applyDNSConfig(config hostDNSConfig) error {
+	var configAsString []string
+	configAsString = append(configAsString, config.serverIP)
+	configAsString = append(configAsString, strconv.Itoa(config.serverPort))
+	configAsString = append(configAsString, strconv.FormatBool(config.routeAll))
+	var domainConfigAsString []string
+	for _, domain := range config.domains {
+		var domainAsString []string
+		domainAsString = append(domainAsString, strconv.FormatBool(domain.disabled))
+		domainAsString = append(domainAsString, domain.domain)
+		domainAsString = append(domainAsString, strconv.FormatBool(domain.matchOnly))
+		domainConfigAsString = append(domainConfigAsString, strings.Join(domainAsString, "|"))
+	}
+	domainConfig := strings.Join(domainConfigAsString, ";")
+	configAsString = append(configAsString, domainConfig)
+	outputString := strings.Join(configAsString, ",")
+	a.dnsManager.ApplyDns(outputString)
+	return nil
+}
+
+func (a iosHostManager) restoreHostDNS() error {
+	return nil
+}
+
+func (a iosHostManager) supportCustomPort() bool {
+	return false
+}
--- a/client/internal/dns/mockServer.go
+++ b/client/internal/dns/mockServer.go
@@ -14,7 +14,7 @@ type MockServer struct {
 }

 // Initialize mock implementation of Initialize from Server interface
-func (m *MockServer) Initialize() error {
+func (m *MockServer) Initialize(manager IosDnsManager) error {
 	if m.InitializeFunc != nil {
 		return m.InitializeFunc()
 	}
@@ -33,7 +33,7 @@ func (m *MockServer) DnsIP() string {
 }

 func (m *MockServer) OnUpdatedHostDNSServer(strings []string) {
-	//TODO implement me
+	// TODO implement me
 	panic("implement me")
 }

--- a/client/internal/dns/network_manager_linux.go
+++ b/client/internal/dns/network_manager_linux.go
@@ -7,13 +7,14 @@ import (
 	"encoding/binary"
 	"fmt"
 	"net/netip"
-	"regexp"
 	"time"

 	"github.com/godbus/dbus/v5"
 	"github.com/hashicorp/go-version"
 	"github.com/miekg/dns"
 	log "github.com/sirupsen/logrus"
+
+	nbversion "github.com/netbirdio/netbird/version"
 )

 const (
@@ -122,7 +123,7 @@ func (n *networkManagerDbusConfigurator) applyDNSConfig(config hostDNSConfig) er
 		searchDomains = append(searchDomains, dns.Fqdn(dConf.domain))
 	}

-	newDomainList := append(searchDomains, matchDomains...)
+	newDomainList := append(searchDomains, matchDomains...) //nolint:gocritic

 	priority := networkManagerDbusSearchDomainOnlyPriority
 	switch {
@@ -289,12 +290,7 @@ func isNetworkManagerSupportedVersion() bool {
 }

 func parseVersion(inputVersion string) (*version.Version, error) {
-	reg, err := regexp.Compile(version.SemverRegexpRaw)
-	if err != nil {
-		return nil, err
-	}
-
-	if inputVersion == "" || !reg.MatchString(inputVersion) {
+	if inputVersion == "" || !nbversion.SemverRegexp.MatchString(inputVersion) {
 		return nil, fmt.Errorf("couldn't parse the provided version: Not SemVer")
 	}

--- a/client/internal/dns/notifier.go
+++ b/client/internal/dns/notifier.go
@@ -52,6 +52,6 @@ func (n *notifier) notify() {
 	}

 	go func(l listener.NetworkChangeListener) {
-		l.OnNetworkChanged()
+		l.OnNetworkChanged("")
 	}(n.listener)
 }
--- a/client/internal/dns/resolvconf_linux.go
+++ b/client/internal/dns/resolvconf_linux.go
@@ -3,10 +3,9 @@
 package dns

 import (
+	"bytes"
 	"fmt"
-	"os"
 	"os/exec"
-	"strings"

 	log "github.com/sirupsen/logrus"
 )
@@ -15,11 +14,24 @@ const resolvconfCommand = "resolvconf"

 type resolvconf struct {
 	ifaceName string
+
+	originalSearchDomains []string
+	originalNameServers   []string
+	othersConfigs         []string
 }

+// supported "openresolv" only
 func newResolvConfConfigurator(wgInterface WGIface) (hostManager, error) {
+	originalSearchDomains, nameServers, others, err := originalDNSConfigs("/etc/resolv.conf")
+	if err != nil {
+		log.Error(err)
+	}
+
 	return &resolvconf{
-		ifaceName: wgInterface.Name(),
+		ifaceName:             wgInterface.Name(),
+		originalSearchDomains: originalSearchDomains,
+		originalNameServers:   nameServers,
+		othersConfigs:         others,
 	}, nil
 }

@@ -37,41 +49,20 @@ func (r *resolvconf) applyDNSConfig(config hostDNSConfig) error {
 		return fmt.Errorf("unable to configure DNS for this peer using resolvconf manager without a nameserver group with all domains configured")
 	}

-	var searchDomains string
-	appendedDomains := 0
-	for _, dConf := range config.domains {
-		if dConf.matchOnly || dConf.disabled {
-			continue
-		}
+	searchDomainList := searchDomains(config)
+	searchDomainList = mergeSearchDomains(searchDomainList, r.originalSearchDomains)

-		if appendedDomains >= fileMaxNumberOfSearchDomains {
-			// lets log all skipped domains
-			log.Infof("already appended %d domains to search list. Skipping append of %s domain", fileMaxNumberOfSearchDomains, dConf.domain)
-			continue
-		}
+	buf := prepareResolvConfContent(
+		searchDomainList,
+		append([]string{config.serverIP}, r.originalNameServers...),
+		r.othersConfigs)

-		if fileSearchLineBeginCharCount+len(searchDomains) > fileMaxLineCharsLimit {
-			// lets log all skipped domains
-			log.Infof("search list line is larger than %d characters. Skipping append of %s domain", fileMaxLineCharsLimit, dConf.domain)
-			continue
-		}
-
-		searchDomains += " " + dConf.domain
-		appendedDomains++
-	}
-
-	originalContent, err := os.ReadFile(fileDefaultResolvConfBackupLocation)
-	if err != nil {
-		log.Errorf("Could not read existing resolv.conf")
-	}
-	content := fmt.Sprintf(fileGeneratedResolvConfContentFormat, fileDefaultResolvConfBackupLocation, config.serverIP, searchDomains, string(originalContent))
-
-	err = r.applyConfig(content)
+	err = r.applyConfig(buf)
 	if err != nil {
 		return err
 	}

-	log.Infof("added %d search domains. Search list: %s", appendedDomains, searchDomains)
+	log.Infof("added %d search domains. Search list: %s", len(searchDomainList), searchDomainList)
 	return nil
 }

@@ -84,9 +75,9 @@ func (r *resolvconf) restoreHostDNS() error {
 	return nil
 }

-func (r *resolvconf) applyConfig(content string) error {
+func (r *resolvconf) applyConfig(content bytes.Buffer) error {
 	cmd := exec.Command(resolvconfCommand, "-x", "-a", r.ifaceName)
-	cmd.Stdin = strings.NewReader(content)
+	cmd.Stdin = &content
 	_, err := cmd.Output()
 	if err != nil {
 		return fmt.Errorf("got an error while applying resolvconf configuration for %s interface, error: %s", r.ifaceName, err)
--- a/client/internal/dns/server.go
+++ b/client/internal/dns/server.go
@@ -19,9 +19,14 @@ type ReadyListener interface {
 	OnReady()
 }

+// IosDnsManager is a dns manager interface for iosß
+type IosDnsManager interface {
+	ApplyDns(string)
+}
+
 // Server is a dns server interface
 type Server interface {
-	Initialize() error
+	Initialize(manager IosDnsManager) error
 	Stop()
 	DnsIP() string
 	UpdateDNSServer(serial uint64, update nbdns.Config) error
@@ -50,6 +55,9 @@ type DefaultServer struct {
 	hostsDnsList     []string
 	hostsDnsListLock sync.Mutex

+	interfaceName string
+	wgAddr        string
+
 	// make sense on mobile only
 	searchDomainNotifier *notifier
 }
@@ -65,7 +73,7 @@ type muxUpdate struct {
 }

 // NewDefaultServer returns a new dns server
-func NewDefaultServer(ctx context.Context, wgInterface WGIface, customAddress string) (*DefaultServer, error) {
+func NewDefaultServer(ctx context.Context, wgInterface WGIface, customAddress string, interfaceName string, wgAddr string) (*DefaultServer, error) {
 	var addrPort *netip.AddrPort
 	if customAddress != "" {
 		parsedAddrPort, err := netip.ParseAddrPort(customAddress)
@@ -82,24 +90,24 @@ func NewDefaultServer(ctx context.Context, wgInterface WGIface, customAddress st
 		dnsService = newServiceViaListener(wgInterface, addrPort)
 	}

-	return newDefaultServer(ctx, wgInterface, dnsService), nil
+	return newDefaultServer(ctx, wgInterface, dnsService, interfaceName, wgAddr), nil
 }

 // NewDefaultServerPermanentUpstream returns a new dns server. It optimized for mobile systems
 func NewDefaultServerPermanentUpstream(ctx context.Context, wgInterface WGIface, hostsDnsList []string, config nbdns.Config, listener listener.NetworkChangeListener) *DefaultServer {
 	log.Debugf("host dns address list is: %v", hostsDnsList)
-	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface))
+	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface), "", "")
 	ds.permanent = true
 	ds.hostsDnsList = hostsDnsList
 	ds.addHostRootZone()
-	ds.currentConfig = dnsConfigToHostDNSConfig(config, ds.service.RuntimeIP(), ds.service.RuntimePort())
+	ds.currentConfig = dnsConfigTohostDNSConfig(config, ds.service.RuntimeIP(), ds.service.RuntimePort())
 	ds.searchDomainNotifier = newNotifier(ds.SearchDomains())
 	ds.searchDomainNotifier.setListener(listener)
 	setServerDns(ds)
 	return ds
 }

-func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService service) *DefaultServer {
+func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService service, interfaceName string, wgAddr string) *DefaultServer {
 	ctx, stop := context.WithCancel(ctx)
 	defaultServer := &DefaultServer{
 		ctx:       ctx,
@@ -109,7 +117,9 @@ func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService servi
 		localResolver: &localResolver{
 			registeredMap: make(registrationMap),
 		},
-		wgInterface: wgInterface,
+		wgInterface:   wgInterface,
+		interfaceName: interfaceName,
+		wgAddr:        wgAddr,
 	}

 	return defaultServer
@@ -124,15 +134,8 @@ func (s *DefaultServer) Initialize() (err error) {
 		return nil
 	}

-	if s.permanent {
-		err = s.service.Listen()
-		if err != nil {
-			return err
-		}
-	}
-
-	s.hostManager, err = newHostManager(s.wgInterface)
-	return
+	s.hostManager, err = s.initialize()
+	return err
 }

 // DnsIP returns the DNS resolver server IP address
@@ -252,11 +255,11 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 	if err != nil {
 		return fmt.Errorf("not applying dns update, error: %v", err)
 	}
-	muxUpdates := append(localMuxUpdates, upstreamMuxUpdates...)
+	muxUpdates := append(localMuxUpdates, upstreamMuxUpdates...) //nolint:gocritic

 	s.updateMux(muxUpdates)
 	s.updateLocalResolver(localRecords)
-	s.currentConfig = dnsConfigToHostDNSConfig(update, s.service.RuntimeIP(), s.service.RuntimePort())
+	s.currentConfig = dnsConfigTohostDNSConfig(update, s.service.RuntimeIP(), s.service.RuntimePort())

 	hostUpdate := s.currentConfig
 	if s.service.RuntimePort() != defaultPort && !s.hostManager.supportCustomPort() {
@@ -312,7 +315,7 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 			continue
 		}

-		handler := newUpstreamResolver(s.ctx)
+		handler := newUpstreamResolver(s.ctx, s.interfaceName, s.wgAddr)
 		for _, ns := range nsGroup.NameServers {
 			if ns.NSType != nbdns.UDPNameServerType {
 				log.Warnf("skipping nameserver %s with type %s, this peer supports only %s",
@@ -485,10 +488,21 @@ func (s *DefaultServer) upstreamCallbacks(
 }

 func (s *DefaultServer) addHostRootZone() {
-	handler := newUpstreamResolver(s.ctx)
+	handler := newUpstreamResolver(s.ctx, s.interfaceName, s.wgAddr)
 	handler.upstreamServers = make([]string, len(s.hostsDnsList))
 	for n, ua := range s.hostsDnsList {
-		handler.upstreamServers[n] = fmt.Sprintf("%s:53", ua)
+		a, err := netip.ParseAddr(ua)
+		if err != nil {
+			log.Errorf("invalid upstream IP address: %s, error: %s", ua, err)
+			continue
+		}
+
+		ipString := ua
+		if !a.Is4() {
+			ipString = fmt.Sprintf("[%s]", ua)
+		}
+
+		handler.upstreamServers[n] = fmt.Sprintf("%s:53", ipString)
 	}
 	handler.deactivate = func() {}
 	handler.reactivate = func() {}
--- a/client/internal/dns/server_android.go
+++ b/client/internal/dns/server_android.go
@@ -0,0 +1,10 @@
+package dns
+
+func (s *DefaultServer) initialize() (manager hostManager, err error) {
+	err = s.service.Listen()
+	if err != nil {
+		return err
+	}
+
+	return newHostManager()
+}
--- a/client/internal/dns/server_darwin.go
+++ b/client/internal/dns/server_darwin.go
@@ -0,0 +1,5 @@
+package dns
+
+func (s *DefaultServer) initialize() (manager hostManager, err error) {
+	return newHostManager()
+}
--- a/client/internal/dns/server_ios.go
+++ b/client/internal/dns/server_ios.go
@@ -0,0 +1,6 @@
+package dns
+
+func (s *DefaultServer) initialize() (manager hostManager, err error) {
+	// todo add ioDnsManager to constuctor
+	return newHostManager(m.ioDnsManager)
+}
--- a/client/internal/dns/server_linux.go
+++ b/client/internal/dns/server_linux.go
@@ -0,0 +1,5 @@
+package dns
+
+func (s *DefaultServer) initialize() (manager hostManager, err error) {
+	return newHostManager(s.wgInterface)
+}
--- a/client/internal/dns/server_test.go
+++ b/client/internal/dns/server_test.go
@@ -268,11 +268,11 @@ func TestUpdateDNSServer(t *testing.T) {
 					t.Log(err)
 				}
 			}()
-			dnsServer, err := NewDefaultServer(context.Background(), wgIface, "")
+			dnsServer, err := NewDefaultServer(context.Background(), wgIface, "", "", "")
 			if err != nil {
 				t.Fatal(err)
 			}
-			err = dnsServer.Initialize()
+			err = dnsServer.Initialize(nil)
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -322,9 +322,9 @@ func TestUpdateDNSServer(t *testing.T) {

 func TestDNSFakeResolverHandleUpdates(t *testing.T) {
 	ov := os.Getenv("NB_WG_KERNEL_DISABLED")
-	defer os.Setenv("NB_WG_KERNEL_DISABLED", ov)
+	defer t.Setenv("NB_WG_KERNEL_DISABLED", ov)

-	_ = os.Setenv("NB_WG_KERNEL_DISABLED", "true")
+	t.Setenv("NB_WG_KERNEL_DISABLED", "true")
 	newNet, err := stdnet.NewNet(nil)
 	if err != nil {
 		t.Errorf("create stdnet: %v", err)
@@ -339,7 +339,7 @@ func TestDNSFakeResolverHandleUpdates(t *testing.T) {

 	err = wgIface.Create()
 	if err != nil {
-		t.Errorf("crate and init wireguard interface: %v", err)
+		t.Errorf("create and init wireguard interface: %v", err)
 		return
 	}
 	defer func() {
@@ -368,13 +368,13 @@ func TestDNSFakeResolverHandleUpdates(t *testing.T) {
 		return
 	}

-	dnsServer, err := NewDefaultServer(context.Background(), wgIface, "")
+	dnsServer, err := NewDefaultServer(context.Background(), wgIface, "", "", "")
 	if err != nil {
 		t.Errorf("create DNS server: %v", err)
 		return
 	}

-	err = dnsServer.Initialize()
+	err = dnsServer.Initialize(nil)
 	if err != nil {
 		t.Errorf("run DNS server: %v", err)
 		return
@@ -463,7 +463,7 @@ func TestDNSServerStartStop(t *testing.T) {

 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			dnsServer, err := NewDefaultServer(context.Background(), &mocWGIface{}, testCase.addrPort)
+			dnsServer, err := NewDefaultServer(context.Background(), &mocWGIface{}, testCase.addrPort, "", "")
 			if err != nil {
 				t.Fatalf("%v", err)
 			}
@@ -595,7 +595,7 @@ func TestDNSPermanent_updateHostDNS_emptyUpstream(t *testing.T) {
 	var dnsList []string
 	dnsConfig := nbdns.Config{}
 	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, dnsList, dnsConfig, nil)
-	err = dnsServer.Initialize()
+	err = dnsServer.Initialize(nil)
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
 		return
@@ -619,7 +619,7 @@ func TestDNSPermanent_updateUpstream(t *testing.T) {
 	defer wgIFace.Close()
 	dnsConfig := nbdns.Config{}
 	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil)
-	err = dnsServer.Initialize()
+	err = dnsServer.Initialize(nil)
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
 		return
@@ -711,7 +711,7 @@ func TestDNSPermanent_matchOnly(t *testing.T) {
 	defer wgIFace.Close()
 	dnsConfig := nbdns.Config{}
 	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil)
-	err = dnsServer.Initialize()
+	err = dnsServer.Initialize(nil)
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
 		return
@@ -771,10 +771,11 @@ func TestDNSPermanent_matchOnly(t *testing.T) {
 }

 func createWgInterfaceWithBind(t *testing.T) (*iface.WGIface, error) {
+	t.Helper()
 	ov := os.Getenv("NB_WG_KERNEL_DISABLED")
-	defer os.Setenv("NB_WG_KERNEL_DISABLED", ov)
+	defer t.Setenv("NB_WG_KERNEL_DISABLED", ov)

