Merge branch 'main' into debug-google-workspace

Allow adding 3 nameserver addresses (#1588 )
Make sure the iOS dialer does not get overwritten (#1585 )
2026-04-21 01:36:46 +00:00 · 2024-02-19 15:26:58 +01:00 · 2024-02-19 14:29:20 +01:00 · 2024-02-16 14:37:47 +01:00 · 2024-02-16 13:10:37 +03:00 · 2024-02-13 13:10:17 +01:00
183 changed files with 6845 additions and 2521 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.20-bullseye
+FROM golang:1.21-bullseye
 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
    && apt-get -y install --no-install-recommends\
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -7,7 +7,7 @@
 	"features": {
 		"ghcr.io/devcontainers/features/docker-in-docker:2": {},
 		"ghcr.io/devcontainers/features/go:1": {
-			"version": "1.20"
+			"version": "1.21"
 		}
 	},
 	"workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
--- a/.github/ISSUE_TEMPLATE/bug-issue-report.md
+++ b/.github/ISSUE_TEMPLATE/bug-issue-report.md
@@ -2,15 +2,17 @@
 name: Bug/Issue report
 about: Create a report to help us improve
 title: ''
-labels: ''
+labels: ['triage']
 assignees: ''
 ---
 **Describe the problem**
 A clear and concise description of what the problem is.
 **To Reproduce**
 Steps to reproduce the behavior:
 1. Go to '...'
 2. Click on '....'
@@ -18,13 +20,25 @@ Steps to reproduce the behavior:
 4. See error
 **Expected behavior**
 A clear and concise description of what you expected to happen.
 **Are you using NetBird Cloud?**
 Please specify whether you use NetBird Cloud or self-host NetBird's control plane.
 **NetBird version**
 `netbird version`
 **NetBird status -d output:**
-If applicable, add the output of the `netbird status -d` command
+
 If applicable, add the `netbird status -d' command output.
 **Screenshots**
 If applicable, add screenshots to help explain your problem.
 **Additional context**
 Add any other context about the problem here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -2,7 +2,7 @@
 name: Feature request
 about: Suggest an idea for this project
 title: ''
-labels: ''
+labels: ['feature-request']
 assignees: ''
 ---
--- a/.github/workflows/golang-test-darwin.yml
+++ b/.github/workflows/golang-test-darwin.yml
@@ -20,7 +20,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.20.x"
+          go-version: "1.21.x"
      - name: Checkout code
        uses: actions/checkout@v3
--- a/.github/workflows/golang-test-linux.yml
+++ b/.github/workflows/golang-test-linux.yml
@@ -21,7 +21,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.20.x"
+          go-version: "1.21.x"
      - name: Cache Go modules
@@ -50,7 +50,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.20.x"
+          go-version: "1.21.x"
      - name: Cache Go modules
        uses: actions/cache@v3
--- a/.github/workflows/golang-test-windows.yml
+++ b/.github/workflows/golang-test-windows.yml
@@ -23,13 +23,13 @@ jobs:
        uses: actions/setup-go@v4
        id: go
        with:
-          go-version: "1.20.x"
+          go-version: "1.21.x"
      - name: Download wintun
        uses: carlosperate/download-file-action@v2
        id: download-wintun
        with:
-          file-url: https://www.wintun.net/builds/wintun-0.14.1.zip
+          file-url: https://pkgs.netbird.io/wintun/wintun-0.14.1.zip
          file-name: wintun.zip
          location: ${{ env.downloadPath }}
          sha256: '07c256185d6ee3652e09fa55c0b673e2624b565e02c4b9091c79ca7d2f24ef51'
@@ -49,4 +49,4 @@ jobs:
        run: PsExec64 -s -w ${{ github.workspace }} cmd.exe /c "C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe test -timeout 5m -p 1 ./... > test-out.txt 2>&1"
      - name: test output
        if: ${{ always() }}
-        run: Get-Content test-out.txt
+        run: Get-Content test-out.txt
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -1,7 +1,7 @@
 name: golangci-lint
 on: [pull_request]
-permissions: 
+permissions:
  contents: read
  pull-requests: read
@@ -36,7 +36,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.20.x"
+          go-version: "1.21.x"
          cache: false
      - name: Install dependencies
        if: matrix.os == 'ubuntu-latest'
--- a/.github/workflows/android-build-validation.yml
+++ b/.github/workflows/android-build-validation.yml
@@ -1,4 +1,4 @@
-name: Android build validation
+name: Mobile build validation
 on:
  push:
@@ -11,7 +11,7 @@ concurrency:
  cancel-in-progress: true
 jobs:
-  build:
+  andrloid_build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
@@ -19,9 +19,16 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.20.x"
+          go-version: "1.21.x"
      - name: Setup Android SDK
-        uses: android-actions/setup-android@v2
+        uses: android-actions/setup-android@v3
        with:
          cmdline-tools-version: 8512546
      - name: Setup Java
        uses: actions/setup-java@v3
        with:
          java-version: "11"
          distribution: "adopt"
      - name: NDK Cache
        id: ndk-cache
        uses: actions/cache@v3
@@ -29,7 +36,7 @@ jobs:
          path: /usr/local/lib/android/sdk/ndk
          key: ndk-cache-23.1.7779620
      - name: Setup NDK
-        run: /usr/local/lib/android/sdk/tools/bin/sdkmanager --install "ndk;23.1.7779620"
+        run: /usr/local/lib/android/sdk/cmdline-tools/7.0/bin/sdkmanager --install "ndk;23.1.7779620"
      - name: install gomobile
        run: go install golang.org/x/mobile/cmd/gomobile@v0.0.0-20230531173138-3c911d8e3eda
      - name: gomobile init
@@ -38,4 +45,21 @@ jobs:
        run: PATH=$PATH:$(go env GOPATH) gomobile bind -o $GITHUB_WORKSPACE/netbird.aar -javapkg=io.netbird.gomobile -ldflags="-X golang.zx2c4.com/wireguard/ipc.socketDirectory=/data/data/io.netbird.client/cache/wireguard -X github.com/netbirdio/netbird/version.version=buildtest"  $GITHUB_WORKSPACE/client/android
        env:
          CGO_ENABLED: 0
-          ANDROID_NDK_HOME: /usr/local/lib/android/sdk/ndk/23.1.7779620
+          ANDROID_NDK_HOME: /usr/local/lib/android/sdk/ndk/23.1.7779620
  ios_build:
    runs-on: macos-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
      - name: Install Go
        uses: actions/setup-go@v4
        with:
          go-version: "1.21.x"
      - name: install gomobile
        run: go install golang.org/x/mobile/cmd/gomobile@v0.0.0-20230531173138-3c911d8e3eda
      - name: gomobile init
        run: gomobile init
      - name: build iOS nebtird lib
        run: PATH=$PATH:$(go env GOPATH) gomobile bind -target=ios -bundleid=io.netbird.framework -ldflags="-X github.com/netbirdio/netbird/version.version=buildtest" -o $GITHUB_WORKSPACE/NetBirdSDK.xcframework $GITHUB_WORKSPACE/client/ios/NetBirdSDK
        env:
          CGO_ENABLED: 0
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -20,7 +20,7 @@ on:
      - 'client/ui/**'
 env:
-  SIGN_PIPE_VER: "v0.0.10"
+  SIGN_PIPE_VER: "v0.0.11"
  GORELEASER_VER: "v1.14.1"
 concurrency:
@@ -44,7 +44,7 @@ jobs:
        name: Set up Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.20"
+          go-version: "1.21"
          cache: false
      -
        name: Cache Go modules
@@ -120,7 +120,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.20"
+          go-version: "1.21"
          cache: false
      - name: Cache Go modules
        uses: actions/cache@v3
@@ -175,7 +175,7 @@ jobs:
        name: Set up Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.20"
+          go-version: "1.21"
          cache: false
      -
        name: Cache Go modules
--- a/.github/workflows/test-infrastructure-files.yml
+++ b/.github/workflows/test-infrastructure-files.yml
@@ -28,7 +28,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.20.x"
+          go-version: "1.21.x"
      - name: Cache Go modules
        uses: actions/cache@v3
@@ -87,8 +87,10 @@ jobs:
          CI_NETBIRD_SIGNAL_PORT: 12345
          CI_NETBIRD_STORE_CONFIG_ENGINE: "sqlite"
          CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false
          CI_NETBIRD_TURN_EXTERNAL_IP: "1.2.3.4"
        run: |
          set -x
          grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
          grep AUTH_CLIENT_SECRET docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
          grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
@@ -120,6 +122,7 @@ jobs:
          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep -A 3 RedirectURLs | grep "http://localhost:53000"
          grep "external-ip" turnserver.conf | grep $CI_NETBIRD_TURN_EXTERNAL_IP
      - name: Install modules
        run: go mod tidy
@@ -175,7 +178,10 @@ jobs:
      - name: test management.json file gen
        run: test -f management.json
      - name: test turnserver.conf file gen
-        run: test -f turnserver.conf
+        run: | 
          set -x
          test -f turnserver.conf
          grep external-ip turnserver.conf
      - name: test zitadel.env file gen
        run: test -f zitadel.env
      - name: test dashboard.env file gen
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -189,6 +189,8 @@ CGO_ENABLED=0 go build .
 > Windows clients have a Wireguard driver requirement. You can download the wintun driver from https://www.wintun.net/builds/wintun-0.14.1.zip, after decompressing, you can copy the file `windtun\bin\ARCH\wintun.dll` to the same path as your binary file or to `C:\Windows\System32\wintun.dll`.
 > To test the client GUI application on Windows machines with RDP or vituralized environments (e.g. virtualbox or cloud), you need to download and extract the opengl32.dll from https://fdossena.com/?p=mesa/index.frag next to the built application.
 To start NetBird the client in the foreground:
 ```
@@ -272,6 +274,8 @@ go test -exec sudo ./...
 ```
 > On Windows use a powershell with administrator privileges
 > Non-GTK environments will need the `libayatana-appindicator3-dev` (debian/ubuntu) package installed
 ## Checklist before submitting a PR
 As a critical network service and open-source project, we must enforce a few things before submitting the pull-requests:
 - Keep functions as simple as possible, with a single purpose
--- a/README.md
+++ b/README.md
@@ -48,17 +48,17 @@ https://user-images.githubusercontent.com/700848/197345890-2e2cded5-7b7a-436f-a4
 ### Key features
-| Connectivity                             	                        | Management                                 	                             | Automation                                    	                            | Platforms    	                        |
+| Connectivity                             	                                                                                      | Management                                 	                             | Automation                                    	                            | Platforms    	                        |
-|-------------------------------------------------------------------|--------------------------------------------------------------------------|----------------------------------------------------------------------------|---------------------------------------|
+|---------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|----------------------------------------------------------------------------|---------------------------------------|
-| <ul><li> - \[x] Kernel WireGuard </ul></li>                   	   | <ul><li> - \[x] [Admin Web UI](https://github.com/netbirdio/dashboard) </ul></li>                           	      | <ul><li> - \[x] [Public API](https://docs.netbird.io/api) </ul></li>                                	     | <ul><li> - \[x] Linux </ul></li>    	 |
+| <ul><li> - \[x] Kernel WireGuard </ul></li>                   	                                                                 | <ul><li> - \[x] [Admin Web UI](https://github.com/netbirdio/dashboard) </ul></li>                           	      | <ul><li> - \[x] [Public API](https://docs.netbird.io/api) </ul></li>                                	     | <ul><li> - \[x] Linux </ul></li>    	 |
-| <ul><li> - \[x] Peer-to-peer connections </ul></li>             	 | <ul><li> - \[x] Auto peer discovery and configuration </ul></li>  	      | <ul><li> - \[x] [Setup keys for bulk network provisioning](https://docs.netbird.io/how-to/register-machines-using-setup-keys) </ul></li>  	     | <ul><li> - \[x] Mac </ul></li>      	 |
+| <ul><li> - \[x] Peer-to-peer connections </ul></li>             	                                                               | <ul><li> - \[x] Auto peer discovery and configuration </ul></li>  	      | <ul><li> - \[x] [Setup keys for bulk network provisioning](https://docs.netbird.io/how-to/register-machines-using-setup-keys) </ul></li>  	     | <ul><li> - \[x] Mac </ul></li>      	 |
-| <ul><li> - \[x] Peer-to-peer encryption </ul></li>              	 | <ul><li> - \[x] [IdP integrations](https://docs.netbird.io/selfhosted/identity-providers) </ul></li>                       	      | <ul><li> - \[x] [Self-hosting quickstart script](https://docs.netbird.io/selfhosted/selfhosted-quickstart) </ul></li>              	 | <ul><li> - \[x] Windows </ul></li>  	 |
+| <ul><li> - \[x] Peer-to-peer encryption </ul></li>              	                                                               | <ul><li> - \[x] [IdP integrations](https://docs.netbird.io/selfhosted/identity-providers) </ul></li>                       	      | <ul><li> - \[x] [Self-hosting quickstart script](https://docs.netbird.io/selfhosted/selfhosted-quickstart) </ul></li>              	 | <ul><li> - \[x] Windows </ul></li>  	 |
-| <ul><li> - \[x] Connection relay fallback </ul></li>            	 | <ul><li> - \[x] [SSO & MFA support](https://docs.netbird.io/how-to/installation#running-net-bird-with-sso-login) </ul></li>                      	      | <ul><li> - \[x] IdP groups sync with JWT </ul></li> 	                      | <ul><li> - \[x] Android </ul></li>  	 |
+| <ul><li> - \[x] Connection relay fallback </ul></li>            	                                                               | <ul><li> - \[x] [SSO & MFA support](https://docs.netbird.io/how-to/installation#running-net-bird-with-sso-login) </ul></li>                      	      | <ul><li> - \[x] IdP groups sync with JWT </ul></li> 	                      | <ul><li> - \[x] Android </ul></li>  	 |
-| <ul><li> - \[x] [Routes to external networks](https://docs.netbird.io/how-to/routing-traffic-to-private-networks) </ul></li>  	         | <ul><li> - \[x] [Access control - groups & rules](https://docs.netbird.io/how-to/manage-network-access) </ul></li>      	        | 	                                                                          | <ul><li> - \[ ] iOS </ul></li>      	 |
+| <ul><li> - \[x] [Routes to external networks](https://docs.netbird.io/how-to/routing-traffic-to-private-networks) </ul></li>  	 | <ul><li> - \[x] [Access control - groups & rules](https://docs.netbird.io/how-to/manage-network-access) </ul></li>      	        | 	                                                                          | <ul><li> - \[x] iOS </ul></li>      	 |
-| <ul><li> - \[x] NAT traversal with BPF </ul></li>                 | <ul><li> - \[x] [Private DNS](https://docs.netbird.io/how-to/manage-dns-in-your-network) </ul></li>                            	      | 	                                                                          | <ul><li> - \[x] Docker </ul></li>   	 |
+| <ul><li> - \[x] NAT traversal with BPF </ul></li>                                                                               | <ul><li> - \[x] [Private DNS](https://docs.netbird.io/how-to/manage-dns-in-your-network) </ul></li>                            	      | 	                                                                          | <ul><li> - \[x] Docker </ul></li>   	 |
-|                                                                   | <ul><li> - \[x] [Multiuser support](https://docs.netbird.io/how-to/add-users-to-your-network) </ul></li>                      	      | 	                                                                          | <ul><li> - \[x] OpenWRT </ul></li>  	 |
+| <ul><li> - \[x] Post-quantum-secure connection through [Rosenpass](https://rosenpass.eu) </ul></li>                             | <ul><li> - \[x] [Multiuser support](https://docs.netbird.io/how-to/add-users-to-your-network) </ul></li>                      	      | 	                                                                          | <ul><li> - \[x] OpenWRT </ul></li>  	 |
-| 	                                                                 | <ul><li> - \[x] [Activity logging](https://docs.netbird.io/how-to/monitor-system-and-network-activity) </ul></li>                       	      | 	                                                                          | 	                                     |
+| 	                                                                                                                               | <ul><li> - \[x] [Activity logging](https://docs.netbird.io/how-to/monitor-system-and-network-activity) </ul></li>                       	      | 	                                                                          | 	                                     |
-| 	                                                                 | <ul><li> - \[x] SSH access management </ul></li>                       	 | 	                                                                          | 	                                     |
+| 	                                                                                                                               | <ul><li> - \[x] SSH access management </ul></li>                       	 | 	                                                                          | 	                                     |
 ### Quickstart with NetBird Cloud
--- a/client/Dockerfile
+++ b/client/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3
+FROM alpine:3.18.5
 RUN apk add --no-cache ca-certificates iptables ip6tables
 ENV NB_FOREGROUND_MODE=true
 ENTRYPOINT [ "/go/bin/netbird","up"]
--- a/client/android/client.go
+++ b/client/android/client.go
@@ -139,6 +139,11 @@ func (c *Client) SetTraceLogLevel() {
 	log.SetLevel(log.TraceLevel)
 }
 // SetInfoLogLevel configure the logger to info level
 func (c *Client) SetInfoLogLevel() {
 	log.SetLevel(log.InfoLevel)
 }
 // PeersList return with the list of the PeerInfos
 func (c *Client) PeersList() *PeerInfoArray {
--- a/client/cmd/login.go
+++ b/client/cmd/login.go
@@ -60,7 +60,7 @@ var loginCmd = &cobra.Command{
 				return fmt.Errorf("get config file: %v", err)
 			}
-			config, _ = internal.UpdateOldManagementPort(ctx, config, configPath)
+			config, _ = internal.UpdateOldManagementURL(ctx, config, configPath)
 			err = foregroundLogin(ctx, cmd, config, setupKey)
 			if err != nil {
@@ -82,12 +82,15 @@ var loginCmd = &cobra.Command{
 		loginRequest := proto.LoginRequest{
 			SetupKey:             setupKey,
 			PreSharedKey:         preSharedKey,
 			ManagementUrl:        managementURL,
 			IsLinuxDesktopClient: isLinuxRunningDesktop(),
 			Hostname:             hostName,
 		}
 		if rootCmd.PersistentFlags().Changed(preSharedKeyFlag) {
 			loginRequest.OptionalPreSharedKey = &preSharedKey
 		}
 		var loginErr error
 		var loginResp *proto.LoginResponse
--- a/client/cmd/root.go
+++ b/client/cmd/root.go
@@ -25,9 +25,12 @@ import (
 )
 const (
-	externalIPMapFlag  = "external-ip-map"
+	externalIPMapFlag   = "external-ip-map"
-	preSharedKeyFlag   = "preshared-key"
+	dnsResolverAddress  = "dns-resolver-address"
-	dnsResolverAddress = "dns-resolver-address"
+	enableRosenpassFlag = "enable-rosenpass"
 	preSharedKeyFlag    = "preshared-key"
 	interfaceNameFlag   = "interface-name"
 	wireguardPortFlag   = "wireguard-port"
 )
 var (
@@ -50,6 +53,9 @@ var (
 	preSharedKey            string
 	natExternalIPs          []string
 	customDNSAddress        string
 	rosenpassEnabled        bool
 	interfaceName           string
 	wireguardPort           uint16
 	rootCmd                 = &cobra.Command{
 		Use:          "netbird",
 		Short:        "",
@@ -119,6 +125,7 @@ func init() {
 			`An empty string "" clears the previous configuration. `+
 			`E.g. --dns-resolver-address 127.0.0.1:5053 or --dns-resolver-address ""`,
 	)
 	upCmd.PersistentFlags().BoolVar(&rosenpassEnabled, enableRosenpassFlag, false, "[Experimental] Enable Rosenpass feature. If enabled, the connection will be post-quantum secured via Rosenpass.")
 }
 // SetupCloseHandler handles SIGTERM signal and exits with success
--- a/client/cmd/service_controller.go
+++ b/client/cmd/service_controller.go
@@ -11,11 +11,12 @@ import (
 	"github.com/kardianos/service"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc"
 	"github.com/netbirdio/netbird/client/proto"
 	"github.com/netbirdio/netbird/client/server"
 	"github.com/netbirdio/netbird/util"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc"
 )
 func (p *program) Start(svc service.Service) error {
@@ -109,7 +110,6 @@ var runCmd = &cobra.Command{
 		if err != nil {
 			return err
 		}
 		cmd.Printf("Netbird service is running")
 		return nil
 	},
 }
--- a/client/cmd/status.go
+++ b/client/cmd/status.go
@@ -22,14 +22,18 @@ import (
 )
 type peerStateDetailOutput struct {
-	FQDN             string           `json:"fqdn" yaml:"fqdn"`
+	FQDN                   string           `json:"fqdn" yaml:"fqdn"`
-	IP               string           `json:"netbirdIp" yaml:"netbirdIp"`
+	IP                     string           `json:"netbirdIp" yaml:"netbirdIp"`
-	PubKey           string           `json:"publicKey" yaml:"publicKey"`
+	PubKey                 string           `json:"publicKey" yaml:"publicKey"`
-	Status           string           `json:"status" yaml:"status"`
+	Status                 string           `json:"status" yaml:"status"`
-	LastStatusUpdate time.Time        `json:"lastStatusUpdate" yaml:"lastStatusUpdate"`
+	LastStatusUpdate       time.Time        `json:"lastStatusUpdate" yaml:"lastStatusUpdate"`
-	ConnType         string           `json:"connectionType" yaml:"connectionType"`
+	ConnType               string           `json:"connectionType" yaml:"connectionType"`
-	Direct           bool             `json:"direct" yaml:"direct"`
+	Direct                 bool             `json:"direct" yaml:"direct"`
-	IceCandidateType iceCandidateType `json:"iceCandidateType" yaml:"iceCandidateType"`
+	IceCandidateType       iceCandidateType `json:"iceCandidateType" yaml:"iceCandidateType"`
 	IceCandidateEndpoint   iceCandidateType `json:"iceCandidateEndpoint" yaml:"iceCandidateEndpoint"`
 	LastWireguardHandshake time.Time        `json:"lastWireguardHandshake" yaml:"lastWireguardHandshake"`
 	TransferReceived       int64            `json:"transferReceived" yaml:"transferReceived"`
 	TransferSent           int64            `json:"transferSent" yaml:"transferSent"`
 }
 type peersStateOutput struct {
@@ -41,11 +45,25 @@ type peersStateOutput struct {
 type signalStateOutput struct {
 	URL       string `json:"url" yaml:"url"`
 	Connected bool   `json:"connected" yaml:"connected"`
 	Error     string `json:"error" yaml:"error"`
 }
 type managementStateOutput struct {
 	URL       string `json:"url" yaml:"url"`
 	Connected bool   `json:"connected" yaml:"connected"`
 	Error     string `json:"error" yaml:"error"`
 }
 type relayStateOutputDetail struct {
 	URI       string `json:"uri" yaml:"uri"`
 	Available bool   `json:"available" yaml:"available"`
 	Error     string `json:"error" yaml:"error"`
 }
 type relayStateOutput struct {
 	Total     int                      `json:"total" yaml:"total"`
 	Available int                      `json:"available" yaml:"available"`
 	Details   []relayStateOutputDetail `json:"details" yaml:"details"`
 }
 type iceCandidateType struct {
@@ -59,6 +77,7 @@ type statusOutputOverview struct {
 	DaemonVersion   string                `json:"daemonVersion" yaml:"daemonVersion"`
 	ManagementState managementStateOutput `json:"management" yaml:"management"`
 	SignalState     signalStateOutput     `json:"signal" yaml:"signal"`
 	Relays          relayStateOutput      `json:"relays" yaml:"relays"`
 	IP              string                `json:"netbirdIp" yaml:"netbirdIp"`
 	PubKey          string                `json:"publicKey" yaml:"publicKey"`
 	KernelInterface bool                  `json:"usesKernelInterface" yaml:"usesKernelInterface"`
@@ -146,7 +165,7 @@ func statusFunc(cmd *cobra.Command, args []string) error {
 	case yamlFlag:
 		statusOutputString, err = parseToYAML(outputInformationHolder)
 	default:
-		statusOutputString = parseGeneralSummary(outputInformationHolder, false)
+		statusOutputString = parseGeneralSummary(outputInformationHolder, false, false)
 	}
 	if err != nil {
@@ -220,14 +239,17 @@ func convertToStatusOutputOverview(resp *proto.StatusResponse) statusOutputOverv
 	managementOverview := managementStateOutput{
 		URL:       managementState.GetURL(),
 		Connected: managementState.GetConnected(),
 		Error:     managementState.Error,
 	}
 	signalState := pbFullStatus.GetSignalState()
 	signalOverview := signalStateOutput{
 		URL:       signalState.GetURL(),
 		Connected: signalState.GetConnected(),
 		Error:     signalState.Error,
 	}
 	relayOverview := mapRelays(pbFullStatus.GetRelays())
 	peersOverview := mapPeers(resp.GetFullStatus().GetPeers())
 	overview := statusOutputOverview{
@@ -236,6 +258,7 @@ func convertToStatusOutputOverview(resp *proto.StatusResponse) statusOutputOverv
 		DaemonVersion:   resp.GetDaemonVersion(),
 		ManagementState: managementOverview,
 		SignalState:     signalOverview,
 		Relays:          relayOverview,
 		IP:              pbFullStatus.GetLocalPeerState().GetIP(),
 		PubKey:          pbFullStatus.GetLocalPeerState().GetPubKey(),
 		KernelInterface: pbFullStatus.GetLocalPeerState().GetKernelInterface(),
@@ -245,12 +268,43 @@ func convertToStatusOutputOverview(resp *proto.StatusResponse) statusOutputOverv
 	return overview
 }
 func mapRelays(relays []*proto.RelayState) relayStateOutput {
 	var relayStateDetail []relayStateOutputDetail
 	var relaysAvailable int
 	for _, relay := range relays {
 		available := relay.GetAvailable()
 		relayStateDetail = append(relayStateDetail,
 			relayStateOutputDetail{
 				URI:       relay.URI,
 				Available: available,
 				Error:     relay.GetError(),
 			},
 		)
 		if available {
 			relaysAvailable++
 		}
 	}
 	return relayStateOutput{
 		Total:     len(relays),
 		Available: relaysAvailable,
 		Details:   relayStateDetail,
 	}
 }
 func mapPeers(peers []*proto.PeerState) peersStateOutput {
 	var peersStateDetail []peerStateDetailOutput
 	localICE := ""
 	remoteICE := ""
 	localICEEndpoint := ""
 	remoteICEEndpoint := ""
 	connType := ""
 	peersConnected := 0
 	lastHandshake := time.Time{}
 	transferReceived := int64(0)
 	transferSent := int64(0)
 	for _, pbPeerState := range peers {
 		isPeerConnected := pbPeerState.ConnStatus == peer.StatusConnected.String()
 		if skipDetailByFilters(pbPeerState, isPeerConnected) {
@@ -261,10 +315,15 @@ func mapPeers(peers []*proto.PeerState) peersStateOutput {
 			localICE = pbPeerState.GetLocalIceCandidateType()
 			remoteICE = pbPeerState.GetRemoteIceCandidateType()
 			localICEEndpoint = pbPeerState.GetLocalIceCandidateEndpoint()
 			remoteICEEndpoint = pbPeerState.GetRemoteIceCandidateEndpoint()
 			connType = "P2P"
 			if pbPeerState.Relayed {
 				connType = "Relayed"
 			}
 			lastHandshake = pbPeerState.GetLastWireguardHandshake().AsTime().Local()
 			transferReceived = pbPeerState.GetBytesRx()
 			transferSent = pbPeerState.GetBytesTx()
 		}
 		timeLocal := pbPeerState.GetConnStatusUpdate().AsTime().Local()
@@ -279,7 +338,14 @@ func mapPeers(peers []*proto.PeerState) peersStateOutput {
 				Local:  localICE,
 				Remote: remoteICE,
 			},
-			FQDN: pbPeerState.GetFqdn(),
+			IceCandidateEndpoint: iceCandidateType{
 				Local:  localICEEndpoint,
 				Remote: remoteICEEndpoint,
 			},
 			FQDN:                   pbPeerState.GetFqdn(),
 			LastWireguardHandshake: lastHandshake,
 			TransferReceived:       transferReceived,
 			TransferSent:           transferSent,
 		}
 		peersStateDetail = append(peersStateDetail, peerState)
@@ -329,22 +395,32 @@ func parseToYAML(overview statusOutputOverview) (string, error) {
 	return string(yamlBytes), nil
 }
-func parseGeneralSummary(overview statusOutputOverview, showURL bool) string {
+func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays bool) string {
-	managementConnString := "Disconnected"
+	var managementConnString string
 	if overview.ManagementState.Connected {
 		managementConnString = "Connected"
 		if showURL {
 			managementConnString = fmt.Sprintf("%s to %s", managementConnString, overview.ManagementState.URL)
 		}
 	} else {
 		managementConnString = "Disconnected"
 		if overview.ManagementState.Error != "" {
 			managementConnString = fmt.Sprintf("%s, reason: %s", managementConnString, overview.ManagementState.Error)
 		}
 	}
-	signalConnString := "Disconnected"
+	var signalConnString string
 	if overview.SignalState.Connected {
 		signalConnString = "Connected"
 		if showURL {
 			signalConnString = fmt.Sprintf("%s to %s", signalConnString, overview.SignalState.URL)
 		}
 	} else {
 		signalConnString = "Disconnected"
 		if overview.SignalState.Error != "" {
 			signalConnString = fmt.Sprintf("%s, reason: %s", signalConnString, overview.SignalState.Error)
 		}
 	}
 	interfaceTypeString := "Userspace"
@@ -356,6 +432,23 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool) string {
 		interfaceIP = "N/A"
 	}
 	var relayAvailableString string
 	if showRelays {
 		for _, relay := range overview.Relays.Details {
 			available := "Available"
 			reason := ""
 			if !relay.Available {
 				available = "Unavailable"
 				reason = fmt.Sprintf(", reason: %s", relay.Error)
 			}
 			relayAvailableString += fmt.Sprintf("\n  [%s] is %s%s", relay.URI, available, reason)
 		}
 	} else {
 		relayAvailableString = fmt.Sprintf("%d/%d Available", overview.Relays.Available, overview.Relays.Total)
 	}
 	peersCountString := fmt.Sprintf("%d/%d Connected", overview.Peers.Connected, overview.Peers.Total)
 	summary := fmt.Sprintf(
@@ -363,6 +456,7 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool) string {
 			"CLI version: %s\n"+
 			"Management: %s\n"+
 			"Signal: %s\n"+
 			"Relays: %s\n"+
 			"FQDN: %s\n"+
 			"NetBird IP: %s\n"+
 			"Interface type: %s\n"+
@@ -371,6 +465,7 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool) string {
 		version.NetbirdVersion(),
 		managementConnString,
 		signalConnString,
 		relayAvailableString,
 		overview.FQDN,
 		interfaceIP,
 		interfaceTypeString,
@@ -381,7 +476,7 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool) string {
 func parseToFullDetailSummary(overview statusOutputOverview) string {
 	parsedPeersString := parsePeers(overview.Peers)
-	summary := parseGeneralSummary(overview, true)
+	summary := parseGeneralSummary(overview, true, true)
 	return fmt.Sprintf(
 		"Peers detail:"+
@@ -409,6 +504,25 @@ func parsePeers(peers peersStateOutput) string {
 			remoteICE = peerState.IceCandidateType.Remote
 		}
 		localICEEndpoint := "-"
 		if peerState.IceCandidateEndpoint.Local != "" {
 			localICEEndpoint = peerState.IceCandidateEndpoint.Local
 		}
 		remoteICEEndpoint := "-"
 		if peerState.IceCandidateEndpoint.Remote != "" {
 			remoteICEEndpoint = peerState.IceCandidateEndpoint.Remote
 		}
 		lastStatusUpdate := "-"
 		if !peerState.LastStatusUpdate.IsZero() {
 			lastStatusUpdate = peerState.LastStatusUpdate.Format("2006-01-02 15:04:05")
 		}
 		lastWireguardHandshake := "-"
 		if !peerState.LastWireguardHandshake.IsZero() && peerState.LastWireguardHandshake != time.Unix(0, 0) {
 			lastWireguardHandshake = peerState.LastWireguardHandshake.Format("2006-01-02 15:04:05")
 		}
 		peerString := fmt.Sprintf(
 			"\n %s:\n"+
 				"  NetBird IP: %s\n"+
@@ -418,7 +532,10 @@ func parsePeers(peers peersStateOutput) string {
 				"  Connection type: %s\n"+
 				"  Direct: %t\n"+
 				"  ICE candidate (Local/Remote): %s/%s\n"+
-				"  Last connection update: %s\n",
+				"  ICE candidate endpoints (Local/Remote): %s/%s\n"+
 				"  Last connection update: %s\n"+
 				"  Last Wireguard handshake: %s\n"+
 				"  Transfer status (received/sent) %s/%s\n",
 			peerState.FQDN,
 			peerState.IP,
 			peerState.PubKey,
@@ -427,7 +544,12 @@ func parsePeers(peers peersStateOutput) string {
 			peerState.Direct,
 			localICE,
 			remoteICE,
-			peerState.LastStatusUpdate.Format("2006-01-02 15:04:05"),
+			localICEEndpoint,
 			remoteICEEndpoint,
 			lastStatusUpdate,
 			lastWireguardHandshake,
 			toIEC(peerState.TransferReceived),
 			toIEC(peerState.TransferSent),
 		)
 		peersString += peerString
@@ -467,3 +589,17 @@ func skipDetailByFilters(peerState *proto.PeerState, isConnected bool) bool {
 	return statusEval || ipEval || nameEval
 }
 func toIEC(b int64) string {
 	const unit = 1024
 	if b < unit {
 		return fmt.Sprintf("%d B", b)
 	}
 	div, exp := int64(unit), 0
 	for n := b / unit; n >= unit; n /= unit {
 		div *= unit
 		exp++
 	}
 	return fmt.Sprintf("%.1f %ciB",
 		float64(b)/float64(div), "KMGTPE"[exp])
 }
--- a/client/cmd/status_test.go
+++ b/client/cmd/status_test.go
@@ -1,10 +1,13 @@
 package cmd
 import (
 	"bytes"
 	"encoding/json"
 	"testing"
 	"time"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/timestamppb"
 	"github.com/netbirdio/netbird/client/proto"
@@ -25,35 +28,59 @@ var resp = &proto.StatusResponse{
 	FullStatus: &proto.FullStatus{
 		Peers: []*proto.PeerState{
 			{
-				IP:                     "192.168.178.101",
+				IP:                         "192.168.178.101",
-				PubKey:                 "Pubkey1",
+				PubKey:                     "Pubkey1",
-				Fqdn:                   "peer-1.awesome-domain.com",
+				Fqdn:                       "peer-1.awesome-domain.com",
-				ConnStatus:             "Connected",
+				ConnStatus:                 "Connected",
-				ConnStatusUpdate:       timestamppb.New(time.Date(2001, time.Month(1), 1, 1, 1, 1, 0, time.UTC)),
+				ConnStatusUpdate:           timestamppb.New(time.Date(2001, time.Month(1), 1, 1, 1, 1, 0, time.UTC)),
-				Relayed:                false,
+				Relayed:                    false,
-				Direct:                 true,
+				Direct:                     true,
-				LocalIceCandidateType:  "",
+				LocalIceCandidateType:      "",
-				RemoteIceCandidateType: "",
+				RemoteIceCandidateType:     "",
 				LocalIceCandidateEndpoint:  "",
 				RemoteIceCandidateEndpoint: "",
 				LastWireguardHandshake:     timestamppb.New(time.Date(2001, time.Month(1), 1, 1, 1, 2, 0, time.UTC)),
 				BytesRx:                    200,
 				BytesTx:                    100,
 			},
 			{
-				IP:                     "192.168.178.102",
+				IP:                         "192.168.178.102",
-				PubKey:                 "Pubkey2",
+				PubKey:                     "Pubkey2",
-				Fqdn:                   "peer-2.awesome-domain.com",
+				Fqdn:                       "peer-2.awesome-domain.com",
-				ConnStatus:             "Connected",
+				ConnStatus:                 "Connected",
-				ConnStatusUpdate:       timestamppb.New(time.Date(2002, time.Month(2), 2, 2, 2, 2, 0, time.UTC)),
+				ConnStatusUpdate:           timestamppb.New(time.Date(2002, time.Month(2), 2, 2, 2, 2, 0, time.UTC)),
-				Relayed:                true,
+				Relayed:                    true,
-				Direct:                 false,
+				Direct:                     false,
-				LocalIceCandidateType:  "relay",
+				LocalIceCandidateType:      "relay",
-				RemoteIceCandidateType: "prflx",
+				RemoteIceCandidateType:     "prflx",
 				LocalIceCandidateEndpoint:  "10.0.0.1:10001",
 				RemoteIceCandidateEndpoint: "10.0.10.1:10002",
 				LastWireguardHandshake:     timestamppb.New(time.Date(2002, time.Month(2), 2, 2, 2, 3, 0, time.UTC)),
 				BytesRx:                    2000,
 				BytesTx:                    1000,
 			},
 		},
 		ManagementState: &proto.ManagementState{
 			URL:       "my-awesome-management.com:443",
 			Connected: true,
 			Error:     "",
 		},
 		SignalState: &proto.SignalState{
 			URL:       "my-awesome-signal.com:443",
 			Connected: true,
 			Error:     "",
 		},