-	_ = os.Setenv("NB_WG_KERNEL_DISABLED", "true")
+	t.Setenv("NB_WG_KERNEL_DISABLED", "true")
 	newNet, err := stdnet.NewNet(nil)
 	if err != nil {
 		t.Fatalf("create stdnet: %v", err)
@@ -789,7 +790,7 @@ func createWgInterfaceWithBind(t *testing.T) (*iface.WGIface, error) {

 	err = wgIface.Create()
 	if err != nil {
-		t.Fatalf("crate and init wireguard interface: %v", err)
+		t.Fatalf("create and init wireguard interface: %v", err)
 		return nil, err
 	}

--- a/client/internal/dns/server_windows.go
+++ b/client/internal/dns/server_windows.go
@@ -0,0 +1,5 @@
+package dns
+
+func (s *DefaultServer) initialize() (manager hostManager, err error) {
+	return newHostManager(s.wgInterface)
+}
--- a/client/internal/dns/upstream.go
+++ b/client/internal/dns/upstream.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"runtime"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -35,20 +36,50 @@ type upstreamResolver struct {
 	mutex            sync.Mutex
 	reactivatePeriod time.Duration
 	upstreamTimeout  time.Duration
+	lIP              net.IP
+	lNet             *net.IPNet
+	lName            string
+	iIndex           int

 	deactivate func()
 	reactivate func()
 }

-func newUpstreamResolver(parentCTX context.Context) *upstreamResolver {
+func getInterfaceIndex(interfaceName string) (int, error) {
+	iface, err := net.InterfaceByName(interfaceName)
+	if err != nil {
+		log.Errorf("unable to get interface by name error: %s", err)
+		return 0, err
+	}
+
+	return iface.Index, nil
+}
+
+func newUpstreamResolver(parentCTX context.Context, interfaceName string, wgAddr string) *upstreamResolver {
 	ctx, cancel := context.WithCancel(parentCTX)
+
+	// Specify the local IP address you want to bind to
+	localIP, localNet, err := net.ParseCIDR(wgAddr) // Should be our interface IP
+	if err != nil {
+		log.Errorf("error while parsing CIDR: %s", err)
+	}
+	index, err := getInterfaceIndex(interfaceName)
+
+	if err != nil {
+		log.Debugf("unable to get interface index for %s: %s", interfaceName, err)
+	}
+	localIFaceIndex := index // Should be our interface index
+
 	return &upstreamResolver{
 		ctx:              ctx,
 		cancel:           cancel,
-		upstreamClient:   &dns.Client{},
 		upstreamTimeout:  upstreamTimeout,
 		reactivatePeriod: reactivatePeriod,
 		failsTillDeact:   failsTillDeact,
+		lIP:              localIP,
+		lNet:             localNet,
+		iIndex:           localIFaceIndex,
+		lName:            interfaceName,
 	}
 }

@@ -70,26 +101,57 @@ func (u *upstreamResolver) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 	}

 	for _, upstream := range u.upstreamServers {
-		ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
-		rm, t, err := u.upstreamClient.ExchangeContext(ctx, r, upstream)
+		var (
+			exchangeErr error
+			t           time.Duration
+			rm          *dns.Msg
+		)

-		cancel()
+		upstreamExchangeClient := &dns.Client{}
+		if runtime.GOOS != "ios" {
+			ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
+			rm, t, exchangeErr = upstreamExchangeClient.ExchangeContext(ctx, r, upstream)
+			cancel()
+		} else {
+			upstreamHost, _, err := net.SplitHostPort(upstream)
+			if err != nil {
+				log.Errorf("error while parsing upstream host: %s", err)
+				return
+			}
+			upstreamIP := net.ParseIP(upstreamHost)
+			if u.lNet.Contains(upstreamIP) || net.IP.IsPrivate(upstreamIP) {
+				upstreamExchangeClient = u.getClientPrivate()
+			}
+			rm, t, exchangeErr = upstreamExchangeClient.Exchange(r, upstream)
+		}

-		if err != nil {
-			if err == context.DeadlineExceeded || isTimeout(err) {
-				log.WithError(err).WithField("upstream", upstream).
+		if exchangeErr != nil {
+			if exchangeErr == context.DeadlineExceeded || isTimeout(exchangeErr) {
+				log.WithError(exchangeErr).WithField("upstream", upstream).
 					Warn("got an error while connecting to upstream")
 				continue
 			}
 			u.failsCount.Add(1)
-			log.WithError(err).WithField("upstream", upstream).
-				Error("got an error while querying the upstream")
+			log.WithError(exchangeErr).WithField("upstream", upstream).
+				Error("got other error while querying the upstream")
+			return
+		}
+
+		if rm == nil {
+			log.WithError(exchangeErr).WithField("upstream", upstream).
+				Warn("no response from upstream")
+			return
+		}
+		// those checks need to be independent of each other due to memory address issues
+		if !rm.Response {
+			log.WithError(exchangeErr).WithField("upstream", upstream).
+				Warn("no response from upstream")
 			return
 		}

 		log.Tracef("took %s to query the upstream %s", t, upstream)

-		err = w.WriteMsg(rm)
+		err := w.WriteMsg(rm)
 		if err != nil {
 			log.WithError(err).Error("got an error while writing the upstream resolver response")
 		}
@@ -118,6 +180,7 @@ func (u *upstreamResolver) checkUpstreamFails() {
 	case <-u.ctx.Done():
 		return
 	default:
+		// todo test the deactivation logic, it seems to affect the client
 		log.Warnf("upstream resolving is disabled for %v", reactivatePeriod)
 		u.deactivate()
 		u.disabled = true
--- a/client/internal/dns/upstream_ios.go
+++ b/client/internal/dns/upstream_ios.go
@@ -0,0 +1,44 @@
+//go:build ios
+
+package dns
+
+import (
+	"net"
+	"syscall"
+
+	"github.com/miekg/dns"
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+)
+
+// getClientPrivate returns a new DNS client bound to the local IP address of the Netbird interface
+// This method is needed for iOS
+func (u *upstreamResolver) getClientPrivate() *dns.Client {
+	dialer := &net.Dialer{
+		LocalAddr: &net.UDPAddr{
+			IP:   u.lIP,
+			Port: 0, // Let the OS pick a free port
+		},
+		Timeout: upstreamTimeout,
+		Control: func(network, address string, c syscall.RawConn) error {
+			var operr error
+			fn := func(s uintptr) {
+				operr = unix.SetsockoptInt(int(s), unix.IPPROTO_IP, unix.IP_BOUND_IF, u.iIndex)
+			}
+
+			if err := c.Control(fn); err != nil {
+				return err
+			}
+
+			if operr != nil {
+				log.Errorf("error while setting socket option: %s", operr)
+			}
+
+			return operr
+		},
+	}
+	client := &dns.Client{
+		Dialer: dialer,
+	}
+	return client
+}
--- a/client/internal/dns/upstream_nonios.go
+++ b/client/internal/dns/upstream_nonios.go
@@ -0,0 +1,19 @@
+//go:build !ios
+
+package dns
+
+import (
+	"net"
+
+	"github.com/miekg/dns"
+)
+
+// getClientPrivate returns a new DNS client bound to the local IP address of the Netbird interface
+// This method is needed for iOS
+func (u *upstreamResolver) getClientPrivate() *dns.Client {
+	dialer := &net.Dialer{}
+	client := &dns.Client{
+		Dialer: dialer,
+	}
+	return client
+}
--- a/client/internal/dns/upstream_test.go
+++ b/client/internal/dns/upstream_test.go
@@ -49,15 +49,15 @@ func TestUpstreamResolver_ServeDNS(t *testing.T) {
 			timeout:             upstreamTimeout,
 			responseShouldBeNil: true,
 		},
-		//{
+		// {
 		//	name:        "Should Resolve CNAME Record",
 		//	inputMSG:    new(dns.Msg).SetQuestion("one.one.one.one", dns.TypeCNAME),
-		//},
-		//{
+		// },
+		// {
 		//	name:                "Should Not Write When Not Found A Record",
 		//	inputMSG:            new(dns.Msg).SetQuestion("not.found.com", dns.TypeA),
 		//	responseShouldBeNil: true,
-		//},
+		// },
 	}
 	// should resolve if first upstream times out
 	// should not write when both fails
@@ -66,7 +66,7 @@ func TestUpstreamResolver_ServeDNS(t *testing.T) {
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
 			ctx, cancel := context.WithCancel(context.TODO())
-			resolver := newUpstreamResolver(ctx)
+			resolver := newUpstreamResolver(ctx, "", "")
 			resolver.upstreamServers = testCase.InputServers
 			resolver.upstreamTimeout = testCase.timeout
 			if testCase.cancelCTX {
--- a/client/internal/ebpf/ebpf/manager_linux.go
+++ b/client/internal/ebpf/ebpf/manager_linux.go
@@ -50,7 +50,7 @@ func GetEbpfManagerInstance() manager.Manager {
 }

 func (tf *GeneralManager) setFeatureFlag(feature uint16) {
-	tf.featureFlags = tf.featureFlags | feature
+	tf.featureFlags |= feature
 }

 func (tf *GeneralManager) loadXdp() error {
--- a/client/internal/ebpf/ebpf/manager_linux_test.go
+++ b/client/internal/ebpf/ebpf/manager_linux_test.go
@@ -8,12 +8,12 @@ func TestManager_setFeatureFlag(t *testing.T) {
 	mgr := GeneralManager{}
 	mgr.setFeatureFlag(featureFlagWGProxy)
 	if mgr.featureFlags != 1 {
-		t.Errorf("invalid faeture state")
+		t.Errorf("invalid feature state")
 	}

 	mgr.setFeatureFlag(featureFlagDnsForwarder)
 	if mgr.featureFlags != 3 {
-		t.Errorf("invalid faeture state")
+		t.Errorf("invalid feature state")
 	}
 }

@@ -27,7 +27,7 @@ func TestManager_unsetFeatureFlag(t *testing.T) {
 		t.Errorf("unexpected error: %s", err)
 	}
 	if mgr.featureFlags != 2 {
-		t.Errorf("invalid faeture state, expected: %d, got: %d", 2, mgr.featureFlags)
+		t.Errorf("invalid feature state, expected: %d, got: %d", 2, mgr.featureFlags)
 	}

 	err = mgr.unsetFeatureFlag(featureFlagDnsForwarder)
@@ -35,6 +35,6 @@ func TestManager_unsetFeatureFlag(t *testing.T) {
 		t.Errorf("unexpected error: %s", err)
 	}
 	if mgr.featureFlags != 0 {
-		t.Errorf("invalid faeture state, expected: %d, got: %d", 0, mgr.featureFlags)
+		t.Errorf("invalid feature state, expected: %d, got: %d", 0, mgr.featureFlags)
 	}
 }
--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@@ -204,27 +204,28 @@ func (e *Engine) Start() error {
 			e.dnsServer = dns.NewDefaultServerPermanentUpstream(e.ctx, e.wgInterface, e.mobileDep.HostDNSAddresses, *dnsConfig, e.mobileDep.NetworkChangeListener)
 			go e.mobileDep.DnsReadyListener.OnReady()
 		}
-	} else {
-		// todo fix custom address
-		if e.dnsServer == nil {
-			e.dnsServer, err = dns.NewDefaultServer(e.ctx, e.wgInterface, e.config.CustomDNSAddress)
-			if err != nil {
-				e.close()
-				return err
-			}
+	} else if e.dnsServer == nil {
+		e.dnsServer, err = dns.NewDefaultServer(e.ctx, e.wgInterface, e.config.CustomDNSAddress, e.mobileDep.InterfaceName, wgAddr)
+		if err != nil {
+			e.close()
+			return err
 		}
 	}

 	e.routeManager = routemanager.NewManager(e.ctx, e.config.WgPrivateKey.PublicKey().String(), e.wgInterface, e.statusRecorder, routes)
 	e.routeManager.SetRouteChangeListener(e.mobileDep.NetworkChangeListener)

-	if runtime.GOOS == "android" {
-		err = e.wgInterface.CreateOnMobile(iface.MobileIFaceArguments{
+	switch runtime.GOOS {
+	case "android":
+		err = e.wgInterface.CreateOnAndroid(iface.MobileIFaceArguments{
 			Routes:        e.routeManager.InitialRouteRange(),
 			Dns:           e.dnsServer.DnsIP(),
 			SearchDomains: e.dnsServer.SearchDomains(),
 		})
-	} else {
+	case "ios":
+		e.mobileDep.NetworkChangeListener.SetInterfaceIP(wgAddr)
+		err = e.wgInterface.CreateOniOS(e.mobileDep.FileDescriptor)
+	default:
 		err = e.wgInterface.Create()
 	}
 	if err != nil {
@@ -266,7 +267,11 @@ func (e *Engine) Start() error {
 		e.acl = acl
 	}

-	err = e.dnsServer.Initialize()
+	if runtime.GOOS == "ios" {
+		err = e.dnsServer.Initialize(e.mobileDep.DnsManager)
+	} else {
+		err = e.dnsServer.Initialize(nil)
+	}
 	if err != nil {
 		e.close()
 		return err
@@ -468,7 +473,7 @@ func (e *Engine) updateSSH(sshConf *mgmProto.SSHConfig) error {
 		}
 		// start SSH server if it wasn't running
 		if isNil(e.sshServer) {
-			//nil sshServer means it has not yet been started
+			// nil sshServer means it has not yet been started
 			var err error
 			e.sshServer, err = e.sshServerFunc(e.config.SSHKey,
 				fmt.Sprintf("%s:%d", e.wgInterface.Address().IP.String(), nbssh.DefaultSSHPort))
@@ -490,15 +495,13 @@ func (e *Engine) updateSSH(sshConf *mgmProto.SSHConfig) error {
 		} else {
 			log.Debugf("SSH server is already running")
 		}
-	} else {
+	} else if !isNil(e.sshServer) {
 		// Disable SSH server request, so stop it if it was running
-		if !isNil(e.sshServer) {
-			err := e.sshServer.Stop()
-			if err != nil {
-				log.Warnf("failed to stop SSH server %v", err)
-			}
-			e.sshServer = nil
+		err := e.sshServer.Stop()
+		if err != nil {
+			log.Warnf("failed to stop SSH server %v", err)
 		}
+		e.sshServer = nil
 	}
 	return nil
 }
@@ -640,7 +643,7 @@ func (e *Engine) updateNetworkMap(networkMap *mgmProto.NetworkMap) error {
 				if config.GetSshConfig() != nil && config.GetSshConfig().GetSshPubKey() != nil {
 					err := e.sshServer.AddAuthorizedKey(config.WgPubKey, string(config.GetSshConfig().GetSshPubKey()))
 					if err != nil {
-						log.Warnf("failed adding authroized key to SSH DefaultServer %v", err)
+						log.Warnf("failed adding authorized key to SSH DefaultServer %v", err)
 					}
 				}
 			}
--- a/client/internal/engine_test.go
+++ b/client/internal/engine_test.go
@@ -869,7 +869,7 @@ loop:
 		case <-ticker.C:
 			totalConnected := 0
 			for _, engine := range engines {
-				totalConnected = totalConnected + getConnectedPeers(engine)
+				totalConnected += getConnectedPeers(engine)
 			}
 			if totalConnected == expectedConnected {
 				log.Infof("total connected=%d", totalConnected)
@@ -1044,7 +1044,7 @@ func startManagement(dataDir string) (*grpc.Server, string, error) {
 		return nil, "", err
 	}

-	peersUpdateManager := server.NewPeersUpdateManager()
+	peersUpdateManager := server.NewPeersUpdateManager(nil)
 	eventStore := &activity.InMemoryEventStore{}
 	if err != nil {
 		return nil, "", err
--- a/client/internal/listener/network_change.go
+++ b/client/internal/listener/network_change.go
@@ -3,5 +3,6 @@ package listener
 // NetworkChangeListener is a callback interface for mobile system
 type NetworkChangeListener interface {
 	// OnNetworkChanged invoke when network settings has been changed
-	OnNetworkChanged()
+	OnNetworkChanged(string)
+	SetInterfaceIP(string)
 }
--- a/client/internal/mobile_dependency.go
+++ b/client/internal/mobile_dependency.go
@@ -14,4 +14,7 @@ type MobileDependency struct {
 	NetworkChangeListener listener.NetworkChangeListener
 	HostDNSAddresses      []string
 	DnsReadyListener      dns.ReadyListener
+	DnsManager            dns.IosDnsManager
+	FileDescriptor        int32
+	InterfaceName         string
 }
--- a/client/internal/peer/conn.go
+++ b/client/internal/peer/conn.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net"
+	"runtime"
 	"strings"
 	"sync"
 	"time"
@@ -225,6 +226,10 @@ func (conn *Conn) candidateTypes() []ice.CandidateType {
 	if hasICEForceRelayConn() {
 		return []ice.CandidateType{ice.CandidateTypeRelay}
 	}
+	// TODO: remove this once we have refactored userspace proxy into the bind package
+	if runtime.GOOS == "ios" {
+		return []ice.CandidateType{ice.CandidateTypeHost, ice.CandidateTypeServerReflexive}
+	}
 	return []ice.CandidateType{ice.CandidateTypeHost, ice.CandidateTypeServerReflexive, ice.CandidateTypeRelay}
 }

@@ -242,7 +247,7 @@ func (conn *Conn) Open() error {
 	}
 	err := conn.statusRecorder.UpdatePeerState(peerState)
 	if err != nil {
-		log.Warnf("erro while updating the state of peer %s,err: %v", conn.config.Key, err)
+		log.Warnf("error while updating the state of peer %s,err: %v", conn.config.Key, err)
 	}

 	defer func() {
@@ -301,7 +306,7 @@ func (conn *Conn) Open() error {
 	}
 	err = conn.statusRecorder.UpdatePeerState(peerState)
 	if err != nil {
-		log.Warnf("erro while updating the state of peer %s,err: %v", conn.config.Key, err)
+		log.Warnf("error while updating the state of peer %s,err: %v", conn.config.Key, err)
 	}

 	err = conn.agent.GatherCandidates()
@@ -464,7 +469,7 @@ func (conn *Conn) cleanup() error {
 	err := conn.statusRecorder.UpdatePeerState(peerState)
 	if err != nil {
 		// pretty common error because by that time Engine can already remove the peer and status won't be available.
-		//todo rethink status updates
+		// todo rethink status updates
 		log.Debugf("error while updating peer's %s state, err: %v", conn.config.Key, err)
 	}