 		Relays: []*proto.RelayState{
 			{
 				URI:       "stun:my-awesome-stun.com:3478",
 				Available: true,
 				Error:     "",
 			},
 			{
 				URI:       "turns:my-awesome-turn.com:443?transport=tcp",
 				Available: false,
 				Error:     "context: deadline exceeded",
 			},
 		},
 		LocalPeerState: &proto.LocalPeerState{
 			IP:              "192.168.178.100/16",
@@ -82,6 +109,13 @@ var overview = statusOutputOverview{
 					Local:  "",
 					Remote: "",
 				},
 				IceCandidateEndpoint: iceCandidateType{
 					Local:  "",
 					Remote: "",
 				},
 				LastWireguardHandshake: time.Date(2001, 1, 1, 1, 1, 2, 0, time.UTC),
 				TransferReceived:       200,
 				TransferSent:           100,
 			},
 			{
 				IP:               "192.168.178.102",
@@ -95,6 +129,13 @@ var overview = statusOutputOverview{
 					Local:  "relay",
 					Remote: "prflx",
 				},
 				IceCandidateEndpoint: iceCandidateType{
 					Local:  "10.0.0.1:10001",
 					Remote: "10.0.10.1:10002",
 				},
 				LastWireguardHandshake: time.Date(2002, 2, 2, 2, 2, 3, 0, time.UTC),
 				TransferReceived:       2000,
 				TransferSent:           1000,
 			},
 		},
 	},
@@ -103,10 +144,28 @@ var overview = statusOutputOverview{
 	ManagementState: managementStateOutput{
 		URL:       "my-awesome-management.com:443",
 		Connected: true,
 		Error:     "",
 	},
 	SignalState: signalStateOutput{
 		URL:       "my-awesome-signal.com:443",
 		Connected: true,
 		Error:     "",
 	},
 	Relays: relayStateOutput{
 		Total:     2,
 		Available: 1,
 		Details: []relayStateOutputDetail{
 			{
 				URI:       "stun:my-awesome-stun.com:3478",
 				Available: true,
 				Error:     "",
 			},
 			{
 				URI:       "turns:my-awesome-turn.com:443?transport=tcp",
 				Available: false,
 				Error:     "context: deadline exceeded",
 			},
 		},
 	},
 	IP:              "192.168.178.100/16",
 	PubKey:          "Some-Pub-Key",
@@ -145,107 +204,163 @@ func TestSortingOfPeers(t *testing.T) {
 }
 func TestParsingToJSON(t *testing.T) {
-	json, _ := parseToJSON(overview)
+	jsonString, _ := parseToJSON(overview)
 	//@formatter:off
-	expectedJSON := "{\"" +
+	expectedJSONString := `
-		"peers\":" +
+        {
-		"{" +
+          "peers": {
-		"\"total\":2," +
+            "total": 2,
-		"\"connected\":2," +
+            "connected": 2,
-		"\"details\":" +
+            "details": [
-		"[" +
+              {
-		"{" +
+                "fqdn": "peer-1.awesome-domain.com",
-		"\"fqdn\":\"peer-1.awesome-domain.com\"," +
+                "netbirdIp": "192.168.178.101",
-		"\"netbirdIp\":\"192.168.178.101\"," +
+                "publicKey": "Pubkey1",
-		"\"publicKey\":\"Pubkey1\"," +
+                "status": "Connected",
-		"\"status\":\"Connected\"," +
+                "lastStatusUpdate": "2001-01-01T01:01:01Z",
-		"\"lastStatusUpdate\":\"2001-01-01T01:01:01Z\"," +
+                "connectionType": "P2P",
-		"\"connectionType\":\"P2P\"," +
+                "direct": true,
-		"\"direct\":true," +
+                "iceCandidateType": {
-		"\"iceCandidateType\":" +
+                  "local": "",
-		"{" +
+                  "remote": ""
-		"\"local\":\"\"," +
+                },
-		"\"remote\":\"\"" +
+                "iceCandidateEndpoint": {
-		"}" +
+                  "local": "",
-		"}," +
+                  "remote": ""
-		"{" +
+                },
-		"\"fqdn\":\"peer-2.awesome-domain.com\"," +
+                "lastWireguardHandshake": "2001-01-01T01:01:02Z",
-		"\"netbirdIp\":\"192.168.178.102\"," +
+                "transferReceived": 200,
-		"\"publicKey\":\"Pubkey2\"," +
+                "transferSent": 100
-		"\"status\":\"Connected\"," +
+              },
-		"\"lastStatusUpdate\":\"2002-02-02T02:02:02Z\"," +
+              {
-		"\"connectionType\":\"Relayed\"," +
+                "fqdn": "peer-2.awesome-domain.com",
-		"\"direct\":false," +
+                "netbirdIp": "192.168.178.102",
-		"\"iceCandidateType\":" +
+                "publicKey": "Pubkey2",
-		"{" +
+                "status": "Connected",
-		"\"local\":\"relay\"," +
+                "lastStatusUpdate": "2002-02-02T02:02:02Z",
-		"\"remote\":\"prflx\"" +
+                "connectionType": "Relayed",
-		"}" +
+                "direct": false,
-		"}" +
+                "iceCandidateType": {
-		"]" +
+                  "local": "relay",
-		"}," +
+                  "remote": "prflx"
-		"\"cliVersion\":\"development\"," +
+                },
-		"\"daemonVersion\":\"0.14.1\"," +
+                "iceCandidateEndpoint": {
-		"\"management\":" +
+                  "local": "10.0.0.1:10001",
-		"{" +
+                  "remote": "10.0.10.1:10002"
-		"\"url\":\"my-awesome-management.com:443\"," +
+                },
-		"\"connected\":true" +
+                "lastWireguardHandshake": "2002-02-02T02:02:03Z",
-		"}," +
+                "transferReceived": 2000,
-		"\"signal\":" +
+                "transferSent": 1000
-		"{\"" +
+              }
-		"url\":\"my-awesome-signal.com:443\"," +
+            ]
-		"\"connected\":true" +
+          },
-		"}," +
+          "cliVersion": "development",
-		"\"netbirdIp\":\"192.168.178.100/16\"," +
+          "daemonVersion": "0.14.1",
-		"\"publicKey\":\"Some-Pub-Key\"," +
+          "management": {
-		"\"usesKernelInterface\":true," +
+            "url": "my-awesome-management.com:443",
-		"\"fqdn\":\"some-localhost.awesome-domain.com\"" +
+            "connected": true,
-		"}"
+            "error": ""
          },
          "signal": {
            "url": "my-awesome-signal.com:443",
            "connected": true,
            "error": ""
          },
          "relays": {
            "total": 2,
            "available": 1,
            "details": [
              {
                "uri": "stun:my-awesome-stun.com:3478",
                "available": true,
                "error": ""
              },
              {
                "uri": "turns:my-awesome-turn.com:443?transport=tcp",
                "available": false,
                "error": "context: deadline exceeded"
              }
            ]
          },
          "netbirdIp": "192.168.178.100/16",
          "publicKey": "Some-Pub-Key",
          "usesKernelInterface": true,
          "fqdn": "some-localhost.awesome-domain.com"
        }`
 	// @formatter:on
-	assert.Equal(t, expectedJSON, json)
+	var expectedJSON bytes.Buffer
 	require.NoError(t, json.Compact(&expectedJSON, []byte(expectedJSONString)))
 	assert.Equal(t, expectedJSON.String(), jsonString)
 }
 func TestParsingToYAML(t *testing.T) {
 	yaml, _ := parseToYAML(overview)
-	expectedYAML := "peers:\n" +
+	expectedYAML :=
-		"    total: 2\n" +
+		`peers:
-		"    connected: 2\n" +
+    total: 2
-		"    details:\n" +
+    connected: 2
-		"        - fqdn: peer-1.awesome-domain.com\n" +
+    details:
-		"          netbirdIp: 192.168.178.101\n" +
+        - fqdn: peer-1.awesome-domain.com
-		"          publicKey: Pubkey1\n" +
+          netbirdIp: 192.168.178.101
-		"          status: Connected\n" +
+          publicKey: Pubkey1
-		"          lastStatusUpdate: 2001-01-01T01:01:01Z\n" +
+          status: Connected
-		"          connectionType: P2P\n" +
+          lastStatusUpdate: 2001-01-01T01:01:01Z
-		"          direct: true\n" +
+          connectionType: P2P
-		"          iceCandidateType:\n" +
+          direct: true
-		"            local: \"\"\n" +
+          iceCandidateType:
-		"            remote: \"\"\n" +
+            local: ""
-		"        - fqdn: peer-2.awesome-domain.com\n" +
+            remote: ""
-		"          netbirdIp: 192.168.178.102\n" +
+          iceCandidateEndpoint:
-		"          publicKey: Pubkey2\n" +
+            local: ""
-		"          status: Connected\n" +
+            remote: ""
-		"          lastStatusUpdate: 2002-02-02T02:02:02Z\n" +
+          lastWireguardHandshake: 2001-01-01T01:01:02Z
-		"          connectionType: Relayed\n" +
+          transferReceived: 200
-		"          direct: false\n" +
+          transferSent: 100
-		"          iceCandidateType:\n" +
+        - fqdn: peer-2.awesome-domain.com
-		"            local: relay\n" +
+          netbirdIp: 192.168.178.102
-		"            remote: prflx\n" +
+          publicKey: Pubkey2
-		"cliVersion: development\n" +
+          status: Connected
-		"daemonVersion: 0.14.1\n" +
+          lastStatusUpdate: 2002-02-02T02:02:02Z
-		"management:\n" +
+          connectionType: Relayed
-		"    url: my-awesome-management.com:443\n" +
+          direct: false
-		"    connected: true\n" +
+          iceCandidateType:
-		"signal:\n" +
+            local: relay
-		"    url: my-awesome-signal.com:443\n" +
+            remote: prflx
-		"    connected: true\n" +
+          iceCandidateEndpoint:
-		"netbirdIp: 192.168.178.100/16\n" +
+            local: 10.0.0.1:10001
-		"publicKey: Some-Pub-Key\n" +
+            remote: 10.0.10.1:10002
-		"usesKernelInterface: true\n" +
+          lastWireguardHandshake: 2002-02-02T02:02:03Z
-		"fqdn: some-localhost.awesome-domain.com\n"
+          transferReceived: 2000
          transferSent: 1000
 cliVersion: development
 daemonVersion: 0.14.1
 management:
    url: my-awesome-management.com:443
    connected: true
    error: ""
 signal:
    url: my-awesome-signal.com:443
    connected: true
    error: ""
 relays:
    total: 2
    available: 1
    details:
        - uri: stun:my-awesome-stun.com:3478
          available: true
          error: ""
        - uri: turns:my-awesome-turn.com:443?transport=tcp
          available: false
          error: 'context: deadline exceeded'
 netbirdIp: 192.168.178.100/16
 publicKey: Some-Pub-Key
 usesKernelInterface: true
 fqdn: some-localhost.awesome-domain.com
 `
 	assert.Equal(t, expectedYAML, yaml)
 }
@@ -253,50 +368,64 @@ func TestParsingToYAML(t *testing.T) {
 func TestParsingToDetail(t *testing.T) {
 	detail := parseToFullDetailSummary(overview)
-	expectedDetail := "Peers detail:\n" +
+	expectedDetail :=
-		" peer-1.awesome-domain.com:\n" +
+		`Peers detail:
-		"  NetBird IP: 192.168.178.101\n" +
+ peer-1.awesome-domain.com:
-		"  Public key: Pubkey1\n" +
+  NetBird IP: 192.168.178.101
-		"  Status: Connected\n" +
+  Public key: Pubkey1
-		"  -- detail --\n" +
+  Status: Connected
-		"  Connection type: P2P\n" +
+  -- detail --
-		"  Direct: true\n" +
+  Connection type: P2P
-		"  ICE candidate (Local/Remote): -/-\n" +
+  Direct: true
-		"  Last connection update: 2001-01-01 01:01:01\n" +
+  ICE candidate (Local/Remote): -/-
-		"\n" +
+  ICE candidate endpoints (Local/Remote): -/-
-		" peer-2.awesome-domain.com:\n" +
+  Last connection update: 2001-01-01 01:01:01
-		"  NetBird IP: 192.168.178.102\n" +
+  Last Wireguard handshake: 2001-01-01 01:01:02
-		"  Public key: Pubkey2\n" +
+  Transfer status (received/sent) 200 B/100 B
-		"  Status: Connected\n" +
+
-		"  -- detail --\n" +
+ peer-2.awesome-domain.com:
-		"  Connection type: Relayed\n" +
+  NetBird IP: 192.168.178.102
-		"  Direct: false\n" +
+  Public key: Pubkey2
-		"  ICE candidate (Local/Remote): relay/prflx\n" +
+  Status: Connected
-		"  Last connection update: 2002-02-02 02:02:02\n" +
+  -- detail --
-		"\n" +
+  Connection type: Relayed
-		"Daemon version: 0.14.1\n" +
+  Direct: false
-		"CLI version: development\n" +
+  ICE candidate (Local/Remote): relay/prflx
-		"Management: Connected to my-awesome-management.com:443\n" +
+  ICE candidate endpoints (Local/Remote): 10.0.0.1:10001/10.0.10.1:10002
-		"Signal: Connected to my-awesome-signal.com:443\n" +
+  Last connection update: 2002-02-02 02:02:02
-		"FQDN: some-localhost.awesome-domain.com\n" +
+  Last Wireguard handshake: 2002-02-02 02:02:03
-		"NetBird IP: 192.168.178.100/16\n" +
+  Transfer status (received/sent) 2.0 KiB/1000 B
-		"Interface type: Kernel\n" +
+
-		"Peers count: 2/2 Connected\n"
+Daemon version: 0.14.1
 CLI version: development
 Management: Connected to my-awesome-management.com:443
 Signal: Connected to my-awesome-signal.com:443
 Relays: 
  [stun:my-awesome-stun.com:3478] is Available
  [turns:my-awesome-turn.com:443?transport=tcp] is Unavailable, reason: context: deadline exceeded
 FQDN: some-localhost.awesome-domain.com
 NetBird IP: 192.168.178.100/16
 Interface type: Kernel
 Peers count: 2/2 Connected
 `
 	assert.Equal(t, expectedDetail, detail)
 }
 func TestParsingToShortVersion(t *testing.T) {
-	shortVersion := parseGeneralSummary(overview, false)
+	shortVersion := parseGeneralSummary(overview, false, false)
-	expectedString := "Daemon version: 0.14.1\n" +
+	expectedString :=
-		"CLI version: development\n" +
+		`Daemon version: 0.14.1
-		"Management: Connected\n" +
+CLI version: development
-		"Signal: Connected\n" +
+Management: Connected
-		"FQDN: some-localhost.awesome-domain.com\n" +
+Signal: Connected
-		"NetBird IP: 192.168.178.100/16\n" +
+Relays: 1/2 Available
-		"Interface type: Kernel\n" +
+FQDN: some-localhost.awesome-domain.com
-		"Peers count: 2/2 Connected\n"
+NetBird IP: 192.168.178.100/16
 Interface type: Kernel
 Peers count: 2/2 Connected
 `
 	assert.Equal(t, expectedString, shortVersion)
 }
--- a/client/cmd/up.go
+++ b/client/cmd/up.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"net"
 	"net/netip"
 	"runtime"
 	"strings"
 	log "github.com/sirupsen/logrus"
@@ -16,6 +17,7 @@ import (
 	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/proto"
 	"github.com/netbirdio/netbird/client/system"
 	"github.com/netbirdio/netbird/iface"
 	"github.com/netbirdio/netbird/util"
 )
@@ -36,6 +38,8 @@ var (
 func init() {
 	upCmd.PersistentFlags().BoolVarP(&foregroundMode, "foreground-mode", "F", false, "start service in foreground")
 	upCmd.PersistentFlags().StringVar(&interfaceName, interfaceNameFlag, iface.WgInterfaceDefault, "Wireguard interface name")
 	upCmd.PersistentFlags().Uint16Var(&wireguardPort, wireguardPortFlag, iface.DefaultWgPort, "Wireguard interface listening port")
 }
 func upFunc(cmd *cobra.Command, args []string) error {
@@ -86,6 +90,22 @@ func runInForegroundMode(ctx context.Context, cmd *cobra.Command) error {
 		CustomDNSAddress: customDNSAddressConverted,
 	}
 	if cmd.Flag(enableRosenpassFlag).Changed {
 		ic.RosenpassEnabled = &rosenpassEnabled
 	}
 	if cmd.Flag(interfaceNameFlag).Changed {
 		if err := parseInterfaceName(interfaceName); err != nil {
 			return err
 		}
 		ic.InterfaceName = &interfaceName
 	}
 	if cmd.Flag(wireguardPortFlag).Changed {
 		p := int(wireguardPort)
 		ic.WireguardPort = &p
 	}
 	if rootCmd.PersistentFlags().Changed(preSharedKeyFlag) {
 		ic.PreSharedKey = &preSharedKey
 	}
@@ -95,7 +115,7 @@ func runInForegroundMode(ctx context.Context, cmd *cobra.Command) error {
 		return fmt.Errorf("get config file: %v", err)
 	}
-	config, _ = internal.UpdateOldManagementPort(ctx, config, configPath)
+	config, _ = internal.UpdateOldManagementURL(ctx, config, configPath)
 	err = foregroundLogin(ctx, cmd, config, setupKey)
 	if err != nil {
@@ -143,7 +163,6 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {
 	loginRequest := proto.LoginRequest{
 		SetupKey:             setupKey,
 		PreSharedKey:         preSharedKey,
 		ManagementUrl:        managementURL,
 		AdminURL:             adminURL,
 		NatExternalIPs:       natExternalIPs,
@@ -153,6 +172,26 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {
 		Hostname:             hostName,
 	}
 	if rootCmd.PersistentFlags().Changed(preSharedKeyFlag) {
 		loginRequest.OptionalPreSharedKey = &preSharedKey
 	}
 	if cmd.Flag(enableRosenpassFlag).Changed {
 		loginRequest.RosenpassEnabled = &rosenpassEnabled
 	}
 	if cmd.Flag(interfaceNameFlag).Changed {
 		if err := parseInterfaceName(interfaceName); err != nil {
 			return err
 		}
 		loginRequest.InterfaceName = &interfaceName
 	}
 	if cmd.Flag(wireguardPortFlag).Changed {
 		wp := int64(wireguardPort)
 		loginRequest.WireguardPort = &wp
 	}
 	var loginErr error
 	var loginResp *proto.LoginResponse
@@ -224,6 +263,18 @@ func validateNATExternalIPs(list []string) error {
 	return nil
 }
 func parseInterfaceName(name string) error {
 	if runtime.GOOS != "darwin" {
 		return nil
 	}
 	if strings.HasPrefix(name, "utun") {
 		return nil
 	}
 	return fmt.Errorf("invalid interface name %s. Please use the prefix utun followed by a number on MacOS. e.g., utun1 or utun199", name)
 }
 func validateElement(element string) (int, error) {
 	if isValidIP(element) {
 		return ipInputType, nil
--- a/client/firewall/nftables/acl_linux.go
+++ b/client/firewall/nftables/acl_linux.go
@@ -58,6 +58,7 @@ type AclManager struct {
 type iFaceMapper interface {
 	Name() string
 	Address() iface.WGAddress
 	IsUserspaceBind() bool
 }
 func newAclManager(table *nftables.Table, wgIface iFaceMapper, routeingFwChainName string) (*AclManager, error) {
@@ -198,6 +199,81 @@ func (m *AclManager) DeleteRule(rule firewall.Rule) error {
 	return nil
 }
 // createDefaultAllowRules In case if the USP firewall manager can use the native firewall manager we must to create allow rules for
 // input and output chains
 func (m *AclManager) createDefaultAllowRules() error {
 	expIn := []expr.Any{
 		&expr.Payload{
 			DestRegister: 1,
 			Base:         expr.PayloadBaseNetworkHeader,
 			Offset:       12,
 			Len:          4,
 		},
 		// mask
 		&expr.Bitwise{
 			SourceRegister: 1,
 			DestRegister:   1,
 			Len:            4,
 			Mask:           []byte{0x00, 0x00, 0x00, 0x00},
 			Xor:            zeroXor,
 		},
 		// net address
 		&expr.Cmp{
 			Register: 1,
 			Data:     []byte{0x00, 0x00, 0x00, 0x00},
 		},
 		&expr.Verdict{
 			Kind: expr.VerdictAccept,
 		},
 	}
 	_ = m.rConn.InsertRule(&nftables.Rule{
 		Table:    m.workTable,
 		Chain:    m.chainInputRules,
 		Position: 0,
 		Exprs:    expIn,
 	})
 	expOut := []expr.Any{
 		&expr.Payload{
 			DestRegister: 1,
 			Base:         expr.PayloadBaseNetworkHeader,
 			Offset:       16,
 			Len:          4,
 		},
 		// mask
 		&expr.Bitwise{
 			SourceRegister: 1,
 			DestRegister:   1,
 			Len:            4,
 			Mask:           []byte{0x00, 0x00, 0x00, 0x00},
 			Xor:            zeroXor,
 		},
 		// net address
 		&expr.Cmp{
 			Register: 1,
 			Data:     []byte{0x00, 0x00, 0x00, 0x00},
 		},
 		&expr.Verdict{
 			Kind: expr.VerdictAccept,
 		},
 	}
 	_ = m.rConn.InsertRule(&nftables.Rule{
 		Table:    m.workTable,
 		Chain:    m.chainOutputRules,
 		Position: 0,
 		Exprs:    expOut,
 	})
 	err := m.rConn.Flush()
 	if err != nil {
 		log.Debugf("failed to create default allow rules: %s", err)
 		return err
 	}
 	return nil
 }
 // Flush rule/chain/set operations from the buffer
 //
 // Method also get all rules after flush and refreshes handle values in the rulesets
@@ -735,7 +811,6 @@ func (m *AclManager) createPreroutingMangle() *nftables.Chain {
 		Chain: chain,
 		Exprs: expressions,
 	})
 	chain = m.rConn.AddChain(chain)
 	return chain
 }
--- a/client/firewall/nftables/manager_linux.go
+++ b/client/firewall/nftables/manager_linux.go
@@ -106,11 +106,19 @@ func (m *Manager) RemoveRoutingRules(pair firewall.RouterPair) error {
 }
 // AllowNetbird allows netbird interface traffic
 // todo review this method usage
 func (m *Manager) AllowNetbird() error {
 	if !m.wgIface.IsUserspaceBind() {
 		return nil
 	}
 	m.mutex.Lock()
 	defer m.mutex.Unlock()
 	err := m.aclManager.createDefaultAllowRules()
 	if err != nil {
 		return fmt.Errorf("failed to create default allow rules: %v", err)
 	}
 	chains, err := m.rConn.ListChainsOfTableFamily(nftables.TableFamilyIPv4)
 	if err != nil {
 		return fmt.Errorf("list of chains: %w", err)
@@ -145,6 +153,7 @@ func (m *Manager) AllowNetbird() error {
 	if err != nil {
 		return fmt.Errorf("failed to flush allow input netbird rules: %v", err)
 	}
 	return nil
 }
--- a/client/firewall/nftables/manager_linux_test.go
+++ b/client/firewall/nftables/manager_linux_test.go
@@ -37,6 +37,8 @@ func (i *iFaceMock) Address() iface.WGAddress {
 	panic("AddressFunc is not set")
 }
 func (i *iFaceMock) IsUserspaceBind() bool { return false }
 func TestNftablesManager(t *testing.T) {
 	mock := &iFaceMock{
 		NameFunc: func() string {
--- a/client/installer.nsis
+++ b/client/installer.nsis
@@ -193,6 +193,7 @@ Sleep 3000
 Delete "$INSTDIR\${UI_APP_EXE}"
 Delete "$INSTDIR\${MAIN_APP_EXE}"
 Delete "$INSTDIR\wintun.dll"
 Delete "$INSTDIR\opengl32.dll"
 RmDir /r "$INSTDIR"
 SetShellVarContext all
--- a/client/internal/acl/manager_test.go
+++ b/client/internal/acl/manager_test.go
@@ -38,7 +38,7 @@ func TestDefaultManager(t *testing.T) {
 	defer ctrl.Finish()
 	ifaceMock := mocks.NewMockIFaceMapper(ctrl)
-	ifaceMock.EXPECT().IsUserspaceBind().Return(true)
+	ifaceMock.EXPECT().IsUserspaceBind().Return(true).AnyTimes()
 	ifaceMock.EXPECT().SetFilter(gomock.Any())
 	ip, network, err := net.ParseCIDR("172.0.0.1/32")
 	if err != nil {
@@ -331,7 +331,7 @@ func TestDefaultManagerEnableSSHRules(t *testing.T) {
 	defer ctrl.Finish()
 	ifaceMock := mocks.NewMockIFaceMapper(ctrl)
-	ifaceMock.EXPECT().IsUserspaceBind().Return(true)
+	ifaceMock.EXPECT().IsUserspaceBind().Return(true).AnyTimes()
 	ifaceMock.EXPECT().SetFilter(gomock.Any())
 	ip, network, err := net.ParseCIDR("172.0.0.1/32")
 	if err != nil {
--- a/client/internal/config.go
+++ b/client/internal/config.go
@@ -1,6 +1,7 @@
 package internal
 import (
 	"context"
 	"fmt"
 	"net/url"
 	"os"
@@ -12,16 +13,19 @@ import (
 	"github.com/netbirdio/netbird/client/ssh"
 	"github.com/netbirdio/netbird/iface"
 	mgm "github.com/netbirdio/netbird/management/client"
 	"github.com/netbirdio/netbird/util"
 )
 const (
-	// ManagementLegacyPort is the port that was used before by the Management gRPC server.
+	// managementLegacyPortString is the port that was used before by the Management gRPC server.
 	// It is used for backward compatibility now.
 	// NB: hardcoded from github.com/netbirdio/netbird/management/cmd to avoid import
-	ManagementLegacyPort = 33073
+	managementLegacyPortString = "33073"
 	// DefaultManagementURL points to the NetBird's cloud management endpoint
-	DefaultManagementURL = "https://api.wiretrustee.com:443"
+	DefaultManagementURL = "https://api.netbird.io:443"
 	// oldDefaultManagementURL points to the NetBird's old cloud management endpoint
 	oldDefaultManagementURL = "https://api.wiretrustee.com:443"
 	// DefaultAdminURL points to NetBird's cloud management console
 	DefaultAdminURL = "https://app.netbird.io:443"
 )
@@ -37,6 +41,9 @@ type ConfigInput struct {
 	PreSharedKey     *string
 	NATExternalIPs   []string
 	CustomDNSAddress []byte
 	RosenpassEnabled *bool
 	InterfaceName    *string
 	WireguardPort    *int
 }
 // Config Configuration type
@@ -50,10 +57,11 @@ type Config struct {
 	WgPort               int
 	IFaceBlackList       []string
 	DisableIPv6Discovery bool
 	RosenpassEnabled     bool
 	// SSHKey is a private SSH key in a PEM format
 	SSHKey string
-	// ExternalIP mappings, if different than the host interface IP
+	// ExternalIP mappings, if different from the host interface IP
 	//
 	//   External IP must not be behind a CGNAT and port-forwarding for incoming UDP packets from WgPort on ExternalIP
 	//   to WgPort on host interface IP must be present. This can take form of single port-forwarding rule, 1:1 DNAT
@@ -136,11 +144,10 @@ func createNewConfig(input ConfigInput) (*Config, error) {
 	if err != nil {
 		return nil, err
 	}
 	config := &Config{
 		SSHKey:               string(pem),
 		PrivateKey:           wgKey,
 		WgIface:              iface.WgInterfaceDefault,
 		WgPort:               iface.DefaultWgPort,
 		IFaceBlackList:       []string{},
 		DisableIPv6Discovery: false,
 		NATExternalIPs:       input.NATExternalIPs,
@@ -161,10 +168,24 @@ func createNewConfig(input ConfigInput) (*Config, error) {
 		config.ManagementURL = URL
 	}
 	config.WgPort = iface.DefaultWgPort
 	if input.WireguardPort != nil {
 		config.WgPort = *input.WireguardPort
 	}
 	config.WgIface = iface.WgInterfaceDefault
 	if input.InterfaceName != nil {
 		config.WgIface = *input.InterfaceName
 	}
 	if input.PreSharedKey != nil {
 		config.PreSharedKey = *input.PreSharedKey
 	}
 	if input.RosenpassEnabled != nil {
 		config.RosenpassEnabled = *input.RosenpassEnabled
 	}
 	defaultAdminURL, err := parseURL("Admin URL", DefaultAdminURL)
 	if err != nil {
 		return nil, err
@@ -233,6 +254,17 @@ func update(input ConfigInput) (*Config, error) {
 		config.WgPort = iface.DefaultWgPort
 		refresh = true
 	}
 	if input.WireguardPort != nil {
 		config.WgPort = *input.WireguardPort
 		refresh = true
 	}
 	if input.InterfaceName != nil {
 		config.WgIface = *input.InterfaceName
 		refresh = true
 	}
 	if input.NATExternalIPs != nil && len(config.NATExternalIPs) != len(input.NATExternalIPs) {
 		config.NATExternalIPs = input.NATExternalIPs
 		refresh = true
@@ -243,6 +275,11 @@ func update(input ConfigInput) (*Config, error) {
 		refresh = true
 	}
 	if input.RosenpassEnabled != nil {
 		config.RosenpassEnabled = *input.RosenpassEnabled
 		refresh = true
 	}
 	if refresh {
 		// since we have new management URL, we need to update config file
 		if err := util.WriteJson(input.ConfigPath, config); err != nil {
@@ -302,3 +339,86 @@ func configFileIsExists(path string) bool {
 	_, err := os.Stat(path)
 	return !os.IsNotExist(err)
 }
 // UpdateOldManagementURL checks whether client can switch to the new Management URL with port 443 and the management domain.
 // If it can switch, then it updates the config and returns a new one. Otherwise, it returns the provided config.
 // The check is performed only for the NetBird's managed version.
 func UpdateOldManagementURL(ctx context.Context, config *Config, configPath string) (*Config, error) {
 	defaultManagementURL, err := parseURL("Management URL", DefaultManagementURL)
 	if err != nil {
 		return nil, err
 	}
 	parsedOldDefaultManagementURL, err := parseURL("Management URL", oldDefaultManagementURL)
 	if err != nil {
 		return nil, err
 	}
 	if config.ManagementURL.Hostname() != defaultManagementURL.Hostname() &&
 		config.ManagementURL.Hostname() != parsedOldDefaultManagementURL.Hostname() {
 		// only do the check for the NetBird's managed version
 		return config, nil
 	}
 	var mgmTlsEnabled bool
 	if config.ManagementURL.Scheme == "https" {
 		mgmTlsEnabled = true
 	}
 	if !mgmTlsEnabled {
 		// only do the check for HTTPs scheme (the hosted version of the Management service is always HTTPs)
 		return config, nil
 	}
 	if config.ManagementURL.Port() != managementLegacyPortString &&
 		config.ManagementURL.Hostname() == defaultManagementURL.Hostname() {
 		return config, nil
 	}
 	newURL, err := parseURL("Management URL", fmt.Sprintf("%s://%s:%d",
 		config.ManagementURL.Scheme, defaultManagementURL.Hostname(), 443))
 	if err != nil {
 		return nil, err
 	}
 	// here we check whether we could switch from the legacy 33073 port to the new 443
 	log.Infof("attempting to switch from the legacy Management URL %s to the new one %s",
 		config.ManagementURL.String(), newURL.String())
 	key, err := wgtypes.ParseKey(config.PrivateKey)
 	if err != nil {
 		log.Infof("couldn't switch to the new Management %s", newURL.String())
 		return config, err
 	}
 	client, err := mgm.NewClient(ctx, newURL.Host, key, mgmTlsEnabled)
 	if err != nil {
 		log.Infof("couldn't switch to the new Management %s", newURL.String())
 		return config, err
 	}
 	defer func() {
 		err = client.Close()
 		if err != nil {
 			log.Warnf("failed to close the Management service client %v", err)
 		}
 	}()
 	// gRPC check
 	_, err = client.GetServerPublicKey()
 	if err != nil {
 		log.Infof("couldn't switch to the new Management %s", newURL.String())
 		return nil, err
 	}
 	// everything is alright => update the config
 	newConfig, err := UpdateConfig(ConfigInput{
 		ManagementURL: newURL.String(),
 		ConfigPath:    configPath,
 	})
 	if err != nil {
 		log.Infof("couldn't switch to the new Management %s", newURL.String())
 		return config, fmt.Errorf("failed updating config file: %v", err)
 	}
 	log.Infof("successfully switched to the new Management URL: %s", newURL.String())
 	return newConfig, nil
 }
--- a/client/internal/config_test.go
+++ b/client/internal/config_test.go
@@ -1,12 +1,14 @@
 package internal
 import (
 	"context"
 	"errors"
 	"os"
 	"path/filepath"
 	"testing"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/netbirdio/netbird/util"
 )
@@ -120,3 +122,60 @@ func TestHiddenPreSharedKey(t *testing.T) {
 		})
 	}
 }
 func TestUpdateOldManagementURL(t *testing.T) {
 	tests := []struct {
 		name                  string
 		previousManagementURL string
 		expectedManagementURL string
 		fileShouldNotChange   bool
 	}{
 		{
 			name:                  "Update old management URL with legacy port",
 			previousManagementURL: "https://api.wiretrustee.com:33073",
 			expectedManagementURL: DefaultManagementURL,
 		},
 		{
 			name:                  "Update old management URL",
 			previousManagementURL: oldDefaultManagementURL,
 			expectedManagementURL: DefaultManagementURL,
 		},
 		{
 			name:                  "No update needed when management URL is up to date",
 			previousManagementURL: DefaultManagementURL,
 			expectedManagementURL: DefaultManagementURL,
 			fileShouldNotChange:   true,
 		},
 		{
 			name:                  "No update needed when not using cloud management",
 			previousManagementURL: "https://netbird.example.com:33073",
 			expectedManagementURL: "https://netbird.example.com:33073",
 			fileShouldNotChange:   true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			tempDir := t.TempDir()
 			configPath := filepath.Join(tempDir, "config.json")
 			config, err := UpdateOrCreateConfig(ConfigInput{
 				ManagementURL: tt.previousManagementURL,
 				ConfigPath:    configPath,
 			})
 			require.NoError(t, err, "failed to create testing config")
 			previousStats, err := os.Stat(configPath)
 			require.NoError(t, err, "failed to create testing config stats")
 			resultConfig, err := UpdateOldManagementURL(context.TODO(), config, configPath)
 			require.NoError(t, err, "got error when updating old management url")
 			require.Equal(t, tt.expectedManagementURL, resultConfig.ManagementURL.String())
 			newStats, err := os.Stat(configPath)
 			require.NoError(t, err, "failed to create testing config stats")
 			switch tt.fileShouldNotChange {
 			case true:
 				require.Equal(t, previousStats.ModTime(), newStats.ModTime(), "file should not change")
 			case false:
 				require.NotEqual(t, previousStats.ModTime(), newStats.ModTime(), "file should have changed")
 			}
 		})
 	}
 }
--- a/client/internal/connect.go
+++ b/client/internal/connect.go
@@ -2,6 +2,7 @@ package internal
 import (
 	"context"
 	"errors"
 	"fmt"
 	"strings"
 	"time"
@@ -27,11 +28,33 @@ import (
 // RunClient with main logic.
 func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status) error {
-	return runClient(ctx, config, statusRecorder, MobileDependency{})
+	return runClient(ctx, config, statusRecorder, MobileDependency{}, nil, nil, nil, nil)
 }
 // RunClientWithProbes runs the client's main logic with probes attached
 func RunClientWithProbes(
 	ctx context.Context,
 	config *Config,
 	statusRecorder *peer.Status,
 	mgmProbe *Probe,
 	signalProbe *Probe,
 	relayProbe *Probe,
 	wgProbe *Probe,
 ) error {
 	return runClient(ctx, config, statusRecorder, MobileDependency{}, mgmProbe, signalProbe, relayProbe, wgProbe)
 }
 // RunClientMobile with main logic on mobile system
-func RunClientMobile(ctx context.Context, config *Config, statusRecorder *peer.Status, tunAdapter iface.TunAdapter, iFaceDiscover stdnet.ExternalIFaceDiscover, networkChangeListener listener.NetworkChangeListener, dnsAddresses []string, dnsReadyListener dns.ReadyListener) error {
+func RunClientMobile(
 	ctx context.Context,
 	config *Config,
 	statusRecorder *peer.Status,
 	tunAdapter iface.TunAdapter,
 	iFaceDiscover stdnet.ExternalIFaceDiscover,
 	networkChangeListener listener.NetworkChangeListener,
 	dnsAddresses []string,
 	dnsReadyListener dns.ReadyListener,
 ) error {
 	// in case of non Android os these variables will be nil
 	mobileDependency := MobileDependency{
 		TunAdapter:            tunAdapter,
@@ -40,21 +63,43 @@ func RunClientMobile(ctx context.Context, config *Config, statusRecorder *peer.S
 		HostDNSAddresses:      dnsAddresses,
 		DnsReadyListener:      dnsReadyListener,
 	}
-	return runClient(ctx, config, statusRecorder, mobileDependency)
+	return runClient(ctx, config, statusRecorder, mobileDependency, nil, nil, nil, nil)
 }
-func RunClientiOS(ctx context.Context, config *Config, statusRecorder *peer.Status, fileDescriptor int32, networkChangeListener listener.NetworkChangeListener, dnsManager dns.IosDnsManager) error {
+func RunClientiOS(
 	ctx context.Context,
 	config *Config,
 	statusRecorder *peer.Status,
 	fileDescriptor int32,
 	networkChangeListener listener.NetworkChangeListener,
 	dnsManager dns.IosDnsManager,
 ) error {
 	mobileDependency := MobileDependency{
 		FileDescriptor:        fileDescriptor,
 		NetworkChangeListener: networkChangeListener,
 		DnsManager:            dnsManager,
 	}
-	return runClient(ctx, config, statusRecorder, mobileDependency)
+	return runClient(ctx, config, statusRecorder, mobileDependency, nil, nil, nil, nil)
 }
-func runClient(ctx context.Context, config *Config, statusRecorder *peer.Status, mobileDependency MobileDependency) error {
+func runClient(
 	ctx context.Context,
 	config *Config,
 	statusRecorder *peer.Status,
 	mobileDependency MobileDependency,
 	mgmProbe *Probe,
 	signalProbe *Probe,
 	relayProbe *Probe,
 	wgProbe *Probe,
 ) error {
 	log.Infof("starting NetBird client version %s", version.NetbirdVersion())
 	// Check if client was not shut down in a clean way and restore DNS config if required.
 	// Otherwise, we might not be able to connect to the management server to retrieve new config.
 	if err := dns.CheckUncleanShutdown(config.WgIface); err != nil {
 		log.Errorf("checking unclean shutdown error: %s", err)
 	}
 	backOff := &backoff.ExponentialBackOff{
 		InitialInterval:     time.Second,
 		RandomizationFactor: 1,
@@ -103,7 +148,7 @@ func runClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
 		engineCtx, cancel := context.WithCancel(ctx)
 		defer func() {
-			statusRecorder.MarkManagementDisconnected()
+			statusRecorder.MarkManagementDisconnected(state.err)
 			statusRecorder.CleanLocalPeerState()
 			cancel()
 		}()
@@ -152,8 +197,10 @@ func runClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
 		statusRecorder.UpdateSignalAddress(signalURL)
-		statusRecorder.MarkSignalDisconnected()
+		statusRecorder.MarkSignalDisconnected(nil)
-		defer statusRecorder.MarkSignalDisconnected()
+		defer func() {
 			statusRecorder.MarkSignalDisconnected(state.err)
 		}()
 		// with the global Wiretrustee config in hand connect (just a connection, no stream yet) Signal
 		signalClient, err := connectToSignal(engineCtx, loginResp.GetWiretrusteeConfig(), myPrivateKey)
@@ -181,7 +228,7 @@ func runClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
 			return wrapErr(err)
 		}
-		engine := NewEngine(engineCtx, cancel, signalClient, mgmClient, engineConfig, mobileDependency, statusRecorder)
+		engine := NewEngineWithProbes(engineCtx, cancel, signalClient, mgmClient, engineConfig, mobileDependency, statusRecorder, mgmProbe, signalProbe, relayProbe, wgProbe)
 		err = engine.Start()
 		if err != nil {
 			log.Errorf("error while starting Netbird Connection Engine: %s", err)
@@ -204,7 +251,7 @@ func runClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
 		log.Info("stopped NetBird client")
-		if _, err := state.Status(); err == ErrResetConnection {
+		if _, err := state.Status(); errors.Is(err, ErrResetConnection) {
 			return err
 		}
@@ -235,6 +282,7 @@ func createEngineConfig(key wgtypes.Key, config *Config, peerConfig *mgmProto.Pe
 		SSHKey:               []byte(config.SSHKey),
 		NATExternalIPs:       config.NATExternalIPs,
 		CustomDNSAddress:     config.CustomDNSAddress,
 		RosenpassEnabled:     config.RosenpassEnabled,
 	}
 	if config.PreSharedKey != "" {
@@ -283,83 +331,6 @@ func loginToManagement(ctx context.Context, client mgm.Client, pubSSHKey []byte)
 	return loginResp, nil
 }
 // UpdateOldManagementPort checks whether client can switch to the new Management port 443.
 // If it can switch, then it updates the config and returns a new one. Otherwise, it returns the provided config.
 // The check is performed only for the NetBird's managed version.
 func UpdateOldManagementPort(ctx context.Context, config *Config, configPath string) (*Config, error) {
 	defaultManagementURL, err := parseURL("Management URL", DefaultManagementURL)
 	if err != nil {
 		return nil, err
 	}
 	if config.ManagementURL.Hostname() != defaultManagementURL.Hostname() {
 		// only do the check for the NetBird's managed version
 		return config, nil
 	}
 	var mgmTlsEnabled bool
 	if config.ManagementURL.Scheme == "https" {
 		mgmTlsEnabled = true
 	}
 	if !mgmTlsEnabled {
 		// only do the check for HTTPs scheme (the hosted version of the Management service is always HTTPs)
 		return config, nil
 	}
 	if mgmTlsEnabled && config.ManagementURL.Port() == fmt.Sprintf("%d", ManagementLegacyPort) {
 		newURL, err := parseURL("Management URL", fmt.Sprintf("%s://%s:%d",
 			config.ManagementURL.Scheme, config.ManagementURL.Hostname(), 443))
 		if err != nil {
 			return nil, err
 		}
 		// here we check whether we could switch from the legacy 33073 port to the new 443
 		log.Infof("attempting to switch from the legacy Management URL %s to the new one %s",
 			config.ManagementURL.String(), newURL.String())
 		key, err := wgtypes.ParseKey(config.PrivateKey)
 		if err != nil {
 			log.Infof("couldn't switch to the new Management %s", newURL.String())
 			return config, err
 		}
 		client, err := mgm.NewClient(ctx, newURL.Host, key, mgmTlsEnabled)
 		if err != nil {
 			log.Infof("couldn't switch to the new Management %s", newURL.String())
 			return config, err
 		}
 		defer func() {
 			err = client.Close()
 			if err != nil {
 				log.Warnf("failed to close the Management service client %v", err)
 			}
 		}()
 		// gRPC check
 		_, err = client.GetServerPublicKey()
 		if err != nil {
 			log.Infof("couldn't switch to the new Management %s", newURL.String())
 			return nil, err
 		}
 		// everything is alright => update the config
 		newConfig, err := UpdateConfig(ConfigInput{
 			ManagementURL: newURL.String(),
 			ConfigPath:    configPath,
 		})
 		if err != nil {
 			log.Infof("couldn't switch to the new Management %s", newURL.String())
 			return config, fmt.Errorf("failed updating config file: %v", err)
 		}
 		log.Infof("successfully switched to the new Management URL: %s", newURL.String())
 		return newConfig, nil
 	}
 	return config, nil
 }
 func statusRecorderToMgmConnStateNotifier(statusRecorder *peer.Status) mgm.ConnStateNotifier {
 	var sri interface{} = statusRecorder
 	mgmNotifier, _ := sri.(mgm.ConnStateNotifier)
--- a/client/internal/dns/dbus_linux.go
+++ b/client/internal/dns/dbus_linux.go
@@ -4,9 +4,11 @@ package dns
 import (
 	"context"
 	"fmt"
 	"time"
 	"github.com/godbus/dbus/v5"
 	log "github.com/sirupsen/logrus"
 	"time"
 )
 const dbusDefaultFlag = 0
@@ -14,6 +16,7 @@ const dbusDefaultFlag = 0
 func isDbusListenerRunning(dest string, path dbus.ObjectPath) bool {
 	obj, closeConn, err := getDbusObject(dest, path)
 	if err != nil {
 		log.Tracef("error getting dbus object: %s", err)
 		return false
 	}
 	defer closeConn()
@@ -21,14 +24,18 @@ func isDbusListenerRunning(dest string, path dbus.ObjectPath) bool {
 	ctx, cancel := context.WithTimeout(context.TODO(), 5*time.Second)
 	defer cancel()
-	err = obj.CallWithContext(ctx, "org.freedesktop.DBus.Peer.Ping", 0).Store()
+	if err = obj.CallWithContext(ctx, "org.freedesktop.DBus.Peer.Ping", 0).Store(); err != nil {
-	return err == nil
+		log.Tracef("error calling dbus: %s", err)
 		return false
 	}
 	return true
 }
 func getDbusObject(dest string, path dbus.ObjectPath) (dbus.BusObject, func(), error) {
 	conn, err := dbus.SystemBus()
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("get dbus: %w", err)
 	}
 	obj := conn.Object(dest, path)
--- a/client/internal/dns/file_linux.go
+++ b/client/internal/dns/file_linux.go
@@ -3,9 +3,9 @@
 package dns
 import (
 	"bufio"
 	"bytes"
 	"fmt"
 	"net/netip"
 	"os"
 	"strings"
@@ -24,11 +24,15 @@ const (
 )
 type fileConfigurator struct {
 	repair *repair
 	originalPerms os.FileMode
 }
 func newFileConfigurator() (hostManager, error) {
-	return &fileConfigurator{}, nil
+	fc := &fileConfigurator{}
 	fc.repair = newRepair(defaultResolvConfPath, fc.updateConfig)
 	return fc, nil
 }
 func (f *fileConfigurator) supportCustomPort() bool {
@@ -46,7 +50,7 @@ func (f *fileConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		if backupFileExist {
 			err = f.restore()
 			if err != nil {
-				return fmt.Errorf("unable to configure DNS for this peer using file manager without a Primary nameserver group. Restoring the original file return err: %s", err)
+				return fmt.Errorf("unable to configure DNS for this peer using file manager without a Primary nameserver group. Restoring the original file return err: %w", err)
 			}
 		}
 		return fmt.Errorf("unable to configure DNS for this peer using file manager without a nameserver group with all domains configured")
@@ -55,53 +59,73 @@ func (f *fileConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	if !backupFileExist {
 		err = f.backup()
 		if err != nil {
-			return fmt.Errorf("unable to backup the resolv.conf file")
+			return fmt.Errorf("unable to backup the resolv.conf file: %w", err)
 		}
 	}
-	searchDomainList := searchDomains(config)
+	nbSearchDomains := searchDomains(config)
 	nbNameserverIP := config.ServerIP
-	originalSearchDomains, nameServers, others, err := originalDNSConfigs(fileDefaultResolvConfBackupLocation)
+	resolvConf, err := parseBackupResolvConf()
 	if err != nil {
-		log.Error(err)
+		log.Errorf("could not read original search domains from %s: %s", fileDefaultResolvConfBackupLocation, err)
 	}
-	searchDomainList = mergeSearchDomains(searchDomainList, originalSearchDomains)
+	f.repair.stopWatchFileChanges()
 	err = f.updateConfig(nbSearchDomains, nbNameserverIP, resolvConf)
 	if err != nil {
 		return err
 	}
 	f.repair.watchFileChanges(nbSearchDomains, nbNameserverIP)
 	return nil
 }
 func (f *fileConfigurator) updateConfig(nbSearchDomains []string, nbNameserverIP string, cfg *resolvConf) error {
 	searchDomainList := mergeSearchDomains(nbSearchDomains, cfg.searchDomains)
 	nameServers := generateNsList(nbNameserverIP, cfg)
 	buf := prepareResolvConfContent(
 		searchDomainList,
-		append([]string{config.ServerIP}, nameServers...),
+		nameServers,
-		others)
+		cfg.others)
 	log.Debugf("creating managed file %s", defaultResolvConfPath)
-	err = os.WriteFile(defaultResolvConfPath, buf.Bytes(), f.originalPerms)
+	err := os.WriteFile(defaultResolvConfPath, buf.Bytes(), f.originalPerms)
 	if err != nil {
 		restoreErr := f.restore()
 		if restoreErr != nil {
 			log.Errorf("attempt to restore default file failed with error: %s", err)
 		}
-		return fmt.Errorf("got an creating resolver file %s. Error: %s", defaultResolvConfPath, err)
+		return fmt.Errorf("creating resolver file %s. Error: %w", defaultResolvConfPath, err)
 	}
 	log.Infof("created a NetBird managed %s file with the DNS settings. Added %d search domains. Search list: %s", defaultResolvConfPath, len(searchDomainList), searchDomainList)
 	// create another backup for unclean shutdown detection right after overwriting the original resolv.conf
 	if err := createUncleanShutdownIndicator(fileDefaultResolvConfBackupLocation, fileManager, nbNameserverIP); err != nil {
 		log.Errorf("failed to create unclean shutdown resolv.conf backup: %s", err)
 	}
 	log.Infof("created a NetBird managed %s file with your DNS settings. Added %d search domains. Search list: %s", defaultResolvConfPath, len(searchDomainList), searchDomainList)
 	return nil
 }
 func (f *fileConfigurator) restoreHostDNS() error {
 	f.repair.stopWatchFileChanges()
 	return f.restore()
 }
 func (f *fileConfigurator) backup() error {
 	stats, err := os.Stat(defaultResolvConfPath)
 	if err != nil {
-		return fmt.Errorf("got an error while checking stats for %s file. Error: %s", defaultResolvConfPath, err)
+		return fmt.Errorf("checking stats for %s file. Error: %w", defaultResolvConfPath, err)
 	}
 	f.originalPerms = stats.Mode()
 	err = copyFile(defaultResolvConfPath, fileDefaultResolvConfBackupLocation)
 	if err != nil {
-		return fmt.Errorf("got error while backing up the %s file. Error: %s", defaultResolvConfPath, err)
+		return fmt.Errorf("backing up %s: %w", defaultResolvConfPath, err)
 	}
 	return nil
 }
@@ -109,12 +133,70 @@ func (f *fileConfigurator) backup() error {
 func (f *fileConfigurator) restore() error {
 	err := copyFile(fileDefaultResolvConfBackupLocation, defaultResolvConfPath)
 	if err != nil {
-		return fmt.Errorf("got error while restoring the %s file from %s. Error: %s", defaultResolvConfPath, fileDefaultResolvConfBackupLocation, err)
+		return fmt.Errorf("restoring %s from %s: %w", defaultResolvConfPath, fileDefaultResolvConfBackupLocation, err)
 	}
 	if err := removeUncleanShutdownIndicator(); err != nil {
 		log.Errorf("failed to remove unclean shutdown resolv.conf backup: %s", err)
 	}
 	return os.RemoveAll(fileDefaultResolvConfBackupLocation)
 }
 func (f *fileConfigurator) restoreUncleanShutdownDNS(storedDNSAddress *netip.Addr) error {
 	resolvConf, err := parseDefaultResolvConf()
 	if err != nil {
 		return fmt.Errorf("parse current resolv.conf: %w", err)
 	}
 	// no current nameservers set -> restore
 	if len(resolvConf.nameServers) == 0 {
 		return restoreResolvConfFile()
 	}
 	currentDNSAddress, err := netip.ParseAddr(resolvConf.nameServers[0])
 	// not a valid first nameserver -> restore
 	if err != nil {
 		log.Errorf("restoring unclean shutdown: parse dns address %s failed: %s", resolvConf.nameServers[1], err)
 		return restoreResolvConfFile()
 	}
 	// current address is still netbird's non-available dns address -> restore
 	// comparing parsed addresses only, to remove ambiguity
 	if currentDNSAddress.String() == storedDNSAddress.String() {
 		return restoreResolvConfFile()
 	}
 	log.Info("restoring unclean shutdown: first current nameserver differs from saved nameserver pre-netbird: not restoring")
 	return nil
 }
 func restoreResolvConfFile() error {
 	log.Debugf("restoring unclean shutdown: restoring %s from %s", defaultResolvConfPath, fileUncleanShutdownResolvConfLocation)
 	if err := copyFile(fileUncleanShutdownResolvConfLocation, defaultResolvConfPath); err != nil {
 		return fmt.Errorf("restoring %s from %s: %w", defaultResolvConfPath, fileUncleanShutdownResolvConfLocation, err)
 	}
 	if err := removeUncleanShutdownIndicator(); err != nil {
 		log.Errorf("failed to remove unclean shutdown resolv.conf file: %s", err)
 	}
 	return nil
 }
 // generateNsList generates a list of nameservers from the config and adds the primary nameserver to the beginning of the list
 func generateNsList(nbNameserverIP string, cfg *resolvConf) []string {
 	ns := make([]string, 1, len(cfg.nameServers)+1)
 	ns[0] = nbNameserverIP
 	for _, cfgNs := range cfg.nameServers {
 		if nbNameserverIP != cfgNs {
 			ns = append(ns, cfgNs)
 		}
 	}
 	return ns
 }
 func prepareResolvConfContent(searchDomains, nameServers, others []string) bytes.Buffer {
 	var buf bytes.Buffer
 	buf.WriteString(fileGeneratedResolvConfContentHeaderNextLine)
@@ -150,70 +232,6 @@ func searchDomains(config HostDNSConfig) []string {
 	return listOfDomains
 }
 func originalDNSConfigs(resolvconfFile string) (searchDomains, nameServers, others []string, err error) {
 	file, err := os.Open(resolvconfFile)
 	if err != nil {
 		err = fmt.Errorf(`could not read existing resolv.conf`)
 		return
 	}
 	defer file.Close()
 	reader := bufio.NewReader(file)
 	for {
 		lineBytes, isPrefix, readErr := reader.ReadLine()
 		if readErr != nil {
 			break
 		}
 		if isPrefix {
 			err = fmt.Errorf(`resolv.conf line too long`)
 			return
 		}
 		line := strings.TrimSpace(string(lineBytes))
 		if strings.HasPrefix(line, "#") {
 			continue
 		}
 		if strings.HasPrefix(line, "domain") {
 			continue
 		}
 		if strings.HasPrefix(line, "options") && strings.Contains(line, "rotate") {
 			line = strings.ReplaceAll(line, "rotate", "")
 			splitLines := strings.Fields(line)
 			if len(splitLines) == 1 {
 				continue
 			}
 			line = strings.Join(splitLines, " ")
 		}
 		if strings.HasPrefix(line, "search") {
 			splitLines := strings.Fields(line)
 			if len(splitLines) < 2 {
 				continue
 			}
 			searchDomains = splitLines[1:]
 			continue
 		}
 		if strings.HasPrefix(line, "nameserver") {
 			splitLines := strings.Fields(line)
 			if len(splitLines) != 2 {
 				continue
 			}
 			nameServers = append(nameServers, splitLines[1])
 			continue
 		}
 		others = append(others, line)
 	}
 	return
 }
 // merge search Domains lists and cut off the list if it is too long
 func mergeSearchDomains(searchDomains []string, originalSearchDomains []string) []string {
 	lineSize := len("search")
@@ -230,6 +248,19 @@ func mergeSearchDomains(searchDomains []string, originalSearchDomains []string)
 // return with the number of characters in the searchDomains line
 func validateAndFillSearchDomains(initialLineChars int, s *[]string, vs []string) int {
 	for _, sd := range vs {
 		duplicated := false
 		for _, fs := range *s {
 			if fs == sd {
 				duplicated = true
 				break
 			}
 		}
 		if duplicated {
 			continue
 		}
 		tmpCharsNumber := initialLineChars + 1 + len(sd)
 		if tmpCharsNumber > fileMaxLineCharsLimit {
 			// lets log all skipped Domains
@@ -246,23 +277,39 @@ func validateAndFillSearchDomains(initialLineChars int, s *[]string, vs []string
 		}
 		*s = append(*s, sd)
 	}
 	return initialLineChars
 }
 func copyFile(src, dest string) error {
 	stats, err := os.Stat(src)
 	if err != nil {
-		return fmt.Errorf("got an error while checking stats for %s file when copying it. Error: %s", src, err)
+		return fmt.Errorf("checking stats for %s file when copying it. Error: %s", src, err)
 	}
 	bytesRead, err := os.ReadFile(src)
 	if err != nil {
-		return fmt.Errorf("got an error while reading the file %s file for copy. Error: %s", src, err)
+		return fmt.Errorf("reading the file %s file for copy. Error: %s", src, err)
 	}
 	err = os.WriteFile(dest, bytesRead, stats.Mode())
 	if err != nil {
-		return fmt.Errorf("got an writing the destination file %s for copy. Error: %s", dest, err)
+		return fmt.Errorf("writing the destination file %s for copy. Error: %s", dest, err)
 	}
 	return nil
 }
 func isContains(subList []string, list []string) bool {
 	for _, sl := range subList {
 		var found bool
 		for _, l := range list {
 			if sl == l {
 				found = true
 			}
 		}
 		if !found {
 			return false
 		}
 	}
 	return true
 }
--- a/client/internal/dns/file_linux_test.go
+++ b/client/internal/dns/file_linux_test.go
@@ -1,3 +1,5 @@
 //go:build !android
 package dns
 import (
@@ -7,7 +9,7 @@ import (
 func Test_mergeSearchDomains(t *testing.T) {
 	searchDomains := []string{"a", "b"}
-	originDomains := []string{"a", "b"}
+	originDomains := []string{"c", "d"}
 	mergedDomains := mergeSearchDomains(searchDomains, originDomains)
 	if len(mergedDomains) != 4 {
 		t.Errorf("invalid len of result domains: %d, want: %d", len(mergedDomains), 4)
@@ -49,6 +51,67 @@ func Test_mergeSearchTooLongDomain(t *testing.T) {
 	}
 }
 func Test_isContains(t *testing.T) {
 	type args struct {
 		subList []string
 		list    []string
 	}
 	tests := []struct {
 		args args
 		want bool
 	}{
 		{
 			args: args{
 				subList: []string{"a", "b", "c"},
 				list:    []string{"a", "b", "c"},
 			},
 			want: true,
 		},
 		{
 			args: args{
 				subList: []string{"a"},
 				list:    []string{"a", "b", "c"},
 			},
 			want: true,
 		},
 		{
 			args: args{
 				subList: []string{"d"},
 				list:    []string{"a", "b", "c"},
 			},
 			want: false,
 		},
 		{
 			args: args{
 				subList: []string{"a"},
 				list:    []string{},
 			},
 			want: false,
 		},
 		{
 			args: args{
 				subList: []string{},
 				list:    []string{"b"},
 			},
 			want: true,
 		},
 		{
 			args: args{
 				subList: []string{},
 				list:    []string{},
 			},
 			want: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run("list check test", func(t *testing.T) {
 			if got := isContains(tt.args.subList, tt.args.list); got != tt.want {
 				t.Errorf("isContains() = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
 func getLongLine() string {
 	x := "search "
 	for {
--- a/client/internal/dns/file_parser_linux.go
+++ b/client/internal/dns/file_parser_linux.go
@@ -0,0 +1,105 @@
 //go:build !android
 package dns
 import (
 	"fmt"
 	"os"
 	"strings"
 	log "github.com/sirupsen/logrus"
 )
 const (
 	defaultResolvConfPath = "/etc/resolv.conf"
 )
 type resolvConf struct {
 	nameServers   []string
 	searchDomains []string
 	others        []string
 }
 func (r *resolvConf) String() string {
 	return fmt.Sprintf("search domains: %v, name servers: %v, others: %s", r.searchDomains, r.nameServers, r.others)
 }
 func parseDefaultResolvConf() (*resolvConf, error) {
 	return parseResolvConfFile(defaultResolvConfPath)
 }
 func parseBackupResolvConf() (*resolvConf, error) {
 	return parseResolvConfFile(fileDefaultResolvConfBackupLocation)
 }
 func parseResolvConfFile(resolvConfFile string) (*resolvConf, error) {
 	rconf := &resolvConf{
 		searchDomains: make([]string, 0),
 		nameServers:   make([]string, 0),
 		others:        make([]string, 0),
 	}
 	file, err := os.Open(resolvConfFile)
 	if err != nil {
 		return rconf, fmt.Errorf("failed to open %s file: %w", resolvConfFile, err)
 	}
 	defer func() {
 		if err := file.Close(); err != nil {
 			log.Errorf("failed closing %s: %s", resolvConfFile, err)
 		}
 	}()
 	cur, err := os.ReadFile(resolvConfFile)
 	if err != nil {
 		return rconf, fmt.Errorf("failed to read %s file: %w", resolvConfFile, err)
 	}
 	if len(cur) == 0 {
 		return rconf, fmt.Errorf("file is empty")
 	}
 	for _, line := range strings.Split(string(cur), "\n") {
 		line = strings.TrimSpace(line)
 		if strings.HasPrefix(line, "#") {
 			continue
 		}
 		if strings.HasPrefix(line, "domain") {
 			continue
 		}
 		if strings.HasPrefix(line, "options") && strings.Contains(line, "rotate") {
 			line = strings.ReplaceAll(line, "rotate", "")
 			splitLines := strings.Fields(line)
 			if len(splitLines) == 1 {
 				continue
 			}
 			line = strings.Join(splitLines, " ")
 		}
 		if strings.HasPrefix(line, "search") {
 			splitLines := strings.Fields(line)
 			if len(splitLines) < 2 {
 				continue
 			}
 			rconf.searchDomains = splitLines[1:]
 			continue
 		}
 		if strings.HasPrefix(line, "nameserver") {
 			splitLines := strings.Fields(line)
 			if len(splitLines) != 2 {
 				continue
 			}
 			rconf.nameServers = append(rconf.nameServers, splitLines[1])
 			continue
 		}
 		if line != "" {
 			rconf.others = append(rconf.others, line)
 		}
 	}
 	return rconf, nil
 }
--- a/client/internal/dns/file_parser_linux_test.go
+++ b/client/internal/dns/file_parser_linux_test.go
@@ -0,0 +1,174 @@
 //go:build !android
 package dns
 import (
 	"os"
 	"path/filepath"
 	"testing"
 )
 func Test_parseResolvConf(t *testing.T) {
 	testCases := []struct {
 		input          string
 		expectedSearch []string
 		expectedNS     []string
 		expectedOther  []string
 	}{
 		{
 			input: `domain example.org
 search example.org
 nameserver 192.168.0.1
 `,
 			expectedSearch: []string{"example.org"},
 			expectedNS:     []string{"192.168.0.1"},
 			expectedOther:  []string{},
 		},
 		{
 			input: `# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
 # Do not edit.
 #
 # This file might be symlinked as /etc/resolv.conf. If you're looking at
 # /etc/resolv.conf and seeing this text, you have followed the symlink.
 #
 # This is a dynamic resolv.conf file for connecting local clients directly to
 # all known uplink DNS servers. This file lists all configured search domains.
 #
 # Third party programs should typically not access this file directly, but only
 # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
 # different way, replace this symlink by a static file or a different symlink.
 #
 # See man:systemd-resolved.service(8) for details about the supported modes of
 # operation for /etc/resolv.conf.
 nameserver 192.168.2.1
 nameserver 100.81.99.197
 search netbird.cloud
 `,
 			expectedSearch: []string{"netbird.cloud"},
 			expectedNS:     []string{"192.168.2.1", "100.81.99.197"},
 			expectedOther:  []string{},
 		},
 		{
 			input: `# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
 # Do not edit.
 #
 # This file might be symlinked as /etc/resolv.conf. If you're looking at
 # /etc/resolv.conf and seeing this text, you have followed the symlink.
 #
 # This is a dynamic resolv.conf file for connecting local clients directly to
 # all known uplink DNS servers. This file lists all configured search domains.
 #
 # Third party programs should typically not access this file directly, but only
 # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
 # different way, replace this symlink by a static file or a different symlink.
 #
 # See man:systemd-resolved.service(8) for details about the supported modes of
 # operation for /etc/resolv.conf.
 nameserver 192.168.2.1
 nameserver 100.81.99.197
 search netbird.cloud
 options debug
 `,
 			expectedSearch: []string{"netbird.cloud"},
 			expectedNS:     []string{"192.168.2.1", "100.81.99.197"},
 			expectedOther:  []string{"options debug"},
 		},
 	}
 	for _, testCase := range testCases {
 		testCase := testCase
 		t.Run("test", func(t *testing.T) {
 			t.Parallel()
 			tmpResolvConf := filepath.Join(t.TempDir(), "resolv.conf")
 			err := os.WriteFile(tmpResolvConf, []byte(testCase.input), 0644)
 			if err != nil {
 				t.Fatal(err)
 			}
 			cfg, err := parseResolvConfFile(tmpResolvConf)
 			if err != nil {
 				t.Fatal(err)
 			}
 			ok := compareLists(cfg.searchDomains, testCase.expectedSearch)
 			if !ok {
 				t.Errorf("invalid parse result for search domains, expected: %v, got: %v", testCase.expectedSearch, cfg.searchDomains)
 			}
 			ok = compareLists(cfg.nameServers, testCase.expectedNS)
 			if !ok {
 				t.Errorf("invalid parse result for ns domains, expected: %v, got: %v", testCase.expectedNS, cfg.nameServers)
 			}
 			ok = compareLists(cfg.others, testCase.expectedOther)
 			if !ok {
 				t.Errorf("invalid parse result for others, expected: %v, got: %v", testCase.expectedOther, cfg.others)
 			}
 		})
 	}
 }
 func compareLists(search []string, search2 []string) bool {
 	if len(search) != len(search2) {
 		return false
 	}
 	for i, v := range search {
 		if v != search2[i] {
 			return false
 		}
 	}
 	return true
 }
 func Test_emptyFile(t *testing.T) {
 	cfg, err := parseResolvConfFile("/tmp/nothing")
 	if err == nil {
 		t.Errorf("expected error, got nil")
 	}
 	if len(cfg.others) != 0 || len(cfg.searchDomains) != 0 || len(cfg.nameServers) != 0 {
 		t.Errorf("expected empty config, got %v", cfg)
 	}
 }
 func Test_symlink(t *testing.T) {
 	input := `# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
 # Do not edit.
 #
 # This file might be symlinked as /etc/resolv.conf. If you're looking at
 # /etc/resolv.conf and seeing this text, you have followed the symlink.
 #
 # This is a dynamic resolv.conf file for connecting local clients directly to
 # all known uplink DNS servers. This file lists all configured search domains.
 #
 # Third party programs should typically not access this file directly, but only
 # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
 # different way, replace this symlink by a static file or a different symlink.
 #
 # See man:systemd-resolved.service(8) for details about the supported modes of
 # operation for /etc/resolv.conf.
 nameserver 192.168.0.1
 `
 	tmpResolvConf := filepath.Join(t.TempDir(), "resolv.conf")
 	err := os.WriteFile(tmpResolvConf, []byte(input), 0644)
 	if err != nil {
 		t.Fatal(err)
 	}
 	tmpLink := filepath.Join(t.TempDir(), "symlink")
 	err = os.Symlink(tmpResolvConf, tmpLink)
 	if err != nil {
 		t.Fatal(err)
 	}
 	cfg, err := parseResolvConfFile(tmpLink)
 	if err != nil {
 		t.Fatal(err)
 	}
 	if len(cfg.nameServers) != 1 {
 		t.Errorf("unexpected resolv.conf content: %v", cfg)
 	}
 }
--- a/client/internal/dns/file_repair_linux.go
+++ b/client/internal/dns/file_repair_linux.go
@@ -0,0 +1,159 @@
 //go:build !android
 package dns
 import (
 	"path"
 	"path/filepath"
 	"sync"
 	"github.com/fsnotify/fsnotify"
 	log "github.com/sirupsen/logrus"
 )
 var (
 	eventTypes = []fsnotify.Op{
 		fsnotify.Create,
 		fsnotify.Write,
 		fsnotify.Remove,
 		fsnotify.Rename,
 	}
 )
 type repairConfFn func([]string, string, *resolvConf) error
 type repair struct {
 	operationFile string
 	updateFn      repairConfFn
 	watchDir      string
 	inotify   *fsnotify.Watcher
 	inotifyWg sync.WaitGroup
 }
 func newRepair(operationFile string, updateFn repairConfFn) *repair {
 	targetFile := targetFile(operationFile)
 	return &repair{
 		operationFile: targetFile,
 		watchDir:      path.Dir(targetFile),
 		updateFn:      updateFn,
 	}
 }
 func (f *repair) watchFileChanges(nbSearchDomains []string, nbNameserverIP string) {
 	if f.inotify != nil {
 		return
 	}
 	log.Infof("start to watch resolv.conf: %s", f.operationFile)
 	inotify, err := fsnotify.NewWatcher()
 	if err != nil {
 		log.Errorf("failed to start inotify watcher for resolv.conf: %s", err)
 		return
 	}
 	f.inotify = inotify
 	f.inotifyWg.Add(1)
 	go func() {
 		defer f.inotifyWg.Done()
 		for event := range f.inotify.Events {
 			if !f.isEventRelevant(event) {
 				continue
 			}
 			log.Tracef("%s changed, check if it is broken", f.operationFile)
 			rConf, err := parseResolvConfFile(f.operationFile)
 			if err != nil {
 				log.Warnf("failed to parse resolv conf: %s", err)
 				continue
 			}
 			log.Debugf("check resolv.conf parameters: %s", rConf)
 			if !isNbParamsMissing(nbSearchDomains, nbNameserverIP, rConf) {
 				log.Tracef("resolv.conf still correct, skip the update")
 				continue
 			}
 			log.Info("broken params in resolv.conf, repairing it...")
 			err = f.inotify.Remove(f.watchDir)
 			if err != nil {
 				log.Errorf("failed to rm inotify watch for resolv.conf: %s", err)
 			}
 			err = f.updateFn(nbSearchDomains, nbNameserverIP, rConf)
 			if err != nil {
 				log.Errorf("failed to repair resolv.conf: %v", err)
 			}
 			err = f.inotify.Add(f.watchDir)
 			if err != nil {
 				log.Errorf("failed to re-add inotify watch for resolv.conf: %s", err)
 				return
 			}
 		}
 	}()
 	err = f.inotify.Add(f.watchDir)
 	if err != nil {
 		log.Errorf("failed to add inotify watch for resolv.conf: %s", err)
 		return
 	}
 }
 func (f *repair) stopWatchFileChanges() {
 	if f.inotify == nil {
 		return
 	}
 	err := f.inotify.Close()
 	if err != nil {
 		log.Warnf("failed to close resolv.conf inotify: %v", err)
 	}
 	f.inotifyWg.Wait()
 	f.inotify = nil
 }
 func (f *repair) isEventRelevant(event fsnotify.Event) bool {
 	var ok bool
 	for _, et := range eventTypes {
 		if event.Has(et) {
 			ok = true
 			break
 		}
 	}
 	if !ok {
 		return false
 	}
 	if event.Name == f.operationFile {
 		return true
 	}
 	return false
 }
 // nbParamsAreMissing checks if the resolv.conf file contains all the parameters that NetBird needs
 // check the NetBird related nameserver IP at the first place
 // check the NetBird related search domains in the search domains list
 func isNbParamsMissing(nbSearchDomains []string, nbNameserverIP string, rConf *resolvConf) bool {
 	if !isContains(nbSearchDomains, rConf.searchDomains) {
 		return true
 	}
 	if len(rConf.nameServers) == 0 {
 		return true
 	}
 	if rConf.nameServers[0] != nbNameserverIP {
 		return true
 	}
 	return false
 }
 func targetFile(filename string) string {
 	target, err := filepath.EvalSymlinks(filename)
 	if err != nil {
 		log.Errorf("evarl err: %s", err)
 	}
 	return target
 }
--- a/client/internal/dns/file_repair_linux_test.go
+++ b/client/internal/dns/file_repair_linux_test.go
@@ -0,0 +1,175 @@
 //go:build !android
 package dns
 import (
 	"context"
 	"os"
 	"path/filepath"
 	"testing"
 	"time"
 	"github.com/netbirdio/netbird/util"
 )
 func TestMain(m *testing.M) {
 	_ = util.InitLog("debug", "console")
 	code := m.Run()
 	os.Exit(code)
 }
 func Test_newRepairtmp(t *testing.T) {
 	type args struct {
 		resolvConfContent  string
 		touchedConfContent string
 		wantChange         bool
 	}
 	tests := []args{
 		{
 			resolvConfContent: `
 nameserver 10.0.0.1
 nameserver 8.8.8.8
 searchdomain netbird.cloud something`,
 			touchedConfContent: `
 nameserver 8.8.8.8
 searchdomain netbird.cloud something`,
 			wantChange: true,
 		},
 		{
 			resolvConfContent: `
 nameserver 10.0.0.1
 nameserver 8.8.8.8
 searchdomain netbird.cloud something`,
 			touchedConfContent: `
 nameserver 10.0.0.1
 nameserver 8.8.8.8
 searchdomain netbird.cloud something somethingelse`,
 			wantChange: false,
 		},
 		{
 			resolvConfContent: `
 nameserver 10.0.0.1
 nameserver 8.8.8.8
 searchdomain netbird.cloud something`,
 			touchedConfContent: `
 nameserver 10.0.0.1
 searchdomain netbird.cloud something`,
 			wantChange: false,
 		},
 		{
 			resolvConfContent: `
 nameserver 10.0.0.1
 nameserver 8.8.8.8
 searchdomain netbird.cloud something`,
 			touchedConfContent: `
 searchdomain something`,
 			wantChange: true,
 		},
 		{
 			resolvConfContent: `
 nameserver 10.0.0.1
 nameserver 8.8.8.8
 searchdomain netbird.cloud something`,
 			touchedConfContent: `
 nameserver 10.0.0.1`,
 			wantChange: true,
 		},
 		{
 			resolvConfContent: `
 nameserver 10.0.0.1
 nameserver 8.8.8.8
 searchdomain netbird.cloud something`,
 			touchedConfContent: `
 nameserver 8.8.8.8`,
 			wantChange: true,
 		},
 	}
 	for _, tt := range tests {
 		tt := tt
 		t.Run("test", func(t *testing.T) {
 			t.Parallel()
 			workDir := t.TempDir()
 			operationFile := workDir + "/resolv.conf"
 			err := os.WriteFile(operationFile, []byte(tt.resolvConfContent), 0755)
 			if err != nil {
 				t.Fatalf("failed to write out resolv.conf: %s", err)
 			}
 			var changed bool
 			ctx, cancel := context.WithTimeout(context.Background(), time.Second)
 			updateFn := func([]string, string, *resolvConf) error {
 				changed = true
 				cancel()
 				return nil
 			}
 			r := newRepair(operationFile, updateFn)
 			r.watchFileChanges([]string{"netbird.cloud"}, "10.0.0.1")
 			err = os.WriteFile(operationFile, []byte(tt.touchedConfContent), 0755)
 			if err != nil {
 				t.Fatalf("failed to write out resolv.conf: %s", err)
 			}
 			<-ctx.Done()
 			r.stopWatchFileChanges()
 			if changed != tt.wantChange {
 				t.Errorf("unexpected result: want: %v, got: %v", tt.wantChange, changed)
 			}
 		})
 	}
 }
 func Test_newRepairSymlink(t *testing.T) {
 	resolvConfContent := `
 nameserver 10.0.0.1
 nameserver 8.8.8.8
 searchdomain netbird.cloud something`
 	modifyContent := `nameserver 8.8.8.8`
 	tmpResolvConf := filepath.Join(t.TempDir(), "resolv.conf")
 	err := os.WriteFile(tmpResolvConf, []byte(resolvConfContent), 0644)
 	if err != nil {
 		t.Fatal(err)
 	}
 	tmpLink := filepath.Join(t.TempDir(), "symlink")
 	err = os.Symlink(tmpResolvConf, tmpLink)
 	if err != nil {
 		t.Fatal(err)
 	}
 	var changed bool
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
 	updateFn := func([]string, string, *resolvConf) error {
 		changed = true
 		cancel()
 		return nil
 	}
 	r := newRepair(tmpLink, updateFn)
 	r.watchFileChanges([]string{"netbird.cloud"}, "10.0.0.1")
 	err = os.WriteFile(tmpLink, []byte(modifyContent), 0755)
 	if err != nil {
 		t.Fatalf("failed to write out resolv.conf: %s", err)
 	}
 	<-ctx.Done()
 	r.stopWatchFileChanges()
 	if changed != true {
 		t.Errorf("unexpected result: want: %v, got: %v", true, false)
 	}
 }
--- a/client/internal/dns/host.go
+++ b/client/internal/dns/host.go
@@ -2,6 +2,7 @@ package dns
 import (
 	"fmt"
 	"net/netip"
 	"strings"
 	nbdns "github.com/netbirdio/netbird/dns"
@@ -11,6 +12,7 @@ type hostManager interface {
 	applyDNSConfig(config HostDNSConfig) error
 	restoreHostDNS() error
 	supportCustomPort() bool
 	restoreUncleanShutdownDNS(storedDNSAddress *netip.Addr) error
 }
 type HostDNSConfig struct {
@@ -27,9 +29,10 @@ type DomainConfig struct {
 }
 type mockHostConfigurator struct {
-	applyDNSConfigFunc    func(config HostDNSConfig) error
+	applyDNSConfigFunc            func(config HostDNSConfig) error
-	restoreHostDNSFunc    func() error
+	restoreHostDNSFunc            func() error
-	supportCustomPortFunc func() bool
+	supportCustomPortFunc         func() bool
 	restoreUncleanShutdownDNSFunc func(*netip.Addr) error
 }
 func (m *mockHostConfigurator) applyDNSConfig(config HostDNSConfig) error {
@@ -53,11 +56,19 @@ func (m *mockHostConfigurator) supportCustomPort() bool {
 	return false
 }
 func (m *mockHostConfigurator) restoreUncleanShutdownDNS(storedDNSAddress *netip.Addr) error {
 	if m.restoreUncleanShutdownDNSFunc != nil {
 		return m.restoreUncleanShutdownDNSFunc(storedDNSAddress)
 	}
 	return fmt.Errorf("method restoreUncleanShutdownDNS is not implemented")
 }
 func newNoopHostMocker() hostManager {
 	return &mockHostConfigurator{
-		applyDNSConfigFunc:    func(config HostDNSConfig) error { return nil },
+		applyDNSConfigFunc:            func(config HostDNSConfig) error { return nil },
-		restoreHostDNSFunc:    func() error { return nil },
+		restoreHostDNSFunc:            func() error { return nil },
-		supportCustomPortFunc: func() bool { return true },
+		supportCustomPortFunc:         func() bool { return true },
 		restoreUncleanShutdownDNSFunc: func(*netip.Addr) error { return nil },
 	}
 }
--- a/client/internal/dns/host_android.go
+++ b/client/internal/dns/host_android.go
@@ -1,9 +1,11 @@
 package dns
 import "net/netip"
 type androidHostManager struct {
 }
-func newHostManager(wgInterface WGIface) (hostManager, error) {
+func newHostManager() (hostManager, error) {
 	return &androidHostManager{}, nil
 }
@@ -18,3 +20,7 @@ func (a androidHostManager) restoreHostDNS() error {
 func (a androidHostManager) supportCustomPort() bool {
 	return false
 }
 func (a androidHostManager) restoreUncleanShutdownDNS(*netip.Addr) error {
 	return nil
 }
--- a/client/internal/dns/host_darwin.go
+++ b/client/internal/dns/host_darwin.go
@@ -6,6 +6,8 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
 	"io"
 	"net/netip"
 	"os/exec"
 	"strconv"
 	"strings"
@@ -34,7 +36,7 @@ type systemConfigurator struct {
 	createdKeys      map[string]struct{}
 }
-func newHostManager(_ WGIface) (hostManager, error) {
+func newHostManager() (hostManager, error) {
 	return &systemConfigurator{
 		createdKeys: make(map[string]struct{}),
 	}, nil
@@ -50,17 +52,22 @@ func (s *systemConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	if config.RouteAll {
 		err = s.addDNSSetupForAll(config.ServerIP, config.ServerPort)
 		if err != nil {
-			return err
+			return fmt.Errorf("add dns setup for all: %w", err)
 		}
 	} else if s.primaryServiceID != "" {
 		err = s.removeKeyFromSystemConfig(getKeyWithInput(primaryServiceSetupKeyFormat, s.primaryServiceID))
 		if err != nil {
-			return err
+			return fmt.Errorf("remote key from system config: %w", err)
 		}
 		s.primaryServiceID = ""
 		log.Infof("removed %s:%d as main DNS resolver for this peer", config.ServerIP, config.ServerPort)
 	}
 	// create a file for unclean shutdown detection
 	if err := createUncleanShutdownIndicator(); err != nil {
 		log.Errorf("failed to create unclean shutdown file: %s", err)
 	}
 	var (
 		searchDomains []string
 		matchDomains  []string
@@ -85,7 +92,7 @@ func (s *systemConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		err = s.removeKeyFromSystemConfig(matchKey)
 	}
 	if err != nil {
-		return err
+		return fmt.Errorf("add match domains: %w", err)
 	}
 	searchKey := getKeyWithInput(netbirdDNSStateKeyFormat, searchSuffix)
@@ -96,7 +103,7 @@ func (s *systemConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		err = s.removeKeyFromSystemConfig(searchKey)
 	}
 	if err != nil {
-		return err
+		return fmt.Errorf("add search domains: %w", err)
 	}
 	return nil
@@ -119,7 +126,11 @@ func (s *systemConfigurator) restoreHostDNS() error {
 	_, err := runSystemConfigCommand(wrapCommand(lines))
 	if err != nil {
 		log.Errorf("got an error while cleaning the system configuration: %s", err)
-		return err
+		return fmt.Errorf("clean system: %w", err)
 	}
 	if err := removeUncleanShutdownIndicator(); err != nil {
 		log.Errorf("failed to remove unclean shutdown file: %s", err)
 	}
 	return nil
@@ -129,7 +140,7 @@ func (s *systemConfigurator) removeKeyFromSystemConfig(key string) error {
 	line := buildRemoveKeyOperation(key)
 	_, err := runSystemConfigCommand(wrapCommand(line))
 	if err != nil {
-		return err
+		return fmt.Errorf("remove key: %w", err)
 	}
 	delete(s.createdKeys, key)
@@ -140,7 +151,7 @@ func (s *systemConfigurator) removeKeyFromSystemConfig(key string) error {
 func (s *systemConfigurator) addSearchDomains(key, domains string, ip string, port int) error {
 	err := s.addDNSState(key, domains, ip, port, true)
 	if err != nil {
-		return err
+		return fmt.Errorf("add dns state: %w", err)
 	}
 	log.Infof("added %d search domains to the state. Domain list: %s", len(strings.Split(domains, " ")), domains)
@@ -153,7 +164,7 @@ func (s *systemConfigurator) addSearchDomains(key, domains string, ip string, po
 func (s *systemConfigurator) addMatchDomains(key, domains, dnsServer string, port int) error {
 	err := s.addDNSState(key, domains, dnsServer, port, false)
 	if err != nil {
-		return err
+		return fmt.Errorf("add dns state: %w", err)
 	}
 	log.Infof("added %d match domains to the state. Domain list: %s", len(strings.Split(domains, " ")), domains)
@@ -178,33 +189,37 @@ func (s *systemConfigurator) addDNSState(state, domains, dnsServer string, port
 	_, err := runSystemConfigCommand(stdinCommands)
 	if err != nil {
-		return fmt.Errorf("got error while applying state for domains %s, error: %s", domains, err)
+		return fmt.Errorf("applying state for domains %s, error: %w", domains, err)
 	}
 	return nil
 }
 func (s *systemConfigurator) addDNSSetupForAll(dnsServer string, port int) error {
-	primaryServiceKey, existingNameserver := s.getPrimaryService()
+	primaryServiceKey, existingNameserver, err := s.getPrimaryService()
-	if primaryServiceKey == "" {
+	if err != nil || primaryServiceKey == "" {
-		return fmt.Errorf("couldn't find the primary service key")
+		return fmt.Errorf("couldn't find the primary service key: %w", err)
 	}
-	err := s.addDNSSetup(getKeyWithInput(primaryServiceSetupKeyFormat, primaryServiceKey), dnsServer, port, existingNameserver)
+
 	err = s.addDNSSetup(getKeyWithInput(primaryServiceSetupKeyFormat, primaryServiceKey), dnsServer, port, existingNameserver)
 	if err != nil {
-		return err
+		return fmt.Errorf("add dns setup: %w", err)
 	}
 	log.Infof("configured %s:%d as main DNS resolver for this peer", dnsServer, port)
 	s.primaryServiceID = primaryServiceKey
 	return nil
 }
-func (s *systemConfigurator) getPrimaryService() (string, string) {
+func (s *systemConfigurator) getPrimaryService() (string, string, error) {
 	line := buildCommandLine("show", globalIPv4State, "")
 	stdinCommands := wrapCommand(line)
 	b, err := runSystemConfigCommand(stdinCommands)
 	if err != nil {
-		log.Error("got error while sending the command: ", err)
+		return "", "", fmt.Errorf("sending the command: %w", err)
 		return "", ""
 	}
 	scanner := bufio.NewScanner(bytes.NewReader(b))
 	primaryService := ""
 	router := ""
@@ -217,7 +232,11 @@ func (s *systemConfigurator) getPrimaryService() (string, string) {
 			router = strings.TrimSpace(strings.Split(text, ":")[1])
 		}
 	}
-	return primaryService, router
+	if err := scanner.Err(); err != nil && err != io.EOF {
 		return primaryService, router, fmt.Errorf("scan: %w", err)
 	}
 	return primaryService, router, nil
 }
 func (s *systemConfigurator) addDNSSetup(setupKey, dnsServer string, port int, existingDNSServer string) error {
@@ -228,7 +247,14 @@ func (s *systemConfigurator) addDNSSetup(setupKey, dnsServer string, port int, e
 	stdinCommands := wrapCommand(addDomainCommand)
 	_, err := runSystemConfigCommand(stdinCommands)
 	if err != nil {
-		return fmt.Errorf("got error while applying dns setup, error: %s", err)
+		return fmt.Errorf("applying dns setup, error: %w", err)
 	}
 	return nil
 }
 func (s *systemConfigurator) restoreUncleanShutdownDNS(*netip.Addr) error {
 	if err := s.restoreHostDNS(); err != nil {
 		return fmt.Errorf("restoring dns via scutil: %w", err)
 	}
 	return nil
 }
@@ -266,7 +292,7 @@ func runSystemConfigCommand(command string) ([]byte, error) {
 	cmd.Stdin = strings.NewReader(command)
 	out, err := cmd.Output()
 	if err != nil {
-		return nil, fmt.Errorf("got error while running system configuration command: \"%s\", error: %s", command, err)
+		return nil, fmt.Errorf("running system configuration command: \"%s\", error: %w", command, err)
 	}
 	return out, nil
 }
--- a/client/internal/dns/host_ios.go
+++ b/client/internal/dns/host_ios.go
@@ -2,6 +2,8 @@ package dns
 import (
 	"encoding/json"
 	"fmt"
 	"net/netip"
 	log "github.com/sirupsen/logrus"
 )
@@ -20,7 +22,7 @@ func newHostManager(dnsManager IosDnsManager) (hostManager, error) {
 func (a iosHostManager) applyDNSConfig(config HostDNSConfig) error {
 	jsonData, err := json.Marshal(config)
 	if err != nil {
-		return err
+		return fmt.Errorf("marshal: %w", err)
 	}
 	jsonString := string(jsonData)
 	log.Debugf("Applying DNS settings: %s", jsonString)
@@ -35,3 +37,7 @@ func (a iosHostManager) restoreHostDNS() error {
 func (a iosHostManager) supportCustomPort() bool {
 	return false
 }
 func (a iosHostManager) restoreUncleanShutdownDNS(*netip.Addr) error {
 	return nil
 }
--- a/client/internal/dns/host_linux.go
+++ b/client/internal/dns/host_linux.go
@@ -4,17 +4,15 @@ package dns
 import (
 	"bufio"
 	"errors"
 	"fmt"
 	"io"
 	"os"
 	"strings"
 	log "github.com/sirupsen/logrus"
 )
 const (
 	defaultResolvConfPath = "/etc/resolv.conf"
 )
 const (
 	netbirdManager osManagerType = iota
 	fileManager
@@ -23,8 +21,27 @@ const (
 	resolvConfManager
 )
 var ErrUnknownOsManagerType = errors.New("unknown os manager type")
 type osManagerType int
 func newOsManagerType(osManager string) (osManagerType, error) {
 	switch osManager {
 	case "netbird":
 		return fileManager, nil
 	case "file":
 		return netbirdManager, nil
 	case "networkManager":
 		return networkManager, nil
 	case "systemd":
 		return systemdManager, nil
 	case "resolvconf":
 		return resolvConfManager, nil
 	default:
 		return 0, ErrUnknownOsManagerType
 	}
 }
 func (t osManagerType) String() string {
 	switch t {
 	case netbirdManager:
@@ -42,13 +59,17 @@ func (t osManagerType) String() string {
 	}
 }
-func newHostManager(wgInterface WGIface) (hostManager, error) {
+func newHostManager(wgInterface string) (hostManager, error) {
 	osManager, err := getOSDNSManagerType()
 	if err != nil {
 		return nil, err
 	}
 	log.Debugf("discovered mode is: %s", osManager)
 	return newHostManagerFromType(wgInterface, osManager)
 }
 func newHostManagerFromType(wgInterface string, osManager osManagerType) (hostManager, error) {
 	switch osManager {
 	case networkManager:
 		return newNetworkManagerDbusConfigurator(wgInterface)
@@ -62,12 +83,15 @@ func newHostManager(wgInterface WGIface) (hostManager, error) {
 }
 func getOSDNSManagerType() (osManagerType, error) {
 	file, err := os.Open(defaultResolvConfPath)
 	if err != nil {
-		return 0, fmt.Errorf("unable to open %s for checking owner, got error: %s", defaultResolvConfPath, err)
+		return 0, fmt.Errorf("unable to open %s for checking owner, got error: %w", defaultResolvConfPath, err)
 	}
-	defer file.Close()
+	defer func() {
 		if err := file.Close(); err != nil {
 			log.Errorf("close file %s: %s", defaultResolvConfPath, err)
 		}
 	}()
 	scanner := bufio.NewScanner(file)
 	for scanner.Scan() {
@@ -85,7 +109,11 @@ func getOSDNSManagerType() (osManagerType, error) {
 			return networkManager, nil
 		}
 		if strings.Contains(text, "systemd-resolved") && isDbusListenerRunning(systemdResolvedDest, systemdDbusObjectNode) {
-			return systemdManager, nil
+			if checkStub() {
 				return systemdManager, nil
 			} else {
 				return fileManager, nil
 			}
 		}
 		if strings.Contains(text, "resolvconf") {
 			if isDbusListenerRunning(systemdResolvedDest, systemdDbusObjectNode) {
@@ -101,5 +129,26 @@ func getOSDNSManagerType() (osManagerType, error) {
 			return resolvConfManager, nil
 		}
 	}
 	if err := scanner.Err(); err != nil && err != io.EOF {
 		return 0, fmt.Errorf("scan: %w", err)
 	}
 	return fileManager, nil
 }
 // checkStub checks if the stub resolver is disabled in systemd-resolved. If it is disabled, we fall back to file manager.