--- a/client/internal/peer/status.go
+++ b/client/internal/peer/status.go
@@ -174,13 +174,13 @@ func (d *Status) UpdatePeerState(receivedState State) error {
 	return nil
 }

-func shouldSkipNotify(new, curr State) bool {
+func shouldSkipNotify(received, curr State) bool {
 	switch {
-	case new.ConnStatus == StatusConnecting:
+	case received.ConnStatus == StatusConnecting:
 		return true
-	case new.ConnStatus == StatusDisconnected && curr.ConnStatus == StatusConnecting:
+	case received.ConnStatus == StatusDisconnected && curr.ConnStatus == StatusConnecting:
 		return true
-	case new.ConnStatus == StatusDisconnected && curr.ConnStatus == StatusDisconnected:
+	case received.ConnStatus == StatusDisconnected && curr.ConnStatus == StatusDisconnected:
 		return curr.IP != ""
 	default:
 		return false
--- a/client/internal/routemanager/client.go
+++ b/client/internal/routemanager/client.go
@@ -12,6 +12,8 @@ import (
 	"github.com/netbirdio/netbird/route"
 )

+const minRangeBits = 7
+
 type routerPeerStatus struct {
 	connected bool
 	relayed   bool
--- a/client/internal/routemanager/firewall_ios.go
+++ b/client/internal/routemanager/firewall_ios.go
@@ -0,0 +1,31 @@
+//go:build ios
+
+package routemanager
+
+import (
+	"context"
+)
+
+// newFirewall returns a nil manager
+func newFirewall(context.Context) (firewallManager, error) {
+	return iOSFirewallManager{}, nil
+}
+
+type iOSFirewallManager struct {
+}
+
+func (i iOSFirewallManager) RestoreOrCreateContainers() error {
+	return nil
+}
+
+func (i iOSFirewallManager) InsertRoutingRules(pair routerPair) error {
+	return nil
+}
+
+func (i iOSFirewallManager) RemoveRoutingRules(pair routerPair) error {
+	return nil
+}
+
+func (i iOSFirewallManager) CleanRoutingRules() {
+	return
+}
--- a/client/internal/routemanager/firewall_nonlinux.go
+++ b/client/internal/routemanager/firewall_nonlinux.go
@@ -1,5 +1,5 @@
-//go:build !linux
-// +build !linux
+//go:build !linux && !ios
+// +build !linux,!ios

 package routemanager

--- a/client/internal/routemanager/iptables_linux.go
+++ b/client/internal/routemanager/iptables_linux.go
@@ -173,7 +173,7 @@ func (i *iptablesManager) addJumpRules() error {
 		return err
 	}
 	if i.ipv4Client != nil {
-		rule := append(iptablesDefaultForwardingRule, ipv4Forwarding)
+		rule := append(iptablesDefaultForwardingRule, ipv4Forwarding) //nolint:gocritic

 		err = i.ipv4Client.Insert(iptablesFilterTable, iptablesForwardChain, 1, rule...)
 		if err != nil {
@@ -181,7 +181,7 @@ func (i *iptablesManager) addJumpRules() error {
 		}
 		i.rules[ipv4][ipv4Forwarding] = rule

-		rule = append(iptablesDefaultNatRule, ipv4Nat)
+		rule = append(iptablesDefaultNatRule, ipv4Nat) //nolint:gocritic
 		err = i.ipv4Client.Insert(iptablesNatTable, iptablesPostRoutingChain, 1, rule...)
 		if err != nil {
 			return err
@@ -190,14 +190,14 @@ func (i *iptablesManager) addJumpRules() error {
 	}

 	if i.ipv6Client != nil {
-		rule := append(iptablesDefaultForwardingRule, ipv6Forwarding)
+		rule := append(iptablesDefaultForwardingRule, ipv6Forwarding) //nolint:gocritic
 		err = i.ipv6Client.Insert(iptablesFilterTable, iptablesForwardChain, 1, rule...)
 		if err != nil {
 			return err
 		}
 		i.rules[ipv6][ipv6Forwarding] = rule

-		rule = append(iptablesDefaultNatRule, ipv6Nat)
+		rule = append(iptablesDefaultNatRule, ipv6Nat) //nolint:gocritic
 		err = i.ipv6Client.Insert(iptablesNatTable, iptablesPostRoutingChain, 1, rule...)
 		if err != nil {
 			return err
--- a/client/internal/routemanager/manager.go
+++ b/client/internal/routemanager/manager.go
@@ -155,7 +155,7 @@ func (m *DefaultManager) classifiesRoutes(newRoutes []*route.Route) (map[string]
 		if !ownNetworkIDs[networkID] {
 			// if prefix is too small, lets assume is a possible default route which is not yet supported
 			// we skip this route management
-			if newRoute.Network.Bits() < 7 {
+			if newRoute.Network.Bits() < minRangeBits {
 				log.Errorf("this agent version: %s, doesn't support default routes, received %s, skipping this route",
 					version.NetbirdVersion(), newRoute.Network)
 				continue
--- a/client/internal/routemanager/nftables_linux.go
+++ b/client/internal/routemanager/nftables_linux.go
@@ -300,7 +300,7 @@ func (n *nftablesManager) acceptForwardRule(sourceNetwork string) error {
 	dst := generateCIDRMatcherExpressions("destination", "0.0.0.0/0")

 	var exprs []expr.Any
-	exprs = append(src, append(dst, &expr.Verdict{
+	exprs = append(src, append(dst, &expr.Verdict{ //nolint:gocritic
 		Kind: expr.VerdictAccept,
 	})...)

@@ -322,7 +322,7 @@ func (n *nftablesManager) acceptForwardRule(sourceNetwork string) error {
 	src = generateCIDRMatcherExpressions("source", "0.0.0.0/0")
 	dst = generateCIDRMatcherExpressions("destination", sourceNetwork)

-	exprs = append(src, append(dst, &expr.Verdict{
+	exprs = append(src, append(dst, &expr.Verdict{ //nolint:gocritic
 		Kind: expr.VerdictAccept,
 	})...)

@@ -421,9 +421,9 @@ func (n *nftablesManager) insertRoutingRule(format, chain string, pair routerPai

 	var expression []expr.Any
 	if isNat {
-		expression = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
+		expression = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
 	} else {
-		expression = append(sourceExp, append(destExp, exprCounterAccept...)...)
+		expression = append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
 	}

 	ruleKey := genKey(format, pair.ID)
--- a/client/internal/routemanager/nftables_linux_test.go
+++ b/client/internal/routemanager/nftables_linux_test.go
@@ -44,7 +44,7 @@ func TestNftablesManager_RestoreOrCreateContainers(t *testing.T) {
 	sourceExp := generateCIDRMatcherExpressions("source", pair.source)
 	destExp := generateCIDRMatcherExpressions("destination", pair.destination)

-	forward4Exp := append(sourceExp, append(destExp, exprCounterAccept...)...)
+	forward4Exp := append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
 	forward4RuleKey := genKey(forwardingFormat, pair.ID)
 	inserted4Forwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
 		Table:    manager.tableIPv4,
@@ -53,7 +53,7 @@ func TestNftablesManager_RestoreOrCreateContainers(t *testing.T) {
 		UserData: []byte(forward4RuleKey),
 	})

-	nat4Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
+	nat4Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
 	nat4RuleKey := genKey(natFormat, pair.ID)

 	inserted4Nat := nftablesTestingClient.InsertRule(&nftables.Rule{
@@ -76,7 +76,7 @@ func TestNftablesManager_RestoreOrCreateContainers(t *testing.T) {
 	sourceExp = generateCIDRMatcherExpressions("source", pair.source)
 	destExp = generateCIDRMatcherExpressions("destination", pair.destination)

-	forward6Exp := append(sourceExp, append(destExp, exprCounterAccept...)...)
+	forward6Exp := append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
 	forward6RuleKey := genKey(forwardingFormat, pair.ID)
 	inserted6Forwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
 		Table:    manager.tableIPv6,
@@ -85,7 +85,7 @@ func TestNftablesManager_RestoreOrCreateContainers(t *testing.T) {
 		UserData: []byte(forward6RuleKey),
 	})

-	nat6Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
+	nat6Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
 	nat6RuleKey := genKey(natFormat, pair.ID)

 	inserted6Nat := nftablesTestingClient.InsertRule(&nftables.Rule{
@@ -149,7 +149,7 @@ func TestNftablesManager_InsertRoutingRules(t *testing.T) {

 			sourceExp := generateCIDRMatcherExpressions("source", testCase.inputPair.source)
 			destExp := generateCIDRMatcherExpressions("destination", testCase.inputPair.destination)
-			testingExpression := append(sourceExp, destExp...)
+			testingExpression := append(sourceExp, destExp...) //nolint:gocritic
 			fwdRuleKey := genKey(forwardingFormat, testCase.inputPair.ID)

 			found := 0
@@ -188,7 +188,7 @@ func TestNftablesManager_InsertRoutingRules(t *testing.T) {

 			sourceExp = generateCIDRMatcherExpressions("source", getInPair(testCase.inputPair).source)
 			destExp = generateCIDRMatcherExpressions("destination", getInPair(testCase.inputPair).destination)
-			testingExpression = append(sourceExp, destExp...)
+			testingExpression = append(sourceExp, destExp...) //nolint:gocritic
 			inFwdRuleKey := genKey(inForwardingFormat, testCase.inputPair.ID)

 			found = 0
@@ -252,7 +252,7 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 			sourceExp := generateCIDRMatcherExpressions("source", testCase.inputPair.source)
 			destExp := generateCIDRMatcherExpressions("destination", testCase.inputPair.destination)

-			forwardExp := append(sourceExp, append(destExp, exprCounterAccept...)...)
+			forwardExp := append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
 			forwardRuleKey := genKey(forwardingFormat, testCase.inputPair.ID)
 			insertedForwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
 				Table:    table,
@@ -261,7 +261,7 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 				UserData: []byte(forwardRuleKey),
 			})

-			natExp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
+			natExp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
 			natRuleKey := genKey(natFormat, testCase.inputPair.ID)

 			insertedNat := nftablesTestingClient.InsertRule(&nftables.Rule{
@@ -274,7 +274,7 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 			sourceExp = generateCIDRMatcherExpressions("source", getInPair(testCase.inputPair).source)
 			destExp = generateCIDRMatcherExpressions("destination", getInPair(testCase.inputPair).destination)

-			forwardExp = append(sourceExp, append(destExp, exprCounterAccept...)...)
+			forwardExp = append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
 			inForwardRuleKey := genKey(inForwardingFormat, testCase.inputPair.ID)
 			insertedInForwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
 				Table:    table,
@@ -283,7 +283,7 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 				UserData: []byte(inForwardRuleKey),
 			})

-			natExp = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
+			natExp = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
 			inNatRuleKey := genKey(inNatFormat, testCase.inputPair.ID)

 			insertedInNat := nftablesTestingClient.InsertRule(&nftables.Rule{
--- a/client/internal/routemanager/notifier.go
+++ b/client/internal/routemanager/notifier.go
@@ -2,6 +2,7 @@ package routemanager

 import (
 	"sort"
+	"strings"
 	"sync"

 	"github.com/netbirdio/netbird/client/internal/listener"
@@ -50,9 +51,6 @@ func (n *notifier) onNewRoutes(idMap map[string][]*route.Route) {

 	n.routeRangers = newNets

-	if !n.hasDiff(n.initialRouteRangers, newNets) {
-		return
-	}
 	n.notify()
 }

@@ -64,7 +62,7 @@ func (n *notifier) notify() {
 	}

 	go func(l listener.NetworkChangeListener) {
-		l.OnNetworkChanged()
+		l.OnNetworkChanged(strings.Join(n.routeRangers, ","))
 	}(n.listener)
 }

--- a/client/internal/routemanager/server_android.go
+++ b/client/internal/routemanager/server_android.go
@@ -1,3 +1,5 @@
+//go:build android
+
 package routemanager

 import (
--- a/client/internal/routemanager/systemops_bsd.go
+++ b/client/internal/routemanager/systemops_bsd.go
@@ -27,24 +27,24 @@ const (
 	RTF_MULTICAST = 0x800000
 )

-func existsInRouteTable(prefix netip.Prefix) (bool, error) {
+func getRoutesFromTable() ([]netip.Prefix, error) {
 	tab, err := route.FetchRIB(syscall.AF_UNSPEC, route.RIBTypeRoute, 0)
 	if err != nil {
-		return false, err
+		return nil, err
 	}
 	msgs, err := route.ParseRIB(route.RIBTypeRoute, tab)
 	if err != nil {
-		return false, err
+		return nil, err
 	}
-
+	var prefixList []netip.Prefix
 	for _, msg := range msgs {
 		m := msg.(*route.RouteMessage)

 		if m.Version < 3 || m.Version > 5 {
-			return false, fmt.Errorf("unexpected RIB message version: %d", m.Version)
+			return nil, fmt.Errorf("unexpected RIB message version: %d", m.Version)
 		}
 		if m.Type != 4 /* RTM_GET */ {
-			return true, fmt.Errorf("unexpected RIB message type: %d", m.Type)
+			return nil, fmt.Errorf("unexpected RIB message type: %d", m.Type)
 		}

 		if m.Flags&RTF_UP == 0 ||
@@ -52,31 +52,42 @@ func existsInRouteTable(prefix netip.Prefix) (bool, error) {
 			continue
 		}

-		dst, err := toIPAddr(m.Addrs[0])
-		if err != nil {
-			return true, fmt.Errorf("unexpected RIB destination: %v", err)
+		addr, ok := toNetIPAddr(m.Addrs[0])
+		if !ok {
+			continue
 		}

-		mask, _ := toIPAddr(m.Addrs[2])
-		cidr, _ := net.IPMask(mask.To4()).Size()
-		if dst.String() == prefix.Addr().String() && cidr == prefix.Bits() {
-			return true, nil
+		mask, ok := toNetIPMASK(m.Addrs[2])
+		if !ok {
+			continue
+		}
+		cidr, _ := mask.Size()
+
+		routePrefix := netip.PrefixFrom(addr, cidr)
+		if routePrefix.IsValid() {
+			prefixList = append(prefixList, routePrefix)
 		}
 	}
-
-	return false, nil
+	return prefixList, nil
 }

-func toIPAddr(a route.Addr) (net.IP, error) {
+func toNetIPAddr(a route.Addr) (netip.Addr, bool) {
 	switch t := a.(type) {
 	case *route.Inet4Addr:
 		ip := net.IPv4(t.IP[0], t.IP[1], t.IP[2], t.IP[3])
-		return ip, nil
-	case *route.Inet6Addr:
-		ip := make(net.IP, net.IPv6len)
-		copy(ip, t.IP[:])
-		return ip, nil
+		addr := netip.MustParseAddr(ip.String())
+		return addr, true
 	default:
-		return net.IP{}, fmt.Errorf("unknown family: %v", t)
+		return netip.Addr{}, false
+	}
+}
+
+func toNetIPMASK(a route.Addr) (net.IPMask, bool) {
+	switch t := a.(type) {
+	case *route.Inet4Addr:
+		mask := net.IPv4Mask(t.IP[0], t.IP[1], t.IP[2], t.IP[3])
+		return mask, true
+	default:
+		return nil, false
 	}
 }
--- a/client/internal/routemanager/systemops_ios.go
+++ b/client/internal/routemanager/systemops_ios.go
@@ -0,0 +1,15 @@
+//go:build ios
+
+package routemanager
+
+import (
+	"net/netip"
+)
+
+func addToRouteTableIfNoExists(prefix netip.Prefix, addr string) error {
+	return nil
+}
+
+func removeFromRouteTableIfNonSystem(prefix netip.Prefix, addr string) error {
+	return nil
+}
--- a/client/internal/routemanager/systemops_linux.go
+++ b/client/internal/routemanager/systemops_linux.go
@@ -60,15 +60,26 @@ func addToRouteTable(prefix netip.Prefix, addr string) error {
 	return nil
 }

-func removeFromRouteTable(prefix netip.Prefix) error {
+func removeFromRouteTable(prefix netip.Prefix, addr string) error {
 	_, ipNet, err := net.ParseCIDR(prefix.String())
 	if err != nil {
 		return err
 	}

+	addrMask := "/32"
+	if prefix.Addr().Unmap().Is6() {
+		addrMask = "/128"
+	}
+
+	ip, _, err := net.ParseCIDR(addr + addrMask)
+	if err != nil {
+		return err
+	}
+
 	route := &netlink.Route{
 		Scope: netlink.SCOPE_UNIVERSE,
 		Dst:   ipNet,
+		Gw:    ip,
 	}

 	err = netlink.RouteDel(route)
@@ -79,15 +90,16 @@ func removeFromRouteTable(prefix netip.Prefix) error {
 	return nil
 }