 func checkStub() bool {
 	rConf, err := parseDefaultResolvConf()
 	if err != nil {
 		log.Warnf("failed to parse resolv conf: %s", err)
 		return true
 	}
 	for _, ns := range rConf.nameServers {
 		if ns == "127.0.0.53" {
 			return true
 		}
 	}
 	return false
 }
--- a/client/internal/dns/host_windows.go
+++ b/client/internal/dns/host_windows.go
@@ -2,6 +2,8 @@ package dns
 import (
 	"fmt"
 	"io"
 	"net/netip"
 	"strings"
 	log "github.com/sirupsen/logrus"
@@ -9,7 +11,7 @@ import (
 )
 const (
-	dnsPolicyConfigMatchPath            = "SYSTEM\\CurrentControlSet\\Services\\Dnscache\\Parameters\\DnsPolicyConfig\\NetBird-Match"
+	dnsPolicyConfigMatchPath            = `SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\NetBird-Match`
 	dnsPolicyConfigVersionKey           = "Version"
 	dnsPolicyConfigVersionValue         = 2
 	dnsPolicyConfigNameKey              = "Name"
@@ -19,7 +21,7 @@ const (
 )
 const (
-	interfaceConfigPath          = "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces"
+	interfaceConfigPath          = `SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces`
 	interfaceConfigNameServerKey = "NameServer"
 	interfaceConfigSearchListKey = "SearchList"
 )
@@ -34,12 +36,16 @@ func newHostManager(wgInterface WGIface) (hostManager, error) {
 	if err != nil {
 		return nil, err
 	}
 	return newHostManagerWithGuid(guid)
 }
 func newHostManagerWithGuid(guid string) (hostManager, error) {
 	return &registryConfigurator{
 		guid: guid,
 	}, nil
 }
-func (s *registryConfigurator) supportCustomPort() bool {
+func (r *registryConfigurator) supportCustomPort() bool {
 	return false
 }
@@ -48,17 +54,22 @@ func (r *registryConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	if config.RouteAll {
 		err = r.addDNSSetupForAll(config.ServerIP)
 		if err != nil {
-			return err
+			return fmt.Errorf("add dns setup: %w", err)
 		}
 	} else if r.routingAll {
 		err = r.deleteInterfaceRegistryKeyProperty(interfaceConfigNameServerKey)
 		if err != nil {
-			return err
+			return fmt.Errorf("delete interface registry key property: %w", err)
 		}
 		r.routingAll = false
 		log.Infof("removed %s as main DNS forwarder for this peer", config.ServerIP)
 	}
 	// create a file for unclean shutdown detection
 	if err := createUncleanShutdownIndicator(r.guid); err != nil {
 		log.Errorf("failed to create unclean shutdown file: %s", err)
 	}
 	var (
 		searchDomains []string
 		matchDomains  []string
@@ -80,12 +91,12 @@ func (r *registryConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		err = removeRegistryKeyFromDNSPolicyConfig(dnsPolicyConfigMatchPath)
 	}
 	if err != nil {
-		return err
+		return fmt.Errorf("add dns match policy: %w", err)
 	}
 	err = r.updateSearchDomains(searchDomains)
 	if err != nil {
-		return err
+		return fmt.Errorf("update search domains: %w", err)
 	}
 	return nil
@@ -94,7 +105,7 @@ func (r *registryConfigurator) applyDNSConfig(config HostDNSConfig) error {
 func (r *registryConfigurator) addDNSSetupForAll(ip string) error {
 	err := r.setInterfaceRegistryKeyStringValue(interfaceConfigNameServerKey, ip)
 	if err != nil {
-		return fmt.Errorf("adding dns setup for all failed with error: %s", err)
+		return fmt.Errorf("adding dns setup for all failed with error: %w", err)
 	}
 	r.routingAll = true
 	log.Infof("configured %s:53 as main DNS forwarder for this peer", ip)
@@ -106,33 +117,33 @@ func (r *registryConfigurator) addDNSMatchPolicy(domains []string, ip string) er
 	if err == nil {
 		err = registry.DeleteKey(registry.LOCAL_MACHINE, dnsPolicyConfigMatchPath)
 		if err != nil {
-			return fmt.Errorf("unable to remove existing key from registry, key: HKEY_LOCAL_MACHINE\\%s, error: %s", dnsPolicyConfigMatchPath, err)
+			return fmt.Errorf("unable to remove existing key from registry, key: HKEY_LOCAL_MACHINE\\%s, error: %w", dnsPolicyConfigMatchPath, err)
 		}
 	}
 	regKey, _, err := registry.CreateKey(registry.LOCAL_MACHINE, dnsPolicyConfigMatchPath, registry.SET_VALUE)
 	if err != nil {
-		return fmt.Errorf("unable to create registry key, key: HKEY_LOCAL_MACHINE\\%s, error: %s", dnsPolicyConfigMatchPath, err)
+		return fmt.Errorf("unable to create registry key, key: HKEY_LOCAL_MACHINE\\%s, error: %w", dnsPolicyConfigMatchPath, err)
 	}
 	err = regKey.SetDWordValue(dnsPolicyConfigVersionKey, dnsPolicyConfigVersionValue)
 	if err != nil {
-		return fmt.Errorf("unable to set registry value for %s, error: %s", dnsPolicyConfigVersionKey, err)
+		return fmt.Errorf("unable to set registry value for %s, error: %w", dnsPolicyConfigVersionKey, err)
 	}
 	err = regKey.SetStringsValue(dnsPolicyConfigNameKey, domains)
 	if err != nil {
-		return fmt.Errorf("unable to set registry value for %s, error: %s", dnsPolicyConfigNameKey, err)
+		return fmt.Errorf("unable to set registry value for %s, error: %w", dnsPolicyConfigNameKey, err)
 	}
 	err = regKey.SetStringValue(dnsPolicyConfigGenericDNSServersKey, ip)
 	if err != nil {
-		return fmt.Errorf("unable to set registry value for %s, error: %s", dnsPolicyConfigGenericDNSServersKey, err)
+		return fmt.Errorf("unable to set registry value for %s, error: %w", dnsPolicyConfigGenericDNSServersKey, err)
 	}
 	err = regKey.SetDWordValue(dnsPolicyConfigConfigOptionsKey, dnsPolicyConfigConfigOptionsValue)
 	if err != nil {
-		return fmt.Errorf("unable to set registry value for %s, error: %s", dnsPolicyConfigConfigOptionsKey, err)
+		return fmt.Errorf("unable to set registry value for %s, error: %w", dnsPolicyConfigConfigOptionsKey, err)
 	}
 	log.Infof("added %d match domains to the state. Domain list: %s", len(domains), domains)
@@ -141,18 +152,25 @@ func (r *registryConfigurator) addDNSMatchPolicy(domains []string, ip string) er
 }
 func (r *registryConfigurator) restoreHostDNS() error {
-	err := removeRegistryKeyFromDNSPolicyConfig(dnsPolicyConfigMatchPath)
+	if err := removeRegistryKeyFromDNSPolicyConfig(dnsPolicyConfigMatchPath); err != nil {
-	if err != nil {
+		log.Errorf("remove registry key from dns policy config: %s", err)
 		log.Error(err)
 	}
-	return r.deleteInterfaceRegistryKeyProperty(interfaceConfigSearchListKey)
+	if err := r.deleteInterfaceRegistryKeyProperty(interfaceConfigSearchListKey); err != nil {
 		return fmt.Errorf("remove interface registry key: %w", err)
 	}
 	if err := removeUncleanShutdownIndicator(); err != nil {
 		log.Errorf("failed to remove unclean shutdown file: %s", err)
 	}
 	return nil
 }
 func (r *registryConfigurator) updateSearchDomains(domains []string) error {
 	err := r.setInterfaceRegistryKeyStringValue(interfaceConfigSearchListKey, strings.Join(domains, ","))
 	if err != nil {
-		return fmt.Errorf("adding search domain failed with error: %s", err)
+		return fmt.Errorf("adding search domain failed with error: %w", err)
 	}
 	log.Infof("updated the search domains in the registry with %d domains. Domain list: %s", len(domains), domains)
@@ -163,13 +181,13 @@ func (r *registryConfigurator) updateSearchDomains(domains []string) error {
 func (r *registryConfigurator) setInterfaceRegistryKeyStringValue(key, value string) error {
 	regKey, err := r.getInterfaceRegistryKey()
 	if err != nil {
-		return err
+		return fmt.Errorf("get interface registry key: %w", err)
 	}
-	defer regKey.Close()
+	defer closer(regKey)
 	err = regKey.SetStringValue(key, value)
 	if err != nil {
-		return fmt.Errorf("applying key %s with value \"%s\" for interface failed with error: %s", key, value, err)
+		return fmt.Errorf("applying key %s with value \"%s\" for interface failed with error: %w", key, value, err)
 	}
 	return nil
@@ -178,13 +196,13 @@ func (r *registryConfigurator) setInterfaceRegistryKeyStringValue(key, value str
 func (r *registryConfigurator) deleteInterfaceRegistryKeyProperty(propertyKey string) error {
 	regKey, err := r.getInterfaceRegistryKey()
 	if err != nil {
-		return err
+		return fmt.Errorf("get interface registry key: %w", err)
 	}
-	defer regKey.Close()
+	defer closer(regKey)
 	err = regKey.DeleteValue(propertyKey)
 	if err != nil {
-		return fmt.Errorf("deleting registry key %s for interface failed with error: %s", propertyKey, err)
+		return fmt.Errorf("deleting registry key %s for interface failed with error: %w", propertyKey, err)
 	}
 	return nil
@@ -197,20 +215,33 @@ func (r *registryConfigurator) getInterfaceRegistryKey() (registry.Key, error) {
 	regKey, err := registry.OpenKey(registry.LOCAL_MACHINE, regKeyPath, registry.SET_VALUE)
 	if err != nil {
-		return regKey, fmt.Errorf("unable to open the interface registry key, key: HKEY_LOCAL_MACHINE\\%s, error: %s", regKeyPath, err)
+		return regKey, fmt.Errorf("unable to open the interface registry key, key: HKEY_LOCAL_MACHINE\\%s, error: %w", regKeyPath, err)
 	}
 	return regKey, nil
 }
 func (r *registryConfigurator) restoreUncleanShutdownDNS(*netip.Addr) error {
 	if err := r.restoreHostDNS(); err != nil {
 		return fmt.Errorf("restoring dns via registry: %w", err)
 	}
 	return nil
 }
 func removeRegistryKeyFromDNSPolicyConfig(regKeyPath string) error {
 	k, err := registry.OpenKey(registry.LOCAL_MACHINE, regKeyPath, registry.QUERY_VALUE)
 	if err == nil {
-		k.Close()
+		defer closer(k)
 		err = registry.DeleteKey(registry.LOCAL_MACHINE, regKeyPath)
 		if err != nil {
-			return fmt.Errorf("unable to remove existing key from registry, key: HKEY_LOCAL_MACHINE\\%s, error: %s", regKeyPath, err)
+			return fmt.Errorf("unable to remove existing key from registry, key: HKEY_LOCAL_MACHINE\\%s, error: %w", regKeyPath, err)
 		}
 	}
 	return nil
 }
 func closer(closer io.Closer) {
 	if err := closer.Close(); err != nil {
 		log.Errorf("failed to close: %s", err)
 	}
 }
--- a/client/internal/dns/local.go
+++ b/client/internal/dns/local.go
@@ -52,7 +52,7 @@ func (d *localResolver) lookupRecord(r *dns.Msg) dns.RR {
 func (d *localResolver) registerRecord(record nbdns.SimpleRecord) error {
 	fullRecord, err := dns.NewRR(record.String())
 	if err != nil {
-		return err
+		return fmt.Errorf("register record: %w", err)
 	}
 	fullRecord.Header().Rdlength = record.Len()
@@ -71,3 +71,5 @@ func buildRecordKey(name string, class, qType uint16) string {
 	key := fmt.Sprintf("%s_%d_%d", name, class, qType)
 	return key
 }
 func (d *localResolver) probeAvailability() {}
--- a/client/internal/dns/mock_server.go
+++ b/client/internal/dns/mock_server.go
@@ -48,3 +48,7 @@ func (m *MockServer) UpdateDNSServer(serial uint64, update nbdns.Config) error {
 func (m *MockServer) SearchDomains() []string {
 	return make([]string, 0)
 }
 // ProbeAvailability mocks implementation of ProbeAvailability from the Server interface
 func (m *MockServer) ProbeAvailability() {
 }
--- a/client/internal/dns/network_manager_linux.go
+++ b/client/internal/dns/network_manager_linux.go
@@ -5,8 +5,10 @@ package dns
 import (
 	"context"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"net/netip"
 	"strings"
 	"time"
 	"github.com/godbus/dbus/v5"
@@ -41,9 +43,13 @@ const (
 	networkManagerDbusPrimaryDNSPriority       int32 = -500
 	networkManagerDbusWithMatchDomainPriority  int32 = 0
 	networkManagerDbusSearchDomainOnlyPriority int32 = 50
 	supportedNetworkManagerVersionConstraint         = ">= 1.16, < 1.28"
 )
 var supportedNetworkManagerVersionConstraints = []string{
 	">= 1.16, < 1.27",
 	">= 1.44, < 1.45",
 }
 type networkManagerDbusConfigurator struct {
 	dbusLinkObject dbus.ObjectPath
 	routingAll     bool
@@ -71,19 +77,19 @@ func (s networkManagerConnSettings) cleanDeprecatedSettings() {
 	}
 }
-func newNetworkManagerDbusConfigurator(wgInterface WGIface) (hostManager, error) {
+func newNetworkManagerDbusConfigurator(wgInterface string) (hostManager, error) {
 	obj, closeConn, err := getDbusObject(networkManagerDest, networkManagerDbusObjectNode)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("get nm dbus: %w", err)
 	}
 	defer closeConn()
 	var s string
-	err = obj.Call(networkManagerDbusGetDeviceByIPIfaceMethod, dbusDefaultFlag, wgInterface.Name()).Store(&s)
+	err = obj.Call(networkManagerDbusGetDeviceByIPIfaceMethod, dbusDefaultFlag, wgInterface).Store(&s)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("call: %w", err)
 	}
-	log.Debugf("got network manager dbus Link Object: %s from net interface %s", s, wgInterface.Name())
+	log.Debugf("got network manager dbus Link Object: %s from net interface %s", s, wgInterface)
 	return &networkManagerDbusConfigurator{
 		dbusLinkObject: dbus.ObjectPath(s),
@@ -97,14 +103,14 @@ func (n *networkManagerDbusConfigurator) supportCustomPort() bool {
 func (n *networkManagerDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	connSettings, configVersion, err := n.getAppliedConnectionSettings()
 	if err != nil {
-		return fmt.Errorf("got an error while retrieving the applied connection settings, error: %s", err)
+		return fmt.Errorf("retrieving the applied connection settings, error: %w", err)
 	}
 	connSettings.cleanDeprecatedSettings()
 	dnsIP, err := netip.ParseAddr(config.ServerIP)
 	if err != nil {
-		return fmt.Errorf("unable to parse ip address, error: %s", err)
+		return fmt.Errorf("unable to parse ip address, error: %w", err)
 	}
 	convDNSIP := binary.LittleEndian.Uint32(dnsIP.AsSlice())
 	connSettings[networkManagerDbusIPv4Key][networkManagerDbusDNSKey] = dbus.MakeVariant([]uint32{convDNSIP})
@@ -145,23 +151,37 @@ func (n *networkManagerDbusConfigurator) applyDNSConfig(config HostDNSConfig) er
 	connSettings[networkManagerDbusIPv4Key][networkManagerDbusDNSPriorityKey] = dbus.MakeVariant(priority)
 	connSettings[networkManagerDbusIPv4Key][networkManagerDbusDNSSearchKey] = dbus.MakeVariant(newDomainList)
 	// create a backup for unclean shutdown detection before adding domains, as these might end up in the resolv.conf file.
 	// The file content itself is not important for network-manager restoration
 	if err := createUncleanShutdownIndicator(defaultResolvConfPath, networkManager, dnsIP.String()); err != nil {
 		log.Errorf("failed to create unclean shutdown resolv.conf backup: %s", err)
 	}
 	log.Infof("adding %d search domains and %d match domains. Search list: %s , Match list: %s", len(searchDomains), len(matchDomains), searchDomains, matchDomains)
 	err = n.reApplyConnectionSettings(connSettings, configVersion)
 	if err != nil {
-		return fmt.Errorf("got an error while reapplying the connection with new settings, error: %s", err)
+		return fmt.Errorf("reapplying the connection with new settings, error: %w", err)
 	}
 	return nil
 }
 func (n *networkManagerDbusConfigurator) restoreHostDNS() error {
 	// once the interface is gone network manager cleans all config associated with it
-	return n.deleteConnectionSettings()
+	if err := n.deleteConnectionSettings(); err != nil {
 		return fmt.Errorf("delete connection settings: %w", err)
 	}
 	if err := removeUncleanShutdownIndicator(); err != nil {
 		log.Errorf("failed to remove unclean shutdown resolv.conf backup: %s", err)
 	}
 	return nil
 }
 func (n *networkManagerDbusConfigurator) getAppliedConnectionSettings() (networkManagerConnSettings, networkManagerConfigVersion, error) {
 	obj, closeConn, err := getDbusObject(networkManagerDest, n.dbusLinkObject)
 	if err != nil {
-		return nil, 0, fmt.Errorf("got error while attempting to retrieve the applied connection settings, err: %s", err)
+		return nil, 0, fmt.Errorf("attempting to retrieve the applied connection settings, err: %w", err)
 	}
 	defer closeConn()
@@ -176,7 +196,7 @@ func (n *networkManagerDbusConfigurator) getAppliedConnectionSettings() (network
 	err = obj.CallWithContext(ctx, networkManagerDbusDeviceGetAppliedConnectionMethod, dbusDefaultFlag,
 		networkManagerDbusDefaultBehaviorFlag).Store(&connSettings, &configVersion)
 	if err != nil {
-		return nil, 0, fmt.Errorf("got error while calling GetAppliedConnection method with context, err: %s", err)
+		return nil, 0, fmt.Errorf("calling GetAppliedConnection method with context, err: %w", err)
 	}
 	return connSettings, configVersion, nil
@@ -185,7 +205,7 @@ func (n *networkManagerDbusConfigurator) getAppliedConnectionSettings() (network
 func (n *networkManagerDbusConfigurator) reApplyConnectionSettings(connSettings networkManagerConnSettings, configVersion networkManagerConfigVersion) error {
 	obj, closeConn, err := getDbusObject(networkManagerDest, n.dbusLinkObject)
 	if err != nil {
-		return fmt.Errorf("got error while attempting to retrieve the applied connection settings, err: %s", err)
+		return fmt.Errorf("attempting to retrieve the applied connection settings, err: %w", err)
 	}
 	defer closeConn()
@@ -195,7 +215,7 @@ func (n *networkManagerDbusConfigurator) reApplyConnectionSettings(connSettings
 	err = obj.CallWithContext(ctx, networkManagerDbusDeviceReapplyMethod, dbusDefaultFlag,
 		connSettings, configVersion, networkManagerDbusDefaultBehaviorFlag).Store()
 	if err != nil {
-		return fmt.Errorf("got error while calling ReApply method with context, err: %s", err)
+		return fmt.Errorf("calling ReApply method with context, err: %w", err)
 	}
 	return nil
@@ -204,21 +224,34 @@ func (n *networkManagerDbusConfigurator) reApplyConnectionSettings(connSettings
 func (n *networkManagerDbusConfigurator) deleteConnectionSettings() error {
 	obj, closeConn, err := getDbusObject(networkManagerDest, n.dbusLinkObject)
 	if err != nil {
-		return fmt.Errorf("got error while attempting to retrieve the applied connection settings, err: %s", err)
+		return fmt.Errorf("attempting to retrieve the applied connection settings, err: %w", err)
 	}
 	defer closeConn()
 	ctx, cancel := context.WithTimeout(context.TODO(), 5*time.Second)
 	defer cancel()
 	// this call is required to remove the device for DNS cleanup, even if it fails
 	err = obj.CallWithContext(ctx, networkManagerDbusDeviceDeleteMethod, dbusDefaultFlag).Store()
 	if err != nil {
-		return fmt.Errorf("got error while calling delete method with context, err: %s", err)
+		var dbusErr dbus.Error
 		if errors.As(err, &dbusErr) && dbusErr.Name == dbus.ErrMsgUnknownMethod.Name {
 			// interface is gone already
 			return nil
 		}
 		return fmt.Errorf("calling delete method with context, err: %s", err)
 	}
 	return nil
 }
 func (n *networkManagerDbusConfigurator) restoreUncleanShutdownDNS(*netip.Addr) error {
 	if err := n.restoreHostDNS(); err != nil {
 		return fmt.Errorf("restoring dns via network-manager: %w", err)
 	}
 	return nil
 }
 func isNetworkManagerSupported() bool {
 	return isNetworkManagerSupportedVersion() && isNetworkManagerSupportedMode()
 }
@@ -250,13 +283,13 @@ func isNetworkManagerSupportedMode() bool {
 func getNetworkManagerDNSProperty(property string, store any) error {
 	obj, closeConn, err := getDbusObject(networkManagerDest, networkManagerDbusDNSManagerObjectNode)
 	if err != nil {
-		return fmt.Errorf("got error while attempting to retrieve the network manager dns manager object, error: %s", err)
+		return fmt.Errorf("attempting to retrieve the network manager dns manager object, error: %w", err)
 	}
 	defer closeConn()
 	v, e := obj.GetProperty(property)
 	if e != nil {
-		return fmt.Errorf("got an error getting property %s: %v", property, e)
+		return fmt.Errorf("getting property %s: %w", property, e)
 	}
 	return v.Store(store)
@@ -278,15 +311,26 @@ func isNetworkManagerSupportedVersion() bool {
 	}
 	versionValue, err := parseVersion(value.Value().(string))
 	if err != nil {
 		log.Errorf("nm: parse version: %s", err)
 		return false
 	}
-	constraints, err := version.NewConstraint(supportedNetworkManagerVersionConstraint)
+	var supported bool
-	if err != nil {
+	for _, constraint := range supportedNetworkManagerVersionConstraints {
-		return false
+		constr, err := version.NewConstraint(constraint)
 		if err != nil {
 			log.Errorf("nm: create constraint: %s", err)
 			return false
 		}
 		if met := constr.Check(versionValue); met {
 			supported = true
 			break
 		}
 	}
-	return constraints.Check(versionValue)
+	log.Debugf("network manager constraints [%s] met: %t", strings.Join(supportedNetworkManagerVersionConstraints, " | "), supported)
 	return supported
 }
 func parseVersion(inputVersion string) (*version.Version, error) {
--- a/client/internal/dns/resolvconf_linux.go
+++ b/client/internal/dns/resolvconf_linux.go
@@ -5,6 +5,7 @@ package dns
 import (
 	"bytes"
 	"fmt"
 	"net/netip"
 	"os/exec"
 	log "github.com/sirupsen/logrus"
@@ -21,17 +22,17 @@ type resolvconf struct {
 }
 // supported "openresolv" only
-func newResolvConfConfigurator(wgInterface WGIface) (hostManager, error) {
+func newResolvConfConfigurator(wgInterface string) (hostManager, error) {
-	originalSearchDomains, nameServers, others, err := originalDNSConfigs("/etc/resolv.conf")
+	resolvConfEntries, err := parseDefaultResolvConf()
 	if err != nil {
-		log.Error(err)
+		log.Errorf("could not read original search domains from %s: %s", defaultResolvConfPath, err)
 	}
 	return &resolvconf{
-		ifaceName:             wgInterface.Name(),
+		ifaceName:             wgInterface,
-		originalSearchDomains: originalSearchDomains,
+		originalSearchDomains: resolvConfEntries.searchDomains,
-		originalNameServers:   nameServers,
+		originalNameServers:   resolvConfEntries.nameServers,
-		othersConfigs:         others,
+		othersConfigs:         resolvConfEntries.others,
 	}, nil
 }
@@ -44,7 +45,7 @@ func (r *resolvconf) applyDNSConfig(config HostDNSConfig) error {
 	if !config.RouteAll {
 		err = r.restoreHostDNS()
 		if err != nil {
-			log.Error(err)
+			log.Errorf("restore host dns: %s", err)
 		}
 		return fmt.Errorf("unable to configure DNS for this peer using resolvconf manager without a nameserver group with all domains configured")
 	}
@@ -57,9 +58,14 @@ func (r *resolvconf) applyDNSConfig(config HostDNSConfig) error {
 		append([]string{config.ServerIP}, r.originalNameServers...),
 		r.othersConfigs)
 	// create a backup for unclean shutdown detection before the resolv.conf is changed
 	if err := createUncleanShutdownIndicator(defaultResolvConfPath, resolvConfManager, config.ServerIP); err != nil {
 		log.Errorf("failed to create unclean shutdown resolv.conf backup: %s", err)
 	}
 	err = r.applyConfig(buf)
 	if err != nil {
-		return err
+		return fmt.Errorf("apply config: %w", err)
 	}
 	log.Infof("added %d search domains. Search list: %s", len(searchDomainList), searchDomainList)
@@ -67,20 +73,34 @@ func (r *resolvconf) applyDNSConfig(config HostDNSConfig) error {
 }
 func (r *resolvconf) restoreHostDNS() error {
 	// openresolv only, debian resolvconf doesn't support "-f"
 	cmd := exec.Command(resolvconfCommand, "-f", "-d", r.ifaceName)
 	_, err := cmd.Output()
 	if err != nil {
-		return fmt.Errorf("got an error while removing resolvconf configuration for %s interface, error: %s", r.ifaceName, err)
+		return fmt.Errorf("removing resolvconf configuration for %s interface, error: %w", r.ifaceName, err)
 	}
 	if err := removeUncleanShutdownIndicator(); err != nil {
 		log.Errorf("failed to remove unclean shutdown resolv.conf backup: %s", err)
 	}
 	return nil
 }
 func (r *resolvconf) applyConfig(content bytes.Buffer) error {
 	// openresolv only, debian resolvconf doesn't support "-x"
 	cmd := exec.Command(resolvconfCommand, "-x", "-a", r.ifaceName)
 	cmd.Stdin = &content
 	_, err := cmd.Output()
 	if err != nil {
-		return fmt.Errorf("got an error while applying resolvconf configuration for %s interface, error: %s", r.ifaceName, err)
+		return fmt.Errorf("applying resolvconf configuration for %s interface, error: %w", r.ifaceName, err)
 	}
 	return nil
 }
 func (r *resolvconf) restoreUncleanShutdownDNS(*netip.Addr) error {
 	if err := r.restoreHostDNS(); err != nil {
 		return fmt.Errorf("restoring dns for interface %s: %w", r.ifaceName, err)
 	}
 	return nil
 }
--- a/client/internal/dns/response_writer.go
+++ b/client/internal/dns/response_writer.go
@@ -31,10 +31,13 @@ func (r *responseWriter) RemoteAddr() net.Addr {
 func (r *responseWriter) WriteMsg(msg *dns.Msg) error {
 	buff, err := msg.Pack()
 	if err != nil {
-		return err
+		return fmt.Errorf("pack: %w", err)
 	}
-	_, err = r.Write(buff)
+
-	return err
+	if _, err := r.Write(buff); err != nil {
 		return fmt.Errorf("write: %w", err)
 	}
 	return nil
 }
 // Write writes a raw buffer back to the client.
--- a/client/internal/dns/server.go
+++ b/client/internal/dns/server.go
@@ -32,6 +32,7 @@ type Server interface {
 	UpdateDNSServer(serial uint64, update nbdns.Config) error
 	OnUpdatedHostDNSServer(strings []string)
 	SearchDomains() []string
 	ProbeAvailability()
 }
 type registeredHandlerMap map[string]handlerWithStop
@@ -63,6 +64,7 @@ type DefaultServer struct {
 type handlerWithStop interface {
 	dns.Handler
 	stop()
 	probeAvailability()
 }
 type muxUpdate struct {
@@ -140,12 +142,15 @@ func (s *DefaultServer) Initialize() (err error) {
 	if s.permanent {
 		err = s.service.Listen()
 		if err != nil {
-			return err
+			return fmt.Errorf("service listen: %w", err)
 		}
 	}
 	s.hostManager, err = s.initialize()
-	return err
+	if err != nil {
 		return fmt.Errorf("initialize: %w", err)
 	}
 	return nil
 }
 // DnsIP returns the DNS resolver server IP address
@@ -223,7 +228,7 @@ func (s *DefaultServer) UpdateDNSServer(serial uint64, update nbdns.Config) erro
 		}
 		if err := s.applyConfiguration(update); err != nil {
-			return err
+			return fmt.Errorf("apply configuration: %w", err)
 		}
 		s.updateSerial = serial
@@ -248,6 +253,14 @@ func (s *DefaultServer) SearchDomains() []string {
 	return searchDomains
 }
 // ProbeAvailability tests each upstream group's servers for availability
 // and deactivates the group if no server responds
 func (s *DefaultServer) ProbeAvailability() {
 	for _, mux := range s.dnsMuxMap {
 		mux.probeAvailability()
 	}
 }
 func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 	// is the service should be Disabled, we stop the listener or fake resolver
 	// and proceed with a regular update to clean up the handlers and records
@@ -378,6 +391,7 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 			})
 		}
 	}
 	return muxUpdates, nil
 }
@@ -488,13 +502,13 @@ func (s *DefaultServer) upstreamCallbacks(
 		}
 		l := log.WithField("nameservers", nsGroup.NameServers)
-		l.Debug("reactivate temporary Disabled nameserver group")
+		l.Debug("reactivate temporary disabled nameserver group")
 		if nsGroup.Primary {
 			s.currentConfig.RouteAll = true
 		}
 		if err := s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
-			l.WithError(err).Error("reactivate temporary Disabled nameserver group, DNS update apply")
+			l.WithError(err).Error("reactivate temporary disabled nameserver group, DNS update apply")
 		}
 	}
 	return
--- a/client/internal/dns/server_android.go
+++ b/client/internal/dns/server_android.go
@@ -1,5 +1,5 @@
 package dns
 func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager(s.wgInterface)
+	return newHostManager()
 }
--- a/client/internal/dns/server_darwin.go
+++ b/client/internal/dns/server_darwin.go
@@ -3,5 +3,5 @@
 package dns
 func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager(s.wgInterface)
+	return newHostManager()
 }
--- a/client/internal/dns/server_linux.go
+++ b/client/internal/dns/server_linux.go
@@ -3,5 +3,5 @@
 package dns
 func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager(s.wgInterface)
+	return newHostManager(s.wgInterface.Name())
 }
--- a/client/internal/dns/server_test.go
+++ b/client/internal/dns/server_test.go
@@ -12,6 +12,7 @@ import (
 	"github.com/golang/mock/gomock"
 	log "github.com/sirupsen/logrus"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"github.com/netbirdio/netbird/client/firewall/uspfilter"
 	"github.com/netbirdio/netbird/client/internal/stdnet"
@@ -58,6 +59,10 @@ func (w *mocWGIface) SetFilter(filter iface.PacketFilter) error {
 	return nil
 }
 func (w *mocWGIface) GetStats(_ string) (iface.WGStats, error) {
 	return iface.WGStats{}, nil
 }
 var zoneRecords = []nbdns.SimpleRecord{
 	{
 		Name:  "peera.netbird.cloud",
@@ -250,11 +255,12 @@ func TestUpdateDNSServer(t *testing.T) {
 	for n, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
 			privKey, _ := wgtypes.GenerateKey()
 			newNet, err := stdnet.NewNet(nil)
 			if err != nil {
 				t.Fatal(err)
 			}
-			wgIface, err := iface.NewWGIFace(fmt.Sprintf("utun230%d", n), fmt.Sprintf("100.66.100.%d/32", n+1), iface.DefaultMTU, nil, newNet)
+			wgIface, err := iface.NewWGIFace(fmt.Sprintf("utun230%d", n), fmt.Sprintf("100.66.100.%d/32", n+1), 33100, privKey.String(), iface.DefaultMTU, newNet, nil)
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -331,7 +337,8 @@ func TestDNSFakeResolverHandleUpdates(t *testing.T) {
 		return
 	}
-	wgIface, err := iface.NewWGIFace("utun2301", "100.66.100.1/32", iface.DefaultMTU, nil, newNet)
+	privKey, _ := wgtypes.GeneratePrivateKey()
 	wgIface, err := iface.NewWGIFace("utun2301", "100.66.100.1/32", 33100, privKey.String(), iface.DefaultMTU, newNet, nil)
 	if err != nil {
 		t.Errorf("build interface wireguard: %v", err)
 		return
@@ -782,7 +789,8 @@ func createWgInterfaceWithBind(t *testing.T) (*iface.WGIface, error) {
 		return nil, err
 	}
-	wgIface, err := iface.NewWGIFace("utun2301", "100.66.100.2/24", iface.DefaultMTU, nil, newNet)
+	privKey, _ := wgtypes.GeneratePrivateKey()
 	wgIface, err := iface.NewWGIFace("utun2301", "100.66.100.2/24", 33100, privKey.String(), iface.DefaultMTU, newNet, nil)
 	if err != nil {
 		t.Fatalf("build interface wireguard: %v", err)
 		return nil, err
--- a/client/internal/dns/service_listener.go
+++ b/client/internal/dns/service_listener.go
@@ -28,7 +28,7 @@ type serviceViaListener struct {
 	customAddr        *netip.AddrPort
 	server            *dns.Server
 	listenIP          string
-	listenPort        int
+	listenPort        uint16
 	listenerIsRunning bool
 	listenerFlagLock  sync.Mutex
 	ebpfService       ebpfMgr.Manager
@@ -63,18 +63,9 @@ func (s *serviceViaListener) Listen() error {
 	s.listenIP, s.listenPort, err = s.evalListenAddress()
 	if err != nil {
 		log.Errorf("failed to eval runtime address: %s", err)
-		return err
+		return fmt.Errorf("eval listen address: %w", err)
 	}
 	s.server.Addr = fmt.Sprintf("%s:%d", s.listenIP, s.listenPort)
 	if s.shouldApplyPortFwd() {
 		s.ebpfService = ebpf.GetEbpfManagerInstance()
 		err = s.ebpfService.LoadDNSFwd(s.listenIP, s.listenPort)
 		if err != nil {
 			log.Warnf("failed to load DNS port forwarder, custom port may not work well on some Linux operating systems: %s", err)
 			s.ebpfService = nil
 		}
 	}
 	log.Debugf("starting dns on %s", s.server.Addr)
 	go func() {
 		s.setListenerStatus(true)
@@ -128,7 +119,7 @@ func (s *serviceViaListener) RuntimePort() int {
 	if s.ebpfService != nil {
 		return defaultPort
 	} else {
-		return s.listenPort
+		return int(s.listenPort)
 	}
 }
@@ -140,54 +131,112 @@ func (s *serviceViaListener) setListenerStatus(running bool) {
 	s.listenerIsRunning = running
 }
-func (s *serviceViaListener) getFirstListenerAvailable() (string, int, error) {
+// evalListenAddress figure out the listen address for the DNS server
-	ips := []string{defaultIP, customIP}
+// first check the 53 port availability on WG interface or lo, if not success
 // pick a random port on WG interface for eBPF, if not success
 // check the 5053 port availability on WG interface or lo without eBPF usage,
 func (s *serviceViaListener) evalListenAddress() (string, uint16, error) {
 	if s.customAddr != nil {
 		return s.customAddr.Addr().String(), s.customAddr.Port(), nil
 	}
 	ip, ok := s.testFreePort(defaultPort)
 	if ok {
 		return ip, defaultPort, nil
 	}
 	ebpfSrv, port, ok := s.tryToUseeBPF()
 	if ok {
 		s.ebpfService = ebpfSrv
 		return s.wgInterface.Address().IP.String(), port, nil
 	}
 	ip, ok = s.testFreePort(customPort)
 	if ok {
 		return ip, customPort, nil
 	}
 	return "", 0, fmt.Errorf("failed to find a free port for DNS server")
 }
 func (s *serviceViaListener) testFreePort(port int) (string, bool) {
 	var ips []string
 	if runtime.GOOS != "darwin" {
-		ips = append([]string{s.wgInterface.Address().IP.String()}, ips...)
+		ips = []string{s.wgInterface.Address().IP.String(), defaultIP, customIP}
 	} else {
 		ips = []string{defaultIP, customIP}
 	}
-	ports := []int{defaultPort, customPort}
+
-	for _, port := range ports {
+	for _, ip := range ips {
-		for _, ip := range ips {
+		if !s.tryToBind(ip, port) {
-			addrString := fmt.Sprintf("%s:%d", ip, port)
+			continue
 			udpAddr := net.UDPAddrFromAddrPort(netip.MustParseAddrPort(addrString))
 			probeListener, err := net.ListenUDP("udp", udpAddr)
 			if err == nil {
 				err = probeListener.Close()
 				if err != nil {
 					log.Errorf("got an error closing the probe listener, error: %s", err)
 				}
 				return ip, port, nil
 			}
 			log.Warnf("binding dns on %s is not available, error: %s", addrString, err)
 		}
 		return ip, true
 	}
-	return "", 0, fmt.Errorf("unable to find an unused ip and port combination. IPs tested: %v and ports %v", ips, ports)
+	return "", false
 }
-func (s *serviceViaListener) evalListenAddress() (string, int, error) {
+func (s *serviceViaListener) tryToBind(ip string, port int) bool {
-	if s.customAddr != nil {
+	addrString := fmt.Sprintf("%s:%d", ip, port)
-		return s.customAddr.Addr().String(), int(s.customAddr.Port()), nil
+	udpAddr := net.UDPAddrFromAddrPort(netip.MustParseAddrPort(addrString))
-	}
+	probeListener, err := net.ListenUDP("udp", udpAddr)
-
+	if err != nil {
-	return s.getFirstListenerAvailable()
+		log.Warnf("binding dns on %s is not available, error: %s", addrString, err)
 }
 // shouldApplyPortFwd decides whether to apply eBPF program to capture DNS traffic on port 53.
 // This is needed because on some operating systems if we start a DNS server not on a default port 53, the domain name
 // resolution won't work.
 // So, in case we are running on Linux and picked a non-default port (53) we should fall back to the eBPF solution that will capture
 // traffic on port 53 and forward it to a local DNS server running on 5053.
 func (s *serviceViaListener) shouldApplyPortFwd() bool {
 	if runtime.GOOS != "linux" {
 		return false
 	}
-	if s.customAddr != nil {
+	err = probeListener.Close()
-		return false
+	if err != nil {
-	}
+		log.Errorf("got an error closing the probe listener, error: %s", err)
 	if s.listenPort == defaultPort {
 		return false
 	}
 	return true
 }
 // tryToUseeBPF decides whether to apply eBPF program to capture DNS traffic on port 53.
 // This is needed because on some operating systems if we start a DNS server not on a default port 53,
 // the domain name  resolution won't work. So, in case we are running on Linux and picked a free
 // port we should fall back to the eBPF solution that will capture traffic on port 53 and forward
 // it to a local DNS server running on the chosen port.
 func (s *serviceViaListener) tryToUseeBPF() (ebpfMgr.Manager, uint16, bool) {
 	if runtime.GOOS != "linux" {
 		return nil, 0, false
 	}
 	port, err := s.generateFreePort() //nolint:staticcheck,unused
 	if err != nil {
 		log.Warnf("failed to generate a free port for eBPF DNS forwarder server: %s", err)
 		return nil, 0, false
 	}
 	ebpfSrv := ebpf.GetEbpfManagerInstance()
 	err = ebpfSrv.LoadDNSFwd(s.wgInterface.Address().IP.String(), int(port))
 	if err != nil {
 		log.Warnf("failed to load DNS forwarder eBPF program, error: %s", err)
 		return nil, 0, false
 	}
 	return ebpfSrv, port, true
 }
 func (s *serviceViaListener) generateFreePort() (uint16, error) {
 	ok := s.tryToBind(s.wgInterface.Address().IP.String(), customPort)
 	if ok {
 		return customPort, nil
 	}
 	udpAddr := net.UDPAddrFromAddrPort(netip.MustParseAddrPort("0.0.0.0:0"))
 	probeListener, err := net.ListenUDP("udp", udpAddr)
 	if err != nil {
 		log.Debugf("failed to bind random port for DNS: %s", err)
 		return 0, err
 	}
 	addrPort := netip.MustParseAddrPort(probeListener.LocalAddr().String()) // might panic if address is incorrect
 	err = probeListener.Close()
 	if err != nil {
 		log.Debugf("failed to free up DNS port: %s", err)
 		return 0, err
 	}
 	return addrPort.Port(), nil
 }
--- a/client/internal/dns/service_memory.go
+++ b/client/internal/dns/service_memory.go
@@ -44,7 +44,7 @@ func (s *serviceViaMemory) Listen() error {
 	var err error
 	s.udpFilterHookID, err = s.filterDNSTraffic()
 	if err != nil {
-		return err
+		return fmt.Errorf("filter dns traffice: %w", err)
 	}
 	s.listenerIsRunning = true
--- a/client/internal/dns/systemd_linux.go
+++ b/client/internal/dns/systemd_linux.go
@@ -4,6 +4,7 @@ package dns
 import (
 	"context"
 	"errors"
 	"fmt"
 	"net"
 	"net/netip"
@@ -30,6 +31,8 @@ const (
 	systemdDbusSetDefaultRouteMethodSuffix = systemdDbusLinkInterface + ".SetDefaultRoute"
 	systemdDbusSetDomainsMethodSuffix      = systemdDbusLinkInterface + ".SetDomains"
 	systemdDbusResolvConfModeForeign       = "foreign"
 	dbusErrorUnknownObject = "org.freedesktop.DBus.Error.UnknownObject"
 )
 type systemdDbusConfigurator struct {
@@ -52,22 +55,22 @@ type systemdDbusLinkDomainsInput struct {
 	MatchOnly bool
 }
-func newSystemdDbusConfigurator(wgInterface WGIface) (hostManager, error) {
+func newSystemdDbusConfigurator(wgInterface string) (hostManager, error) {
-	iface, err := net.InterfaceByName(wgInterface.Name())
+	iface, err := net.InterfaceByName(wgInterface)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("get interface: %w", err)
 	}
 	obj, closeConn, err := getDbusObject(systemdResolvedDest, systemdDbusObjectNode)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("get dbus resolved dest: %w", err)
 	}
 	defer closeConn()
 	var s string
 	err = obj.Call(systemdDbusGetLinkMethod, dbusDefaultFlag, iface.Index).Store(&s)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("get dbus link method: %w", err)
 	}
 	log.Debugf("got dbus Link interface: %s from net interface %s and index %d", s, iface.Name, iface.Index)
@@ -84,7 +87,7 @@ func (s *systemdDbusConfigurator) supportCustomPort() bool {
 func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	parsedIP, err := netip.ParseAddr(config.ServerIP)
 	if err != nil {
-		return fmt.Errorf("unable to parse ip address, error: %s", err)
+		return fmt.Errorf("unable to parse ip address, error: %w", err)
 	}
 	ipAs4 := parsedIP.As4()
 	defaultLinkInput := systemdDbusDNSInput{
@@ -93,7 +96,7 @@ func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	}
 	err = s.callLinkMethod(systemdDbusSetDNSMethodSuffix, []systemdDbusDNSInput{defaultLinkInput})
 	if err != nil {
-		return fmt.Errorf("setting the interface DNS server %s:%d failed with error: %s", config.ServerIP, config.ServerPort, err)
+		return fmt.Errorf("setting the interface DNS server %s:%d failed with error: %w", config.ServerIP, config.ServerPort, err)
 	}
 	var (
@@ -121,7 +124,7 @@ func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		log.Infof("configured %s:%d as main DNS forwarder for this peer", config.ServerIP, config.ServerPort)
 		err = s.callLinkMethod(systemdDbusSetDefaultRouteMethodSuffix, true)
 		if err != nil {
-			return fmt.Errorf("setting link as default dns router, failed with error: %s", err)
+			return fmt.Errorf("setting link as default dns router, failed with error: %w", err)
 		}
 		domainsInput = append(domainsInput, systemdDbusLinkDomainsInput{
 			Domain:    nbdns.RootZone,
@@ -132,6 +135,12 @@ func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		log.Infof("removing %s:%d as main DNS forwarder for this peer", config.ServerIP, config.ServerPort)
 	}
 	// create a backup for unclean shutdown detection before adding domains, as these might end up in the resolv.conf file.
 	// The file content itself is not important for systemd restoration
 	if err := createUncleanShutdownIndicator(defaultResolvConfPath, systemdManager, parsedIP.String()); err != nil {
 		log.Errorf("failed to create unclean shutdown resolv.conf backup: %s", err)
 	}
 	log.Infof("adding %d search domains and %d match domains. Search list: %s , Match list: %s", len(searchDomains), len(matchDomains), searchDomains, matchDomains)
 	err = s.setDomainsForInterface(domainsInput)
 	if err != nil {
@@ -143,7 +152,7 @@ func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 func (s *systemdDbusConfigurator) setDomainsForInterface(domainsInput []systemdDbusLinkDomainsInput) error {
 	err := s.callLinkMethod(systemdDbusSetDomainsMethodSuffix, domainsInput)
 	if err != nil {
-		return fmt.Errorf("setting domains configuration failed with error: %s", err)
+		return fmt.Errorf("setting domains configuration failed with error: %w", err)
 	}
 	return s.flushCaches()
 }
@@ -153,17 +162,29 @@ func (s *systemdDbusConfigurator) restoreHostDNS() error {
 	if !isDbusListenerRunning(systemdResolvedDest, s.dbusLinkObject) {
 		return nil
 	}
 	// this call is required for DNS cleanup, even if it fails
 	err := s.callLinkMethod(systemdDbusRevertMethodSuffix, nil)
 	if err != nil {
-		return fmt.Errorf("unable to revert link configuration, got error: %s", err)
+		var dbusErr dbus.Error
 		if errors.As(err, &dbusErr) && dbusErr.Name == dbusErrorUnknownObject {
 			// interface is gone already
 			return nil
 		}
 		return fmt.Errorf("unable to revert link configuration, got error: %w", err)
 	}
 	if err := removeUncleanShutdownIndicator(); err != nil {
 		log.Errorf("failed to remove unclean shutdown resolv.conf backup: %s", err)
 	}
 	return s.flushCaches()
 }
 func (s *systemdDbusConfigurator) flushCaches() error {
 	obj, closeConn, err := getDbusObject(systemdResolvedDest, systemdDbusObjectNode)
 	if err != nil {
-		return fmt.Errorf("got error while attempting to retrieve the object %s, err: %s", systemdDbusObjectNode, err)
+		return fmt.Errorf("attempting to retrieve the object %s, err: %w", systemdDbusObjectNode, err)
 	}
 	defer closeConn()
 	ctx, cancel := context.WithTimeout(context.TODO(), 5*time.Second)
@@ -171,7 +192,7 @@ func (s *systemdDbusConfigurator) flushCaches() error {
 	err = obj.CallWithContext(ctx, systemdDbusFlushCachesMethod, dbusDefaultFlag).Store()
 	if err != nil {
-		return fmt.Errorf("got error while calling the FlushCaches method with context, err: %s", err)
+		return fmt.Errorf("calling the FlushCaches method with context, err: %w", err)
 	}
 	return nil
@@ -180,7 +201,7 @@ func (s *systemdDbusConfigurator) flushCaches() error {
 func (s *systemdDbusConfigurator) callLinkMethod(method string, value any) error {
 	obj, closeConn, err := getDbusObject(systemdResolvedDest, s.dbusLinkObject)
 	if err != nil {
-		return fmt.Errorf("got error while attempting to retrieve the object, err: %s", err)
+		return fmt.Errorf("attempting to retrieve the object, err: %w", err)
 	}
 	defer closeConn()
@@ -194,22 +215,29 @@ func (s *systemdDbusConfigurator) callLinkMethod(method string, value any) error
 	}
 	if err != nil {
-		return fmt.Errorf("got error while calling command with context, err: %s", err)
+		return fmt.Errorf("calling command with context, err: %w", err)
 	}
 	return nil
 }
 func (s *systemdDbusConfigurator) restoreUncleanShutdownDNS(*netip.Addr) error {
 	if err := s.restoreHostDNS(); err != nil {
 		return fmt.Errorf("restoring dns via systemd: %w", err)
 	}
 	return nil
 }
 func getSystemdDbusProperty(property string, store any) error {
 	obj, closeConn, err := getDbusObject(systemdResolvedDest, systemdDbusObjectNode)
 	if err != nil {
-		return fmt.Errorf("got error while attempting to retrieve the systemd dns manager object, error: %s", err)
+		return fmt.Errorf("attempting to retrieve the systemd dns manager object, error: %w", err)
 	}
 	defer closeConn()
 	v, e := obj.GetProperty(property)
 	if e != nil {
-		return fmt.Errorf("got an error getting property %s: %v", property, e)
+		return fmt.Errorf("getting property %s: %w", property, e)
 	}
 	return v.Store(store)
--- a/client/internal/dns/unclean_shutdown_android.go
+++ b/client/internal/dns/unclean_shutdown_android.go
@@ -0,0 +1,5 @@
 package dns
 func CheckUncleanShutdown(string) error {
 	return nil
 }
--- a/client/internal/dns/unclean_shutdown_darwin.go
+++ b/client/internal/dns/unclean_shutdown_darwin.go
@@ -0,0 +1,59 @@
 //go:build !ios
 package dns
 import (
 	"errors"
 	"fmt"
 	"io/fs"
 	"os"
 	"path/filepath"
 	log "github.com/sirupsen/logrus"
 )
 const fileUncleanShutdownFileLocation = "/var/lib/netbird/unclean_shutdown_dns"
 func CheckUncleanShutdown(string) error {
 	if _, err := os.Stat(fileUncleanShutdownFileLocation); err != nil {
 		if errors.Is(err, fs.ErrNotExist) {
 			// no file -> clean shutdown
 			return nil
 		} else {
 			return fmt.Errorf("state: %w", err)
 		}
 	}
 	log.Warnf("detected unclean shutdown, file %s exists. Restoring unclean shutdown dns settings.", fileUncleanShutdownFileLocation)
 	manager, err := newHostManager()
 	if err != nil {
 		return fmt.Errorf("create host manager: %w", err)
 	}
 	if err := manager.restoreUncleanShutdownDNS(nil); err != nil {
 		return fmt.Errorf("restore unclean shutdown backup: %w", err)
 	}
 	return nil
 }
 func createUncleanShutdownIndicator() error {
 	dir := filepath.Dir(fileUncleanShutdownFileLocation)
 	if err := os.MkdirAll(dir, os.FileMode(0755)); err != nil {
 		return fmt.Errorf("create dir %s: %w", dir, err)
 	}
 	if err := os.WriteFile(fileUncleanShutdownFileLocation, nil, 0644); err != nil { //nolint:gosec
 		return fmt.Errorf("create %s: %w", fileUncleanShutdownFileLocation, err)
 	}
 	return nil
 }
 func removeUncleanShutdownIndicator() error {
 	if err := os.Remove(fileUncleanShutdownFileLocation); err != nil && !errors.Is(err, fs.ErrNotExist) {
 		return fmt.Errorf("remove %s: %w", fileUncleanShutdownFileLocation, err)
 	}
 	return nil
 }
--- a/client/internal/dns/unclean_shutdown_ios.go
+++ b/client/internal/dns/unclean_shutdown_ios.go
@@ -0,0 +1,5 @@
 package dns
 func CheckUncleanShutdown(string) error {
 	return nil
 }
--- a/client/internal/dns/unclean_shutdown_linux.go
+++ b/client/internal/dns/unclean_shutdown_linux.go
@@ -0,0 +1,96 @@
 //go:build !android
 package dns
 import (
 	"errors"
 	"fmt"
 	"io/fs"
 	"net/netip"
 	"os"
 	"path/filepath"
 	"strings"
 	log "github.com/sirupsen/logrus"
 )
 const (
 	fileUncleanShutdownResolvConfLocation  = "/var/lib/netbird/resolv.conf"
 	fileUncleanShutdownManagerTypeLocation = "/var/lib/netbird/manager"
 )
 func CheckUncleanShutdown(wgIface string) error {
 	if _, err := os.Stat(fileUncleanShutdownResolvConfLocation); err != nil {
 		if errors.Is(err, fs.ErrNotExist) {
 			// no file -> clean shutdown
 			return nil
 		} else {
 			return fmt.Errorf("state: %w", err)
 		}
 	}
 	log.Warnf("detected unclean shutdown, file %s exists", fileUncleanShutdownResolvConfLocation)
 	managerData, err := os.ReadFile(fileUncleanShutdownManagerTypeLocation)
 	if err != nil {
 		return fmt.Errorf("read %s: %w", fileUncleanShutdownManagerTypeLocation, err)
 	}
 	managerFields := strings.Split(string(managerData), ",")
 	if len(managerFields) < 2 {
 		return errors.New("split manager data: insufficient number of fields")
 	}
 	osManagerTypeStr, dnsAddressStr := managerFields[0], managerFields[1]
 	dnsAddress, err := netip.ParseAddr(dnsAddressStr)
 	if err != nil {
 		return fmt.Errorf("parse dns address %s failed: %w", dnsAddressStr, err)
 	}
 	log.Warnf("restoring unclean shutdown dns settings via previously detected manager: %s", osManagerTypeStr)
 	// determine os manager type, so we can invoke the respective restore action
 	osManagerType, err := newOsManagerType(osManagerTypeStr)
 	if err != nil {
 		return fmt.Errorf("detect previous host manager: %w", err)
 	}
 	manager, err := newHostManagerFromType(wgIface, osManagerType)
 	if err != nil {
 		return fmt.Errorf("create previous host manager: %w", err)
 	}
 	if err := manager.restoreUncleanShutdownDNS(&dnsAddress); err != nil {
 		return fmt.Errorf("restore unclean shutdown backup: %w", err)
 	}
 	return nil
 }
 func createUncleanShutdownIndicator(sourcePath string, managerType osManagerType, dnsAddress string) error {
 	dir := filepath.Dir(fileUncleanShutdownResolvConfLocation)
 	if err := os.MkdirAll(dir, os.FileMode(0755)); err != nil {
 		return fmt.Errorf("create dir %s: %w", dir, err)
 	}
 	if err := copyFile(sourcePath, fileUncleanShutdownResolvConfLocation); err != nil {
 		return fmt.Errorf("create %s: %w", sourcePath, err)
 	}
 	managerData := fmt.Sprintf("%s,%s", managerType, dnsAddress)
 	if err := os.WriteFile(fileUncleanShutdownManagerTypeLocation, []byte(managerData), 0644); err != nil { //nolint:gosec
 		return fmt.Errorf("create %s: %w", fileUncleanShutdownManagerTypeLocation, err)
 	}
 	return nil
 }
 func removeUncleanShutdownIndicator() error {
 	if err := os.Remove(fileUncleanShutdownResolvConfLocation); err != nil && !errors.Is(err, fs.ErrNotExist) {
 		return fmt.Errorf("remove %s: %w", fileUncleanShutdownResolvConfLocation, err)
 	}
 	if err := os.Remove(fileUncleanShutdownManagerTypeLocation); err != nil && !errors.Is(err, fs.ErrNotExist) {
 		return fmt.Errorf("remove %s: %w", fileUncleanShutdownManagerTypeLocation, err)
 	}
 	return nil
 }
--- a/client/internal/dns/unclean_shutdown_windows.go
+++ b/client/internal/dns/unclean_shutdown_windows.go
@@ -0,0 +1,75 @@
 package dns
 import (
 	"errors"
 	"fmt"
 	"io/fs"
 	"os"
 	"path/filepath"
 	"github.com/sirupsen/logrus"
 )
 const (
 	netbirdProgramDataLocation = "Netbird"
 	fileUncleanShutdownFile    = "unclean_shutdown_dns.txt"
 )
 func CheckUncleanShutdown(string) error {
 	file := getUncleanShutdownFile()
 	if _, err := os.Stat(file); err != nil {
 		if errors.Is(err, fs.ErrNotExist) {
 			// no file -> clean shutdown
 			return nil
 		} else {
 			return fmt.Errorf("state: %w", err)
 		}
 	}
 	logrus.Warnf("detected unclean shutdown, file %s exists. Restoring unclean shutdown dns settings.", file)
 	guid, err := os.ReadFile(file)
 	if err != nil {
 		return fmt.Errorf("read %s: %w", file, err)
 	}
 	manager, err := newHostManagerWithGuid(string(guid))
 	if err != nil {
 		return fmt.Errorf("create host manager: %w", err)
 	}
 	if err := manager.restoreUncleanShutdownDNS(nil); err != nil {
 		return fmt.Errorf("restore unclean shutdown backup: %w", err)
 	}
 	return nil
 }
 func createUncleanShutdownIndicator(guid string) error {
 	file := getUncleanShutdownFile()
 	dir := filepath.Dir(file)
 	if err := os.MkdirAll(dir, os.FileMode(0755)); err != nil {
 		return fmt.Errorf("create dir %s: %w", dir, err)
 	}
 	if err := os.WriteFile(file, []byte(guid), 0600); err != nil {
 		return fmt.Errorf("create %s: %w", file, err)
 	}
 	return nil
 }
 func removeUncleanShutdownIndicator() error {
 	file := getUncleanShutdownFile()
 	if err := os.Remove(file); err != nil && !errors.Is(err, fs.ErrNotExist) {
 		return fmt.Errorf("remove %s: %w", file, err)
 	}
 	return nil
 }
 func getUncleanShutdownFile() string {
 	return filepath.Join(os.Getenv("PROGRAMDATA"), netbirdProgramDataLocation, fileUncleanShutdownFile)
 }
--- a/client/internal/dns/upstream.go
+++ b/client/internal/dns/upstream.go
@@ -19,10 +19,13 @@ const (
 	failsTillDeact   = int32(5)
 	reactivatePeriod = 30 * time.Second
 	upstreamTimeout  = 15 * time.Second
 	probeTimeout     = 2 * time.Second
 )
 const testRecord = "."
 type upstreamClient interface {
-	exchange(upstream string, r *dns.Msg) (*dns.Msg, time.Duration, error)
+	exchange(ctx context.Context, upstream string, r *dns.Msg) (*dns.Msg, time.Duration, error)
 }
 type UpstreamResolver interface {
@@ -76,11 +79,18 @@ func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 	}
 	for _, upstream := range u.upstreamServers {
 		var rm *dns.Msg
 		var t time.Duration
 		var err error
-		rm, t, err := u.upstreamClient.exchange(upstream, r)
+		func() {
 			ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
 			defer cancel()
 			rm, t, err = u.upstreamClient.exchange(ctx, upstream, r)
 		}()
 		if err != nil {
-			if err == context.DeadlineExceeded || isTimeout(err) {
+			if errors.Is(err, context.DeadlineExceeded) || isTimeout(err) {
 				log.WithError(err).WithField("upstream", upstream).
 					Warn("got an error while connecting to upstream")
 				continue
@@ -134,13 +144,49 @@ func (u *upstreamResolverBase) checkUpstreamFails() {
 	case <-u.ctx.Done():
 		return
 	default:
-		// todo test the deactivation logic, it seems to affect the client
+	}
-		if runtime.GOOS != "ios" {
+
-			log.Warnf("upstream resolving is Disabled for %v", reactivatePeriod)
+	u.disable()
-			u.deactivate()
+}
-			u.disabled = true
+
-			go u.waitUntilResponse()
+// probeAvailability tests all upstream servers simultaneously and
-		}
+// disables the resolver if none work
 func (u *upstreamResolverBase) probeAvailability() {
 	u.mutex.Lock()
 	defer u.mutex.Unlock()
 	select {
 	case <-u.ctx.Done():
 		return
 	default:
 	}
 	var success bool
 	var mu sync.Mutex
 	var wg sync.WaitGroup
 	for _, upstream := range u.upstreamServers {
 		upstream := upstream
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
 			if err := u.testNameserver(upstream); err != nil {
 				log.Warnf("probing upstream nameserver %s: %s", upstream, err)
 				return
 			}
 			mu.Lock()
 			defer mu.Unlock()
 			success = true
 		}()
 	}
 	wg.Wait()
 	// didn't find a working upstream server, let's disable and try later
 	if !success {
 		u.disable()
 	}
 }
@@ -156,8 +202,6 @@ func (u *upstreamResolverBase) waitUntilResponse() {
 		Clock:               backoff.SystemClock,
 	}
 	r := new(dns.Msg).SetQuestion("netbird.io.", dns.TypeA)
 	operation := func() error {
 		select {
 		case <-u.ctx.Done():
@@ -165,17 +209,17 @@ func (u *upstreamResolverBase) waitUntilResponse() {
 		default:
 		}
 		var err error
 		for _, upstream := range u.upstreamServers {
-			_, _, err = u.upstreamClient.exchange(upstream, r)
+			if err := u.testNameserver(upstream); err != nil {
-
+				log.Tracef("upstream check for %s: %s", upstream, err)
-			if err == nil {
+			} else {
 				// at least one upstream server is available, stop probing
 				return nil
 			}
 		}
-		log.Tracef("checking connectivity with upstreams %s failed with error: %s. Retrying in %s", err, u.upstreamServers, exponentialBackOff.NextBackOff())
+		log.Tracef("checking connectivity with upstreams %s failed. Retrying in %s", u.upstreamServers, exponentialBackOff.NextBackOff())
-		return fmt.Errorf("got an error from upstream check call")
+		return fmt.Errorf("upstream check call error")
 	}
 	err := backoff.Retry(operation, exponentialBackOff)
@@ -200,3 +244,27 @@ func isTimeout(err error) bool {
 	}
 	return false
 }
 func (u *upstreamResolverBase) disable() {
 	if u.disabled {
 		return
 	}
 	// todo test the deactivation logic, it seems to affect the client
 	if runtime.GOOS != "ios" {
 		log.Warnf("upstream resolving is Disabled for %v", reactivatePeriod)
 		u.deactivate()
 		u.disabled = true
 		go u.waitUntilResponse()
 	}
 }
 func (u *upstreamResolverBase) testNameserver(server string) error {
 	ctx, cancel := context.WithTimeout(u.ctx, probeTimeout)
 	defer cancel()
 	r := new(dns.Msg).SetQuestion(testRecord, dns.TypeSOA)
 	_, _, err := u.upstreamClient.exchange(ctx, server, r)
 	return err
 }
--- a/client/internal/dns/upstream_ios.go
+++ b/client/internal/dns/upstream_ios.go
@@ -40,30 +40,38 @@ func newUpstreamResolver(parentCTX context.Context, interfaceName string, ip net
 	return ios, nil
 }
-func (u *upstreamResolverIOS) exchange(upstream string, r *dns.Msg) (rm *dns.Msg, t time.Duration, err error) {
+func (u *upstreamResolverIOS) exchange(ctx context.Context, upstream string, r *dns.Msg) (rm *dns.Msg, t time.Duration, err error) {
 	client := &dns.Client{}
 	upstreamHost, _, err := net.SplitHostPort(upstream)
 	if err != nil {
 		log.Errorf("error while parsing upstream host: %s", err)
 	}
 	timeout := upstreamTimeout
 	if deadline, ok := ctx.Deadline(); ok {
 		timeout = time.Until(deadline)
 	}
 	client.DialTimeout = timeout
 	upstreamIP := net.ParseIP(upstreamHost)
 	if u.lNet.Contains(upstreamIP) || net.IP.IsPrivate(upstreamIP) {
 		log.Debugf("using private client to query upstream: %s", upstream)
-		client = u.getClientPrivate()
+		client = u.getClientPrivate(timeout)
 	}
 	// Cannot use client.ExchangeContext because it overwrites our Dialer
 	return client.Exchange(r, upstream)
 }
 // getClientPrivate returns a new DNS client bound to the local IP address of the Netbird interface
 // This method is needed for iOS
-func (u *upstreamResolverIOS) getClientPrivate() *dns.Client {
+func (u *upstreamResolverIOS) getClientPrivate(dialTimeout time.Duration) *dns.Client {
 	dialer := &net.Dialer{
 		LocalAddr: &net.UDPAddr{
 			IP:   u.lIP,
 			Port: 0, // Let the OS pick a free port
 		},
-		Timeout: upstreamTimeout,
+		Timeout: dialTimeout,
 		Control: func(network, address string, c syscall.RawConn) error {
 			var operr error
 			fn := func(s uintptr) {
--- a/client/internal/dns/upstream_nonios.go
+++ b/client/internal/dns/upstream_nonios.go
@@ -23,10 +23,7 @@ func newUpstreamResolver(parentCTX context.Context, interfaceName string, ip net
 	return nonIOS, nil
 }
-func (u *upstreamResolverNonIOS) exchange(upstream string, r *dns.Msg) (rm *dns.Msg, t time.Duration, err error) {
+func (u *upstreamResolverNonIOS) exchange(ctx context.Context, upstream string, r *dns.Msg) (rm *dns.Msg, t time.Duration, err error) {
 	upstreamExchangeClient := &dns.Client{}
-	ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
+	return upstreamExchangeClient.ExchangeContext(ctx, r, upstream)
 	rm, t, err = upstreamExchangeClient.ExchangeContext(ctx, r, upstream)
 	cancel()
 	return rm, t, err
 }
--- a/client/internal/dns/upstream_test.go
+++ b/client/internal/dns/upstream_test.go
@@ -105,8 +105,8 @@ type mockUpstreamResolver struct {
 	err error
 }
-// ExchangeContext mock implementation of ExchangeContext from upstreamResolver
+// exchange mock implementation of exchange from upstreamResolver
-func (c mockUpstreamResolver) exchange(upstream string, r *dns.Msg) (*dns.Msg, time.Duration, error) {
+func (c mockUpstreamResolver) exchange(_ context.Context, _ string, _ *dns.Msg) (*dns.Msg, time.Duration, error) {
 	return c.r, c.rtt, c.err
 }
--- a/client/internal/dns/wgiface.go
+++ b/client/internal/dns/wgiface.go
@@ -11,4 +11,5 @@ type WGIface interface {
 	IsUserspaceBind() bool
 	GetFilter() iface.PacketFilter
 	GetDevice() *iface.DeviceWrapper
 	GetStats(peerKey string) (iface.WGStats, error)
 }
--- a/client/internal/dns/wgiface_windows.go
+++ b/client/internal/dns/wgiface_windows.go
@@ -9,5 +9,6 @@ type WGIface interface {
 	IsUserspaceBind() bool
 	GetFilter() iface.PacketFilter
 	GetDevice() *iface.DeviceWrapper
 	GetStats(peerKey string) (iface.WGStats, error)
 	GetInterfaceGUIDString() (string, error)
 }
--- a/client/internal/ebpf/ebpf/bpf_bpfeb.go
+++ b/client/internal/ebpf/ebpf/bpf_bpfeb.go
@@ -1,6 +1,5 @@
 // Code generated by bpf2go; DO NOT EDIT.
 //go:build arm64be || armbe || mips || mips64 || mips64p32 || ppc64 || s390 || s390x || sparc || sparc64
 // +build arm64be armbe mips mips64 mips64p32 ppc64 s390 s390x sparc sparc64
 package ebpf
--- a/client/internal/ebpf/ebpf/bpf_bpfeb.o
+++ b/client/internal/ebpf/ebpf/bpf_bpfeb.o
--- a/client/internal/ebpf/ebpf/bpf_bpfel.go
+++ b/client/internal/ebpf/ebpf/bpf_bpfel.go
@@ -1,6 +1,5 @@
 // Code generated by bpf2go; DO NOT EDIT.
-//go:build 386 || amd64 || amd64p32 || arm || arm64 || mips64le || mips64p32le || mipsle || ppc64le || riscv64
+//go:build 386 || amd64 || amd64p32 || arm || arm64 || loong64 || mips64le || mips64p32le || mipsle || ppc64le || riscv64
 // +build 386 amd64 amd64p32 arm arm64 mips64le mips64p32le mipsle ppc64le riscv64
 package ebpf
--- a/client/internal/ebpf/ebpf/bpf_bpfel.o
+++ b/client/internal/ebpf/ebpf/bpf_bpfel.o
--- a/client/internal/ebpf/ebpf/dns_fwd_linux.go
+++ b/client/internal/ebpf/ebpf/dns_fwd_linux.go
@@ -13,7 +13,7 @@ const (
 )
 func (tf *GeneralManager) LoadDNSFwd(ip string, dnsPort int) error {
-	log.Debugf("load ebpf DNS forwarder: address: %s:%d", ip, dnsPort)
+	log.Debugf("load eBPF DNS forwarder, watching addr: %s:53, redirect to port: %d", ip, dnsPort)
 	tf.lock.Lock()
 	defer tf.lock.Unlock()
--- a/client/internal/ebpf/ebpf/src/dns_fwd.c
+++ b/client/internal/ebpf/ebpf/src/dns_fwd.c
@@ -46,8 +46,8 @@ int xdp_dns_fwd(struct iphdr  *ip, struct udphdr *udp) {
        if(!read_settings()){
            return XDP_PASS;
        }
-        bpf_printk("dns port: %d", ntohs(dns_port));
+        // bpf_printk("dns port: %d", ntohs(dns_port));
-        bpf_printk("dns ip: %d", ntohl(dns_ip));
+        // bpf_printk("dns ip: %d", ntohl(dns_ip));
    }
    if (udp->dest == GENERAL_DNS_PORT && ip->daddr == dns_ip) {
@@ -61,4 +61,4 @@ int xdp_dns_fwd(struct iphdr  *ip, struct udphdr *udp) {
    }
    return XDP_PASS;
-}
+}
--- a/client/internal/ebpf/ebpf/src/prog.c
+++ b/client/internal/ebpf/ebpf/src/prog.c
@@ -8,12 +8,6 @@
 #include "dns_fwd.c"
 #include "wg_proxy.c"
 #define bpf_printk(fmt, ...)                                                   \
  ({                                                                           \
    char ____fmt[] = fmt;                                                      \
    bpf_trace_printk(____fmt, sizeof(____fmt), ##__VA_ARGS__);                 \
  })
 const __u16 flag_feature_wg_proxy = 0b01;
 const __u16 flag_feature_dns_fwd = 0b10;
@@ -63,4 +57,4 @@ int nb_xdp_prog(struct xdp_md *ctx) {
    }
    return XDP_PASS;
 }
-char _license[] SEC("license") = "GPL";
+char _license[] SEC("license") = "GPL";
--- a/client/internal/ebpf/ebpf/src/readme.md
+++ b/client/internal/ebpf/ebpf/src/readme.md
@@ -0,0 +1,17 @@
 # DNS forwarder
 The agent attach the XDP program to the lo device. We can not use fake address in eBPF because the
 traffic does not appear in the eBPF program. The program capture the traffic on wg_ip:53 and 
 overwrite in it the destination port to 5053.
 # Debug
 The CONFIG_BPF_EVENTS kernel module is required for bpf_printk.
 Apply this code to use bpf_printk
 ```
 #define bpf_printk(fmt, ...)                                                   \
  ({                                                                           \
    char ____fmt[] = fmt;                                                      \
    bpf_trace_printk(____fmt, sizeof(____fmt), ##__VA_ARGS__);                 \
  })
 ```
--- a/client/internal/ebpf/ebpf/src/wg_proxy.c
+++ b/client/internal/ebpf/ebpf/src/wg_proxy.c
@@ -34,7 +34,7 @@ int xdp_wg_proxy(struct iphdr  *ip, struct udphdr *udp) {
        if (!read_port_settings()){
            return XDP_PASS;
        }
-        bpf_printk("proxy port: %d, wg port: %d", proxy_port, wg_port);
+        // bpf_printk("proxy port: %d, wg port: %d", proxy_port, wg_port);
    }
    // 2130706433 = 127.0.0.1
@@ -51,4 +51,4 @@ int xdp_wg_proxy(struct iphdr  *ip, struct udphdr *udp) {
    udp->dest = new_dst_port;
    udp->source = new_src_port;
 	return XDP_PASS;
-}
+}
--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@@ -3,7 +3,6 @@ package internal
 import (
 	"context"
 	"fmt"
 	"io"
 	"math/rand"
 	"net"
 	"net/netip"
@@ -13,7 +12,8 @@ import (
 	"sync"
 	"time"
-	"github.com/pion/ice/v2"
+	"github.com/pion/ice/v3"
 	"github.com/pion/stun/v2"
 	log "github.com/sirupsen/logrus"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
@@ -22,6 +22,8 @@ import (
 	"github.com/netbirdio/netbird/client/internal/acl"
 	"github.com/netbirdio/netbird/client/internal/dns"
 	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/internal/relay"
 	"github.com/netbirdio/netbird/client/internal/rosenpass"
 	"github.com/netbirdio/netbird/client/internal/routemanager"
 	"github.com/netbirdio/netbird/client/internal/wgproxy"
 	nbssh "github.com/netbirdio/netbird/client/ssh"
@@ -31,7 +33,6 @@ import (
 	mgm "github.com/netbirdio/netbird/management/client"
 	mgmProto "github.com/netbirdio/netbird/management/proto"
 	"github.com/netbirdio/netbird/route"
 	"github.com/netbirdio/netbird/sharedsock"
 	signal "github.com/netbirdio/netbird/signal/client"
 	sProto "github.com/netbirdio/netbird/signal/proto"
 	"github.com/netbirdio/netbird/util"
@@ -77,6 +78,8 @@ type EngineConfig struct {
 	NATExternalIPs []string
 	CustomDNSAddress string
 	RosenpassEnabled bool
 }
 // Engine is a mechanism responsible for reacting on Signal and Management stream events and managing connections to the remote peers.