-func existsInRouteTable(prefix netip.Prefix) (bool, error) {
+func getRoutesFromTable() ([]netip.Prefix, error) {
 	tab, err := syscall.NetlinkRIB(syscall.RTM_GETROUTE, syscall.AF_UNSPEC)
 	if err != nil {
-		return true, err
+		return nil, err
 	}
 	msgs, err := syscall.ParseNetlinkMessage(tab)
 	if err != nil {
-		return true, err
+		return nil, err
 	}
+	var prefixList []netip.Prefix
 loop:
 	for _, m := range msgs {
 		switch m.Header.Type {
@@ -95,9 +107,10 @@ loop:
 			break loop
 		case syscall.RTM_NEWROUTE:
 			rt := (*routeInfoInMemory)(unsafe.Pointer(&m.Data[0]))
-			attrs, err := syscall.ParseNetlinkRouteAttr(&m)
+			msg := m
+			attrs, err := syscall.ParseNetlinkRouteAttr(&msg)
 			if err != nil {
-				return true, err
+				return nil, err
 			}
 			if rt.Family != syscall.AF_INET {
 				continue loop
@@ -105,17 +118,21 @@ loop:

 			for _, attr := range attrs {
 				if attr.Attr.Type == syscall.RTA_DST {
-					ip := net.IP(attr.Value)
+					addr, ok := netip.AddrFromSlice(attr.Value)
+					if !ok {
+						continue
+					}
 					mask := net.CIDRMask(int(rt.DstLen), len(attr.Value)*8)
 					cidr, _ := mask.Size()
-					if ip.String() == prefix.Addr().String() && cidr == prefix.Bits() {
-						return true, nil
+					routePrefix := netip.PrefixFrom(addr, cidr)
+					if routePrefix.IsValid() && routePrefix.Addr().Is4() {
+						prefixList = append(prefixList, routePrefix)
 					}
 				}
 			}
 		}
 	}
-	return false, nil
+	return prefixList, nil
 }

 func enableIPForwarding() error {
@@ -130,5 +147,5 @@ func enableIPForwarding() error {
 		return nil
 	}

-	return os.WriteFile(ipv4ForwardingPath, []byte("1"), 0644)
+	return os.WriteFile(ipv4ForwardingPath, []byte("1"), 0644) //nolint:gosec
 }
--- a/client/internal/routemanager/systemops_nonandroid.go
+++ b/client/internal/routemanager/systemops_nonandroid.go
@@ -1,4 +1,4 @@
-//go:build !android
+//go:build !android && !ios

 package routemanager

@@ -14,17 +14,6 @@ import (
 var errRouteNotFound = fmt.Errorf("route not found")

 func addToRouteTableIfNoExists(prefix netip.Prefix, addr string) error {
-	defaultGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
-	if err != nil && err != errRouteNotFound {
-		return err
-	}
-
-	gatewayIP := netip.MustParseAddr(defaultGateway.String())
-	if prefix.Contains(gatewayIP) {
-		log.Warnf("skipping adding a new route for network %s because it overlaps with the default gateway: %s", prefix, gatewayIP)
-		return nil
-	}
-
 	ok, err := existsInRouteTable(prefix)
 	if err != nil {
 		return err
@@ -34,20 +23,82 @@ func addToRouteTableIfNoExists(prefix netip.Prefix, addr string) error {
 		return nil
 	}

-	return addToRouteTable(prefix, addr)
-}
-
-func removeFromRouteTableIfNonSystem(prefix netip.Prefix, addr string) error {
-	addrIP := net.ParseIP(addr)
-	prefixGateway, err := getExistingRIBRouteGateway(prefix)
+	ok, err = isSubRange(prefix)
 	if err != nil {
 		return err
 	}
-	if prefixGateway != nil && !prefixGateway.Equal(addrIP) {
-		log.Warnf("route for network %s is pointing to a different gateway: %s, should be pointing to: %s, not removing", prefix, prefixGateway, addrIP)
+
+	if ok {
+		err := addRouteForCurrentDefaultGateway(prefix)
+		if err != nil {
+			log.Warnf("unable to add route for current default gateway route. Will proceed without it. error: %s", err)
+		}
+	}
+
+	return addToRouteTable(prefix, addr)
+}
+
+func addRouteForCurrentDefaultGateway(prefix netip.Prefix) error {
+	defaultGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
+	if err != nil && err != errRouteNotFound {
+		return err
+	}
+
+	addr := netip.MustParseAddr(defaultGateway.String())
+
+	if !prefix.Contains(addr) {
+		log.Debugf("skipping adding a new route for gateway %s because it is not in the network %s", addr, prefix)
 		return nil
 	}
-	return removeFromRouteTable(prefix)
+
+	gatewayPrefix := netip.PrefixFrom(addr, 32)
+
+	ok, err := existsInRouteTable(gatewayPrefix)
+	if err != nil {
+		return fmt.Errorf("unable to check if there is an existing route for gateway %s. error: %s", gatewayPrefix, err)
+	}
+
+	if ok {
+		log.Debugf("skipping adding a new route for gateway %s because it already exists", gatewayPrefix)
+		return nil
+	}
+
+	gatewayHop, err := getExistingRIBRouteGateway(gatewayPrefix)
+	if err != nil && err != errRouteNotFound {
+		return fmt.Errorf("unable to get the next hop for the default gateway address. error: %s", err)
+	}
+	log.Debugf("adding a new route for gateway %s with next hop %s", gatewayPrefix, gatewayHop)
+	return addToRouteTable(gatewayPrefix, gatewayHop.String())
+}
+
+func existsInRouteTable(prefix netip.Prefix) (bool, error) {
+	routes, err := getRoutesFromTable()
+	if err != nil {
+		return false, err
+	}
+	for _, tableRoute := range routes {
+		if tableRoute == prefix {
+			return true, nil
+		}
+	}
+	return false, nil
+}
+
+func isSubRange(prefix netip.Prefix) (bool, error) {
+	routes, err := getRoutesFromTable()
+	if err != nil {
+		return false, err
+	}
+	for _, tableRoute := range routes {
+		if tableRoute.Bits() > minRangeBits && tableRoute.Contains(prefix.Addr()) && tableRoute.Bits() < prefix.Bits() {
+			return true, nil
+		}
+	}
+	return false, nil
+}
+
+func removeFromRouteTableIfNonSystem(prefix netip.Prefix, addr string) error {
+	return removeFromRouteTable(prefix, addr)
 }

 func getExistingRIBRouteGateway(prefix netip.Prefix) (net.IP, error) {
--- a/client/internal/routemanager/systemops_nonandroid_test.go
+++ b/client/internal/routemanager/systemops_nonandroid_test.go
@@ -24,13 +24,13 @@ func TestAddRemoveRoutes(t *testing.T) {
 		shouldBeRemoved        bool
 	}{
 		{
-			name:                   "Should Add And Remove Route",
+			name:                   "Should Add And Remove Route 100.66.120.0/24",
 			prefix:                 netip.MustParsePrefix("100.66.120.0/24"),
 			shouldRouteToWireguard: true,
 			shouldBeRemoved:        true,
 		},
 		{
-			name:                   "Should Not Add Or Remove Route",
+			name:                   "Should Not Add Or Remove Route 127.0.0.1/32",
 			prefix:                 netip.MustParsePrefix("127.0.0.1/32"),
 			shouldRouteToWireguard: false,
 			shouldBeRemoved:        false,
@@ -51,29 +51,32 @@ func TestAddRemoveRoutes(t *testing.T) {
 			require.NoError(t, err, "should create testing wireguard interface")

 			err = addToRouteTableIfNoExists(testCase.prefix, wgInterface.Address().IP.String())
-			require.NoError(t, err, "should not return err")
+			require.NoError(t, err, "addToRouteTableIfNoExists should not return err")

 			prefixGateway, err := getExistingRIBRouteGateway(testCase.prefix)
-			require.NoError(t, err, "should not return err")
+			require.NoError(t, err, "getExistingRIBRouteGateway should not return err")
 			if testCase.shouldRouteToWireguard {
 				require.Equal(t, wgInterface.Address().IP.String(), prefixGateway.String(), "route should point to wireguard interface IP")
 			} else {
 				require.NotEqual(t, wgInterface.Address().IP.String(), prefixGateway.String(), "route should point to a different interface")
 			}
+			exists, err := existsInRouteTable(testCase.prefix)
+			require.NoError(t, err, "existsInRouteTable should not return err")
+			if exists && testCase.shouldRouteToWireguard {
+				err = removeFromRouteTableIfNonSystem(testCase.prefix, wgInterface.Address().IP.String())
+				require.NoError(t, err, "removeFromRouteTableIfNonSystem should not return err")

-			err = removeFromRouteTableIfNonSystem(testCase.prefix, wgInterface.Address().IP.String())
-			require.NoError(t, err, "should not return err")
+				prefixGateway, err = getExistingRIBRouteGateway(testCase.prefix)
+				require.NoError(t, err, "getExistingRIBRouteGateway should not return err")

-			prefixGateway, err = getExistingRIBRouteGateway(testCase.prefix)
-			require.NoError(t, err, "should not return err")
+				internetGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
+				require.NoError(t, err)

-			internetGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
-			require.NoError(t, err)
-
-			if testCase.shouldBeRemoved {
-				require.Equal(t, internetGateway, prefixGateway, "route should be pointing to default internet gateway")
-			} else {
-				require.NotEqual(t, internetGateway, prefixGateway, "route should be pointing to a different gateway than the internet gateway")
+				if testCase.shouldBeRemoved {
+					require.Equal(t, internetGateway, prefixGateway, "route should be pointing to default internet gateway")
+				} else {
+					require.NotEqual(t, internetGateway, prefixGateway, "route should be pointing to a different gateway than the internet gateway")
+				}
 			}
 		})
 	}
@@ -123,7 +126,7 @@ func TestGetExistingRIBRouteGateway(t *testing.T) {

 func TestAddExistAndRemoveRouteNonAndroid(t *testing.T) {
 	defaultGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
-	fmt.Println("defaultGateway: ", defaultGateway)
+	t.Log("defaultGateway: ", defaultGateway)
 	if err != nil {
 		t.Fatal("shouldn't return error when fetching the gateway: ", err)
 	}
@@ -207,7 +210,7 @@ func TestAddExistAndRemoveRouteNonAndroid(t *testing.T) {
 			// route should either not have been added or should have been removed
 			// In case of already existing route, it should not have been added (but still exist)
 			ok, err := existsInRouteTable(testCase.prefix)
-			fmt.Println("Buffer string: ", buf.String())
+			t.Log("Buffer string: ", buf.String())
 			require.NoError(t, err, "should not return err")
 			if !strings.Contains(buf.String(), "because it already exists") {
 				require.False(t, ok, "route should not exist")
@@ -215,3 +218,66 @@ func TestAddExistAndRemoveRouteNonAndroid(t *testing.T) {
 		})
 	}
 }
+
+func TestExistsInRouteTable(t *testing.T) {
+	addresses, err := net.InterfaceAddrs()
+	if err != nil {
+		t.Fatal("shouldn't return error when fetching interface addresses: ", err)
+	}
+
+	var addressPrefixes []netip.Prefix
+	for _, address := range addresses {
+		p := netip.MustParsePrefix(address.String())
+		if p.Addr().Is4() {
+			addressPrefixes = append(addressPrefixes, p.Masked())
+		}
+	}
+
+	for _, prefix := range addressPrefixes {
+		exists, err := existsInRouteTable(prefix)
+		if err != nil {
+			t.Fatal("shouldn't return error when checking if address exists in route table: ", err)
+		}
+		if !exists {
+			t.Fatalf("address %s should exist in route table", prefix)
+		}
+	}
+}
+
+func TestIsSubRange(t *testing.T) {
+	addresses, err := net.InterfaceAddrs()
+	if err != nil {
+		t.Fatal("shouldn't return error when fetching interface addresses: ", err)
+	}
+
+	var subRangeAddressPrefixes []netip.Prefix
+	var nonSubRangeAddressPrefixes []netip.Prefix
+	for _, address := range addresses {
+		p := netip.MustParsePrefix(address.String())
+		if !p.Addr().IsLoopback() && p.Addr().Is4() && p.Bits() < 32 {
+			p2 := netip.PrefixFrom(p.Masked().Addr(), p.Bits()+1)
+			subRangeAddressPrefixes = append(subRangeAddressPrefixes, p2)
+			nonSubRangeAddressPrefixes = append(nonSubRangeAddressPrefixes, p.Masked())
+		}
+	}
+
+	for _, prefix := range subRangeAddressPrefixes {
+		isSubRangePrefix, err := isSubRange(prefix)
+		if err != nil {
+			t.Fatal("shouldn't return error when checking if address is sub-range: ", err)
+		}
+		if !isSubRangePrefix {
+			t.Fatalf("address %s should be sub-range of an existing route in the table", prefix)
+		}
+	}
+
+	for _, prefix := range nonSubRangeAddressPrefixes {
+		isSubRangePrefix, err := isSubRange(prefix)
+		if err != nil {
+			t.Fatal("shouldn't return error when checking if address is sub-range: ", err)
+		}
+		if isSubRangePrefix {
+			t.Fatalf("address %s should not be sub-range of an existing route in the table", prefix)
+		}
+	}
+}
--- a/client/internal/routemanager/systemops_nonlinux.go
+++ b/client/internal/routemanager/systemops_nonlinux.go
@@ -21,8 +21,12 @@ func addToRouteTable(prefix netip.Prefix, addr string) error {
 	return nil
 }

-func removeFromRouteTable(prefix netip.Prefix) error {
-	cmd := exec.Command("route", "delete", prefix.String())
+func removeFromRouteTable(prefix netip.Prefix, addr string) error {
+	args := []string{"delete", prefix.String()}
+	if runtime.GOOS == "darwin" {
+		args = append(args, addr)
+	}
+	cmd := exec.Command("route", args...)
 	out, err := cmd.Output()
 	if err != nil {
 		return err
--- a/client/internal/routemanager/systemops_windows.go
+++ b/client/internal/routemanager/systemops_windows.go
@@ -15,23 +15,32 @@ type Win32_IP4RouteTable struct {
 	Mask        string
 }

-func existsInRouteTable(prefix netip.Prefix) (bool, error) {
+func getRoutesFromTable() ([]netip.Prefix, error) {
 	var routes []Win32_IP4RouteTable
 	query := "SELECT Destination, Mask FROM Win32_IP4RouteTable"

 	err := wmi.Query(query, &routes)
 	if err != nil {
-		return true, err
+		return nil, err
 	}

+	var prefixList []netip.Prefix
 	for _, route := range routes {
-		ip := net.ParseIP(route.Mask)
-		ip = ip.To4()
-		mask := net.IPv4Mask(ip[0], ip[1], ip[2], ip[3])
+		addr, err := netip.ParseAddr(route.Destination)
+		if err != nil {
+			continue
+		}
+		maskSlice := net.ParseIP(route.Mask).To4()
+		if maskSlice == nil {
+			continue
+		}
+		mask := net.IPv4Mask(maskSlice[0], maskSlice[1], maskSlice[2], maskSlice[3])
 		cidr, _ := mask.Size()
-		if route.Destination == prefix.Addr().String() && cidr == prefix.Bits() {
-			return true, nil
+
+		routePrefix := netip.PrefixFrom(addr, cidr)
+		if routePrefix.IsValid() && routePrefix.Addr().Is4() {
+			prefixList = append(prefixList, routePrefix)
 		}
 	}
-	return false, nil
+	return prefixList, nil
 }
--- a/client/ios/NetBirdSDK/client.go
+++ b/client/ios/NetBirdSDK/client.go
@@ -0,0 +1,223 @@
+package NetBirdSDK
+
+import (
+	"context"
+	"sync"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/netbirdio/netbird/client/internal"
+	"github.com/netbirdio/netbird/client/internal/auth"
+	"github.com/netbirdio/netbird/client/internal/dns"
+	"github.com/netbirdio/netbird/client/internal/listener"
+	"github.com/netbirdio/netbird/client/internal/peer"
+	"github.com/netbirdio/netbird/client/system"
+	"github.com/netbirdio/netbird/formatter"
+)
+
+// ConnectionListener export internal Listener for mobile
+type ConnectionListener interface {
+	peer.Listener
+}
+
+// RouteListener export internal RouteListener for mobile
+type NetworkChangeListener interface {
+	listener.NetworkChangeListener
+}
+
+// DnsManager export internal dns Manager for mobile
+type DnsManager interface {
+	dns.IosDnsManager
+}
+
+// CustomLogger export internal CustomLogger for mobile
+type CustomLogger interface {
+	Debug(message string)
+	Info(message string)
+	Error(message string)
+}
+
+func init() {
+	formatter.SetLogcatFormatter(log.StandardLogger())
+}
+
+// Client struct manage the life circle of background service
+type Client struct {
+	cfgFile               string
+	recorder              *peer.Status
+	ctxCancel             context.CancelFunc
+	ctxCancelLock         *sync.Mutex
+	deviceName            string
+	osName                string
+	osVersion             string
+	networkChangeListener listener.NetworkChangeListener
+	onHostDnsFn           func([]string)
+	dnsManager            dns.IosDnsManager
+	loginComplete         bool
+}
+
+// NewClient instantiate a new Client
+func NewClient(cfgFile, deviceName string, osVersion string, osName string, networkChangeListener NetworkChangeListener, dnsManager DnsManager) *Client {
+	return &Client{
+		cfgFile:               cfgFile,
+		deviceName:            deviceName,
+		osName:                osName,
+		osVersion:             osVersion,
+		recorder:              peer.NewRecorder(""),
+		ctxCancelLock:         &sync.Mutex{},
+		networkChangeListener: networkChangeListener,
+		dnsManager:            dnsManager,
+	}
+}
+
+// Run start the internal client. It is a blocker function
+func (c *Client) Run(fd int32, interfaceName string) error {
+	log.Infof("Starting NetBird client")
+	log.Debugf("Tunnel uses interface: %s", interfaceName)
+	cfg, err := internal.UpdateOrCreateConfig(internal.ConfigInput{
+		ConfigPath: c.cfgFile,
+	})
+	if err != nil {
+		return err
+	}
+	c.recorder.UpdateManagementAddress(cfg.ManagementURL.String())
+
+	var ctx context.Context
+	//nolint
+	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
+	//nolint
+	ctxWithValues = context.WithValue(ctxWithValues, system.OsNameCtxKey, c.osName)
+	//nolint
+	ctxWithValues = context.WithValue(ctxWithValues, system.OsVersionCtxKey, c.osVersion)
+	c.ctxCancelLock.Lock()
+	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
+	defer c.ctxCancel()
+	c.ctxCancelLock.Unlock()
+
+	auth := NewAuthWithConfig(ctx, cfg)
+	err = auth.Login()
+	if err != nil {
+		return err
+	}
+
+	log.Infof("Auth successful")
+	// todo do not throw error in case of cancelled context
+	ctx = internal.CtxInitState(ctx)
+	c.onHostDnsFn = func([]string) {}
+	return internal.RunClientiOS(ctx, cfg, c.recorder, fd, c.networkChangeListener, c.dnsManager, interfaceName)
+}
+
+// Stop the internal client and free the resources
+func (c *Client) Stop() {
+	c.ctxCancelLock.Lock()
+	defer c.ctxCancelLock.Unlock()
+	if c.ctxCancel == nil {
+		return
+	}
+
+	c.ctxCancel()
+}
+
+// ÏSetTraceLogLevel configure the logger to trace level
+func (c *Client) SetTraceLogLevel() {
+	log.SetLevel(log.TraceLevel)
+}
+
+// getStatusDetails return with the list of the PeerInfos
+func (c *Client) GetStatusDetails() *StatusDetails {
+
+	fullStatus := c.recorder.GetFullStatus()
+
+	peerInfos := make([]PeerInfo, len(fullStatus.Peers))
+	for n, p := range fullStatus.Peers {
+		pi := PeerInfo{
+			p.IP,
+			p.FQDN,
+			p.ConnStatus.String(),
+		}
+		peerInfos[n] = pi
+	}
+	return &StatusDetails{items: peerInfos, fqdn: fullStatus.LocalPeerState.FQDN, ip: fullStatus.LocalPeerState.IP}
+}
+
+// SetConnectionListener set the network connection listener
+func (c *Client) SetConnectionListener(listener ConnectionListener) {
+	c.recorder.SetConnectionListener(listener)
+}
+
+// RemoveConnectionListener remove connection listener
+func (c *Client) RemoveConnectionListener() {
+	c.recorder.RemoveConnectionListener()
+}
+
+func (c *Client) IsLoginRequired() bool {
+	var ctx context.Context
+	//nolint
+	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
+	//nolint
+	ctxWithValues = context.WithValue(ctxWithValues, system.OsNameCtxKey, c.osName)
+	//nolint
+	ctxWithValues = context.WithValue(ctxWithValues, system.OsVersionCtxKey, c.osVersion)
+	c.ctxCancelLock.Lock()
+	defer c.ctxCancelLock.Unlock()
+	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
+
+	cfg, _ := internal.UpdateOrCreateConfig(internal.ConfigInput{
+		ConfigPath: c.cfgFile,
+	})
+
+	needsLogin, _ := internal.IsLoginRequired(ctx, cfg.PrivateKey, cfg.ManagementURL, cfg.SSHKey)
+	return needsLogin
+}
+
+func (c *Client) LoginForMobile() string {
+	var ctx context.Context
+	//nolint
+	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
+	//nolint
+	ctxWithValues = context.WithValue(ctxWithValues, system.OsNameCtxKey, c.osName)
+	//nolint
+	ctxWithValues = context.WithValue(ctxWithValues, system.OsVersionCtxKey, c.osVersion)
+	c.ctxCancelLock.Lock()
+	defer c.ctxCancelLock.Unlock()
+	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
+
+	cfg, _ := internal.UpdateOrCreateConfig(internal.ConfigInput{
+		ConfigPath: c.cfgFile,
+	})
+
+	oAuthFlow, err := auth.NewOAuthFlow(ctx, cfg, false)
+	if err != nil {
+		return err.Error()
+	}
+
+	flowInfo, err := oAuthFlow.RequestAuthInfo(context.TODO())
+	if err != nil {
+		return err.Error()
+	}
+
+	// This could cause a potential race condition with loading the extension which need to be handled on swift side
+	go func() {
+		waitTimeout := time.Duration(flowInfo.ExpiresIn) * time.Second
+		waitCTX, cancel := context.WithTimeout(ctx, waitTimeout)
+		defer cancel()
+		tokenInfo, err := oAuthFlow.WaitToken(waitCTX, flowInfo)
+		if err != nil {
+			return
+		}
+		jwtToken := tokenInfo.GetTokenToUse()
+		_ = internal.Login(ctx, cfg, "", jwtToken)
+		c.loginComplete = true
+	}()
+
+	return flowInfo.VerificationURIComplete
+}
+
+func (c *Client) IsLoginComplete() bool {
+	return c.loginComplete
+}
+
+func (c *Client) ClearLoginComplete() {
+	c.loginComplete = false
+}
--- a/client/ios/NetBirdSDK/gomobile.go
+++ b/client/ios/NetBirdSDK/gomobile.go
@@ -0,0 +1,5 @@
+package NetBirdSDK
+
+import _ "golang.org/x/mobile/bind"
+
+// to keep our CI/CD that checks go.mod and go.sum files happy, we need to import the package above
--- a/client/ios/NetBirdSDK/logger.go
+++ b/client/ios/NetBirdSDK/logger.go
@@ -0,0 +1,10 @@
+package NetBirdSDK
+
+import (
+	"github.com/netbirdio/netbird/util"
+)
+
+// InitializeLog initializes the log file.
+func InitializeLog(logLevel string, filePath string) error {
+	return util.InitLog(logLevel, filePath)
+}
--- a/client/ios/NetBirdSDK/login.go
+++ b/client/ios/NetBirdSDK/login.go
@@ -0,0 +1,159 @@
+package NetBirdSDK
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/cenkalti/backoff/v4"
+	log "github.com/sirupsen/logrus"
+	"google.golang.org/grpc/codes"
+	gstatus "google.golang.org/grpc/status"
+
+	"github.com/netbirdio/netbird/client/cmd"
+	"github.com/netbirdio/netbird/client/internal"
+	"github.com/netbirdio/netbird/client/system"
+)
+
+// SSOListener is async listener for mobile framework
+type SSOListener interface {
+	OnSuccess(bool)
+	OnError(error)
+}
+
+// ErrListener is async listener for mobile framework
+type ErrListener interface {
+	OnSuccess()
+	OnError(error)
+}
+
+// URLOpener it is a callback interface. The Open function will be triggered if
+// the backend want to show an url for the user
+type URLOpener interface {
+	Open(string)
+}
+
+// Auth can register or login new client
+type Auth struct {
+	ctx     context.Context
+	config  *internal.Config
+	cfgPath string
+}
+
+// NewAuth instantiate Auth struct and validate the management URL
+func NewAuth(cfgPath string, mgmURL string) (*Auth, error) {
+	inputCfg := internal.ConfigInput{
+		ManagementURL: mgmURL,
+	}
+
+	cfg, err := internal.CreateInMemoryConfig(inputCfg)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Auth{
+		ctx:     context.Background(),
+		config:  cfg,
+		cfgPath: cfgPath,
+	}, nil
+}
+
+// NewAuthWithConfig instantiate Auth based on existing config
+func NewAuthWithConfig(ctx context.Context, config *internal.Config) *Auth {
+	return &Auth{
+		ctx:    ctx,
+		config: config,
+	}
+}
+
+// SaveConfigIfSSOSupported test the connectivity with the management server by retrieving the server device flow info.
+// If it returns a flow info than save the configuration and return true. If it gets a codes.NotFound, it means that SSO
+// is not supported and returns false without saving the configuration. For other errors return false.
+func (a *Auth) SaveConfigIfSSOSupported() (bool, error) {
+	supportsSSO := true
+	err := a.withBackOff(a.ctx, func() (err error) {
+		_, err = internal.GetDeviceAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
+		if s, ok := gstatus.FromError(err); ok && s.Code() == codes.NotFound {
+			_, err = internal.GetPKCEAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
+			if s, ok := gstatus.FromError(err); ok && s.Code() == codes.NotFound {
+				supportsSSO = false
+				err = nil
+			}
+
+			return err
+		}
+
+		return err
+	})
+
+	if !supportsSSO {
+		return false, nil
+	}
+
+	if err != nil {
+		return false, fmt.Errorf("backoff cycle failed: %v", err)
+	}
+
+	err = internal.WriteOutConfig(a.cfgPath, a.config)
+	return true, err
+}
+
+// LoginWithSetupKeyAndSaveConfig test the connectivity with the management server with the setup key.
+func (a *Auth) LoginWithSetupKeyAndSaveConfig(setupKey string, deviceName string) error {
+	//nolint
+	ctxWithValues := context.WithValue(a.ctx, system.DeviceNameCtxKey, deviceName)
+
+	err := a.withBackOff(a.ctx, func() error {
+		backoffErr := internal.Login(ctxWithValues, a.config, setupKey, "")
+		if s, ok := gstatus.FromError(backoffErr); ok && (s.Code() == codes.PermissionDenied) {
+			// we got an answer from management, exit backoff earlier
+			return backoff.Permanent(backoffErr)
+		}
+		return backoffErr
+	})
+	if err != nil {
+		return fmt.Errorf("backoff cycle failed: %v", err)
+	}
+
+	return internal.WriteOutConfig(a.cfgPath, a.config)
+}
+
+func (a *Auth) Login() error {
+	var needsLogin bool
+
+	// check if we need to generate JWT token
+	err := a.withBackOff(a.ctx, func() (err error) {
+		needsLogin, err = internal.IsLoginRequired(a.ctx, a.config.PrivateKey, a.config.ManagementURL, a.config.SSHKey)
+		return
+	})
+	if err != nil {
+		return fmt.Errorf("backoff cycle failed: %v", err)
+	}
+
+	jwtToken := ""
+	if needsLogin {
+		return fmt.Errorf("Not authenticated")
+	}
+
+	err = a.withBackOff(a.ctx, func() error {
+		err := internal.Login(a.ctx, a.config, "", jwtToken)
+		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.InvalidArgument || s.Code() == codes.PermissionDenied) {
+			return nil
+		}
+		return err
+	})
+	if err != nil {
+		return fmt.Errorf("backoff cycle failed: %v", err)
+	}
+
+	return nil
+}
+
+func (a *Auth) withBackOff(ctx context.Context, bf func() error) error {
+	return backoff.RetryNotify(
+		bf,
+		backoff.WithContext(cmd.CLIBackOffSettings, ctx),
+		func(err error, duration time.Duration) {
+			log.Warnf("retrying Login to the Management service in %v due to error %v", duration, err)
+		})
+}
--- a/client/ios/NetBirdSDK/peer_notifier.go
+++ b/client/ios/NetBirdSDK/peer_notifier.go
@@ -0,0 +1,50 @@
+package NetBirdSDK
+
+// PeerInfo describe information about the peers. It designed for the UI usage
+type PeerInfo struct {
+	IP         string
+	FQDN       string
+	ConnStatus string // Todo replace to enum
+}
+
+// PeerInfoCollection made for Java layer to get non default types as collection
+type PeerInfoCollection interface {
+	Add(s string) PeerInfoCollection
+	Get(i int) string
+	Size() int
+	GetFQDN() string
+	GetIP() string
+}
+
+// StatusDetails is the implementation of the PeerInfoCollection
+type StatusDetails struct {
+	items []PeerInfo
+	fqdn  string
+	ip    string
+}
+
+// Add new PeerInfo to the collection
+func (array StatusDetails) Add(s PeerInfo) StatusDetails {
+	array.items = append(array.items, s)
+	return array
+}
+
+// Get return an element of the collection
+func (array StatusDetails) Get(i int) *PeerInfo {
+	return &array.items[i]
+}
+
+// Size return with the size of the collection
+func (array StatusDetails) Size() int {
+	return len(array.items)
+}
+
+// GetFQDN return with the FQDN of the local peer
+func (array StatusDetails) GetFQDN() string {
+	return array.fqdn
+}
+
+// GetIP return with the IP of the local peer
+func (array StatusDetails) GetIP() string {
+	return array.ip
+}
--- a/client/ios/NetBirdSDK/preferences.go
+++ b/client/ios/NetBirdSDK/preferences.go
@@ -0,0 +1,78 @@
+package NetBirdSDK
+
+import (
+	"github.com/netbirdio/netbird/client/internal"
+)
+
+// Preferences export a subset of the internal config for gomobile
+type Preferences struct {
+	configInput internal.ConfigInput
+}
+
+// NewPreferences create new Preferences instance
+func NewPreferences(configPath string) *Preferences {
+	ci := internal.ConfigInput{
+		ConfigPath: configPath,
+	}
+	return &Preferences{ci}
+}
+
+// GetManagementURL read url from config file
+func (p *Preferences) GetManagementURL() (string, error) {
+	if p.configInput.ManagementURL != "" {
+		return p.configInput.ManagementURL, nil
+	}
+
+	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return "", err
+	}
+	return cfg.ManagementURL.String(), err
+}
+
+// SetManagementURL store the given url and wait for commit
+func (p *Preferences) SetManagementURL(url string) {
+	p.configInput.ManagementURL = url
+}
+
+// GetAdminURL read url from config file
+func (p *Preferences) GetAdminURL() (string, error) {
+	if p.configInput.AdminURL != "" {
+		return p.configInput.AdminURL, nil
+	}
+
+	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return "", err
+	}
+	return cfg.AdminURL.String(), err
+}
+
+// SetAdminURL store the given url and wait for commit
+func (p *Preferences) SetAdminURL(url string) {
+	p.configInput.AdminURL = url
+}
+
+// GetPreSharedKey read preshared key from config file
+func (p *Preferences) GetPreSharedKey() (string, error) {
+	if p.configInput.PreSharedKey != nil {
+		return *p.configInput.PreSharedKey, nil
+	}
+
+	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return "", err
+	}
+	return cfg.PreSharedKey, err
+}
+
+// SetPreSharedKey store the given key and wait for commit
+func (p *Preferences) SetPreSharedKey(key string) {
+	p.configInput.PreSharedKey = &key
+}
+
+// Commit write out the changes into config file
+func (p *Preferences) Commit() error {
+	_, err := internal.UpdateOrCreateConfig(p.configInput)
+	return err
+}
--- a/client/ios/NetBirdSDK/preferences_test.go
+++ b/client/ios/NetBirdSDK/preferences_test.go
@@ -0,0 +1,120 @@
+package NetBirdSDK
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/netbirdio/netbird/client/internal"
+)
+
+func TestPreferences_DefaultValues(t *testing.T) {
+	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
+	p := NewPreferences(cfgFile)
+	defaultVar, err := p.GetAdminURL()
+	if err != nil {
+		t.Fatalf("failed to read default value: %s", err)
+	}
+
+	if defaultVar != internal.DefaultAdminURL {
+		t.Errorf("invalid default admin url: %s", defaultVar)
+	}
+
+	defaultVar, err = p.GetManagementURL()
+	if err != nil {
+		t.Fatalf("failed to read default management URL: %s", err)
+	}
+
+	if defaultVar != internal.DefaultManagementURL {
+		t.Errorf("invalid default management url: %s", defaultVar)
+	}
+
+	var preSharedKey string
+	preSharedKey, err = p.GetPreSharedKey()
+	if err != nil {
+		t.Fatalf("failed to read default preshared key: %s", err)
+	}
+
+	if preSharedKey != "" {
+		t.Errorf("invalid preshared key: %s", preSharedKey)
+	}
+}
+
+func TestPreferences_ReadUncommitedValues(t *testing.T) {
+	exampleString := "exampleString"
+	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
+	p := NewPreferences(cfgFile)
+
+	p.SetAdminURL(exampleString)
+	resp, err := p.GetAdminURL()
+	if err != nil {
+		t.Fatalf("failed to read admin url: %s", err)
+	}
+
+	if resp != exampleString {
+		t.Errorf("unexpected admin url: %s", resp)
+	}
+
+	p.SetManagementURL(exampleString)
+	resp, err = p.GetManagementURL()
+	if err != nil {
+		t.Fatalf("failed to read management url: %s", err)
+	}
+
+	if resp != exampleString {
+		t.Errorf("unexpected management url: %s", resp)
+	}
+
+	p.SetPreSharedKey(exampleString)
+	resp, err = p.GetPreSharedKey()
+	if err != nil {
+		t.Fatalf("failed to read preshared key: %s", err)
+	}
+
+	if resp != exampleString {
+		t.Errorf("unexpected preshared key: %s", resp)
+	}
+}
+
+func TestPreferences_Commit(t *testing.T) {
+	exampleURL := "https://myurl.com:443"
+	examplePresharedKey := "topsecret"
+	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
+	p := NewPreferences(cfgFile)
+
+	p.SetAdminURL(exampleURL)
+	p.SetManagementURL(exampleURL)
+	p.SetPreSharedKey(examplePresharedKey)
+
+	err := p.Commit()
+	if err != nil {
+		t.Fatalf("failed to save changes: %s", err)
+	}
+
+	p = NewPreferences(cfgFile)
+	resp, err := p.GetAdminURL()
+	if err != nil {
+		t.Fatalf("failed to read admin url: %s", err)
+	}
+
+	if resp != exampleURL {
+		t.Errorf("unexpected admin url: %s", resp)
+	}
+
+	resp, err = p.GetManagementURL()
+	if err != nil {
+		t.Fatalf("failed to read management url: %s", err)
+	}
+
+	if resp != exampleURL {
+		t.Errorf("unexpected management url: %s", resp)
+	}
+
+	resp, err = p.GetPreSharedKey()
+	if err != nil {
+		t.Fatalf("failed to read preshared key: %s", err)
+	}
+
+	if resp != examplePresharedKey {
+		t.Errorf("unexpected preshared key: %s", resp)
+	}
+}
--- a/client/proto/daemon.pb.go
+++ b/client/proto/daemon.pb.go
@@ -43,6 +43,7 @@ type LoginRequest struct {
 	CleanNATExternalIPs  bool   `protobuf:"varint,6,opt,name=cleanNATExternalIPs,proto3" json:"cleanNATExternalIPs,omitempty"`
 	CustomDNSAddress     []byte `protobuf:"bytes,7,opt,name=customDNSAddress,proto3" json:"customDNSAddress,omitempty"`
 	IsLinuxDesktopClient bool   `protobuf:"varint,8,opt,name=isLinuxDesktopClient,proto3" json:"isLinuxDesktopClient,omitempty"`
+	Hostname             string `protobuf:"bytes,9,opt,name=hostname,proto3" json:"hostname,omitempty"`
 }

 func (x *LoginRequest) Reset() {
@@ -133,6 +134,13 @@ func (x *LoginRequest) GetIsLinuxDesktopClient() bool {
 	return false
 }

+func (x *LoginRequest) GetHostname() string {
+	if x != nil {
+		return x.Hostname
+	}
+	return ""
+}
+
 type LoginResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -210,6 +218,7 @@ type WaitSSOLoginRequest struct {
 	unknownFields protoimpl.UnknownFields