@@ -87,6 +90,8 @@ type Engine struct {
 	mgmClient mgm.Client
 	// peerConns is a map that holds all the peers that are known to this peer
 	peerConns map[string]*peer.Conn
 	// rpManager is a Rosenpass manager
 	rpManager *rosenpass.Manager
 	// syncMsgMux is used to guarantee sequential Management Service message processing
 	syncMsgMux *sync.Mutex
@@ -95,9 +100,9 @@ type Engine struct {
 	mobileDep MobileDependency
 	// STUNs is a list of STUN servers used by ICE
-	STUNs []*ice.URL
+	STUNs []*stun.URI
 	// TURNs is a list of STUN servers used by ICE
-	TURNs []*ice.URL
+	TURNs []*stun.URI
 	cancel context.CancelFunc
@@ -106,8 +111,7 @@ type Engine struct {
 	wgInterface    *iface.WGIface
 	wgProxyFactory *wgproxy.Factory
-	udpMux     *bind.UniversalUDPMuxDefault
+	udpMux *bind.UniversalUDPMuxDefault
 	udpMuxConn io.Closer
 	// networkSerial is the latest CurrentSerial (state ID) of the network sent by the Management service
 	networkSerial uint64
@@ -122,6 +126,11 @@ type Engine struct {
 	acl          acl.Manager
 	dnsServer dns.Server
 	mgmProbe    *Probe
 	signalProbe *Probe
 	relayProbe  *Probe
 	wgProbe     *Probe
 }
 // Peer is an instance of the Connection Peer
@@ -132,11 +141,43 @@ type Peer struct {
 // NewEngine creates a new Connection Engine
 func NewEngine(
-	ctx context.Context, cancel context.CancelFunc,
+	ctx context.Context,
-	signalClient signal.Client, mgmClient mgm.Client,
+	cancel context.CancelFunc,
-	config *EngineConfig, mobileDep MobileDependency, statusRecorder *peer.Status,
+	signalClient signal.Client,
 	mgmClient mgm.Client,
 	config *EngineConfig,
 	mobileDep MobileDependency,
 	statusRecorder *peer.Status,
 ) *Engine {
 	return NewEngineWithProbes(
 		ctx,
 		cancel,
 		signalClient,
 		mgmClient,
 		config,
 		mobileDep,
 		statusRecorder,
 		nil,
 		nil,
 		nil,
 		nil,
 	)
 }
 // NewEngineWithProbes creates a new Connection Engine with probes attached
 func NewEngineWithProbes(
 	ctx context.Context,
 	cancel context.CancelFunc,
 	signalClient signal.Client,
 	mgmClient mgm.Client,
 	config *EngineConfig,
 	mobileDep MobileDependency,
 	statusRecorder *peer.Status,
 	mgmProbe *Probe,
 	signalProbe *Probe,
 	relayProbe *Probe,
 	wgProbe *Probe,
 ) *Engine {
 	return &Engine{
 		ctx:            ctx,
 		cancel:         cancel,
@@ -146,12 +187,16 @@ func NewEngine(
 		syncMsgMux:     &sync.Mutex{},
 		config:         config,
 		mobileDep:      mobileDep,
-		STUNs:          []*ice.URL{},
+		STUNs:          []*stun.URI{},
-		TURNs:          []*ice.URL{},
+		TURNs:          []*stun.URI{},
 		networkSerial:  0,
 		sshServerFunc:  nbssh.DefaultSSHServer,
 		statusRecorder: statusRecorder,
 		wgProxyFactory: wgproxy.NewFactory(config.WgPort),
 		mgmProbe:       mgmProbe,
 		signalProbe:    signalProbe,
 		relayProbe:     relayProbe,
 		wgProbe:        wgProbe,
 	}
 }
@@ -180,66 +225,38 @@ func (e *Engine) Start() error {
 	e.syncMsgMux.Lock()
 	defer e.syncMsgMux.Unlock()
-	wgIFaceName := e.config.WgIfaceName
+	wgIface, err := e.newWgIface()
 	wgAddr := e.config.WgAddr
 	myPrivateKey := e.config.WgPrivateKey
 	var err error
 	transportNet, err := e.newStdNet()
 	if err != nil {
-		log.Errorf("failed to create pion's stdnet: %s", err)
+		log.Errorf("failed creating wireguard interface instance %s: [%s]", e.config.WgIfaceName, err.Error())
 	}
 	e.wgInterface, err = iface.NewWGIFace(wgIFaceName, wgAddr, iface.DefaultMTU, e.mobileDep.TunAdapter, transportNet)
 	if err != nil {
 		log.Errorf("failed creating wireguard interface instance %s: [%s]", wgIFaceName, err.Error())
 		return err
 	}
 	e.wgInterface = wgIface
-	var routes []*route.Route
+	if e.config.RosenpassEnabled {
-
+		log.Infof("rosenpass is enabled")
-	switch runtime.GOOS {
+		e.rpManager, err = rosenpass.NewManager(e.config.PreSharedKey, e.config.WgIfaceName)
 	case "android":
 		var dnsConfig *nbdns.Config
 		routes, dnsConfig, err = e.readInitialSettings()
 		if err != nil {
 			return err
 		}
-		if e.dnsServer == nil {
+		err := e.rpManager.Run()
-			e.dnsServer = dns.NewDefaultServerPermanentUpstream(e.ctx, e.wgInterface, e.mobileDep.HostDNSAddresses, *dnsConfig, e.mobileDep.NetworkChangeListener)
+		if err != nil {
-			go e.mobileDep.DnsReadyListener.OnReady()
+			return err
 		}
 	case "ios":
 		if e.dnsServer == nil {
 			e.dnsServer = dns.NewDefaultServerIos(e.ctx, e.wgInterface, e.mobileDep.DnsManager)
 		}
 	default:
 		if e.dnsServer == nil {
 			e.dnsServer, err = dns.NewDefaultServer(e.ctx, e.wgInterface, e.config.CustomDNSAddress)
 			if err != nil {
 				e.close()
 				return err
 			}
 		}
 	}
-	e.routeManager = routemanager.NewManager(e.ctx, e.config.WgPrivateKey.PublicKey().String(), e.wgInterface, e.statusRecorder, routes)
+	initialRoutes, dnsServer, err := e.newDnsServer()
 	if err != nil {
 		e.close()
 		return err
 	}
 	e.dnsServer = dnsServer
 	e.routeManager = routemanager.NewManager(e.ctx, e.config.WgPrivateKey.PublicKey().String(), e.wgInterface, e.statusRecorder, initialRoutes)
 	e.routeManager.SetRouteChangeListener(e.mobileDep.NetworkChangeListener)
-	switch runtime.GOOS {
+	err = e.wgInterfaceCreate()
 	case "android":
 		err = e.wgInterface.CreateOnAndroid(iface.MobileIFaceArguments{
 			Routes:        e.routeManager.InitialRouteRange(),
 			Dns:           e.dnsServer.DnsIP(),
 			SearchDomains: e.dnsServer.SearchDomains(),
 		})
 	case "ios":
 		e.mobileDep.NetworkChangeListener.SetInterfaceIP(wgAddr)
 		err = e.wgInterface.CreateOniOS(e.mobileDep.FileDescriptor)
 	default:
 		err = e.wgInterface.Create()
 	}
 	if err != nil {
-		log.Errorf("failed creating tunnel interface %s: [%s]", wgIFaceName, err.Error())
+		log.Errorf("failed creating tunnel interface %s: [%s]", e.config.WgIfaceName, err.Error())
 		e.close()
 		return err
 	}
@@ -257,33 +274,13 @@ func (e *Engine) Start() error {
 		}
 	}
-	err = e.wgInterface.Configure(myPrivateKey.String(), e.config.WgPort)
+	e.udpMux, err = e.wgInterface.Up()
 	if err != nil {
-		log.Errorf("failed configuring Wireguard interface [%s]: %s", wgIFaceName, err.Error())
+		log.Errorf("failed to pull up wgInterface [%s]: %s", e.wgInterface.Name(), err.Error())
 		e.close()
 		return err
 	}
 	if e.wgInterface.IsUserspaceBind() {
 		iceBind := e.wgInterface.GetBind()
 		udpMux, err := iceBind.GetICEMux()
 		if err != nil {
 			e.close()
 			return err
 		}
 		e.udpMux = udpMux
 		log.Infof("using userspace bind mode %s", udpMux.LocalAddr().String())
 	} else {
 		rawSock, err := sharedsock.Listen(e.config.WgPort, sharedsock.NewIncomingSTUNFilter())
 		if err != nil {
 			return err
 		}
 		mux := bind.NewUniversalUDPMuxDefault(bind.UniversalUDPMuxParams{UDPConn: rawSock, Net: transportNet})
 		go mux.ReadFromConn(e.ctx)
 		e.udpMuxConn = rawSock
 		e.udpMux = mux
 	}
 	if e.firewall != nil {
 		e.acl = acl.NewDefaultManager(e.firewall)
 	}
@@ -296,6 +293,7 @@ func (e *Engine) Start() error {
 	e.receiveSignalEvents()
 	e.receiveManagementEvents()
 	e.receiveProbeEvents()
 	return nil
 }
@@ -425,7 +423,8 @@ func sendSignal(message *sProto.Message, s signal.Client) error {
 }
 // SignalOfferAnswer signals either an offer or an answer to remote peer
-func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKey wgtypes.Key, s signal.Client, isAnswer bool) error {
+func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKey wgtypes.Key, s signal.Client,
 	isAnswer bool) error {
 	var t sProto.Body_Type
 	if isAnswer {
 		t = sProto.Body_ANSWER
@@ -436,7 +435,7 @@ func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKe
 	msg, err := signal.MarshalCredential(myKey, offerAnswer.WgListenPort, remoteKey, &signal.Credential{
 		UFrag: offerAnswer.IceCredentials.UFrag,
 		Pwd:   offerAnswer.IceCredentials.Pwd,
-	}, t)
+	}, t, offerAnswer.RosenpassPubKey, offerAnswer.RosenpassAddr)
 	if err != nil {
 		return err
 	}
@@ -538,7 +537,7 @@ func (e *Engine) updateConfig(conf *mgmProto.PeerConfig) error {
 	if conf.GetSshConfig() != nil {
 		err := e.updateSSH(conf.GetSshConfig())
 		if err != nil {
-			log.Warnf("failed handling SSH server setup %v", e)
+			log.Warnf("failed handling SSH server setup %v", err)
 		}
 	}
@@ -556,9 +555,7 @@ func (e *Engine) updateConfig(conf *mgmProto.PeerConfig) error {
 // E.g. when a new peer has been registered and we are allowed to connect to it.
 func (e *Engine) receiveManagementEvents() {
 	go func() {
-		err := e.mgmClient.Sync(func(update *mgmProto.SyncResponse) error {
+		err := e.mgmClient.Sync(e.handleSync)
 			return e.handleSync(update)
 		})
 		if err != nil {
 			// happens if management is unavailable for a long time.
 			// We want to cancel the operation of the whole client
@@ -575,10 +572,10 @@ func (e *Engine) updateSTUNs(stuns []*mgmProto.HostConfig) error {
 	if len(stuns) == 0 {
 		return nil
 	}
-	var newSTUNs []*ice.URL
+	var newSTUNs []*stun.URI
 	log.Debugf("got STUNs update from Management Service, updating")
-	for _, stun := range stuns {
+	for _, s := range stuns {
-		url, err := ice.ParseURL(stun.Uri)
+		url, err := stun.ParseURI(s.Uri)
 		if err != nil {
 			return err
 		}
@@ -593,10 +590,10 @@ func (e *Engine) updateTURNs(turns []*mgmProto.ProtectedHostConfig) error {
 	if len(turns) == 0 {
 		return nil
 	}
-	var newTURNs []*ice.URL
+	var newTURNs []*stun.URI
 	log.Debugf("got TURNs update from Management Service, updating")
 	for _, turn := range turns {
-		url, err := ice.ParseURL(turn.HostConfig.Uri)
+		url, err := stun.ParseURI(turn.HostConfig.Uri)
 		if err != nil {
 			return err
 		}
@@ -685,10 +682,15 @@ func (e *Engine) updateNetworkMap(networkMap *mgmProto.NetworkMap) error {
 		log.Errorf("failed to update dns server, err: %v", err)
 	}
 	// Test received (upstream) servers for availability right away instead of upon usage.
 	// If no server of a server group responds this will disable the respective handler and retry later.
 	e.dnsServer.ProbeAvailability()
 	if e.acl != nil {
 		e.acl.ApplyFiltering(networkMap)
 	}
 	e.networkSerial = serial
 	return nil
 }
@@ -846,7 +848,7 @@ func (e *Engine) peerExists(peerKey string) bool {
 func (e *Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, error) {
 	log.Debugf("creating peer connection %s", pubKey)
-	var stunTurn []*ice.URL
+	var stunTurn []*stun.URI
 	stunTurn = append(stunTurn, e.STUNs...)
 	stunTurn = append(stunTurn, e.TURNs...)
@@ -858,6 +860,26 @@ func (e *Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, e
 		PreSharedKey: e.config.PreSharedKey,
 	}
 	if e.config.RosenpassEnabled {
 		lk := []byte(e.config.WgPrivateKey.PublicKey().String())
 		rk := []byte(wgConfig.RemoteKey)
 		var keyInput []byte
 		if string(lk) > string(rk) {
 			//nolint:gocritic
 			keyInput = append(lk[:16], rk[:16]...)
 		} else {
 			//nolint:gocritic
 			keyInput = append(rk[:16], lk[:16]...)
 		}
 		key, err := wgtypes.NewKey(keyInput)
 		if err != nil {
 			return nil, err
 		}
 		wgConfig.PreSharedKey = &key
 	}
 	// randomize connection timeout
 	timeout := time.Duration(rand.Intn(PeerConnectionTimeoutMax-PeerConnectionTimeoutMin)+PeerConnectionTimeoutMin) * time.Millisecond
 	config := peer.ConnConfig{
@@ -873,6 +895,8 @@ func (e *Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, e
 		LocalWgPort:          e.config.WgPort,
 		NATExternalIPs:       e.parseNATExternalIPMappings(),
 		UserspaceBind:        e.wgInterface.IsUserspaceBind(),
 		RosenpassPubKey:      e.getRosenpassPubKey(),
 		RosenpassAddr:        e.getRosenpassAddr(),
 	}
 	peerConn, err := peer.NewConn(config, e.statusRecorder, e.wgProxyFactory, e.mobileDep.TunAdapter, e.mobileDep.IFaceDiscover)
@@ -904,6 +928,12 @@ func (e *Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, e
 		return sendSignal(message, e.signal)
 	})
 	if e.rpManager != nil {
 		peerConn.SetOnConnected(e.rpManager.OnConnected)
 		peerConn.SetOnDisconnected(e.rpManager.OnDisconnected)
 	}
 	return peerConn, nil
 }
@@ -929,13 +959,21 @@ func (e *Engine) receiveSignalEvents() {
 				conn.RegisterProtoSupportMeta(msg.Body.GetFeaturesSupported())
 				var rosenpassPubKey []byte
 				rosenpassAddr := ""
 				if msg.GetBody().GetRosenpassConfig() != nil {
 					rosenpassPubKey = msg.GetBody().GetRosenpassConfig().GetRosenpassPubKey()
 					rosenpassAddr = msg.GetBody().GetRosenpassConfig().GetRosenpassServerAddr()
 				}
 				conn.OnRemoteOffer(peer.OfferAnswer{
 					IceCredentials: peer.IceCredentials{
 						UFrag: remoteCred.UFrag,
 						Pwd:   remoteCred.Pwd,
 					},
-					WgListenPort: int(msg.GetBody().GetWgListenPort()),
+					WgListenPort:    int(msg.GetBody().GetWgListenPort()),
-					Version:      msg.GetBody().GetNetBirdVersion(),
+					Version:         msg.GetBody().GetNetBirdVersion(),
 					RosenpassPubKey: rosenpassPubKey,
 					RosenpassAddr:   rosenpassAddr,
 				})
 			case sProto.Body_ANSWER:
 				remoteCred, err := signal.UnMarshalCredential(msg)
@@ -943,15 +981,23 @@ func (e *Engine) receiveSignalEvents() {
 					return err
 				}
-				conn.RegisterProtoSupportMeta(msg.Body.GetFeaturesSupported())
+				conn.RegisterProtoSupportMeta(msg.GetBody().GetFeaturesSupported())
 				var rosenpassPubKey []byte
 				rosenpassAddr := ""
 				if msg.GetBody().GetRosenpassConfig() != nil {
 					rosenpassPubKey = msg.GetBody().GetRosenpassConfig().GetRosenpassPubKey()
 					rosenpassAddr = msg.GetBody().GetRosenpassConfig().GetRosenpassServerAddr()
 				}
 				conn.OnRemoteAnswer(peer.OfferAnswer{
 					IceCredentials: peer.IceCredentials{
 						UFrag: remoteCred.UFrag,
 						Pwd:   remoteCred.Pwd,
 					},
-					WgListenPort: int(msg.GetBody().GetWgListenPort()),
+					WgListenPort:    int(msg.GetBody().GetWgListenPort()),
-					Version:      msg.GetBody().GetNetBirdVersion(),
+					Version:         msg.GetBody().GetNetBirdVersion(),
 					RosenpassPubKey: rosenpassPubKey,
 					RosenpassAddr:   rosenpassAddr,
 				})
 			case sProto.Body_CANDIDATE:
 				candidate, err := ice.UnmarshalCandidate(msg.GetBody().Payload)
@@ -1034,6 +1080,11 @@ func (e *Engine) close() {
 		log.Errorf("failed closing ebpf proxy: %s", err)
 	}
 	// stop/restore DNS first so dbus and friends don't complain because of a missing interface
 	if e.dnsServer != nil {
 		e.dnsServer.Stop()
 	}
 	log.Debugf("removing Netbird interface %s", e.config.WgIfaceName)
 	if e.wgInterface != nil {
 		if err := e.wgInterface.Close(); err != nil {
@@ -1041,18 +1092,6 @@ func (e *Engine) close() {
 		}
 	}
 	if e.udpMux != nil {
 		if err := e.udpMux.Close(); err != nil {
 			log.Debugf("close udp mux: %v", err)
 		}
 	}
 	if e.udpMuxConn != nil {
 		if err := e.udpMuxConn.Close(); err != nil {
 			log.Debugf("close udp mux connection: %v", err)
 		}
 	}
 	if !isNil(e.sshServer) {
 		err := e.sshServer.Stop()
 		if err != nil {
@@ -1064,16 +1103,16 @@ func (e *Engine) close() {
 		e.routeManager.Stop()
 	}
 	if e.dnsServer != nil {
 		e.dnsServer.Stop()
 	}
 	if e.firewall != nil {
 		err := e.firewall.Reset()
 		if err != nil {
 			log.Warnf("failed to reset firewall: %s", err)
 		}
 	}
 	if e.rpManager != nil {
 		_ = e.rpManager.Close()
 	}
 }
 func (e *Engine) readInitialSettings() ([]*route.Route, *nbdns.Config, error) {
@@ -1086,6 +1125,68 @@ func (e *Engine) readInitialSettings() ([]*route.Route, *nbdns.Config, error) {
 	return routes, &dnsCfg, nil
 }
 func (e *Engine) newWgIface() (*iface.WGIface, error) {
 	transportNet, err := e.newStdNet()
 	if err != nil {
 		log.Errorf("failed to create pion's stdnet: %s", err)
 	}
 	var mArgs *iface.MobileIFaceArguments
 	switch runtime.GOOS {
 	case "android":
 		mArgs = &iface.MobileIFaceArguments{
 			TunAdapter: e.mobileDep.TunAdapter,
 			TunFd:      int(e.mobileDep.FileDescriptor),
 		}
 	case "ios":
 		mArgs = &iface.MobileIFaceArguments{
 			TunFd: int(e.mobileDep.FileDescriptor),
 		}
 	default:
 	}
 	return iface.NewWGIFace(e.config.WgIfaceName, e.config.WgAddr, e.config.WgPort, e.config.WgPrivateKey.String(), iface.DefaultMTU, transportNet, mArgs)
 }
 func (e *Engine) wgInterfaceCreate() (err error) {
 	switch runtime.GOOS {
 	case "android":
 		err = e.wgInterface.CreateOnAndroid(e.routeManager.InitialRouteRange(), e.dnsServer.DnsIP(), e.dnsServer.SearchDomains())
 	case "ios":
 		e.mobileDep.NetworkChangeListener.SetInterfaceIP(e.config.WgAddr)
 		err = e.wgInterface.Create()
 	default:
 		err = e.wgInterface.Create()
 	}
 	return err
 }
 func (e *Engine) newDnsServer() ([]*route.Route, dns.Server, error) {
 	// due to tests where we are using a mocked version of the DNS server
 	if e.dnsServer != nil {
 		return nil, e.dnsServer, nil
 	}
 	switch runtime.GOOS {
 	case "android":
 		routes, dnsConfig, err := e.readInitialSettings()
 		if err != nil {
 			return nil, nil, err
 		}
 		dnsServer := dns.NewDefaultServerPermanentUpstream(e.ctx, e.wgInterface, e.mobileDep.HostDNSAddresses, *dnsConfig, e.mobileDep.NetworkChangeListener)
 		go e.mobileDep.DnsReadyListener.OnReady()
 		return routes, dnsServer, nil
 	case "ios":
 		dnsServer := dns.NewDefaultServerIos(e.ctx, e.wgInterface, e.mobileDep.DnsManager)
 		return nil, dnsServer, nil
 	default:
 		dnsServer, err := dns.NewDefaultServer(e.ctx, e.wgInterface, e.config.CustomDNSAddress)
 		if err != nil {
 			return nil, nil, err
 		}
 		return nil, dnsServer, nil
 	}
 }
 func findIPFromInterfaceName(ifaceName string) (net.IP, error) {
 	iface, err := net.InterfaceByName(ifaceName)
 	if err != nil {
@@ -1106,3 +1207,83 @@ func findIPFromInterface(iface *net.Interface) (net.IP, error) {
 	}
 	return nil, fmt.Errorf("interface %s don't have an ipv4 address", iface.Name)
 }
 func (e *Engine) getRosenpassPubKey() []byte {
 	if e.rpManager != nil {
 		return e.rpManager.GetPubKey()
 	}
 	return nil
 }
 func (e *Engine) getRosenpassAddr() string {
 	if e.rpManager != nil {
 		return e.rpManager.GetAddress().String()
 	}
 	return ""
 }
 func (e *Engine) receiveProbeEvents() {
 	if e.signalProbe != nil {
 		go e.signalProbe.Receive(e.ctx, func() bool {
 			healthy := e.signal.IsHealthy()
 			log.Debugf("received signal probe request, healthy: %t", healthy)
 			return healthy
 		})
 	}
 	if e.mgmProbe != nil {
 		go e.mgmProbe.Receive(e.ctx, func() bool {
 			healthy := e.mgmClient.IsHealthy()
 			log.Debugf("received management probe request, healthy: %t", healthy)
 			return healthy
 		})
 	}
 	if e.relayProbe != nil {
 		go e.relayProbe.Receive(e.ctx, func() bool {
 			healthy := true
 			results := append(e.probeSTUNs(), e.probeTURNs()...)
 			e.statusRecorder.UpdateRelayStates(results)
 			// A single failed server will result in a "failed" probe
 			for _, res := range results {
 				if res.Err != nil {
 					healthy = false
 					break
 				}
 			}
 			log.Debugf("received relay probe request, healthy: %t", healthy)
 			return healthy
 		})
 	}
 	if e.wgProbe != nil {
 		go e.wgProbe.Receive(e.ctx, func() bool {
 			log.Debug("received wg probe request")
 			for _, peer := range e.peerConns {
 				key := peer.GetKey()
 				wgStats, err := peer.GetConf().WgConfig.WgInterface.GetStats(key)
 				if err != nil {
 					log.Debugf("failed to get wg stats for peer %s: %s", key, err)
 				}
 				// wgStats could be zero value, in which case we just reset the stats
 				if err := e.statusRecorder.UpdateWireguardPeerState(key, wgStats); err != nil {
 					log.Debugf("failed to update wg stats for peer %s: %s", key, err)
 				}
 			}
 			return true
 		})
 	}
 }
 func (e *Engine) probeSTUNs() []relay.ProbeResult {
 	return relay.ProbeAll(e.ctx, relay.ProbeSTUN, e.STUNs)
 }
 func (e *Engine) probeTURNs() []relay.ProbeResult {
 	return relay.ProbeAll(e.ctx, relay.ProbeTURN, e.TURNs)
 }
--- a/client/internal/engine_test.go
+++ b/client/internal/engine_test.go
@@ -13,7 +13,7 @@ import (
 	"testing"
 	"time"
-	"github.com/pion/transport/v2/stdnet"
+	"github.com/pion/transport/v3/stdnet"
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -213,7 +213,7 @@ func TestEngine_UpdateNetworkMap(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	engine.wgInterface, err = iface.NewWGIFace("utun102", "100.64.0.1/24", iface.DefaultMTU, nil, newNet)
+	engine.wgInterface, err = iface.NewWGIFace("utun102", "100.64.0.1/24", engine.config.WgPort, key.String(), iface.DefaultMTU, newNet, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -567,7 +567,7 @@ func TestEngine_UpdateNetworkMapWithRoutes(t *testing.T) {
 			if err != nil {
 				t.Fatal(err)
 			}
-			engine.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, iface.DefaultMTU, nil, newNet)
+			engine.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, engine.config.WgPort, key.String(), iface.DefaultMTU, newNet, nil)
 			assert.NoError(t, err, "shouldn't return error")
 			input := struct {
 				inputSerial uint64
@@ -736,7 +736,7 @@ func TestEngine_UpdateNetworkMapWithDNSUpdate(t *testing.T) {
 			if err != nil {
 				t.Fatal(err)
 			}
-			engine.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, iface.DefaultMTU, nil, newNet)
+			engine.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, 33100, key.String(), iface.DefaultMTU, newNet, nil)
 			assert.NoError(t, err, "shouldn't return error")
 			mockRouteManager := &routemanager.MockManager{
--- a/client/internal/mobile_dependency.go
+++ b/client/internal/mobile_dependency.go
@@ -9,11 +9,14 @@ import (
 // MobileDependency collect all dependencies for mobile platform
 type MobileDependency struct {
 	// Android only
 	TunAdapter            iface.TunAdapter
 	IFaceDiscover         stdnet.ExternalIFaceDiscover
 	NetworkChangeListener listener.NetworkChangeListener
 	HostDNSAddresses      []string
 	DnsReadyListener      dns.ReadyListener
-	DnsManager            dns.IosDnsManager
+
-	FileDescriptor        int32
+	//	iOS only
 	DnsManager     dns.IosDnsManager
 	FileDescriptor int32
 }
--- a/client/internal/peer/conn.go
+++ b/client/internal/peer/conn.go
@@ -9,7 +9,8 @@ import (
 	"sync"
 	"time"
-	"github.com/pion/ice/v2"
+	"github.com/pion/ice/v3"
 	"github.com/pion/stun/v2"
 	log "github.com/sirupsen/logrus"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
@@ -46,7 +47,7 @@ type ConnConfig struct {
 	LocalKey string
 	// StunTurn is a list of STUN and TURN URLs
-	StunTurn []*ice.URL
+	StunTurn []*stun.URI
 	// InterfaceBlackList is a list of machine interfaces that should be filtered out by ICE Candidate gathering
 	// (e.g. if eth0 is in the list, host candidate of this interface won't be used)
@@ -66,6 +67,11 @@ type ConnConfig struct {
 	// UsesBind indicates whether the WireGuard interface is userspace and uses bind.ICEBind
 	UserspaceBind bool
 	// RosenpassPubKey is this peer's Rosenpass public key
 	RosenpassPubKey []byte
 	// RosenpassPubKey is this peer's RosenpassAddr server address (IP:port)
 	RosenpassAddr string
 }
 // OfferAnswer represents a session establishment offer or answer
@@ -78,6 +84,12 @@ type OfferAnswer struct {
 	// Version of NetBird Agent
 	Version string
 	// RosenpassPubKey is the Rosenpass public key of the remote peer when receiving this message
 	// This value is the local Rosenpass server public key when sending the message
 	RosenpassPubKey []byte
 	// RosenpassAddr is the Rosenpass server address (IP:port) of the remote peer when receiving this message
 	// This value is the local Rosenpass server address when sending the message
 	RosenpassAddr string
 }
 // IceCredentials ICE protocol credentials struct
@@ -96,6 +108,8 @@ type Conn struct {
 	signalOffer       func(OfferAnswer) error
 	signalAnswer      func(OfferAnswer) error
 	sendSignalMessage func(message *sProto.Message) error
 	onConnected       func(remoteWireGuardKey string, remoteRosenpassPubKey []byte, wireGuardIP string, remoteRosenpassAddr string)
 	onDisconnected    func(remotePeer string, wgIP string)
 	// remoteOffersCh is a channel used to wait for remote credentials to proceed with the connection
 	remoteOffersCh chan OfferAnswer
@@ -116,8 +130,9 @@ type Conn struct {
 	remoteModeCh chan ModeMessage
 	meta         meta
-	adapter       iface.TunAdapter
+	adapter        iface.TunAdapter
-	iFaceDiscover stdnet.ExternalIFaceDiscover
+	iFaceDiscover  stdnet.ExternalIFaceDiscover
 	sentExtraSrflx bool
 }
 // meta holds meta information about a connection
@@ -142,7 +157,7 @@ func (conn *Conn) WgConfig() WgConfig {
 }
 // UpdateStunTurn update the turn and stun addresses
-func (conn *Conn) UpdateStunTurn(turnStun []*ice.URL) {
+func (conn *Conn) UpdateStunTurn(turnStun []*stun.URI) {
 	conn.config.StunTurn = turnStun
 }
@@ -334,7 +349,8 @@ func (conn *Conn) Open() error {
 		remoteWgPort = remoteOfferAnswer.WgListenPort
 	}
 	// the ice connection has been established successfully so we are ready to start the proxy
-	remoteAddr, err := conn.configureConnection(remoteConn, remoteWgPort)
+	remoteAddr, err := conn.configureConnection(remoteConn, remoteWgPort, remoteOfferAnswer.RosenpassPubKey,
 		remoteOfferAnswer.RosenpassAddr)
 	if err != nil {
 		return err
 	}
@@ -357,7 +373,7 @@ func isRelayCandidate(candidate ice.Candidate) bool {
 }
 // configureConnection starts proxying traffic from/to local Wireguard and sets connection status to StatusConnected
-func (conn *Conn) configureConnection(remoteConn net.Conn, remoteWgPort int) (net.Addr, error) {
+func (conn *Conn) configureConnection(remoteConn net.Conn, remoteWgPort int, remoteRosenpassPubKey []byte, remoteRosenpassAddr string) (net.Addr, error) {
 	conn.mu.Lock()
 	defer conn.mu.Unlock()
@@ -375,7 +391,7 @@ func (conn *Conn) configureConnection(remoteConn net.Conn, remoteWgPort int) (ne
 			return nil, err
 		}
 	} else {
-		// To support old version's with direct mode we attempt to punch an additional role with the remote wireguard port
+		// To support old version's with direct mode we attempt to punch an additional role with the remote WireGuard port
 		go conn.punchRemoteWGPort(pair, remoteWgPort)
 		endpoint = remoteConn.RemoteAddr()
 	}
@@ -393,12 +409,14 @@ func (conn *Conn) configureConnection(remoteConn net.Conn, remoteWgPort int) (ne
 	conn.status = StatusConnected
 	peerState := State{
-		PubKey:                 conn.config.Key,
+		PubKey:                     conn.config.Key,
-		ConnStatus:             conn.status,
+		ConnStatus:                 conn.status,
-		ConnStatusUpdate:       time.Now(),
+		ConnStatusUpdate:           time.Now(),
-		LocalIceCandidateType:  pair.Local.Type().String(),
+		LocalIceCandidateType:      pair.Local.Type().String(),
-		RemoteIceCandidateType: pair.Remote.Type().String(),
+		RemoteIceCandidateType:     pair.Remote.Type().String(),
-		Direct:                 !isRelayCandidate(pair.Local),
+		LocalIceCandidateEndpoint:  fmt.Sprintf("%s:%d", pair.Local.Address(), pair.Local.Port()),
 		RemoteIceCandidateEndpoint: fmt.Sprintf("%s:%d", pair.Remote.Address(), pair.Local.Port()),
 		Direct:                     !isRelayCandidate(pair.Local),
 	}
 	if pair.Local.Type() == ice.CandidateTypeRelay || pair.Remote.Type() == ice.CandidateTypeRelay {
 		peerState.Relayed = true
@@ -409,6 +427,15 @@ func (conn *Conn) configureConnection(remoteConn net.Conn, remoteWgPort int) (ne
 		log.Warnf("unable to save peer's state, got error: %v", err)
 	}
 	_, ipNet, err := net.ParseCIDR(conn.config.WgConfig.AllowedIps)
 	if err != nil {
 		return nil, err
 	}
 	if conn.onConnected != nil {
 		conn.onConnected(conn.config.Key, remoteRosenpassPubKey, ipNet.IP.String(), remoteRosenpassAddr)
 	}
 	return endpoint, nil
 }
@@ -438,6 +465,8 @@ func (conn *Conn) cleanup() error {
 	conn.mu.Lock()
 	defer conn.mu.Unlock()
 	conn.sentExtraSrflx = false
 	var err1, err2, err3 error
 	if conn.agent != nil {
 		err1 = conn.agent.Close()
@@ -459,6 +488,10 @@ func (conn *Conn) cleanup() error {
 		conn.notifyDisconnected = nil
 	}
 	if conn.status == StatusConnected && conn.onDisconnected != nil {
 		conn.onDisconnected(conn.config.WgConfig.RemoteKey, conn.config.WgConfig.AllowedIps)
 	}
 	conn.status = StatusDisconnected
 	peerState := State{
@@ -472,6 +505,9 @@ func (conn *Conn) cleanup() error {
 		// todo rethink status updates
 		log.Debugf("error while updating peer's %s state, err: %v", conn.config.Key, err)
 	}
 	if err := conn.statusRecorder.UpdateWireguardPeerState(conn.config.Key, iface.WGStats{}); err != nil {
 		log.Debugf("failed to reset wireguard stats for peer %s: %s", conn.config.Key, err)
 	}
 	log.Debugf("cleaned up connection to peer %s", conn.config.Key)
 	if err1 != nil {
@@ -488,6 +524,16 @@ func (conn *Conn) SetSignalOffer(handler func(offer OfferAnswer) error) {
 	conn.signalOffer = handler
 }
 // SetOnConnected sets a handler function to be triggered by Conn when a new connection to a remote peer established
 func (conn *Conn) SetOnConnected(handler func(remoteWireGuardKey string, remoteRosenpassPubKey []byte, wireGuardIP string, remoteRosenpassAddr string)) {
 	conn.onConnected = handler
 }
 // SetOnDisconnected sets a handler function to be triggered by Conn when a connection to a remote disconnected
 func (conn *Conn) SetOnDisconnected(handler func(remotePeer string, wgIP string)) {
 	conn.onDisconnected = handler
 }
 // SetSignalAnswer sets a handler function to be triggered by Conn when a new connection answer has to be signalled to the remote peer
 func (conn *Conn) SetSignalAnswer(handler func(answer OfferAnswer) error) {
 	conn.signalAnswer = handler
@@ -514,6 +560,30 @@ func (conn *Conn) onICECandidate(candidate ice.Candidate) {
 			if err != nil {
 				log.Errorf("failed signaling candidate to the remote peer %s %s", conn.config.Key, err)
 			}
 			// sends an extra server reflexive candidate to the remote peer with our related port (usually the wireguard port)
 			// this is useful when network has an existing port forwarding rule for the wireguard port and this peer
 			if !conn.sentExtraSrflx && candidate.Type() == ice.CandidateTypeServerReflexive && candidate.Port() != candidate.RelatedAddress().Port {
 				relatedAdd := candidate.RelatedAddress()
 				extraSrflx, err := ice.NewCandidateServerReflexive(&ice.CandidateServerReflexiveConfig{
 					Network:   candidate.NetworkType().String(),
 					Address:   candidate.Address(),
 					Port:      relatedAdd.Port,
 					Component: candidate.Component(),
 					RelAddr:   relatedAdd.Address,
 					RelPort:   relatedAdd.Port,
 				})
 				if err != nil {
 					log.Errorf("failed creating extra server reflexive candidate %s", err)
 					return
 				}
 				err = conn.signalCandidate(extraSrflx)
 				if err != nil {
 					log.Errorf("failed signaling the extra server reflexive candidate to the remote peer %s: %s", conn.config.Key, err)
 					return
 				}
 				conn.sentExtraSrflx = true
 			}
 		}()
 	}
 }
@@ -542,9 +612,11 @@ func (conn *Conn) sendAnswer() error {
 	log.Debugf("sending answer to %s", conn.config.Key)
 	err = conn.signalAnswer(OfferAnswer{
-		IceCredentials: IceCredentials{localUFrag, localPwd},
+		IceCredentials:  IceCredentials{localUFrag, localPwd},
-		WgListenPort:   conn.config.LocalWgPort,
+		WgListenPort:    conn.config.LocalWgPort,
-		Version:        version.NetbirdVersion(),
+		Version:         version.NetbirdVersion(),
 		RosenpassPubKey: conn.config.RosenpassPubKey,
 		RosenpassAddr:   conn.config.RosenpassAddr,
 	})
 	if err != nil {
 		return err
@@ -563,9 +635,11 @@ func (conn *Conn) sendOffer() error {
 		return err
 	}
 	err = conn.signalOffer(OfferAnswer{
-		IceCredentials: IceCredentials{localUFrag, localPwd},
+		IceCredentials:  IceCredentials{localUFrag, localPwd},
-		WgListenPort:   conn.config.LocalWgPort,
+		WgListenPort:    conn.config.LocalWgPort,
-		Version:        version.NetbirdVersion(),
+		Version:         version.NetbirdVersion(),
 		RosenpassPubKey: conn.config.RosenpassPubKey,
 		RosenpassAddr:   conn.config.RosenpassAddr,
 	})
 	if err != nil {
 		return err
--- a/client/internal/peer/conn_test.go
+++ b/client/internal/peer/conn_test.go
@@ -6,7 +6,7 @@ import (
 	"time"
 	"github.com/magiconair/properties/assert"
-	"github.com/pion/ice/v2"
+	"github.com/pion/stun/v2"
 	"github.com/netbirdio/netbird/client/internal/stdnet"
 	"github.com/netbirdio/netbird/client/internal/wgproxy"
@@ -16,7 +16,7 @@ import (
 var connConf = ConnConfig{
 	Key:                "LLHf3Ma6z6mdLbriAJbqhX7+nM/B71lgw2+91q3LfhU=",
 	LocalKey:           "RRHf3Ma6z6mdLbriAJbqhX7+nM/B71lgw2+91q3LfhU=",
-	StunTurn:           []*ice.URL{},
+	StunTurn:           []*stun.URI{},
 	InterfaceBlackList: nil,
 	Timeout:            time.Second,
 	LocalWgPort:        51820,
--- a/client/internal/peer/status.go
+++ b/client/internal/peer/status.go
@@ -4,19 +4,27 @@ import (
 	"errors"
 	"sync"
 	"time"
 	"github.com/netbirdio/netbird/client/internal/relay"
 	"github.com/netbirdio/netbird/iface"
 )
 // State contains the latest state of a peer
 type State struct {
-	IP                     string
+	IP                         string
-	PubKey                 string
+	PubKey                     string
-	FQDN                   string
+	FQDN                       string
-	ConnStatus             ConnStatus
+	ConnStatus                 ConnStatus
-	ConnStatusUpdate       time.Time
+	ConnStatusUpdate           time.Time
-	Relayed                bool
+	Relayed                    bool
-	Direct                 bool
+	Direct                     bool
-	LocalIceCandidateType  string
+	LocalIceCandidateType      string
-	RemoteIceCandidateType string
+	RemoteIceCandidateType     string
 	LocalIceCandidateEndpoint  string
 	RemoteIceCandidateEndpoint string
 	LastWireguardHandshake     time.Time
 	BytesTx                    int64
 	BytesRx                    int64
 }
 // LocalPeerState contains the latest state of the local peer
@@ -31,12 +39,14 @@ type LocalPeerState struct {
 type SignalState struct {
 	URL       string
 	Connected bool
 	Error     error
 }
 // ManagementState contains the latest state of a management connection
 type ManagementState struct {
 	URL       string
 	Connected bool
 	Error     error
 }
 // FullStatus contains the full state held by the Status instance
@@ -45,15 +55,19 @@ type FullStatus struct {
 	ManagementState ManagementState
 	SignalState     SignalState
 	LocalPeerState  LocalPeerState
 	Relays          []relay.ProbeResult
 }
-// Status holds a state of peers, signal and management connections
+// Status holds a state of peers, signal, management connections and relays
 type Status struct {
 	mux             sync.Mutex
 	peers           map[string]State
 	changeNotify    map[string]chan struct{}
 	signalState     bool
 	signalError     error
 	managementState bool
 	managementError error
 	relayStates     []relay.ProbeResult
 	localPeer       LocalPeerState
 	offlinePeers    []State
 	mgmAddress      string
@@ -156,6 +170,8 @@ func (d *Status) UpdatePeerState(receivedState State) error {
 		peerState.Relayed = receivedState.Relayed
 		peerState.LocalIceCandidateType = receivedState.LocalIceCandidateType
 		peerState.RemoteIceCandidateType = receivedState.RemoteIceCandidateType
 		peerState.LocalIceCandidateEndpoint = receivedState.LocalIceCandidateEndpoint
 		peerState.RemoteIceCandidateEndpoint = receivedState.RemoteIceCandidateEndpoint
 	}
 	d.peers[receivedState.PubKey] = peerState
@@ -174,6 +190,25 @@ func (d *Status) UpdatePeerState(receivedState State) error {
 	return nil
 }
 // UpdateWireguardPeerState updates the wireguard bits of the peer state
 func (d *Status) UpdateWireguardPeerState(pubKey string, wgStats iface.WGStats) error {
 	d.mux.Lock()
 	defer d.mux.Unlock()
 	peerState, ok := d.peers[pubKey]
 	if !ok {
 		return errors.New("peer doesn't exist")
 	}
 	peerState.LastWireguardHandshake = wgStats.LastHandshake
 	peerState.BytesRx = wgStats.RxBytes
 	peerState.BytesTx = wgStats.TxBytes
 	d.peers[pubKey] = peerState
 	return nil
 }
 func shouldSkipNotify(received, curr State) bool {
 	switch {
 	case received.ConnStatus == StatusConnecting:
@@ -248,12 +283,13 @@ func (d *Status) CleanLocalPeerState() {
 }
 // MarkManagementDisconnected sets ManagementState to disconnected
-func (d *Status) MarkManagementDisconnected() {
+func (d *Status) MarkManagementDisconnected(err error) {
 	d.mux.Lock()
 	defer d.mux.Unlock()
 	defer d.onConnectionChanged()
 	d.managementState = false
 	d.managementError = err
 }
 // MarkManagementConnected sets ManagementState to connected
@@ -263,6 +299,7 @@ func (d *Status) MarkManagementConnected() {
 	defer d.onConnectionChanged()
 	d.managementState = true
 	d.managementError = nil
 }
 // UpdateSignalAddress update the address of the signal server
@@ -280,12 +317,13 @@ func (d *Status) UpdateManagementAddress(mgmAddress string) {
 }
 // MarkSignalDisconnected sets SignalState to disconnected
-func (d *Status) MarkSignalDisconnected() {
+func (d *Status) MarkSignalDisconnected(err error) {
 	d.mux.Lock()
 	defer d.mux.Unlock()
 	defer d.onConnectionChanged()
 	d.signalState = false
 	d.signalError = err
 }
 // MarkSignalConnected sets SignalState to connected
@@ -295,6 +333,33 @@ func (d *Status) MarkSignalConnected() {
 	defer d.onConnectionChanged()
 	d.signalState = true
 	d.signalError = nil
 }
 func (d *Status) UpdateRelayStates(relayResults []relay.ProbeResult) {
 	d.mux.Lock()
 	defer d.mux.Unlock()
 	d.relayStates = relayResults
 }
 func (d *Status) GetManagementState() ManagementState {
 	return ManagementState{
 		d.mgmAddress,
 		d.managementState,
 		d.managementError,
 	}
 }
 func (d *Status) GetSignalState() SignalState {
 	return SignalState{
 		d.signalAddress,
 		d.signalState,
 		d.signalError,
 	}
 }
 func (d *Status) GetRelayStates() []relay.ProbeResult {
 	return d.relayStates
 }
 // GetFullStatus gets full status
@@ -303,15 +368,10 @@ func (d *Status) GetFullStatus() FullStatus {
 	defer d.mux.Unlock()
 	fullStatus := FullStatus{
-		ManagementState: ManagementState{
+		ManagementState: d.GetManagementState(),
-			d.mgmAddress,
+		SignalState:     d.GetSignalState(),
-			d.managementState,
+		LocalPeerState:  d.localPeer,
-		},
+		Relays:          d.GetRelayStates(),
 		SignalState: SignalState{
 			d.signalAddress,
 			d.signalState,
 		},
 		LocalPeerState: d.localPeer,
 	}
 	for _, status := range d.peers {
--- a/client/internal/peer/status_test.go
+++ b/client/internal/peer/status_test.go
@@ -1,6 +1,7 @@
 package peer
 import (
 	"errors"
 	"testing"
 	"github.com/stretchr/testify/assert"
@@ -152,9 +153,10 @@ func TestUpdateSignalState(t *testing.T) {
 		name      string
 		connected bool
 		want      bool
 		err       error
 	}{
-		{"should mark as connected", true, true},
+		{"should mark as connected", true, true, nil},
-		{"should mark as disconnected", false, false},
+		{"should mark as disconnected", false, false, errors.New("test")},
 	}
 	status := NewRecorder("https://mgm")
@@ -165,9 +167,10 @@ func TestUpdateSignalState(t *testing.T) {
 			if test.connected {
 				status.MarkSignalConnected()
 			} else {
-				status.MarkSignalDisconnected()
+				status.MarkSignalDisconnected(test.err)
 			}
 			assert.Equal(t, test.want, status.signalState, "signal status should be equal")
 			assert.Equal(t, test.err, status.signalError)
 		})
 	}
 }
@@ -178,9 +181,10 @@ func TestUpdateManagementState(t *testing.T) {
 		name      string
 		connected bool
 		want      bool
 		err       error
 	}{
-		{"should mark as connected", true, true},
+		{"should mark as connected", true, true, nil},
-		{"should mark as disconnected", false, false},
+		{"should mark as disconnected", false, false, errors.New("test")},
 	}
 	status := NewRecorder(url)
@@ -190,9 +194,10 @@ func TestUpdateManagementState(t *testing.T) {
 			if test.connected {
 				status.MarkManagementConnected()
 			} else {
-				status.MarkManagementDisconnected()
+				status.MarkManagementDisconnected(test.err)
 			}
 			assert.Equal(t, test.want, status.managementState, "signalState status should be equal")
 			assert.Equal(t, test.err, status.managementError)
 		})
 	}
 }
--- a/client/internal/probe.go
+++ b/client/internal/probe.go
@@ -0,0 +1,51 @@
 package internal
 import "context"
 // Probe allows to run on-demand callbacks from different code locations.