 	UserCode string `protobuf:"bytes,1,opt,name=userCode,proto3" json:"userCode,omitempty"`
+	Hostname string `protobuf:"bytes,2,opt,name=hostname,proto3" json:"hostname,omitempty"`
 }

 func (x *WaitSSOLoginRequest) Reset() {
@@ -251,6 +260,13 @@ func (x *WaitSSOLoginRequest) GetUserCode() string {
 	return ""
 }

+func (x *WaitSSOLoginRequest) GetHostname() string {
+	if x != nil {
+		return x.Hostname
+	}
+	return ""
+}
+
 type WaitSSOLoginResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -1051,7 +1067,7 @@ var file_daemon_proto_rawDesc = []byte{
 	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
 	0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
 	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74,
-	0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xca, 0x02, 0x0a, 0x0c, 0x4c, 0x6f,
+	0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe6, 0x02, 0x0a, 0x0c, 0x4c, 0x6f,
 	0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65,
 	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65,
 	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61,
@@ -1072,128 +1088,132 @@ var file_daemon_proto_rawDesc = []byte{
 	0x73, 0x73, 0x12, 0x32, 0x0a, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x44, 0x65, 0x73,
 	0x6b, 0x74, 0x6f, 0x70, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08,
 	0x52, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x44, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70,
-	0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x22, 0xb5, 0x01, 0x0a, 0x0d, 0x4c, 0x6f, 0x67, 0x69, 0x6e,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6e, 0x65, 0x65, 0x64,
-	0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52,
-	0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1a,
-	0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x76, 0x65,
-	0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x55, 0x52, 0x49, 0x12, 0x38, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x22, 0x31,
-	0x0a, 0x13, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64,
-	0x65, 0x22, 0x16, 0x0a, 0x14, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69,
-	0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0b, 0x0a, 0x09, 0x55, 0x70, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0c, 0x0a, 0x0a, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3d, 0x0a, 0x0d, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2c, 0x0a, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c,
-	0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x22, 0x82, 0x01, 0x0a, 0x0e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x32,
-	0x0a, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x46, 0x75, 0x6c, 0x6c,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74,
-	0x75, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73,
-	0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x0d, 0x0a, 0x0b, 0x44, 0x6f, 0x77, 0x6e,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0e, 0x0a, 0x0c, 0x44, 0x6f, 0x77, 0x6e, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xb3, 0x01, 0x0a, 0x11,
-	0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55,
-	0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65,
-	0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69,
-	0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c,
-	0x65, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65,
-	0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72,
-	0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52,
-	0x4c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52,
-	0x4c, 0x22, 0xcf, 0x02, 0x0a, 0x09, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
-	0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12,
-	0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53,
-	0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e,
-	0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x46, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53,
-	0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63,
-	0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12,
-	0x18, 0x0a, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x72,
-	0x65, 0x63, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63,
-	0x74, 0x12, 0x34, 0x0a, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e,
-	0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64,
-	0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x36, 0x0a, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74,
-	0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70,
-	0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49,
+	0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
+	0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
+	0x6d, 0x65, 0x22, 0xb5, 0x01, 0x0a, 0x0d, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f,
+	0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x65, 0x65,
+	0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73,
+	0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73,
+	0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49,
+	0x12, 0x38, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55,
+	0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x22, 0x4d, 0x0a, 0x13, 0x57, 0x61,
+	0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a,
+	0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x16, 0x0a, 0x14, 0x57, 0x61, 0x69,
+	0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x22, 0x0b, 0x0a, 0x09, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0c,
+	0x0a, 0x0a, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3d, 0x0a, 0x0d,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2c, 0x0a,
+	0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c,
+	0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x82, 0x01, 0x0a, 0x0e,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16,
+	0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
+	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x32, 0x0a, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74,
+	0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x61, 0x65,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0a,
+	0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x64, 0x61,
+	0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+	0x22, 0x0d, 0x0a, 0x0b, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22,
+	0x0e, 0x0a, 0x0c, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x22, 0xb3, 0x01, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6d, 0x61, 0x6e,
+	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x12,
+	0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12,
+	0x18, 0x0a, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65,
+	0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a,
+	0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x22, 0xcf, 0x02, 0x0a, 0x09, 0x50, 0x65,
+	0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65,
+	0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12,
+	0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
+	0x46, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64,
+	0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75,
+	0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79,
+	0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65,
+	0x64, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x34, 0x0a, 0x15, 0x6c, 0x6f, 0x63,
+	0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79,
+	0x70, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49,
 	0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12,
-	0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66,
-	0x71, 0x64, 0x6e, 0x22, 0x76, 0x0a, 0x0e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72,
-	0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x28, 0x0a,
-	0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e,
-	0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22, 0x3d, 0x0a, 0x0b, 0x53,
-	0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52,
-	0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09,
-	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52,
-	0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x22, 0x41, 0x0a, 0x0f, 0x4d, 0x61,
-	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a,
-	0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12,
-	0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x22, 0xef, 0x01,
-	0x0a, 0x0a, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x41, 0x0a, 0x0f,
-	0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d,
-	0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0f,
-	0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
-	0x35, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x69,
-	0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61,
-	0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3e, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50,
-	0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16,
-	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65,
-	0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65,
-	0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27, 0x0a, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x18,
-	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x50,
-	0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x32,
-	0xf7, 0x02, 0x0a, 0x0d, 0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
-	0x65, 0x12, 0x36, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69,
-	0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2d, 0x0a, 0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64,
-	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
-	0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
-	0x12, 0x33, 0x0a, 0x04, 0x44, 0x6f, 0x77, 0x6e, 0x12, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x42, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x12, 0x18, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64,
-	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x36, 0x0a, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64,
+	0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64,
+	0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18,
+	0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22, 0x76, 0x0a, 0x0e, 0x4c,
+	0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a,
+	0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a,
+	0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70,
+	0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x28, 0x0a, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49,
+	0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f,
+	0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12,
+	0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66,
+	0x71, 0x64, 0x6e, 0x22, 0x3d, 0x0a, 0x0b, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61,
+	0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65,
+	0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x65, 0x64, 0x22, 0x41, 0x0a, 0x0f, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74,
+	0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x65, 0x64, 0x22, 0xef, 0x01, 0x0a, 0x0a, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74,
+	0x61, 0x74, 0x75, 0x73, 0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
+	0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e,
+	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
+	0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
+	0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x35, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61,
+	0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64,
+	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74,
+	0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3e,
+	0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e,
+	0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27,
+	0x0a, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e,
+	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65,
+	0x52, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x32, 0xf7, 0x02, 0x0a, 0x0d, 0x44, 0x61, 0x65, 0x6d,
+	0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x36, 0x0a, 0x05, 0x4c, 0x6f, 0x67,
+	0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69,
+	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69,
+	0x6e, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53,
+	0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c,
+	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c,
+	0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2d,
+	0x0a, 0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
+	0x2e, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x39, 0x0a,
+	0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
+	0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16,
+	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x33, 0x0a, 0x04, 0x44, 0x6f, 0x77, 0x6e,
+	0x12, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44,
+	0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x42, 0x0a,
+	0x09, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x2e, 0x64, 0x61, 0x65,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65,
+	0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x33,
 }

 var (
--- a/client/proto/daemon.proto
+++ b/client/proto/daemon.proto
@@ -52,6 +52,8 @@ message LoginRequest {
  bytes customDNSAddress = 7;

  bool isLinuxDesktopClient = 8;
+
+  string hostname = 9;
 }

 message LoginResponse {
@@ -63,6 +65,7 @@ message LoginResponse {

 message WaitSSOLoginRequest {
  string userCode = 1;
+  string hostname = 2;
 }

 message WaitSSOLoginResponse {}
--- a/client/server/server.go
+++ b/client/server/server.go
@@ -7,6 +7,7 @@ import (
 	"time"

 	"github.com/netbirdio/netbird/client/internal/auth"
+	"github.com/netbirdio/netbird/client/system"

 	log "github.com/sirupsen/logrus"
 	"google.golang.org/grpc/codes"
@@ -181,6 +182,11 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 		s.latestConfigInput.CustomDNSAddress = []byte{}
 	}

+	if msg.Hostname != "" {
+		// nolint
+		ctx = context.WithValue(ctx, system.DeviceNameCtxKey, msg.Hostname)
+	}
+
 	s.mutex.Unlock()

 	inputConfig.PreSharedKey = &msg.PreSharedKey
@@ -275,6 +281,11 @@ func (s *Server) WaitSSOLogin(callerCtx context.Context, msg *proto.WaitSSOLogin
 		ctx = metadata.NewOutgoingContext(ctx, md)
 	}

+	if msg.Hostname != "" {
+		// nolint
+		ctx = context.WithValue(ctx, system.DeviceNameCtxKey, msg.Hostname)
+	}
+
 	s.actCancel = cancel
 	s.mutex.Unlock()

--- a/client/ssh/client.go
+++ b/client/ssh/client.go
@@ -2,11 +2,12 @@ package ssh

 import (
 	"fmt"
-	"golang.org/x/crypto/ssh"
-	"golang.org/x/term"
 	"net"
 	"os"
 	"time"
+
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/term"
 )

 // Client wraps crypto/ssh Client to simplify usage
@@ -73,8 +74,7 @@ func (c *Client) OpenTerminal() error {

 	if err := session.Wait(); err != nil {
 		if e, ok := err.(*ssh.ExitError); ok {
-			switch e.ExitStatus() {
-			case 130:
+			if e.ExitStatus() == 130 {
 				return nil
 			}
 		}
--- a/client/ssh/util.go
+++ b/client/ssh/util.go
@@ -9,9 +9,10 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
+	"strings"
+
 	"golang.org/x/crypto/ed25519"
 	gossh "golang.org/x/crypto/ssh"
-	"strings"
 )

 // KeyType is a type of SSH key
@@ -42,7 +43,7 @@ func GeneratePrivateKey(keyType KeyType) ([]byte, error) {
 	case RSA:
 		key, err = rsa.GenerateKey(rand.Reader, RSAKeySize)
 	default:
-		return nil, fmt.Errorf("unsupported ket type %s", keyType)
+		return nil, fmt.Errorf("unsupported key type %s", keyType)
 	}
 	if err != nil {
 		return nil, err
--- a/client/system/info.go
+++ b/client/system/info.go
@@ -12,6 +12,12 @@ import (
 // DeviceNameCtxKey context key for device name
 const DeviceNameCtxKey = "deviceName"

+// OsVersionCtxKey context key for operating system version
+const OsVersionCtxKey = "OsVersion"
+
+// OsNameCtxKey context key for operating system name
+const OsNameCtxKey = "OsName"
+
 // Info is an object that contains machine information
 // Most of the code is taken from https://github.com/matishsiao/goInfo
 type Info struct {
--- a/client/system/info_darwin.go
+++ b/client/system/info_darwin.go
@@ -1,9 +1,11 @@
+//go:build !ios
+// +build !ios
+
 package system

 import (
 	"bytes"
 	"context"
-	"fmt"
 	"os"
 	"os/exec"
 	"runtime"
@@ -21,7 +23,7 @@ func GetInfo(ctx context.Context) *Info {
 	utsname := unix.Utsname{}
 	err := unix.Uname(&utsname)
 	if err != nil {
-		fmt.Println("getInfo:", err)
+		log.Warnf("getInfo: %s", err)
 	}
 	sysName := string(bytes.Split(utsname.Sysname[:], []byte{0})[0])
 	machine := string(bytes.Split(utsname.Machine[:], []byte{0})[0])
--- a/client/system/info_ios.go
+++ b/client/system/info_ios.go
@@ -0,0 +1,45 @@
+//go:build ios
+// +build ios
+
+package system
+
+import (
+	"context"
+	"runtime"
+
+	"github.com/netbirdio/netbird/version"
+)
+
+// GetInfo retrieves and parses the system information
+func GetInfo(ctx context.Context) *Info {
+
+	// Convert fixed-size byte arrays to Go strings
+	sysName := extractOsName(ctx, "sysName")
+	swVersion := extractOsVersion(ctx, "swVersion")
+
+	gio := &Info{Kernel: sysName, OSVersion: swVersion, Core: swVersion, Platform: "unknown", OS: sysName, GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
+	// systemHostname, _ := os.Hostname()
+	gio.Hostname = extractDeviceName(ctx, "hostname")
+	gio.WiretrusteeVersion = version.NetbirdVersion()
+	gio.UIVersion = extractUserAgent(ctx)
+
+	return gio
+}
+
+// extractOsVersion extracts operating system version from context or returns the default
+func extractOsVersion(ctx context.Context, defaultName string) string {
+	v, ok := ctx.Value(OsVersionCtxKey).(string)
+	if !ok {
+		return defaultName
+	}
+	return v
+}
+
+// extractOsName extracts operating system name from context or returns the default
+func extractOsName(ctx context.Context, defaultName string) string {
+	v, ok := ctx.Value(OsNameCtxKey).(string)
+	if !ok {
+		return defaultName
+	}
+	return v
+}
--- a/client/system/info_linux.go
+++ b/client/system/info_linux.go
@@ -6,13 +6,14 @@ package system
 import (
 	"bytes"
 	"context"
-	"fmt"
 	"os"
 	"os/exec"
 	"runtime"
 	"strings"
 	"time"

+	log "github.com/sirupsen/logrus"
+
 	"github.com/netbirdio/netbird/version"
 )

@@ -43,8 +44,8 @@ func GetInfo(ctx context.Context) *Info {
 		}
 	}

-	osStr := strings.Replace(info, "\n", "", -1)
-	osStr = strings.Replace(osStr, "\r\n", "", -1)
+	osStr := strings.ReplaceAll(info, "\n", "")
+	osStr = strings.ReplaceAll(osStr, "\r\n", "")
 	osInfo := strings.Split(osStr, " ")
 	if osName == "" {
 		osName = osInfo[3]
@@ -67,7 +68,7 @@ func _getInfo() string {
 	cmd.Stderr = &stderr
 	err := cmd.Run()
 	if err != nil {
-		fmt.Println("getInfo:", err)
+		log.Warnf("getInfo: %s", err)
 	}
 	return out.String()
 }
@@ -81,7 +82,7 @@ func _getReleaseInfo() string {
 	cmd.Stderr = &stderr
 	err := cmd.Run()
 	if err != nil {
-		fmt.Println("getReleaseInfo:", err)
+		log.Warnf("geucwReleaseInfo: %s", err)
 	}
 	return out.String()
 }
--- a/client/system/info_windows.go
+++ b/client/system/info_windows.go
@@ -5,17 +5,24 @@ import (
 	"fmt"
 	"os"
 	"runtime"
+	"strings"

 	log "github.com/sirupsen/logrus"
+	"github.com/yusufpapurcu/wmi"
 	"golang.org/x/sys/windows/registry"

 	"github.com/netbirdio/netbird/version"
 )

+type Win32_OperatingSystem struct {
+	Caption string
+}
+
 // GetInfo retrieves and parses the system information
 func GetInfo(ctx context.Context) *Info {
-	ver := getOSVersion()
-	gio := &Info{Kernel: "windows", OSVersion: ver, Core: ver, Platform: "unknown", OS: "windows", GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
+	osName, osVersion := getOSNameAndVersion()
+	buildVersion := getBuildVersion()
+	gio := &Info{Kernel: "windows", OSVersion: osVersion, Core: buildVersion, Platform: "unknown", OS: osName, GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
 	systemHostname, _ := os.Hostname()
 	gio.Hostname = extractDeviceName(ctx, systemHostname)
 	gio.WiretrusteeVersion = version.NetbirdVersion()
@@ -24,7 +31,35 @@ func GetInfo(ctx context.Context) *Info {
 	return gio
 }

-func getOSVersion() string {
+func getOSNameAndVersion() (string, string) {
+	var dst []Win32_OperatingSystem
+	query := wmi.CreateQuery(&dst, "")
+	err := wmi.Query(query, &dst)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if len(dst) == 0 {
+		return "Windows", getBuildVersion()
+	}
+
+	split := strings.Split(dst[0].Caption, " ")
+
+	if len(split) < 3 {
+		return "Windows", getBuildVersion()
+	}
+
+	name := split[1]
+	version := split[2]
+	if split[2] == "Server" {
+		name = fmt.Sprintf("%s %s", split[1], split[2])
+		version = split[3]
+	}
+
+	return name, version
+}
+
+func getBuildVersion() string {
 	k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
 	if err != nil {
 		log.Error(err)
--- a/client/ui/client_ui.go
+++ b/client/ui/client_ui.go
@@ -69,7 +69,7 @@ func main() {
 		a.Run()
 	} else {
 		if err := checkPIDFile(); err != nil {
-			fmt.Println(err)
+			log.Errorf("check PID file: %v", err)
 			return
 		}
 		systray.Run(client.onTrayReady, client.onTrayExit)
@@ -634,5 +634,5 @@ func checkPIDFile() error {
 		}
 	}

-	return os.WriteFile(pidFile, []byte(fmt.Sprintf("%d", os.Getpid())), 0o664)
+	return os.WriteFile(pidFile, []byte(fmt.Sprintf("%d", os.Getpid())), 0o664) //nolint:gosec
 }
--- a/dns/dns.go
+++ b/dns/dns.go
@@ -4,11 +4,12 @@ package dns

 import (
 	"fmt"
-	"github.com/miekg/dns"
-	"golang.org/x/net/idna"
 	"net"
 	"regexp"
 	"strings"
+
+	"github.com/miekg/dns"
+	"golang.org/x/net/idna"
 )

 const (
@@ -85,6 +86,8 @@ func (s SimpleRecord) Len() uint16 {
 	}
 }

+var invalidHostMatcher = regexp.MustCompile(invalidHostLabel)
+
 // GetParsedDomainLabel returns a domain label with max 59 characters,
 // parsed for old Hosts.txt requirements, and converted to ASCII and lowercase
 func GetParsedDomainLabel(name string) (string, error) {
@@ -95,11 +98,9 @@ func GetParsedDomainLabel(name string) (string, error) {
 	rawLabel := labels[0]
 	ascii, err := idna.Punycode.ToASCII(rawLabel)
 	if err != nil {
-		return "", fmt.Errorf("unable to convert host lavel to ASCII, error: %v", err)
+		return "", fmt.Errorf("unable to convert host label to ASCII, error: %v", err)
 	}