 // Pass the probe to a receiving and a sending end. The receiving end starts listening
 // to requests with Receive and executes a callback when the sending end requests it
 // by calling Probe.
 type Probe struct {
 	request chan struct{}
 	result  chan bool
 	ready   bool
 }
 // NewProbe returns a new initialized probe.
 func NewProbe() *Probe {
 	return &Probe{
 		request: make(chan struct{}),
 		result:  make(chan bool),
 	}
 }
 // Probe requests the callback to be run and returns a bool indicating success.
 // It always returns true as long as the receiver is not ready.
 func (p *Probe) Probe() bool {
 	if !p.ready {
 		return true
 	}
 	p.request <- struct{}{}
 	return <-p.result
 }
 // Receive starts listening for probe requests. On such a request it runs the supplied
 // callback func which must return a bool indicating success.
 // Blocks until the passed context is cancelled.
 func (p *Probe) Receive(ctx context.Context, callback func() bool) {
 	p.ready = true
 	defer func() {
 		p.ready = false
 	}()
 	for {
 		select {
 		case <-ctx.Done():
 			return
 		case <-p.request:
 			p.result <- callback()
 		}
 	}
 }
--- a/client/internal/relay/relay.go
+++ b/client/internal/relay/relay.go
@@ -0,0 +1,171 @@
 package relay
 import (
 	"context"
 	"fmt"
 	"net"
 	"sync"
 	"time"
 	"github.com/pion/stun/v2"
 	"github.com/pion/turn/v3"
 	log "github.com/sirupsen/logrus"
 )
 // ProbeResult holds the info about the result of a relay probe request
 type ProbeResult struct {
 	URI  *stun.URI
 	Err  error
 	Addr string
 }
 // ProbeSTUN tries binding to the given STUN uri and acquiring an address
 func ProbeSTUN(ctx context.Context, uri *stun.URI) (addr string, probeErr error) {
 	defer func() {
 		if probeErr != nil {
 			log.Debugf("stun probe error from %s: %s", uri, probeErr)
 		}
 	}()
 	client, err := stun.DialURI(uri, &stun.DialConfig{})
 	if err != nil {
 		probeErr = fmt.Errorf("dial: %w", err)
 		return
 	}
 	defer func() {
 		if err := client.Close(); err != nil && probeErr == nil {
 			probeErr = fmt.Errorf("close: %w", err)
 		}
 	}()
 	done := make(chan struct{})
 	if err = client.Start(stun.MustBuild(stun.TransactionID, stun.BindingRequest), func(res stun.Event) {
 		if res.Error != nil {
 			probeErr = fmt.Errorf("request: %w", err)
 			return
 		}
 		var xorAddr stun.XORMappedAddress
 		if getErr := xorAddr.GetFrom(res.Message); getErr != nil {
 			probeErr = fmt.Errorf("get xor addr: %w", err)
 			return
 		}
 		log.Debugf("stun probe received address from %s: %s", uri, xorAddr)
 		addr = xorAddr.String()
 		done <- struct{}{}
 	}); err != nil {
 		probeErr = fmt.Errorf("client: %w", err)
 		return
 	}
 	select {
 	case <-ctx.Done():
 		probeErr = fmt.Errorf("stun request: %w", ctx.Err())
 		return
 	case <-done:
 	}
 	return addr, nil
 }
 // ProbeTURN tries allocating a session from the given TURN URI
 func ProbeTURN(ctx context.Context, uri *stun.URI) (addr string, probeErr error) {
 	defer func() {
 		if probeErr != nil {
 			log.Debugf("turn probe error from %s: %s", uri, probeErr)
 		}
 	}()
 	turnServerAddr := fmt.Sprintf("%s:%d", uri.Host, uri.Port)
 	var conn net.PacketConn
 	switch uri.Proto {
 	case stun.ProtoTypeUDP:
 		var err error
 		conn, err = net.ListenPacket("udp", "")
 		if err != nil {
 			probeErr = fmt.Errorf("listen: %w", err)
 			return
 		}
 	case stun.ProtoTypeTCP:
 		dialer := net.Dialer{}
 		tcpConn, err := dialer.DialContext(ctx, "tcp", turnServerAddr)
 		if err != nil {
 			probeErr = fmt.Errorf("dial: %w", err)
 			return
 		}
 		conn = turn.NewSTUNConn(tcpConn)
 	default:
 		probeErr = fmt.Errorf("conn: unknown proto: %s", uri.Proto)
 		return
 	}
 	defer func() {
 		if err := conn.Close(); err != nil && probeErr == nil {
 			probeErr = fmt.Errorf("conn close: %w", err)
 		}
 	}()
 	cfg := &turn.ClientConfig{
 		STUNServerAddr: turnServerAddr,
 		TURNServerAddr: turnServerAddr,
 		Conn:           conn,
 		Username:       uri.Username,
 		Password:       uri.Password,
 	}
 	client, err := turn.NewClient(cfg)
 	if err != nil {
 		probeErr = fmt.Errorf("create client: %w", err)
 		return
 	}
 	defer client.Close()
 	if err := client.Listen(); err != nil {
 		probeErr = fmt.Errorf("client listen: %w", err)
 		return
 	}
 	relayConn, err := client.Allocate()
 	if err != nil {
 		probeErr = fmt.Errorf("allocate: %w", err)
 		return
 	}
 	defer func() {
 		if err := relayConn.Close(); err != nil && probeErr == nil {
 			probeErr = fmt.Errorf("close relay conn: %w", err)
 		}
 	}()
 	log.Debugf("turn probe relay address from %s: %s", uri, relayConn.LocalAddr())
 	return relayConn.LocalAddr().String(), nil
 }
 // ProbeAll probes all given servers asynchronously and returns the results
 func ProbeAll(
 	ctx context.Context,
 	fn func(ctx context.Context, uri *stun.URI) (addr string, probeErr error),
 	relays []*stun.URI,
 ) []ProbeResult {
 	results := make([]ProbeResult, len(relays))
 	var wg sync.WaitGroup
 	for i, uri := range relays {
 		ctx, cancel := context.WithTimeout(ctx, 1*time.Second)
 		defer cancel()
 		wg.Add(1)
 		go func(res *ProbeResult, stunURI *stun.URI) {
 			defer wg.Done()
 			res.URI = stunURI
 			res.Addr, res.Err = fn(ctx, stunURI)
 		}(&results[i], uri)
 	}
 	wg.Wait()
 	return results
 }
--- a/client/internal/rosenpass/manager.go
+++ b/client/internal/rosenpass/manager.go
@@ -0,0 +1,204 @@
 package rosenpass
 import (
 	"bytes"
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
 	"log/slog"
 	"net"
 	"os"
 	"strconv"
 	"strings"
 	"sync"
 	rp "cunicu.li/go-rosenpass"
 	log "github.com/sirupsen/logrus"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
 func hashRosenpassKey(key []byte) string {
 	hasher := sha256.New()
 	hasher.Write(key)
 	return hex.EncodeToString(hasher.Sum(nil))
 }
 type Manager struct {
 	ifaceName    string
 	spk          []byte
 	ssk          []byte
 	rpKeyHash    string
 	preSharedKey *[32]byte
 	rpPeerIDs    map[string]*rp.PeerID
 	rpWgHandler  *NetbirdHandler
 	server       *rp.Server
 	lock         sync.Mutex
 	port         int
 }
 // NewManager creates a new Rosenpass manager
 func NewManager(preSharedKey *wgtypes.Key, wgIfaceName string) (*Manager, error) {
 	public, secret, err := rp.GenerateKeyPair()
 	if err != nil {
 		return nil, err
 	}
 	rpKeyHash := hashRosenpassKey(public)
 	log.Debugf("generated new rosenpass key pair with public key %s", rpKeyHash)
 	return &Manager{ifaceName: wgIfaceName, rpKeyHash: rpKeyHash, spk: public, ssk: secret, preSharedKey: (*[32]byte)(preSharedKey), rpPeerIDs: make(map[string]*rp.PeerID), lock: sync.Mutex{}}, nil
 }
 func (m *Manager) GetPubKey() []byte {
 	return m.spk
 }
 // GetAddress returns the address of the Rosenpass server
 func (m *Manager) GetAddress() *net.UDPAddr {
 	return &net.UDPAddr{Port: m.port}
 }
 // addPeer adds a new peer to the Rosenpass server
 func (m *Manager) addPeer(rosenpassPubKey []byte, rosenpassAddr string, wireGuardIP string, wireGuardPubKey string) error {
 	var err error
 	pcfg := rp.PeerConfig{PublicKey: rosenpassPubKey}
 	if m.preSharedKey != nil {
 		pcfg.PresharedKey = *m.preSharedKey
 	}
 	if bytes.Compare(m.spk, rosenpassPubKey) == 1 {
 		_, strPort, err := net.SplitHostPort(rosenpassAddr)
 		if err != nil {
 			return fmt.Errorf("failed to parse rosenpass address: %w", err)
 		}
 		peerAddr := fmt.Sprintf("%s:%s", wireGuardIP, strPort)
 		if pcfg.Endpoint, err = net.ResolveUDPAddr("udp", peerAddr); err != nil {
 			return fmt.Errorf("failed to resolve peer endpoint address: %w", err)
 		}
 	}
 	peerID, err := m.server.AddPeer(pcfg)
 	if err != nil {
 		return err
 	}
 	key, err := wgtypes.ParseKey(wireGuardPubKey)
 	if err != nil {
 		return err
 	}
 	m.rpWgHandler.AddPeer(peerID, m.ifaceName, rp.Key(key))
 	m.rpPeerIDs[wireGuardPubKey] = &peerID
 	return nil
 }
 // removePeer removes a peer from the Rosenpass server
 func (m *Manager) removePeer(wireGuardPubKey string) error {
 	err := m.server.RemovePeer(*m.rpPeerIDs[wireGuardPubKey])
 	if err != nil {
 		return err
 	}
 	m.rpWgHandler.RemovePeer(*m.rpPeerIDs[wireGuardPubKey])
 	return nil
 }
 func (m *Manager) generateConfig() (rp.Config, error) {
 	opts := &slog.HandlerOptions{
 		Level: slog.LevelDebug,
 	}
 	logger := slog.New(slog.NewTextHandler(os.Stdout, opts))
 	cfg := rp.Config{Logger: logger}
 	cfg.PublicKey = m.spk
 	cfg.SecretKey = m.ssk
 	cfg.Peers = []rp.PeerConfig{}
 	m.rpWgHandler, _ = NewNetbirdHandler(m.preSharedKey, m.ifaceName)
 	cfg.Handlers = []rp.Handler{m.rpWgHandler}
 	port, err := findRandomAvailableUDPPort()
 	if err != nil {
 		log.Errorf("could not determine a random port for rosenpass server. Error: %s", err)
 		return rp.Config{}, err
 	}
 	m.port = port
 	cfg.ListenAddrs = []*net.UDPAddr{m.GetAddress()}
 	return cfg, nil
 }
 func (m *Manager) OnDisconnected(peerKey string, wgIP string) {
 	m.lock.Lock()
 	defer m.lock.Unlock()
 	if _, ok := m.rpPeerIDs[peerKey]; !ok {
 		// if we didn't have this peer yet, just skip
 		return
 	}
 	err := m.removePeer(peerKey)
 	if err != nil {
 		log.Error("failed to remove rosenpass peer", err)
 	}
 	delete(m.rpPeerIDs, peerKey)
 }
 // Run starts the Rosenpass server
 func (m *Manager) Run() error {
 	conf, err := m.generateConfig()
 	if err != nil {
 		return err
 	}
 	m.server, err = rp.NewUDPServer(conf)
 	if err != nil {
 		return err
 	}
 	log.Infof("starting rosenpass server on port %d", m.port)
 	return m.server.Run()
 }
 // Close closes the Rosenpass server
 func (m *Manager) Close() error {
 	if m.server != nil {
 		err := m.server.Close()
 		if err != nil {
 			log.Errorf("failed closing local rosenpass server")
 		}
 		m.server = nil
 	}
 	return nil
 }
 // OnConnected is a handler function that is triggered when a connection to a remote peer establishes
 func (m *Manager) OnConnected(remoteWireGuardKey string, remoteRosenpassPubKey []byte, wireGuardIP string, remoteRosenpassAddr string) {
 	m.lock.Lock()
 	defer m.lock.Unlock()
 	if remoteRosenpassPubKey == nil {
 		log.Warnf("remote peer with public key %s does not support rosenpass", remoteWireGuardKey)
 		return
 	}
 	rpKeyHash := hashRosenpassKey(remoteRosenpassPubKey)
 	log.Debugf("received remote rosenpass key %s, my key %s", rpKeyHash, m.rpKeyHash)
 	err := m.addPeer(remoteRosenpassPubKey, remoteRosenpassAddr, wireGuardIP, remoteWireGuardKey)
 	if err != nil {
 		log.Errorf("failed to add rosenpass peer: %s", err)
 		return
 	}
 }
 func findRandomAvailableUDPPort() (int, error) {
 	conn, err := net.ListenUDP("udp", &net.UDPAddr{IP: net.IPv4zero, Port: 0})
 	if err != nil {
 		return 0, fmt.Errorf("could not find an available UDP port: %w", err)
 	}
 	defer conn.Close()
 	splitAddress := strings.Split(conn.LocalAddr().String(), ":")
 	return strconv.Atoi(splitAddress[len(splitAddress)-1])
 }
--- a/client/internal/rosenpass/netbird_handler.go
+++ b/client/internal/rosenpass/netbird_handler.go
@@ -0,0 +1,126 @@
 package rosenpass
 import (
 	"fmt"
 	"log/slog"
 	rp "cunicu.li/go-rosenpass"
 	log "github.com/sirupsen/logrus"
 	"golang.zx2c4.com/wireguard/wgctrl"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
 type wireGuardPeer struct {
 	Interface string
 	PublicKey rp.Key
 }
 type NetbirdHandler struct {
 	ifaceName    string
 	client       *wgctrl.Client
 	peers        map[rp.PeerID]wireGuardPeer
 	presharedKey [32]byte
 }
 func NewNetbirdHandler(preSharedKey *[32]byte, wgIfaceName string) (hdlr *NetbirdHandler, err error) {
 	hdlr = &NetbirdHandler{
 		ifaceName: wgIfaceName,
 		peers:     map[rp.PeerID]wireGuardPeer{},
 	}
 	if preSharedKey != nil {
 		hdlr.presharedKey = *preSharedKey
 	}
 	if hdlr.client, err = wgctrl.New(); err != nil {
 		return nil, fmt.Errorf("failed to creat WireGuard client: %w", err)
 	}
 	return hdlr, nil
 }
 func (h *NetbirdHandler) AddPeer(pid rp.PeerID, intf string, pk rp.Key) {
 	h.peers[pid] = wireGuardPeer{
 		Interface: intf,
 		PublicKey: pk,
 	}
 }
 func (h *NetbirdHandler) RemovePeer(pid rp.PeerID) {
 	delete(h.peers, pid)
 }
 func (h *NetbirdHandler) HandshakeCompleted(pid rp.PeerID, key rp.Key) {
 	log.Debug("Handshake complete")
 	h.outputKey(rp.KeyOutputReasonStale, pid, key)
 }
 func (h *NetbirdHandler) HandshakeExpired(pid rp.PeerID) {
 	key, _ := rp.GeneratePresharedKey()
 	log.Debug("Handshake expired")
 	h.outputKey(rp.KeyOutputReasonStale, pid, key)
 }
 func (h *NetbirdHandler) outputKey(_ rp.KeyOutputReason, pid rp.PeerID, psk rp.Key) {
 	wg, ok := h.peers[pid]
 	if !ok {
 		return
 	}
 	device, err := h.client.Device(h.ifaceName)
 	if err != nil {
 		log.Errorf("Failed to get WireGuard device: %v", err)
 		return
 	}
 	config := []wgtypes.PeerConfig{
 		{
 			UpdateOnly:   true,
 			PublicKey:    wgtypes.Key(wg.PublicKey),
 			PresharedKey: (*wgtypes.Key)(&psk),
 		},
 	}
 	for _, peer := range device.Peers {
 		if peer.PublicKey == wgtypes.Key(wg.PublicKey) {
 			if publicKeyEmpty(peer.PresharedKey) || peer.PresharedKey == h.presharedKey {
 				log.Debugf("Restart wireguard connection to peer %s", peer.PublicKey)
 				config = []wgtypes.PeerConfig{
 					{
 						PublicKey:    wgtypes.Key(wg.PublicKey),
 						PresharedKey: (*wgtypes.Key)(&psk),
 						Endpoint:     peer.Endpoint,
 						AllowedIPs:   peer.AllowedIPs,
 					},
 				}
 				err = h.client.ConfigureDevice(wg.Interface, wgtypes.Config{
 					Peers: []wgtypes.PeerConfig{
 						{
 							Remove:    true,
 							PublicKey: wgtypes.Key(wg.PublicKey),
 						},
 					},
 				})
 				if err != nil {
 					slog.Debug("Failed to remove peer")
 					return
 				}
 			}
 		}
 	}
 	if err = h.client.ConfigureDevice(wg.Interface, wgtypes.Config{
 		Peers: config,
 	}); err != nil {
 		log.Errorf("Failed to apply rosenpass key: %v", err)
 	}
 }
 func publicKeyEmpty(key wgtypes.Key) bool {
 	for _, b := range key {
 		if b != 0 {
 			return false
 		}
 	}
 	return true
 }
--- a/client/internal/routemanager/manager_test.go
+++ b/client/internal/routemanager/manager_test.go
@@ -7,7 +7,8 @@ import (
 	"runtime"
 	"testing"
-	"github.com/pion/transport/v2/stdnet"
+	"github.com/pion/transport/v3/stdnet"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"github.com/stretchr/testify/require"
@@ -399,12 +400,12 @@ func TestManagerUpdateRoutes(t *testing.T) {
 	for n, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-
+			peerPrivateKey, _ := wgtypes.GeneratePrivateKey()
 			newNet, err := stdnet.NewNet()
 			if err != nil {
 				t.Fatal(err)
 			}
-			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun43%d", n), "100.65.65.2/24", iface.DefaultMTU, nil, newNet)
+			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun43%d", n), "100.65.65.2/24", 33100, peerPrivateKey.String(), iface.DefaultMTU, newNet, nil)
 			require.NoError(t, err, "should create testing WGIface interface")
 			defer wgInterface.Close()
--- a/client/internal/routemanager/notifier.go
+++ b/client/internal/routemanager/notifier.go
@@ -45,7 +45,7 @@ func (n *notifier) onNewRoutes(idMap map[string][]*route.Route) {
 	}
 	sort.Strings(newNets)
-	if !n.hasDiff(n.routeRangers, newNets) {
+	if !n.hasDiff(n.initialRouteRangers, newNets) {
 		return
 	}
--- a/client/internal/routemanager/systemops_nonandroid_test.go
+++ b/client/internal/routemanager/systemops_nonandroid_test.go
@@ -11,9 +11,10 @@ import (
 	"strings"
 	"testing"
-	"github.com/pion/transport/v2/stdnet"
+	"github.com/pion/transport/v3/stdnet"
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/require"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"github.com/netbirdio/netbird/iface"
 )
@@ -41,11 +42,12 @@ func TestAddRemoveRoutes(t *testing.T) {
 	for n, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
 			peerPrivateKey, _ := wgtypes.GeneratePrivateKey()
 			newNet, err := stdnet.NewNet()
 			if err != nil {
 				t.Fatal(err)
 			}
-			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun53%d", n), "100.65.75.2/24", iface.DefaultMTU, nil, newNet)
+			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun53%d", n), "100.65.75.2/24", 33100, peerPrivateKey.String(), iface.DefaultMTU, newNet, nil)
 			require.NoError(t, err, "should create testing WGIface interface")
 			defer wgInterface.Close()
@@ -175,11 +177,12 @@ func TestAddExistAndRemoveRouteNonAndroid(t *testing.T) {
 			log.SetOutput(os.Stderr)
 		}()
 		t.Run(testCase.name, func(t *testing.T) {
 			peerPrivateKey, _ := wgtypes.GeneratePrivateKey()
 			newNet, err := stdnet.NewNet()
 			if err != nil {
 				t.Fatal(err)
 			}
-			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun53%d", n), "100.65.75.2/24", iface.DefaultMTU, nil, newNet)
+			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun53%d", n), "100.65.75.2/24", 33100, peerPrivateKey.String(), iface.DefaultMTU, newNet, nil)
 			require.NoError(t, err, "should create testing WGIface interface")
 			defer wgInterface.Close()
--- a/client/internal/stdnet/discover.go
+++ b/client/internal/stdnet/discover.go
@@ -1,6 +1,6 @@
 package stdnet
-import "github.com/pion/transport/v2"
+import "github.com/pion/transport/v3"
 // ExternalIFaceDiscover provide an option for external services (mobile)
 // to collect network interface information
--- a/client/internal/stdnet/discover_mobile.go
+++ b/client/internal/stdnet/discover_mobile.go
@@ -5,7 +5,7 @@ import (
 	"net"
 	"strings"
-	"github.com/pion/transport/v2"
+	"github.com/pion/transport/v3"
 	log "github.com/sirupsen/logrus"
 )
--- a/client/internal/stdnet/discover_pion.go
+++ b/client/internal/stdnet/discover_pion.go
@@ -3,7 +3,7 @@ package stdnet
 import (
 	"net"
-	"github.com/pion/transport/v2"
+	"github.com/pion/transport/v3"
 )
 type pionDiscover struct {
--- a/client/internal/stdnet/stdnet.go
+++ b/client/internal/stdnet/stdnet.go
@@ -6,8 +6,8 @@ package stdnet
 import (
 	"fmt"
-	"github.com/pion/transport/v2"
+	"github.com/pion/transport/v3"
-	"github.com/pion/transport/v2/stdnet"
+	"github.com/pion/transport/v3/stdnet"
 )
 // Net is an implementation of the net.Net interface
--- a/client/ios/NetBirdSDK/login.go
+++ b/client/ios/NetBirdSDK/login.go
@@ -73,9 +73,9 @@ func (a *Auth) SaveConfigIfSSOSupported() (bool, error) {
 	supportsSSO := true
 	err := a.withBackOff(a.ctx, func() (err error) {
 		_, err = internal.GetDeviceAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
-		if s, ok := gstatus.FromError(err); ok && s.Code() == codes.NotFound {
+		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.NotFound || s.Code() == codes.Unimplemented) {
 			_, err = internal.GetPKCEAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
-			if s, ok := gstatus.FromError(err); ok && s.Code() == codes.NotFound {
+			if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.NotFound || s.Code() == codes.Unimplemented) {
 				supportsSSO = false
 				err = nil
 			}
--- a/client/netbird.wxs
+++ b/client/netbird.wxs
@@ -20,6 +20,7 @@
 						<Shortcut Id="NetbirdStartMenuShortcut" Directory="StartMenuFolder" Name="NetBird" WorkingDirectory="NetbirdInstallDir" Icon="NetbirdIcon" />
 					</File>
 					<File ProcessorArchitecture="x64" Source=".\dist\netbird_windows_amd64\wintun.dll" />
 					<File ProcessorArchitecture="x64" Source=".\dist\netbird_windows_amd64\opengl32.dll" />
 					<ServiceInstall
                                     Id="NetBirdService"
--- a/client/proto/daemon.pb.go
+++ b/client/proto/daemon.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v4.23.4
+// 	protoc        v3.21.9
 // source: daemon.proto
 package proto
@@ -29,7 +29,10 @@ type LoginRequest struct {
 	// setupKey wiretrustee setup key.
 	SetupKey string `protobuf:"bytes,1,opt,name=setupKey,proto3" json:"setupKey,omitempty"`
-	// preSharedKey for wireguard setup.
+	// This is the old PreSharedKey field which will be deprecated in favor of optionalPreSharedKey field that is defined as optional
 	// to allow clearing of preshared key while being able to persist in the config file.
 	//
 	// Deprecated: Do not use.
 	PreSharedKey string `protobuf:"bytes,2,opt,name=preSharedKey,proto3" json:"preSharedKey,omitempty"`
 	// managementUrl to authenticate.
 	ManagementUrl string `protobuf:"bytes,3,opt,name=managementUrl,proto3" json:"managementUrl,omitempty"`
@@ -40,10 +43,14 @@ type LoginRequest struct {
 	// cleanNATExternalIPs clean map list of external IPs.
 	// This is needed because the generated code
 	// omits initialized empty slices due to omitempty tags
-	CleanNATExternalIPs  bool   `protobuf:"varint,6,opt,name=cleanNATExternalIPs,proto3" json:"cleanNATExternalIPs,omitempty"`
+	CleanNATExternalIPs  bool    `protobuf:"varint,6,opt,name=cleanNATExternalIPs,proto3" json:"cleanNATExternalIPs,omitempty"`
-	CustomDNSAddress     []byte `protobuf:"bytes,7,opt,name=customDNSAddress,proto3" json:"customDNSAddress,omitempty"`
+	CustomDNSAddress     []byte  `protobuf:"bytes,7,opt,name=customDNSAddress,proto3" json:"customDNSAddress,omitempty"`
-	IsLinuxDesktopClient bool   `protobuf:"varint,8,opt,name=isLinuxDesktopClient,proto3" json:"isLinuxDesktopClient,omitempty"`
+	IsLinuxDesktopClient bool    `protobuf:"varint,8,opt,name=isLinuxDesktopClient,proto3" json:"isLinuxDesktopClient,omitempty"`
-	Hostname             string `protobuf:"bytes,9,opt,name=hostname,proto3" json:"hostname,omitempty"`
+	Hostname             string  `protobuf:"bytes,9,opt,name=hostname,proto3" json:"hostname,omitempty"`
 	RosenpassEnabled     *bool   `protobuf:"varint,10,opt,name=rosenpassEnabled,proto3,oneof" json:"rosenpassEnabled,omitempty"`
 	InterfaceName        *string `protobuf:"bytes,11,opt,name=interfaceName,proto3,oneof" json:"interfaceName,omitempty"`
 	WireguardPort        *int64  `protobuf:"varint,12,opt,name=wireguardPort,proto3,oneof" json:"wireguardPort,omitempty"`
 	OptionalPreSharedKey *string `protobuf:"bytes,13,opt,name=optionalPreSharedKey,proto3,oneof" json:"optionalPreSharedKey,omitempty"`
 }
 func (x *LoginRequest) Reset() {
@@ -85,6 +92,7 @@ func (x *LoginRequest) GetSetupKey() string {
 	return ""
 }
 // Deprecated: Do not use.
 func (x *LoginRequest) GetPreSharedKey() string {
 	if x != nil {
 		return x.PreSharedKey
@@ -141,6 +149,34 @@ func (x *LoginRequest) GetHostname() string {
 	return ""
 }
 func (x *LoginRequest) GetRosenpassEnabled() bool {
 	if x != nil && x.RosenpassEnabled != nil {
 		return *x.RosenpassEnabled
 	}
 	return false
 }
 func (x *LoginRequest) GetInterfaceName() string {
 	if x != nil && x.InterfaceName != nil {
 		return *x.InterfaceName
 	}
 	return ""
 }
 func (x *LoginRequest) GetWireguardPort() int64 {
 	if x != nil && x.WireguardPort != nil {
 		return *x.WireguardPort
 	}
 	return 0
 }
 func (x *LoginRequest) GetOptionalPreSharedKey() string {
 	if x != nil && x.OptionalPreSharedKey != nil {
 		return *x.OptionalPreSharedKey
 	}
 	return ""
 }
 type LoginResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -697,15 +733,20 @@ type PeerState struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
-	IP                     string                 `protobuf:"bytes,1,opt,name=IP,proto3" json:"IP,omitempty"`
+	IP                         string                 `protobuf:"bytes,1,opt,name=IP,proto3" json:"IP,omitempty"`
-	PubKey                 string                 `protobuf:"bytes,2,opt,name=pubKey,proto3" json:"pubKey,omitempty"`
+	PubKey                     string                 `protobuf:"bytes,2,opt,name=pubKey,proto3" json:"pubKey,omitempty"`
-	ConnStatus             string                 `protobuf:"bytes,3,opt,name=connStatus,proto3" json:"connStatus,omitempty"`
+	ConnStatus                 string                 `protobuf:"bytes,3,opt,name=connStatus,proto3" json:"connStatus,omitempty"`
-	ConnStatusUpdate       *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=connStatusUpdate,proto3" json:"connStatusUpdate,omitempty"`
+	ConnStatusUpdate           *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=connStatusUpdate,proto3" json:"connStatusUpdate,omitempty"`
-	Relayed                bool                   `protobuf:"varint,5,opt,name=relayed,proto3" json:"relayed,omitempty"`
+	Relayed                    bool                   `protobuf:"varint,5,opt,name=relayed,proto3" json:"relayed,omitempty"`
-	Direct                 bool                   `protobuf:"varint,6,opt,name=direct,proto3" json:"direct,omitempty"`
+	Direct                     bool                   `protobuf:"varint,6,opt,name=direct,proto3" json:"direct,omitempty"`
-	LocalIceCandidateType  string                 `protobuf:"bytes,7,opt,name=localIceCandidateType,proto3" json:"localIceCandidateType,omitempty"`
+	LocalIceCandidateType      string                 `protobuf:"bytes,7,opt,name=localIceCandidateType,proto3" json:"localIceCandidateType,omitempty"`
-	RemoteIceCandidateType string                 `protobuf:"bytes,8,opt,name=remoteIceCandidateType,proto3" json:"remoteIceCandidateType,omitempty"`
+	RemoteIceCandidateType     string                 `protobuf:"bytes,8,opt,name=remoteIceCandidateType,proto3" json:"remoteIceCandidateType,omitempty"`
-	Fqdn                   string                 `protobuf:"bytes,9,opt,name=fqdn,proto3" json:"fqdn,omitempty"`
+	Fqdn                       string                 `protobuf:"bytes,9,opt,name=fqdn,proto3" json:"fqdn,omitempty"`
 	LocalIceCandidateEndpoint  string                 `protobuf:"bytes,10,opt,name=localIceCandidateEndpoint,proto3" json:"localIceCandidateEndpoint,omitempty"`
 	RemoteIceCandidateEndpoint string                 `protobuf:"bytes,11,opt,name=remoteIceCandidateEndpoint,proto3" json:"remoteIceCandidateEndpoint,omitempty"`
 	LastWireguardHandshake     *timestamppb.Timestamp `protobuf:"bytes,12,opt,name=lastWireguardHandshake,proto3" json:"lastWireguardHandshake,omitempty"`
 	BytesRx                    int64                  `protobuf:"varint,13,opt,name=bytesRx,proto3" json:"bytesRx,omitempty"`
 	BytesTx                    int64                  `protobuf:"varint,14,opt,name=bytesTx,proto3" json:"bytesTx,omitempty"`
 }
 func (x *PeerState) Reset() {
@@ -803,6 +844,41 @@ func (x *PeerState) GetFqdn() string {
 	return ""
 }
 func (x *PeerState) GetLocalIceCandidateEndpoint() string {
 	if x != nil {
 		return x.LocalIceCandidateEndpoint
 	}
 	return ""
 }
 func (x *PeerState) GetRemoteIceCandidateEndpoint() string {
 	if x != nil {
 		return x.RemoteIceCandidateEndpoint
 	}
 	return ""
 }
 func (x *PeerState) GetLastWireguardHandshake() *timestamppb.Timestamp {
 	if x != nil {
 		return x.LastWireguardHandshake
 	}
 	return nil
 }
 func (x *PeerState) GetBytesRx() int64 {
 	if x != nil {
 		return x.BytesRx
 	}
 	return 0
 }
 func (x *PeerState) GetBytesTx() int64 {
 	if x != nil {
 		return x.BytesTx
 	}
 	return 0
 }
 // LocalPeerState contains the latest state of the local peer
 type LocalPeerState struct {
 	state         protoimpl.MessageState
@@ -883,6 +959,7 @@ type SignalState struct {
 	URL       string `protobuf:"bytes,1,opt,name=URL,proto3" json:"URL,omitempty"`
 	Connected bool   `protobuf:"varint,2,opt,name=connected,proto3" json:"connected,omitempty"`
 	Error     string `protobuf:"bytes,3,opt,name=error,proto3" json:"error,omitempty"`
 }
 func (x *SignalState) Reset() {
@@ -931,6 +1008,13 @@ func (x *SignalState) GetConnected() bool {
 	return false
 }
 func (x *SignalState) GetError() string {
 	if x != nil {
 		return x.Error
 	}
 	return ""
 }
 // ManagementState contains the latest state of a management connection
 type ManagementState struct {
 	state         protoimpl.MessageState
@@ -939,6 +1023,7 @@ type ManagementState struct {
 	URL       string `protobuf:"bytes,1,opt,name=URL,proto3" json:"URL,omitempty"`
 	Connected bool   `protobuf:"varint,2,opt,name=connected,proto3" json:"connected,omitempty"`
 	Error     string `protobuf:"bytes,3,opt,name=error,proto3" json:"error,omitempty"`
 }
 func (x *ManagementState) Reset() {
@@ -987,6 +1072,77 @@ func (x *ManagementState) GetConnected() bool {
 	return false
 }
 func (x *ManagementState) GetError() string {
 	if x != nil {
 		return x.Error
 	}
 	return ""
 }
 // RelayState contains the latest state of the relay
 type RelayState struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 	URI       string `protobuf:"bytes,1,opt,name=URI,proto3" json:"URI,omitempty"`
 	Available bool   `protobuf:"varint,2,opt,name=available,proto3" json:"available,omitempty"`
 	Error     string `protobuf:"bytes,3,opt,name=error,proto3" json:"error,omitempty"`
 }
 func (x *RelayState) Reset() {
 	*x = RelayState{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_daemon_proto_msgTypes[16]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
 }
 func (x *RelayState) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*RelayState) ProtoMessage() {}
 func (x *RelayState) ProtoReflect() protoreflect.Message {
 	mi := &file_daemon_proto_msgTypes[16]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use RelayState.ProtoReflect.Descriptor instead.