-	invalidHostMatcher := regexp.MustCompile(invalidHostLabel)
-
 	validHost := strings.ToLower(invalidHostMatcher.ReplaceAllString(ascii, "-"))
 	if len(validHost) > 58 {
 		validHost = validHost[:59]
--- a/go.mod
+++ b/go.mod
@@ -22,7 +22,7 @@ require (
 	golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20211215182854-7a385b3431de
 	golang.zx2c4.com/wireguard/windows v0.5.3
-	google.golang.org/grpc v1.55.0
+	google.golang.org/grpc v1.56.3
 	google.golang.org/protobuf v1.30.0
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 )
@@ -51,7 +51,8 @@ require (
 	github.com/miekg/dns v1.1.43
 	github.com/mitchellh/hashstructure/v2 v2.0.2
 	github.com/nadoo/ipset v0.5.0
-	github.com/netbirdio/management-integrations/integrations v0.0.0-20231027143200-a966bce7db88
+	github.com/netbirdio/management-integrations/additions v0.0.0-20231205113053-c462587ae695
+	github.com/netbirdio/management-integrations/integrations v0.0.0-20231205113053-c462587ae695
 	github.com/okta/okta-sdk-golang/v2 v2.18.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pion/logging v0.2.2
@@ -140,7 +141,7 @@ require (
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.11.1 // indirect
 	go.opentelemetry.io/otel/trace v1.11.1 // indirect
-	golang.org/x/image v0.5.0 // indirect
+	golang.org/x/image v0.10.0 // indirect
 	golang.org/x/mod v0.8.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
@@ -159,6 +160,6 @@ require (

 replace github.com/kardianos/service => github.com/netbirdio/service v0.0.0-20230215170314-b923b89432b0

-replace github.com/getlantern/systray => github.com/netbirdio/systray v0.0.0-20221012095658-dc8eda872c0c
+replace github.com/getlantern/systray => github.com/netbirdio/systray v0.0.0-20231030152038-ef1ed2a27949

 replace golang.zx2c4.com/wireguard => github.com/netbirdio/wireguard-go v0.0.0-20230524172305-5a498a82b33f
--- a/go.sum
+++ b/go.sum
@@ -495,12 +495,14 @@ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRW
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/nadoo/ipset v0.5.0 h1:5GJUAuZ7ITQQQGne5J96AmFjRtI8Avlbk6CabzYWVUc=
 github.com/nadoo/ipset v0.5.0/go.mod h1:rYF5DQLRGGoQ8ZSWeK+6eX5amAuPqwFkWjhQlEITGJQ=
-github.com/netbirdio/management-integrations/integrations v0.0.0-20231027143200-a966bce7db88 h1:zhe8qseauBuYOS910jpl5sv8Tb+36zxQPXrwYXqll0g=
-github.com/netbirdio/management-integrations/integrations v0.0.0-20231027143200-a966bce7db88/go.mod h1:KSqjzHcqlodTWiuap5lRXxt5KT3vtYRoksL0KIrTK40=
+github.com/netbirdio/management-integrations/additions v0.0.0-20231205113053-c462587ae695 h1:c/Rvyy/mqbFoKo6FS8ihQ3/3y+TAl0qDEH0pO2tXayM=
+github.com/netbirdio/management-integrations/additions v0.0.0-20231205113053-c462587ae695/go.mod h1:31FhBNvQ+riHEIu6LSTmqr8IeuSIsGfQffqV4LFmbwA=
+github.com/netbirdio/management-integrations/integrations v0.0.0-20231205113053-c462587ae695 h1:9HRnqSosRuKyOZgVN/hJW3DG2zVyt5AARmiQlSuDPIc=
+github.com/netbirdio/management-integrations/integrations v0.0.0-20231205113053-c462587ae695/go.mod h1:B0nMS3es77gOvPYhc0K91fAzTkQLi/jRq5TffUN3klM=
 github.com/netbirdio/service v0.0.0-20230215170314-b923b89432b0 h1:hirFRfx3grVA/9eEyjME5/z3nxdJlN9kfQpvWWPk32g=
 github.com/netbirdio/service v0.0.0-20230215170314-b923b89432b0/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
-github.com/netbirdio/systray v0.0.0-20221012095658-dc8eda872c0c h1:wK/s4nyZj/GF/kFJQjX6nqNfE0G3gcqd6hhnPCyp4sw=
-github.com/netbirdio/systray v0.0.0-20221012095658-dc8eda872c0c/go.mod h1:AecygODWIsBquJCJFop8MEQcJbWFfw/1yWbVabNgpCM=
+github.com/netbirdio/systray v0.0.0-20231030152038-ef1ed2a27949 h1:xbWM9BU6mwZZLHxEjxIX/V8Hv3HurQt4mReIE4mY4DM=
+github.com/netbirdio/systray v0.0.0-20231030152038-ef1ed2a27949/go.mod h1:AecygODWIsBquJCJFop8MEQcJbWFfw/1yWbVabNgpCM=
 github.com/netbirdio/wireguard-go v0.0.0-20230524172305-5a498a82b33f h1:WQXGYCKPkNs1KusFTLieV73UVTNfZVyez4CFRvlOruM=
 github.com/netbirdio/wireguard-go v0.0.0-20230524172305-5a498a82b33f/go.mod h1:tqur9LnfstdR9ep2LaJT4lFUl0EjlHtge+gAjmsHUG4=
 github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646/go.mod h1:jpp1/29i3P1S/RLdc7JQKbRpFeM1dOBd8T9ki5s+AY8=
@@ -747,8 +749,8 @@ golang.org/x/exp v0.0.0-20220518171630-0b5c67f07fdf/go.mod h1:yh0Ynu2b5ZUe3MQfp2
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.5.0 h1:5JMiNunQeQw++mMOz48/ISeNu3Iweh/JaZU8ZLqHRrI=
-golang.org/x/image v0.5.0/go.mod h1:FVC7BI/5Ym8R25iw5OLsgshdUBbT1h5jZTpA+mvAdZ4=
+golang.org/x/image v0.10.0 h1:gXjUUtwtx5yOE0VKWq1CH4IJAClq4UGgUA3i+rpON9M=
+golang.org/x/image v0.10.0/go.mod h1:jtrku+n79PfroUbvDdeUWMAI+heR786BofxrbiSF+J0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -989,6 +991,7 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1145,8 +1148,8 @@ google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
 google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc v1.51.0-dev/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
-google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
-google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
+google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc=
+google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
--- a/iface/iface_android.go
+++ b/iface/iface_android.go
@@ -28,14 +28,20 @@ func NewWGIFace(ifaceName string, address string, mtu int, tunAdapter TunAdapter
 	return wgIFace, nil
 }

-// CreateOnMobile creates a new Wireguard interface, sets a given IP and brings it up.
+// CreateOnAndroid creates a new Wireguard interface, sets a given IP and brings it up.
 // Will reuse an existing one.
-func (w *WGIface) CreateOnMobile(mIFaceArgs MobileIFaceArguments) error {
+func (w *WGIface) CreateOnAndroid(mIFaceArgs MobileIFaceArguments) error {
 	w.mu.Lock()
 	defer w.mu.Unlock()
 	return w.tun.Create(mIFaceArgs)
 }

+// CreateOniOS creates a new Wireguard interface, sets a given IP and brings it up.
+// Will reuse an existing one.
+func (w *WGIface) CreateOniOS(tunFd int32) error {
+	return fmt.Errorf("this function has not implemented on mobile")
+}
+
 // Create this function make sense on mobile only
 func (w *WGIface) Create() error {
 	return fmt.Errorf("this function has not implemented on mobile")
--- a/iface/iface_ios.go
+++ b/iface/iface_ios.go
@@ -0,0 +1,51 @@
+//go:build ios
+// +build ios
+
+package iface
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/pion/transport/v2"
+)
+
+// NewWGIFace Creates a new WireGuard interface instance
+func NewWGIFace(ifaceName string, address string, mtu int, tunAdapter TunAdapter, transportNet transport.Net) (*WGIface, error) {
+	wgIFace := &WGIface{
+		mu: sync.Mutex{},
+	}
+
+	wgAddress, err := parseWGAddress(address)
+	if err != nil {
+		return wgIFace, err
+	}
+
+	tun := newTunDevice(wgAddress, mtu, tunAdapter, transportNet)
+	wgIFace.tun = tun
+
+	wgIFace.configurer = newWGConfigurer(tun)
+
+	wgIFace.userspaceBind = !WireGuardModuleIsLoaded()
+
+	return wgIFace, nil
+}
+
+// CreateOniOS creates a new Wireguard interface, sets a given IP and brings it up.
+// Will reuse an existing one.
+func (w *WGIface) CreateOniOS(tunFd int32) error {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	return w.tun.Create(tunFd)
+}
+
+// CreateOnAndroid creates a new Wireguard interface, sets a given IP and brings it up.
+// Will reuse an existing one.
+func (w *WGIface) CreateOnAndroid(mIFaceArgs MobileIFaceArguments) error {
+	return fmt.Errorf("this function has not implemented on mobile")
+}
+
+// Create this function make sense on mobile only
+func (w *WGIface) Create() error {
+	return fmt.Errorf("this function has not implemented on mobile")
+}
--- a/iface/iface_nonandroid.go
+++ b/iface/iface_nonandroid.go
@@ -1,4 +1,5 @@
-//go:build !android
+//go:build !android && !ios
+// +build !android,!ios

 package iface

@@ -27,8 +28,13 @@ func NewWGIFace(iFaceName string, address string, mtu int, tunAdapter TunAdapter
 	return wgIFace, nil
 }

-// CreateOnMobile this function make sense on mobile only
-func (w *WGIface) CreateOnMobile(mIFaceArgs MobileIFaceArguments) error {
+// CreateOnAndroid this function make sense on mobile only
+func (w *WGIface) CreateOnAndroid(mIFaceArgs MobileIFaceArguments) error {
+	return fmt.Errorf("this function has not implemented on non mobile")
+}
+
+// CreateOniOS this function make sense on mobile only
+func (w *WGIface) CreateOniOS(tunFd int32) error {
 	return fmt.Errorf("this function has not implemented on non mobile")
 }

--- a/iface/ipc_parser_android.go
+++ b/iface/ipc_parser_android.go
@@ -1,3 +1,6 @@
+//go:build android
+// +build android
+
 package iface

 import (
--- a/iface/ipc_parser_ios.go
+++ b/iface/ipc_parser_ios.go
@@ -0,0 +1,63 @@
+//go:build ios
+// +build ios
+
+package iface
+
+import (
+	"encoding/hex"
+	"fmt"
+	"strings"
+
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+)
+
+func toWgUserspaceString(wgCfg wgtypes.Config) string {
+	var sb strings.Builder
+	if wgCfg.PrivateKey != nil {
+		hexKey := hex.EncodeToString(wgCfg.PrivateKey[:])
+		sb.WriteString(fmt.Sprintf("private_key=%s\n", hexKey))
+	}
+
+	if wgCfg.ListenPort != nil {
+		sb.WriteString(fmt.Sprintf("listen_port=%d\n", *wgCfg.ListenPort))
+	}
+
+	if wgCfg.ReplacePeers {
+		sb.WriteString("replace_peers=true\n")
+	}
+
+	if wgCfg.FirewallMark != nil {
+		sb.WriteString(fmt.Sprintf("fwmark=%d\n", *wgCfg.FirewallMark))
+	}
+
+	for _, p := range wgCfg.Peers {
+		hexKey := hex.EncodeToString(p.PublicKey[:])
+		sb.WriteString(fmt.Sprintf("public_key=%s\n", hexKey))
+
+		if p.PresharedKey != nil {
+			preSharedHexKey := hex.EncodeToString(p.PresharedKey[:])
+			sb.WriteString(fmt.Sprintf("preshared_key=%s\n", preSharedHexKey))
+		}
+
+		if p.Remove {
+			sb.WriteString("remove=true")
+		}
+
+		if p.ReplaceAllowedIPs {
+			sb.WriteString("replace_allowed_ips=true\n")
+		}
+
+		for _, aip := range p.AllowedIPs {
+			sb.WriteString(fmt.Sprintf("allowed_ip=%s\n", aip.String()))
+		}
+
+		if p.Endpoint != nil {
+			sb.WriteString(fmt.Sprintf("endpoint=%s\n", p.Endpoint.String()))
+		}
+
+		if p.PersistentKeepaliveInterval != nil {
+			sb.WriteString(fmt.Sprintf("persistent_keepalive_interval=%d\n", int(p.PersistentKeepaliveInterval.Seconds())))
+		}
+	}
+	return sb.String()
+}
--- a/iface/module_linux_test.go
+++ b/iface/module_linux_test.go
@@ -132,6 +132,7 @@ func resetGlobals() {
 }

 func createFiles(t *testing.T) (string, []module) {
+    t.Helper()
 	writeFile := func(path, text string) {
 		if err := os.WriteFile(path, []byte(text), 0644); err != nil {
 			t.Fatal(err)
@@ -167,6 +168,7 @@ func createFiles(t *testing.T) (string, []module) {
 }

 func getRandomLoadedModule(t *testing.T) (string, error) {
+    t.Helper()
 	f, err := os.Open("/proc/modules")
 	if err != nil {
 		return "", err
--- a/iface/tun_adapter.go
+++ b/iface/tun_adapter.go
@@ -1,6 +1,6 @@
 package iface

-// TunAdapter is an interface for create tun device from externel service
+// TunAdapter is an interface for create tun device from external service
 type TunAdapter interface {
 	ConfigureInterface(address string, mtu int, dns string, searchDomains string, routes string) (int, error)
 	UpdateAddr(address string) error
--- a/iface/tun_android.go
+++ b/iface/tun_android.go
@@ -1,3 +1,6 @@
+//go:build android
+// +build android
+
 package iface

 import (
@@ -56,7 +59,7 @@ func (t *tunDevice) Create(mIFaceArgs MobileIFaceArguments) error {
 	t.device = device.NewDevice(t.wrapper, t.iceBind, device.NewLogger(device.LogLevelSilent, "[wiretrustee] "))
 	// without this property mobile devices can discover remote endpoints if the configured one was wrong.
 	// this helps with support for the older NetBird clients that had a hardcoded direct mode
-	//t.device.DisableSomeRoamingForBrokenMobileSemantics()
+	// t.device.DisableSomeRoamingForBrokenMobileSemantics()

 	err = t.device.Up()
 	if err != nil {
--- a/iface/tun_darwin.go
+++ b/iface/tun_darwin.go
@@ -1,3 +1,6 @@
+//go:build !ios
+// +build !ios
+
 package iface

 import (
--- a/iface/tun_ios.go
+++ b/iface/tun_ios.go
@@ -0,0 +1,105 @@
+//go:build ios
+// +build ios
+
+package iface
+
+import (
+	"os"
+	"strings"
+
+	"github.com/pion/transport/v2"
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
+	"golang.zx2c4.com/wireguard/device"
+	"golang.zx2c4.com/wireguard/tun"
+
+	"github.com/netbirdio/netbird/iface/bind"
+)
+
+type tunDevice struct {
+	address    WGAddress
+	mtu        int
+	tunAdapter TunAdapter
+	iceBind    *bind.ICEBind
+
+	fd      int
+	name    string
+	device  *device.Device
+	wrapper *DeviceWrapper
+}
+
+func newTunDevice(address WGAddress, mtu int, tunAdapter TunAdapter, transportNet transport.Net) *tunDevice {
+	return &tunDevice{
+		address:    address,
+		mtu:        mtu,
+		tunAdapter: tunAdapter,
+		iceBind:    bind.NewICEBind(transportNet),
+	}
+}
+
+func (t *tunDevice) Create(tunFd int32) error {
+	log.Infof("create tun interface")
+
+	dupTunFd, err := unix.Dup(int(tunFd))
+	if err != nil {
+		log.Errorf("Unable to dup tun fd: %v", err)
+		return err
+	}
+
+	err = unix.SetNonblock(dupTunFd, true)
+	if err != nil {
+		log.Errorf("Unable to set tun fd as non blocking: %v", err)
+		unix.Close(dupTunFd)
+		return err
+	}
+	tun, err := tun.CreateTUNFromFile(os.NewFile(uintptr(dupTunFd), "/dev/tun"), 0)
+	if err != nil {
+		log.Errorf("Unable to create new tun device from fd: %v", err)
+		unix.Close(dupTunFd)
+		return err
+	}
+
+	t.wrapper = newDeviceWrapper(tun)
+	log.Debug("Attaching to interface")
+	t.device = device.NewDevice(t.wrapper, t.iceBind, device.NewLogger(device.LogLevelSilent, "[wiretrustee] "))
+	// without this property mobile devices can discover remote endpoints if the configured one was wrong.
+	// this helps with support for the older NetBird clients that had a hardcoded direct mode
+	// t.device.DisableSomeRoamingForBrokenMobileSemantics()
+
+	err = t.device.Up()
+	if err != nil {
+		t.device.Close()
+		return err
+	}
+	log.Debugf("device is ready to use: %s", t.name)
+	return nil
+}
+
+func (t *tunDevice) Device() *device.Device {
+	return t.device
+}
+
+func (t *tunDevice) DeviceName() string {
+	return t.name
+}
+
+func (t *tunDevice) WgAddress() WGAddress {
+	return t.address
+}
+
+func (t *tunDevice) UpdateAddr(addr WGAddress) error {
+	// todo implement
+	return nil
+}
+
+func (t *tunDevice) Close() (err error) {
+	if t.device != nil {
+		t.device.Close()
+	}
+
+	return
+}
+
+func (t *tunDevice) routesToString(routes []string) string {
+	return strings.Join(routes, ";")
+}
--- a/iface/tun_linux.go
+++ b/iface/tun_linux.go
@@ -99,7 +99,8 @@ func (c *tunDevice) assignAddr() error {
 	}
 	if len(list) > 0 {
 		for _, a := range list {
-			err = netlink.AddrDel(link, &a)
+			addr := a
+			err = netlink.AddrDel(link, &addr)
 			if err != nil {
 				return err
 			}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Zoltan Papp	6a279c698c	code cleaning	2023-12-07 18:29:00 +01:00
Pascal Fischer	ca9ea29255	remove development logs	2023-12-06 16:57:56 +01:00
Pascal Fischer	148a537c19	remove unused engine listener	2023-12-06 16:32:39 +01:00
Pascal Fischer	c88e8139c7	revert exported HostDNSConfig	2023-12-06 16:13:31 +01:00
Pascal Fischer	f854ec9bb6	re-arrange duration calculation	2023-12-06 15:46:38 +01:00
Pascal Fischer	d6d2e64247	Fix linter	2023-12-06 14:53:42 +01:00
Pascal Fischer	5f3f5dc1c6	Fix some of the remarks from the linter	2023-12-06 14:01:57 +01:00
Pascal Fischer	0f7343dd58	Revert back to disabling upstream on no response	2023-12-06 13:22:40 +01:00
Pascal Fischer	71f1cf80b8	Fix engine null pointer with mobile dependencies for other OS	2023-12-06 13:02:32 +01:00
Pascal Fischer	975e8e816a	Fix dns server and upstream tests	2023-12-06 12:46:45 +01:00
Pascal Fischer	e03c07a3dc	Update mock Server	2023-12-06 12:24:58 +01:00
Pascal Fischer	ad1cf388fb	Extract private upstream for iOS and fix function headers for other OS	2023-12-06 12:09:23 +01:00
pascal-fischer	5f96c566ab	Merge branch 'main' into feature/add-ios-support	2023-12-06 11:52:27 +01:00
Yury Gargay	27ed88f918	Implement lightweight method to check is peer has update channel (#1351 ) Instead of GetAllConnectedPeers that need to traverse the whole connections map in order to find one channel there.	2023-12-05 14:17:56 +01:00
pascal-fischer	45fc89b2c9	Merge pull request #1355 from netbirdio/chore/update-integrations-branch-reference Chore: clean gomod reference	2023-12-05 13:13:14 +01:00
Pascal Fischer	f822a58326	go mod tidy	2023-12-05 12:54:01 +01:00
Pascal Fischer	d1f13025d1	switch back to use netbird main	2023-12-05 12:39:15 +01:00
pascal-fischer	3f8b500f0b	Merge pull request #1341 from netbirdio/feature/peer-approval Add peer and settings validation	2023-12-05 12:11:14 +01:00
Maycon Santos	0d2db4b172	update API doc	2023-12-04 19:02:16 +01:00
Pascal Fischer	7a18dea766	go mod tidy	2023-12-04 17:35:56 +01:00
pascal-fischer	ae5f69562d	Merge branch 'main' into feature/peer-approval	2023-12-04 17:34:53 +01:00
pascal-fischer	755ffcfc73	Merge pull request #1353 from netbirdio/feature/extend-add-peer-event-with-setup-key Extend add peer event meta with setup key name	2023-12-04 17:33:50 +01:00
Pascal Fischer	dc8f55f23e	remove dependency cycle from prepare peer	2023-12-04 16:26:34 +01:00
Pascal Fischer	89249b414f	move peer validation into getPeerconnectionResources	2023-12-04 14:53:38 +01:00
Pascal Fischer	92adf57fea	fix map assignment	2023-12-04 13:49:46 +01:00
Yury Gargay	e37a337164	Add gosec linter (#1342 ) This PR adds `gosec` linter with the following checks disabled: - G102: Bind to all interfaces - G107: Url provided to HTTP request as taint input - G112: Potential slowloris attack - G114: Use of net/http serve function that has no support for setting timeouts - G204: Audit use of command execution - G401: Detect the usage of DES, RC4, MD5 or SHA1 - G402: Look for bad TLS connection settings - G404: Insecure random number source (rand) - G501: Import blocklist: crypto/md5 - G505: Import blocklist: crypto/sha1 We have complaints related to the checks above. They have to be addressed separately.	2023-12-04 13:34:06 +01:00
Pascal Fischer	1cd5a66575	adding setup key name to the event meta for adding peers by setup key	2023-12-04 13:00:13 +01:00
Pascal Fischer	b9fc008542	extract peer preparation	2023-12-04 12:49:50 +01:00
pascal-fischer	d5bf79bc51	Merge branch 'main' into feature/peer-approval	2023-12-01 18:12:59 +01:00
Maycon Santos	d7efea74b6	add owner role support (#1340 ) This PR adds support to Owner roles. The owner role has a similar access level as the admin, but it has the power to delete the account. Besides that, the role has the following constraints: - The role can only be transferred. So, only a user with the owner role can transfer the owner role to a new user - It can't be assigned to users being invited - It can't be assigned to service users	2023-12-01 17:24:57 +01:00
Maycon Santos	b8c46e2654	Fix IPv6 format for DNS address received from android (#1350 ) this adds the address in the expected format in Go [ipv6]:port	2023-12-01 14:26:42 +01:00
Pascal Fischer	4bf574037f	fix sql store	2023-11-30 11:51:35 +01:00
Pascal Fischer	47c44d4b87	fix imports in sqlite store test	2023-11-30 11:08:51 +01:00
Pascal Fischer	96f866fb68	add missing imports after refactor	2023-11-29 16:46:46 +01:00
pascal-fischer	141065f14e	Merge branch 'main' into feature/peer-approval	2023-11-29 16:27:01 +01:00
Pascal Fischer	8e74fb1fa8	add account id to validating peer update	2023-11-29 15:57:56 +01:00
Pascal Fischer	ba96e102b4	settings nil check	2023-11-29 15:16:11 +01:00
Bethuel Mmbaga	7a46a63a14	Fix the inability to set hostname with the flag in daemon mode (#1339 ) Pass the hostname set in the flag into the protocol message when running in daemon mode.	2023-11-29 15:01:27 +01:00
Pascal Fischer	2129b23fe7	allow sync for and return empty map	2023-11-29 14:56:06 +01:00
Maycon Santos	b6211ad020	Fix group membership for peers API response (#1337 )	2023-11-29 09:33:05 +01:00
Pascal Fischer	efd05ca023	fix api references	2023-11-28 15:15:51 +01:00
Pascal Fischer	c829ad930c	use separate package for signatures	2023-11-28 15:09:04 +01:00
Pascal Fischer	ad1f18a52a	replace with updated integrations	2023-11-28 14:55:20 +01:00
Pascal Fischer	bab420ca77	extract account into separate package	2023-11-28 14:34:57 +01:00
Maycon Santos	c2eaf8a1c0	Add account deletion endpoint (#1331 ) Adding support to account owners to delete an account This will remove all users from local, and if --user-delete-from-idp is set it will remove from the remote IDP	2023-11-28 14:23:38 +01:00
Pascal Fischer	a729c83b06	extract peer into seperate package	2023-11-28 13:45:26 +01:00
Maycon Santos	dc05102b8f	Fix panic on empty username for invites (#1334 ) Validate email and user are not empty	2023-11-28 13:09:33 +01:00
Pascal Fischer	a7e55cc5e3	add signatures and frame for peer approval	2023-11-28 11:44:08 +01:00
Pascal Fischer	b7c0eba1e5	add extra settings struct	2023-11-27 17:04:40 +01:00
Yury Gargay	d1a323fa9d	Add gocritic linter (#1324 ) * Add gocritic linter `gocritic` provides diagnostics that check for bugs, performance, and style issues We disable the following checks: - commentFormatting - captLocal - deprecatedComment This PR contains many `//nolint:gocritic` to disable `appendAssign`.	2023-11-27 16:40:02 +01:00
Yury Gargay	63d211c698	Prepare regexps on compile time (#1327 )	2023-11-27 13:01:00 +01:00
Maycon Santos	0ca06b566a	Add Windows version to correct system info field (#1330 )	2023-11-24 17:49:39 +01:00
Maycon Santos	cf9e447bf0	Update signing pipelines to version 0.0.10 (#1329 )	2023-11-24 14:27:40 +01:00
Maycon Santos	fdd23d4644	Remove the gateway check for routes (#1317 ) Most operating systems add a /32 route for the default gateway address to its routing table This will allow routes to be configured into the system even when the incoming range contains the default gateway. In case a range is a sub-range of an existing route and this range happens to contain the default gateway it attempts to create a default gateway route to prevent loop issues	2023-11-24 11:31:22 +01:00
hg	5a3ee4f9c4	Add systemd .service files (#1316 ) (#1318 ) Add systemd .service files	2023-11-23 20:15:07 +01:00
pascal-fischer	5ffed796c0	Merge pull request #1326 from netbirdio/fix/windows-os-info Fix windows os info	2023-11-22 20:13:18 +01:00
Pascal Fischer	ab895be4a3	fix get os info for windows to report correct versions	2023-11-22 16:23:19 +01:00
Bethuel Mmbaga	96cdcf8e49	Add client UI shortcut links for standard users in Windows (#1323 ) * Change SetShellVarContext scope to create program links for standard users * Include guidelines for building the Windows Netbird installer during development * Add Wireguard driver requirement to Windows build instructions	2023-11-21 20:02:16 +03:00
Yury Gargay	63f6514be5	Add tenv linter (#1322 ) Tenv is analyzer that detects using `os.Setenv` instead of `t.Setenv` since Go 1.17.	2023-11-21 17:38:33 +01:00
Yury Gargay	afece95ae5	Fix lookupCache to work when idp has more users (#1321 )	2023-11-20 16:47:11 +01:00
Bethuel Mmbaga	d78b7e5d93	Skip user deletion if the user does not exist in IdP (#1320 )	2023-11-20 16:56:21 +03:00
Yury Gargay	67906f6da5	Improve Account cache reload condition (#1319 ) To take in consideration that cache may know more users	2023-11-20 12:05:32 +01:00
pascal-fischer	52b5a31058	Merge pull request #1309 from netbirdio/fix/duplicated-entries-on-events-api Fix duplicated Activity events shown	2023-11-17 12:03:26 +01:00
Yury Gargay	b58094de0f	Add metrics for PeersUpdateManager (#1310 ) With this change we should be able to collect and expose the following histograms: * `management.updatechannel.create.duration.ms` with `closed` boolean label * `management.updatechannel.create.duration.micro` with `closed` boolean label * `management.updatechannel.close.one.duration.ms` * `management.updatechannel.close.one.duration.micro` * `management.updatechannel.close.multiple.duration.ms` * `management.updatechannel.close.multiple.duration.micro` * `management.updatechannel.close.multiple.channels` * `management.updatechannel.send.duration.ms` with `found` and `dropped` boolean labels * `management.updatechannel.send.duration.micro` with `found` and `dropped` boolean labels * `management.updatechannel.get.all.duration.ms` * `management.updatechannel.get.all.duration.micro` * `management.updatechannel.get.all.peers`	2023-11-16 18:21:52 +01:00
pascal-fischer	456aaf2868	Merge pull request #1315 from netbirdio/feature/dns-name-for-ios-from-idp Use email address for iphone name generation	2023-11-16 17:42:48 +01:00
Pascal Fischer	d379c25ff5	use idp cache instead of idp manager	2023-11-16 17:13:04 +01:00
Pascal Fischer	f86ed12cf5	add support for ipad as well	2023-11-16 17:01:01 +01:00
Pascal Fischer	5a45f79fec	use the email address to set the iphone name for iOS 16+	2023-11-16 16:46:08 +01:00
Pascal Fischer	b2300216bb	disable relay connection for iOS until proxy is refactored into bind	2023-11-16 13:37:34 +01:00
Bethuel Mmbaga	e7d063126d	Add non-deletable service user (#1311 ) * Add non-deletable flag for service users * fix non deletable service user created as deletable * Exclude non deletable service users in service users api response * Fix broken tests * Add test for non deletable service user * Add handling for non-deletable service users in tests * Remove non-deletable service users when fetching all users * Ensure non-deletable users are filtered out when fetching all user data	2023-11-15 18:22:00 +03:00
Yury Gargay	fb42fedb58	Fix PAT copy for GetUserByTokenID in SQLite store (#1312 )	2023-11-15 14:15:12 +01:00
Pascal Fischer	9eb1e90bbe	refactor activity get queries to only add comment	2023-11-15 11:21:59 +01:00
Pascal Fischer	53fb0a9754	refactor activity get queries to only consider 1 deleted user entry	2023-11-14 17:40:14 +01:00
Yury Gargay	70c7543e36	Allow to update IntegrationReference for user (#1308 ) This should not happen via an API but be possible when calling the method directly.	2023-11-14 12:25:21 +01:00
Yury Gargay	d1d01a0611	Extend AccountManager with external cache and group/user management methods (#1289 )	2023-11-13 14:04:18 +01:00
Yury Gargay	9e8725618e	Extend linter rules (#1300 ) - dupword checks for duplicate words in the source code - durationcheck checks for two durations multiplied together - forbidigo forbids identifiers - mirror reports wrong mirror patterns of bytes/strings usage - misspell finds commonly misspelled English words in comments - predeclared finds code that shadows one of Go's predeclared identifiers - thelper detects Go test helpers without t.Helper() call and checks the consistency of test helpers	2023-11-10 16:33:13 +01:00
Pascal Fischer	a37c946abe	replace engine listener with connection listener	2023-11-09 19:58:28 +01:00
Maycon Santos	a40261ff7e	Log access control error (#1299 )	2023-11-09 17:15:59 +01:00
Pascal Fischer	0a8249e044	add engine ready listener	2023-11-08 16:37:56 +01:00
Bethuel Mmbaga	89e8540531	Export account manager events store (#1295 ) * Expose account manager StoreEvent to integrations * Add account manager StoreEvent mock	2023-11-08 13:35:37 +03:00
Pascal Fischer	2b249ab9c9	fix after merge changes	2023-11-07 15:52:19 +01:00
Pascal Fischer	0e7a67cf81	merge main	2023-11-07 15:18:37 +01:00
Bethuel Mmbaga	9f7e13fc87	Enable deletion of integration resources (#1294 ) * Enforce admin service user role for integration group deletion Added a check to prevent non-admin service users from deleting integration groups. * Restrict deletion of integration user to admin service user only * Refactor user and group deletion tests	2023-11-07 17:02:51 +03:00
Zoltan Papp	8be6e92563	Extend API with accessible peers (#1284 ) Extend the peer and peers API endpoints with accessible peers.	2023-11-07 14:38:36 +01:00
Maycon Santos	b726b3262d	Add codespell job (#1281 ) add codespell workflow and fixed spelling issues	2023-11-07 13:37:57 +01:00
Bethuel Mmbaga	125a7a9daf	Add integration activity types to codes.go (#1293 ) New activity types for integration creation, update, and deletion have been added to the activity codes. This ensures the tracking of these user activities relating to integrations, which were not previously being logged.	2023-11-07 14:05:58 +03:00
Yury Gargay	9b1a0c2df7	Extend devcontainer with dind and go features (#1292 )	2023-11-07 11:14:07 +01:00
Pascal Fischer	1c23a0e70c	fix panic on no dns response	2023-11-07 10:12:58 +01:00
Pascal Fischer	5632d222cc	switching between client to query upstream	2023-11-06 12:32:25 +01:00
Yury Gargay	1568c8aa91	Add basic support of devcontainer (#1280 )	2023-11-06 11:22:39 +01:00
Pascal Fischer	e193df3bc7	fix metadata send on startup	2023-11-04 19:46:47 +01:00
Maycon Santos	65052e5cba	use dns.Client.Exchange	2023-11-03 20:35:52 +01:00
dependabot[bot]	2f5ba96596	Bump google.golang.org/grpc from 1.55.0 to 1.56.3 (#1252 ) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.55.0 to 1.56.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.55.0...v1.56.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-03 14:45:50 +01:00
dependabot[bot]	63568e5e0e	Bump golang.org/x/image from 0.5.0 to 0.10.0 (#1285 ) Bumps [golang.org/x/image](https://github.com/golang/image) from 0.5.0 to 0.10.0. - [Commits](https://github.com/golang/image/compare/v0.5.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/image dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-03 14:45:35 +01:00
Pascal Fischer	64084ca130	trying to bind the DNS resolver dialer to an interface	2023-11-03 14:26:07 +01:00
Zoltan Papp	9c4bf1e899	Parse original resolv.conf (#1270 ) Handle original search domains in resolv.conf type implementations. - parse the original resolv.conf file - merge the search domains - ignore the domain keyword - append any other config lines (sortstlist, options) - fix read origin resolv.conf from bkp in resolvconf implementation - fix line length validation - fix number of search domains validation	2023-11-03 13:05:39 +01:00
Zoltan Papp	2c01514259	Fix black icon background on Win (#1269 ) Fix the black icon background on Windows. Update to the patched systray library.	2023-11-03 13:05:07 +01:00
Pascal Fischer	79f60b86c4	fix route deletion	2023-10-27 17:44:58 +02:00
Pascal Fischer	de46393a7c	updated	2023-10-23 18:31:40 +02:00
Pascal Fischer	c4c59ed3a7	fix	2023-10-09 14:59:21 +02:00
Pascal Fischer	7f958e9338	trying to add DNS	2023-10-09 14:58:48 +02:00
Pascal Fischer	91b45eab98	Merge remote-tracking branch 'origin/main' into local/engine-restart	2023-10-06 16:33:01 +02:00
Pascal Fischer	ec8eb76b42	small refactor for better code quality in swift	2023-10-06 16:32:30 +02:00
Pascal Fischer	8b8e4bbc6a	support for routes and working connection	2023-10-05 20:15:44 +02:00
Pascal Fischer	e733cdcf33	first working connection	2023-09-25 13:02:56 +02:00
Pascal Fischer	cdbe9c4eef	Merge branch 'main' into local/engine-restart	2023-09-21 16:43:03 +02:00
Pascal Fischer	8653c32367	logger and first client	2023-09-21 16:42:44 +02:00
Pascal Fischer	6743054451	inject logger that does not compile	2023-08-17 13:35:38 +02:00
Pascal Fischer	7f7e10121d	starting engine by passing file descriptor on engine start	2023-08-09 15:21:53 +02:00