 func (*RelayState) Descriptor() ([]byte, []int) {
 	return file_daemon_proto_rawDescGZIP(), []int{16}
 }
 func (x *RelayState) GetURI() string {
 	if x != nil {
 		return x.URI
 	}
 	return ""
 }
 func (x *RelayState) GetAvailable() bool {
 	if x != nil {
 		return x.Available
 	}
 	return false
 }
 func (x *RelayState) GetError() string {
 	if x != nil {
 		return x.Error
 	}
 	return ""
 }
 // FullStatus contains the full state held by the Status instance
 type FullStatus struct {
 	state         protoimpl.MessageState
@@ -997,12 +1153,13 @@ type FullStatus struct {
 	SignalState     *SignalState     `protobuf:"bytes,2,opt,name=signalState,proto3" json:"signalState,omitempty"`
 	LocalPeerState  *LocalPeerState  `protobuf:"bytes,3,opt,name=localPeerState,proto3" json:"localPeerState,omitempty"`
 	Peers           []*PeerState     `protobuf:"bytes,4,rep,name=peers,proto3" json:"peers,omitempty"`
 	Relays          []*RelayState    `protobuf:"bytes,5,rep,name=relays,proto3" json:"relays,omitempty"`
 }
 func (x *FullStatus) Reset() {
 	*x = FullStatus{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_daemon_proto_msgTypes[16]
+		mi := &file_daemon_proto_msgTypes[17]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1015,7 +1172,7 @@ func (x *FullStatus) String() string {
 func (*FullStatus) ProtoMessage() {}
 func (x *FullStatus) ProtoReflect() protoreflect.Message {
-	mi := &file_daemon_proto_msgTypes[16]
+	mi := &file_daemon_proto_msgTypes[17]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1028,7 +1185,7 @@ func (x *FullStatus) ProtoReflect() protoreflect.Message {
 // Deprecated: Use FullStatus.ProtoReflect.Descriptor instead.
 func (*FullStatus) Descriptor() ([]byte, []int) {
-	return file_daemon_proto_rawDescGZIP(), []int{16}
+	return file_daemon_proto_rawDescGZIP(), []int{17}
 }
 func (x *FullStatus) GetManagementState() *ManagementState {
@@ -1059,6 +1216,13 @@ func (x *FullStatus) GetPeers() []*PeerState {
 	return nil
 }
 func (x *FullStatus) GetRelays() []*RelayState {
 	if x != nil {
 		return x.Relays
 	}
 	return nil
 }
 var File_daemon_proto protoreflect.FileDescriptor
 var file_daemon_proto_rawDesc = []byte{
@@ -1067,153 +1231,197 @@ var file_daemon_proto_rawDesc = []byte{
 	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
 	0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
 	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74,
-	0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe6, 0x02, 0x0a, 0x0c, 0x4c, 0x6f,
+	0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xfc, 0x04, 0x0a, 0x0c, 0x4c, 0x6f,
 	0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65,
 	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65,
-	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61,
+	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x12, 0x26, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61,
-	0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72,
+	0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01,
-	0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x0a, 0x0d, 0x6d, 0x61,
+	0x52, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x24,
-	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0a, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x18,
-	0x09, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c,
+	0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
-	0x12, 0x1a, 0x0a, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x18, 0x04, 0x20, 0x01,
+	0x74, 0x55, 0x72, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c,
-	0x28, 0x09, 0x52, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x12, 0x26, 0x0a, 0x0e,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c,
-	0x6e, 0x61, 0x74, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, 0x18, 0x05,
+	0x12, 0x26, 0x0a, 0x0e, 0x6e, 0x61, 0x74, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49,
-	0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x6e, 0x61, 0x74, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x50, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x6e, 0x61, 0x74, 0x45, 0x78, 0x74,
-	0x6c, 0x49, 0x50, 0x73, 0x12, 0x30, 0x0a, 0x13, 0x63, 0x6c, 0x65, 0x61, 0x6e, 0x4e, 0x41, 0x54,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, 0x12, 0x30, 0x0a, 0x13, 0x63, 0x6c, 0x65, 0x61,
-	0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x6e, 0x4e, 0x41, 0x54, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, 0x18,
-	0x08, 0x52, 0x13, 0x63, 0x6c, 0x65, 0x61, 0x6e, 0x4e, 0x41, 0x54, 0x45, 0x78, 0x74, 0x65, 0x72,
+	0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x63, 0x6c, 0x65, 0x61, 0x6e, 0x4e, 0x41, 0x54, 0x45,
-	0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d,
+	0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x63, 0x75,
-	0x44, 0x4e, 0x53, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c,
+	0x73, 0x74, 0x6f, 0x6d, 0x44, 0x4e, 0x53, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x07,
-	0x52, 0x10, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x44, 0x4e, 0x53, 0x41, 0x64, 0x64, 0x72, 0x65,
+	0x20, 0x01, 0x28, 0x0c, 0x52, 0x10, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x44, 0x4e, 0x53, 0x41,
-	0x73, 0x73, 0x12, 0x32, 0x0a, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x44, 0x65, 0x73,
+	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x32, 0x0a, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75,
-	0x6b, 0x74, 0x6f, 0x70, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08,
+	0x78, 0x44, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x08,
-	0x52, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x44, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x44, 0x65, 0x73,
-	0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
+	0x6b, 0x74, 0x6f, 0x70, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f,
-	0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
+	0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f,
-	0x6d, 0x65, 0x22, 0xb5, 0x01, 0x0a, 0x0d, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2f, 0x0a, 0x10, 0x72, 0x6f, 0x73, 0x65, 0x6e, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f,
+	0x61, 0x73, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08,
-	0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x65, 0x65,
+	0x48, 0x00, 0x52, 0x10, 0x72, 0x6f, 0x73, 0x65, 0x6e, 0x70, 0x61, 0x73, 0x73, 0x45, 0x6e, 0x61,
-	0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73,
+	0x62, 0x6c, 0x65, 0x64, 0x88, 0x01, 0x01, 0x12, 0x29, 0x0a, 0x0d, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73,
+	0x66, 0x61, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x48, 0x01,
-	0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69,
+	0x52, 0x0d, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x88,
-	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x01, 0x01, 0x12, 0x29, 0x0a, 0x0d, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50,
-	0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49,
+	0x6f, 0x72, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x03, 0x48, 0x02, 0x52, 0x0d, 0x77, 0x69, 0x72,
-	0x12, 0x38, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x88, 0x01, 0x01, 0x12, 0x37, 0x0a,
-	0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x14, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72,
-	0x09, 0x52, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55,
+	0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x48, 0x03, 0x52, 0x14, 0x6f,
-	0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x22, 0x4d, 0x0a, 0x13, 0x57, 0x61,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64,
-	0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x4b, 0x65, 0x79, 0x88, 0x01, 0x01, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x72, 0x6f, 0x73, 0x65, 0x6e,
-	0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20,
+	0x70, 0x61, 0x73, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x42, 0x10, 0x0a, 0x0e, 0x5f,
-	0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x10, 0x0a,
-	0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0e, 0x5f, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x42,
-	0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x16, 0x0a, 0x14, 0x57, 0x61, 0x69,
+	0x17, 0x0a, 0x15, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x65, 0x53,
-	0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x22, 0xb5, 0x01, 0x0a, 0x0d, 0x4c, 0x6f, 0x67,
-	0x65, 0x22, 0x0b, 0x0a, 0x09, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0c,
+	0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6e, 0x65,
-	0x0a, 0x0a, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3d, 0x0a, 0x0d,
+	0x65, 0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2c, 0x0a,
+	0x08, 0x52, 0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e,
-	0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74,
+	0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01,
-	0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c,
+	0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0f,
-	0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x82, 0x01, 0x0a, 0x0e,
+	0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x18,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16,
+	0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
+	0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x12, 0x38, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69,
-	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x32, 0x0a, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74,
+	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x61, 0x65,
+	0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0a,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65,
-	0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x64, 0x61,
+	0x22, 0x4d, 0x0a, 0x13, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e,
-	0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43,
-	0x09, 0x52, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+	0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43,
-	0x22, 0x0d, 0x0a, 0x0b, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22,
+	0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18,
-	0x0e, 0x0a, 0x0c, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x22,
-	0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75,
+	0x16, 0x0a, 0x14, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
-	0x65, 0x73, 0x74, 0x22, 0xb3, 0x01, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0b, 0x0a, 0x09, 0x55, 0x70, 0x52, 0x65, 0x71,
-	0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6d, 0x61, 0x6e,
+	0x75, 0x65, 0x73, 0x74, 0x22, 0x0c, 0x0a, 0x0a, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x73, 0x65, 0x22, 0x3d, 0x0a, 0x0d, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75,
-	0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x12,
+	0x65, 0x73, 0x74, 0x12, 0x2c, 0x0a, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50, 0x65,
-	0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20,
+	0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11,
-	0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12,
+	0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75,
-	0x18, 0x0a, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
+	0x73, 0x22, 0x82, 0x01, 0x0a, 0x0e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70,
-	0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65,
+	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01,
-	0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x32, 0x0a, 0x0a,
-	0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a,
+	0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
-	0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x32, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74,
-	0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x22, 0xcf, 0x02, 0x0a, 0x09, 0x50, 0x65,
+	0x61, 0x74, 0x75, 0x73, 0x52, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20,
+	0x12, 0x24, 0x0a, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
-	0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65,
+	0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x56,
-	0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x0d, 0x0a, 0x0b, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65,
-	0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0e, 0x0a, 0x0c, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73,
-	0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66,
-	0x46, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64,
+	0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xb3, 0x01, 0x0a, 0x11, 0x47, 0x65,
-	0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
+	0x24, 0x0a, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c,
-	0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
-	0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79,
+	0x6e, 0x74, 0x55, 0x72, 0x6c, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46,
-	0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65,
+	0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x64, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65,
-	0x08, 0x52, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x34, 0x0a, 0x15, 0x6c, 0x6f, 0x63,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12,
-	0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79,
+	0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18,
-	0x70, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49,
+	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64,
-	0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12,
+	0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x18,
-	0x36, 0x0a, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64,
+	0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x22,
-	0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0xd5, 0x04, 0x0a, 0x09, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a,
 	0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64,
 	0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18,
 	0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22, 0x76, 0x0a, 0x0e, 0x4c,
 	0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a,
 	0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a,
 	0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70,
-	0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x28, 0x0a, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49,
+	0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61,
-	0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f,
+	0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53,
-	0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12,
+	0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x46, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61,
-	0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66,
+	0x74, 0x75, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x71, 0x64, 0x6e, 0x22, 0x3d, 0x0a, 0x0b, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61,
+	0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x6f, 0x6e,
-	0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65,
+	0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a,
-	0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07,
-	0x65, 0x64, 0x22, 0x41, 0x0a, 0x0f, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74,
+	0x72, 0x65, 0x6c, 0x61, 0x79, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63,
-	0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01,
+	0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12,
-	0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x34, 0x0a, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69,
-	0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e,
+	0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15,
-	0x65, 0x63, 0x74, 0x65, 0x64, 0x22, 0xef, 0x01, 0x0a, 0x0a, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74,
+	0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
+	0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x36, 0x0a, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49,
-	0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e,
+	0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x18,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
+	0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65,
-	0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
+	0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a,
-	0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x35, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61,
+	0x04, 0x66, 0x71, 0x64, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64,
-	0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64,
+	0x6e, 0x12, 0x3c, 0x0a, 0x19, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e,
-	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74,
+	0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x0a,
-	0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3e,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x19, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61,
-	0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65,
+	0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x3e, 0x0a, 0x1a, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64,
-	0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e,
+	0x69, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x0b, 0x20,
-	0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27,
+	0x01, 0x28, 0x09, 0x52, 0x1a, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61,
-	0x0a, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e,
+	0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65,
+	0x52, 0x0a, 0x16, 0x6c, 0x61, 0x73, 0x74, 0x57, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64,
-	0x52, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x32, 0xf7, 0x02, 0x0a, 0x0d, 0x44, 0x61, 0x65, 0x6d,
+	0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x36, 0x0a, 0x05, 0x4c, 0x6f, 0x67,
+	0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69,
+	0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x16, 0x6c, 0x61, 0x73,
-	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
+	0x74, 0x57, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68,
-	0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x61, 0x6b, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x79, 0x74, 0x65, 0x73, 0x52, 0x78, 0x18, 0x0d,
-	0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69,
+	0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x62, 0x79, 0x74, 0x65, 0x73, 0x52, 0x78, 0x12, 0x18, 0x0a,
-	0x6e, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53,
+	0x07, 0x62, 0x79, 0x74, 0x65, 0x73, 0x54, 0x78, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07,
-	0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c,
+	0x62, 0x79, 0x74, 0x65, 0x73, 0x54, 0x78, 0x22, 0x76, 0x0a, 0x0e, 0x4c, 0x6f, 0x63, 0x61, 0x6c,
-	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c,
+	0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18,
-	0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2d,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62,
-	0x0a, 0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70,
+	0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
+	0x79, 0x12, 0x28, 0x0a, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72,
-	0x2e, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x39, 0x0a,
+	0x66, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6b, 0x65, 0x72, 0x6e,
-	0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
+	0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66,
-	0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16,
+	0x71, 0x64, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22,
-	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65,
+	0x53, 0x0a, 0x0b, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x33, 0x0a, 0x04, 0x44, 0x6f, 0x77, 0x6e,
+	0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c,
-	0x12, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65,
+	0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44,
+	0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x12, 0x14,
-	0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x42, 0x0a,
+	0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65,
-	0x09, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x2e, 0x64, 0x61, 0x65,
+	0x72, 0x72, 0x6f, 0x72, 0x22, 0x57, 0x0a, 0x0f, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71,
+	0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e,
-	0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f,
-	0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72,
-	0x74, 0x6f, 0x33,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0x52, 0x0a,
 	0x0a, 0x52, 0x65, 0x6c, 0x61, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55,
 	0x52, 0x49, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x49, 0x12, 0x1c, 0x0a,
 	0x09, 0x61, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
 	0x52, 0x09, 0x61, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65,
 	0x72, 0x72, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f,
 	0x72, 0x22, 0x9b, 0x02, 0x0a, 0x0a, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
 	0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74,
 	0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x64, 0x61, 0x65, 0x6d,
 	0x6f, 0x6e, 0x2e, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61,
 	0x74, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74,
 	0x61, 0x74, 0x65, 0x12, 0x35, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61,
 	0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
 	0x6e, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x73,
 	0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3e, 0x0a, 0x0e, 0x6c, 0x6f,
 	0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01,
 	0x28, 0x0b, 0x32, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x63, 0x61,
 	0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e, 0x6c, 0x6f, 0x63, 0x61,
 	0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27, 0x0a, 0x05, 0x70, 0x65,
 	0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d,
 	0x6f, 0x6e, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x70, 0x65,
 	0x65, 0x72, 0x73, 0x12, 0x2a, 0x0a, 0x06, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x73, 0x18, 0x05, 0x20,
 	0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x65, 0x6c,
 	0x61, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x06, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x73, 0x32,
 	0xf7, 0x02, 0x0a, 0x0d, 0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
 	0x65, 0x12, 0x36, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65,
 	0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
 	0x1a, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
 	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69,
 	0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d,
 	0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
 	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
 	0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
 	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2d, 0x0a, 0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64,
 	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
 	0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f,
 	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
 	0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52,
 	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
 	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
 	0x12, 0x33, 0x0a, 0x04, 0x44, 0x6f, 0x77, 0x6e, 0x12, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
 	0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e,
 	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
 	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x42, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66,
 	0x69, 0x67, 0x12, 0x18, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43,
 	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64,
 	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
 	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72,
 	0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 var (
@@ -1228,7 +1436,7 @@ func file_daemon_proto_rawDescGZIP() []byte {
 	return file_daemon_proto_rawDescData
 }
-var file_daemon_proto_msgTypes = make([]protoimpl.MessageInfo, 17)
+var file_daemon_proto_msgTypes = make([]protoimpl.MessageInfo, 18)
 var file_daemon_proto_goTypes = []interface{}{
 	(*LoginRequest)(nil),          // 0: daemon.LoginRequest
 	(*LoginResponse)(nil),         // 1: daemon.LoginResponse
@@ -1246,33 +1454,36 @@ var file_daemon_proto_goTypes = []interface{}{
 	(*LocalPeerState)(nil),        // 13: daemon.LocalPeerState
 	(*SignalState)(nil),           // 14: daemon.SignalState
 	(*ManagementState)(nil),       // 15: daemon.ManagementState
-	(*FullStatus)(nil),            // 16: daemon.FullStatus
+	(*RelayState)(nil),            // 16: daemon.RelayState
-	(*timestamppb.Timestamp)(nil), // 17: google.protobuf.Timestamp
+	(*FullStatus)(nil),            // 17: daemon.FullStatus
 	(*timestamppb.Timestamp)(nil), // 18: google.protobuf.Timestamp
 }
 var file_daemon_proto_depIdxs = []int32{
-	16, // 0: daemon.StatusResponse.fullStatus:type_name -> daemon.FullStatus
+	17, // 0: daemon.StatusResponse.fullStatus:type_name -> daemon.FullStatus
-	17, // 1: daemon.PeerState.connStatusUpdate:type_name -> google.protobuf.Timestamp
+	18, // 1: daemon.PeerState.connStatusUpdate:type_name -> google.protobuf.Timestamp
-	15, // 2: daemon.FullStatus.managementState:type_name -> daemon.ManagementState
+	18, // 2: daemon.PeerState.lastWireguardHandshake:type_name -> google.protobuf.Timestamp
-	14, // 3: daemon.FullStatus.signalState:type_name -> daemon.SignalState
+	15, // 3: daemon.FullStatus.managementState:type_name -> daemon.ManagementState
-	13, // 4: daemon.FullStatus.localPeerState:type_name -> daemon.LocalPeerState
+	14, // 4: daemon.FullStatus.signalState:type_name -> daemon.SignalState
-	12, // 5: daemon.FullStatus.peers:type_name -> daemon.PeerState
+	13, // 5: daemon.FullStatus.localPeerState:type_name -> daemon.LocalPeerState
-	0,  // 6: daemon.DaemonService.Login:input_type -> daemon.LoginRequest
+	12, // 6: daemon.FullStatus.peers:type_name -> daemon.PeerState
-	2,  // 7: daemon.DaemonService.WaitSSOLogin:input_type -> daemon.WaitSSOLoginRequest
+	16, // 7: daemon.FullStatus.relays:type_name -> daemon.RelayState
-	4,  // 8: daemon.DaemonService.Up:input_type -> daemon.UpRequest
+	0,  // 8: daemon.DaemonService.Login:input_type -> daemon.LoginRequest
-	6,  // 9: daemon.DaemonService.Status:input_type -> daemon.StatusRequest
+	2,  // 9: daemon.DaemonService.WaitSSOLogin:input_type -> daemon.WaitSSOLoginRequest
-	8,  // 10: daemon.DaemonService.Down:input_type -> daemon.DownRequest
+	4,  // 10: daemon.DaemonService.Up:input_type -> daemon.UpRequest
-	10, // 11: daemon.DaemonService.GetConfig:input_type -> daemon.GetConfigRequest
+	6,  // 11: daemon.DaemonService.Status:input_type -> daemon.StatusRequest
-	1,  // 12: daemon.DaemonService.Login:output_type -> daemon.LoginResponse
+	8,  // 12: daemon.DaemonService.Down:input_type -> daemon.DownRequest
-	3,  // 13: daemon.DaemonService.WaitSSOLogin:output_type -> daemon.WaitSSOLoginResponse
+	10, // 13: daemon.DaemonService.GetConfig:input_type -> daemon.GetConfigRequest
-	5,  // 14: daemon.DaemonService.Up:output_type -> daemon.UpResponse
+	1,  // 14: daemon.DaemonService.Login:output_type -> daemon.LoginResponse
-	7,  // 15: daemon.DaemonService.Status:output_type -> daemon.StatusResponse
+	3,  // 15: daemon.DaemonService.WaitSSOLogin:output_type -> daemon.WaitSSOLoginResponse
-	9,  // 16: daemon.DaemonService.Down:output_type -> daemon.DownResponse
+	5,  // 16: daemon.DaemonService.Up:output_type -> daemon.UpResponse
-	11, // 17: daemon.DaemonService.GetConfig:output_type -> daemon.GetConfigResponse
+	7,  // 17: daemon.DaemonService.Status:output_type -> daemon.StatusResponse
-	12, // [12:18] is the sub-list for method output_type
+	9,  // 18: daemon.DaemonService.Down:output_type -> daemon.DownResponse
-	6,  // [6:12] is the sub-list for method input_type
+	11, // 19: daemon.DaemonService.GetConfig:output_type -> daemon.GetConfigResponse
-	6,  // [6:6] is the sub-list for extension type_name
+	14, // [14:20] is the sub-list for method output_type
-	6,  // [6:6] is the sub-list for extension extendee
+	8,  // [8:14] is the sub-list for method input_type
-	0,  // [0:6] is the sub-list for field type_name
+	8,  // [8:8] is the sub-list for extension type_name
 	8,  // [8:8] is the sub-list for extension extendee
 	0,  // [0:8] is the sub-list for field type_name
 }
 func init() { file_daemon_proto_init() }
@@ -1474,6 +1685,18 @@ func file_daemon_proto_init() {
 			}
 		}
 		file_daemon_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*RelayState); i {
 			case 0:
 				return &v.state
 			case 1:
 				return &v.sizeCache
 			case 2:
 				return &v.unknownFields
 			default:
 				return nil
 			}
 		}
 		file_daemon_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*FullStatus); i {
 			case 0:
 				return &v.state
@@ -1486,13 +1709,14 @@ func file_daemon_proto_init() {
 			}
 		}
 	}
 	file_daemon_proto_msgTypes[0].OneofWrappers = []interface{}{}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_daemon_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   17,
+			NumMessages:   18,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
--- a/client/proto/daemon.proto
+++ b/client/proto/daemon.proto
@@ -32,8 +32,9 @@ message LoginRequest {
  // setupKey wiretrustee setup key.
  string setupKey = 1;
-  // preSharedKey for wireguard setup.
+  // This is the old PreSharedKey field which will be deprecated in favor of optionalPreSharedKey field that is defined as optional
-  string preSharedKey = 2;
+  // to allow clearing of preshared key while being able to persist in the config file.
  string preSharedKey = 2 [deprecated=true];
  // managementUrl to authenticate.
  string managementUrl = 3;
@@ -54,6 +55,14 @@ message LoginRequest {
  bool isLinuxDesktopClient = 8;
  string hostname = 9;
  optional bool rosenpassEnabled = 10;
  optional string interfaceName = 11;
  optional int64 wireguardPort = 12;
  optional string optionalPreSharedKey = 13;
 }
 message LoginResponse {
@@ -118,15 +127,20 @@ message PeerState {
  bool relayed = 5;
  bool direct = 6;
  string localIceCandidateType = 7;
-  string remoteIceCandidateType =8;
+  string remoteIceCandidateType = 8;
  string fqdn = 9;
  string localIceCandidateEndpoint = 10;
  string remoteIceCandidateEndpoint = 11;
  google.protobuf.Timestamp lastWireguardHandshake = 12;
  int64 bytesRx = 13;
  int64 bytesTx = 14;
 }
 // LocalPeerState contains the latest state of the local peer
 message LocalPeerState {
  string IP = 1;
  string pubKey = 2;
-  bool  kernelInterface =3;
+  bool  kernelInterface = 3;
  string fqdn = 4;
 }
@@ -134,17 +148,28 @@ message LocalPeerState {
 message SignalState {
  string URL = 1;
  bool connected = 2;
  string error = 3;
 }
 // ManagementState contains the latest state of a management connection
 message ManagementState {
  string URL = 1;
  bool connected = 2;
  string error = 3;
 }
 // RelayState contains the latest state of the relay
 message RelayState {
  string URI = 1;
  bool available = 2;
  string error = 3;
 }
 // FullStatus contains the full state held by the Status instance
 message FullStatus {
-    ManagementState managementState = 1;
+  ManagementState managementState = 1;
-    SignalState     signalState = 2;
+  SignalState     signalState = 2;
-    LocalPeerState  localPeerState = 3;
+  LocalPeerState  localPeerState = 3;
-    repeated PeerState peers = 4;
+  repeated PeerState peers = 4;
  repeated RelayState relays = 5;
 }
--- a/client/proto/generate.sh
+++ b/client/proto/generate.sh
@@ -13,5 +13,5 @@ script_path=$(dirname $(realpath "$0"))
 cd "$script_path"
 go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26
 go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.1
-protoc -I ./ ./daemon.proto --go_out=../ --go-grpc_out=../
+protoc -I ./ ./daemon.proto --go_out=../ --go-grpc_out=../ --experimental_allow_proto3_optional
 cd "$old_pwd"
--- a/client/server/server.go
+++ b/client/server/server.go
@@ -21,6 +21,8 @@ import (
 	"github.com/netbirdio/netbird/version"
 )
 const probeThreshold = time.Second * 5
 // Server for service control.
 type Server struct {
 	rootCtx   context.Context
@@ -37,6 +39,12 @@ type Server struct {
 	proto.UnimplementedDaemonServiceServer
 	statusRecorder *peer.Status
 	mgmProbe    *internal.Probe
 	signalProbe *internal.Probe
 	relayProbe  *internal.Probe
 	wgProbe     *internal.Probe
 	lastProbe   time.Time
 }
 type oauthAuthFlow struct {
@@ -53,7 +61,11 @@ func New(ctx context.Context, configPath, logFile string) *Server {
 		latestConfigInput: internal.ConfigInput{
 			ConfigPath: configPath,
 		},
-		logFile: logFile,
+		logFile:     logFile,
 		mgmProbe:    internal.NewProbe(),
 		signalProbe: internal.NewProbe(),
 		relayProbe:  internal.NewProbe(),
 		wgProbe:     internal.NewProbe(),
 	}
 }
@@ -94,7 +106,7 @@ func (s *Server) Start() error {
 	}
 	// if configuration exists, we just start connections.
-	config, _ = internal.UpdateOldManagementPort(ctx, config, s.latestConfigInput.ConfigPath)
+	config, _ = internal.UpdateOldManagementURL(ctx, config, s.latestConfigInput.ConfigPath)
 	s.config = config
@@ -105,7 +117,7 @@ func (s *Server) Start() error {
 	}
 	go func() {
-		if err := internal.RunClient(ctx, config, s.statusRecorder); err != nil {
+		if err := internal.RunClientWithProbes(ctx, config, s.statusRecorder, s.mgmProbe, s.signalProbe, s.relayProbe, s.wgProbe); err != nil {
 			log.Errorf("init connections: %v", err)
 		}
 	}()
@@ -187,9 +199,27 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 		ctx = context.WithValue(ctx, system.DeviceNameCtxKey, msg.Hostname)
 	}
 	if msg.RosenpassEnabled != nil {
 		inputConfig.RosenpassEnabled = msg.RosenpassEnabled
 		s.latestConfigInput.RosenpassEnabled = msg.RosenpassEnabled
 	}
 	if msg.InterfaceName != nil {
 		inputConfig.InterfaceName = msg.InterfaceName
 		s.latestConfigInput.InterfaceName = msg.InterfaceName
 	}
 	if msg.WireguardPort != nil {
 		port := int(*msg.WireguardPort)
 		inputConfig.WireguardPort = &port
 		s.latestConfigInput.WireguardPort = &port
 	}
 	s.mutex.Unlock()
-	inputConfig.PreSharedKey = &msg.PreSharedKey
+	if msg.OptionalPreSharedKey != nil {
 		inputConfig.PreSharedKey = msg.OptionalPreSharedKey
 	}
 	config, err := internal.UpdateOrCreateConfig(inputConfig)
 	if err != nil {
@@ -197,7 +227,7 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 	}
 	if msg.ManagementUrl == "" {
-		config, _ = internal.UpdateOldManagementPort(ctx, config, s.latestConfigInput.ConfigPath)
+		config, _ = internal.UpdateOldManagementURL(ctx, config, s.latestConfigInput.ConfigPath)
 		s.config = config
 		s.latestConfigInput.ManagementURL = config.ManagementURL.String()
 	}
@@ -391,7 +421,7 @@ func (s *Server) Up(callerCtx context.Context, _ *proto.UpRequest) (*proto.UpRes
 	}
 	go func() {
-		if err := internal.RunClient(ctx, s.config, s.statusRecorder); err != nil {
+		if err := internal.RunClientWithProbes(ctx, s.config, s.statusRecorder, s.mgmProbe, s.signalProbe, s.relayProbe, s.wgProbe); err != nil {
 			log.Errorf("run client connection: %v", err)
 			return
 		}
@@ -415,7 +445,7 @@ func (s *Server) Down(_ context.Context, _ *proto.DownRequest) (*proto.DownRespo
 	return &proto.DownResponse{}, nil
 }
-// Status starts engine work in the daemon.
+// Status returns the daemon status
 func (s *Server) Status(
 	_ context.Context,
 	msg *proto.StatusRequest,
@@ -437,6 +467,8 @@ func (s *Server) Status(
 	}
 	if msg.GetFullPeerStatus {
 		s.runProbes()
 		fullStatus := s.statusRecorder.GetFullStatus()
 		pbFullStatus := toProtoFullStatus(fullStatus)
 		statusResponse.FullStatus = pbFullStatus
@@ -445,6 +477,20 @@ func (s *Server) Status(
 	return &statusResponse, nil
 }
 func (s *Server) runProbes() {
 	if time.Since(s.lastProbe) > probeThreshold {
 		managementHealthy := s.mgmProbe.Probe()
 		signalHealthy := s.signalProbe.Probe()
 		relayHealthy := s.relayProbe.Probe()
 		wgProbe := s.wgProbe.Probe()
 		// Update last time only if all probes were successful
 		if managementHealthy && signalHealthy && relayHealthy && wgProbe {
 			s.lastProbe = time.Now()
 		}
 	}
 }
 // GetConfig of the daemon.
 func (s *Server) GetConfig(_ context.Context, _ *proto.GetConfigRequest) (*proto.GetConfigResponse, error) {
 	s.mutex.Lock()
@@ -485,13 +531,20 @@ func toProtoFullStatus(fullStatus peer.FullStatus) *proto.FullStatus {
 		SignalState:     &proto.SignalState{},
 		LocalPeerState:  &proto.LocalPeerState{},
 		Peers:           []*proto.PeerState{},
 		Relays:          []*proto.RelayState{},
 	}
 	pbFullStatus.ManagementState.URL = fullStatus.ManagementState.URL
 	pbFullStatus.ManagementState.Connected = fullStatus.ManagementState.Connected
 	if err := fullStatus.ManagementState.Error; err != nil {
 		pbFullStatus.ManagementState.Error = err.Error()
 	}
 	pbFullStatus.SignalState.URL = fullStatus.SignalState.URL
 	pbFullStatus.SignalState.Connected = fullStatus.SignalState.Connected
 	if err := fullStatus.SignalState.Error; err != nil {
 		pbFullStatus.SignalState.Error = err.Error()
 	}
 	pbFullStatus.LocalPeerState.IP = fullStatus.LocalPeerState.IP
 	pbFullStatus.LocalPeerState.PubKey = fullStatus.LocalPeerState.PubKey
@@ -500,17 +553,34 @@ func toProtoFullStatus(fullStatus peer.FullStatus) *proto.FullStatus {
 	for _, peerState := range fullStatus.Peers {
 		pbPeerState := &proto.PeerState{
-			IP:                     peerState.IP,
+			IP:                         peerState.IP,
-			PubKey:                 peerState.PubKey,
+			PubKey:                     peerState.PubKey,
-			ConnStatus:             peerState.ConnStatus.String(),
+			ConnStatus:                 peerState.ConnStatus.String(),
-			ConnStatusUpdate:       timestamppb.New(peerState.ConnStatusUpdate),
+			ConnStatusUpdate:           timestamppb.New(peerState.ConnStatusUpdate),
-			Relayed:                peerState.Relayed,
+			Relayed:                    peerState.Relayed,
-			Direct:                 peerState.Direct,
+			Direct:                     peerState.Direct,
-			LocalIceCandidateType:  peerState.LocalIceCandidateType,
+			LocalIceCandidateType:      peerState.LocalIceCandidateType,
-			RemoteIceCandidateType: peerState.RemoteIceCandidateType,
+			RemoteIceCandidateType:     peerState.RemoteIceCandidateType,
-			Fqdn:                   peerState.FQDN,
+			LocalIceCandidateEndpoint:  peerState.LocalIceCandidateEndpoint,
 			RemoteIceCandidateEndpoint: peerState.RemoteIceCandidateEndpoint,
 			Fqdn:                       peerState.FQDN,
 			LastWireguardHandshake:     timestamppb.New(peerState.LastWireguardHandshake),
 			BytesRx:                    peerState.BytesRx,
 			BytesTx:                    peerState.BytesTx,
 		}
 		pbFullStatus.Peers = append(pbFullStatus.Peers, pbPeerState)
 	}
 	for _, relayState := range fullStatus.Relays {
 		pbRelayState := &proto.RelayState{
 			URI:       relayState.URI.String(),
 			Available: relayState.Err == nil,
 		}
 		if err := relayState.Err; err != nil {
 			pbRelayState.Error = err.Error()
 		}
 		pbFullStatus.Relays = append(pbFullStatus.Relays, pbRelayState)
 	}
 	return &pbFullStatus
 }
--- a/client/system/info_windows.go
+++ b/client/system/info_windows.go
@@ -36,7 +36,8 @@ func getOSNameAndVersion() (string, string) {
 	query := wmi.CreateQuery(&dst, "")
 	err := wmi.Query(query, &dst)
 	if err != nil {
-		log.Fatal(err)
+		log.Error(err)
 		return "Windows", getBuildVersion()
 	}
 	if len(dst) == 0 {
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Maycon Santos	5f41e2bd13	Merge branch 'main' into debug-google-workspace	2024-02-19 15:26:58 +01:00
Maycon Santos	cb3408a10b	Allow adding 3 nameserver addresses (#1588 )	2024-02-19 14:29:20 +01:00
Viktor Liu	0afd738509	Make sure the iOS dialer does not get overwritten (#1585 ) * Make sure our iOS dialer does not get overwritten * set dial timeout for both clients on ios --------- Co-authored-by: Pascal Fischer <pascal@netbird.io>	2024-02-16 14:37:47 +01:00
bcmmbaga	e3d038da8a	debug google workspace request	2024-02-16 13:10:37 +03:00
Maycon Santos	cf87f1e702	Fix/prevent returning error from external cache (#1576 ) * Prevent returning error from external cache query * link comment * fix spell and remove unnecessary return	2024-02-13 13:10:17 +01:00
Maycon Santos	e890fdae54	Return error when peer is not valid (#1573 ) Fix count with invalid peers	2024-02-13 10:59:31 +01:00
Maycon Santos	dd14db6478	Properly handle cache error and return userdata (#1571 )	2024-02-12 21:54:16 +01:00
Maycon Santos	88747e3e01	Add an extra server reflexive candidate with WG port (#1549 ) sends an extra server reflexive candidate to the remote peer with our related port (usually the Wireguard port) this is useful when a network has an existing port forwarding rule for the Wireguard port and the local peer and avoids creating a 1:1 NAT on the local network.	2024-02-08 16:50:37 +01:00
Yury Gargay	fb30931365	Expose trusted proxy list and counter configuration for realip middleware (#1535 )	2024-02-08 14:40:40 +01:00
Maycon Santos	a7547b9990	Get cache from external cache when refresh fails (#1537 ) In some cases, when the refresh cache fails, we should try to get the cache from the external cache obj. This may happen if the IDP is not responsive between storing metadata and refreshing the cache	2024-02-07 16:14:30 +01:00
Maycon Santos	62bacee8dc	Use dashboard v2 for getting started scripts (#1530 )	2024-02-05 17:10:08 +01:00
Yury Gargay	71cd2e3e03	Update grpc-middleware to bring changes related to realip (#1526 )	2024-02-05 14:18:15 +01:00
Yury Gargay	bdf71ab7ff	Remove query parameter from policy endpoints (#1527 )	2024-02-05 14:07:11 +01:00
Zoltan Papp	a2f2a6e21a	Fix/resolv parser (#1520 ) fix an issue In case if the original resolv.conf file is empty, then it can cause a nil pointer	2024-02-02 17:54:33 +01:00
Zoltan Papp	f89332fcd2	Update port, ip choice logic in DNS service (#1514 ) Ensure we use WG address instead of loopback addresses for eBPF. - First try to use 53 port - Try to use 5053 port on WG interface for eBPF - Try to use 5053 on WG interface or loopback interface	2024-02-02 17:53:55 +01:00
Zoltan Papp	8604add997	Export info log level setter for Android (#1518 )	2024-02-01 16:30:38 +01:00
Yury Gargay	93cab49696	Extract peer real IP from Load Balancer when possible (#1510 )	2024-01-31 16:02:24 +01:00
Krzysztof Nazarewski	b6835d9467	getFirstListenerAvailable(): adjust logging levels and add success message (#1513 ) it was worrying to see multiple warnings and no success message when lacking CAP_NET_BIND_SERVICE	2024-01-31 11:20:18 +01:00
Viktor Liu	846d486366	Restore dns on unclean shutdown (#1494 )	2024-01-30 09:58:56 +01:00
Viktor Liu	9c56f74235	Fix iOS DNS timeout (#1504 )	2024-01-29 17:10:47 +01:00
Viktor Liu	25b3641be8	Fix data dir creation permissions (#1503 )	2024-01-29 14:21:45 +01:00
Maycon Santos	c41504b571	Update bug-issue-report and feature request templates (#1499 ) * Update bug-issue-report.md * Update feature_request.md	2024-01-26 18:22:02 +01:00
pascal-fischer	399493a954	Allow service users with user role read-only access to all resources (#1484 ) We allow service users with user role read-only access to all resources so users can create service user and propagate PATs without having to give full admin permissions.	2024-01-25 09:50:27 +01:00
Zoltan Papp	4771fed64f	Support disabled resolved stub server mode (#1493 ) In the case of disabled stub listeren the list of name servers is unordered. The solution is to configure the resolv.conf file directly instead of dbus API. Because third-party services also can manipulate the DNS settings the agent watch the resolv.conf file and keep it up to date. - apply file type DNS manager if in the name server list does not exist the 127.0.0.53 address - watching the resolv.conf file with inotify service and overwrite all the time if the configuration has changed and it invalid - fix resolv.conf generation algorithm	2024-01-24 16:47:26 +01:00
Viktor Liu	88117f7d16	Validate upstream reachability on first DNS configuration (#1489 ) * Test upstream DNS for availability as soon as they are received from management * Use root zone for DNS tests	2024-01-23 17:23:12 +01:00
Viktor Liu	5ac9f9fe2f	Tidy up mod (#1492 )	2024-01-22 23:05:02 +01:00
Viktor Liu	a7d6632298	Extend netbird status command to include health information (#1471 ) * Adds management, signal, and relay (STUN/TURN) health probes to the status command. * Adds a reason when the management or signal connections are disconnected. * Adds last wireguard handshake and received/sent bytes per peer	2024-01-22 12:20:24 +01:00
Maycon Santos	d4194cba6a	Fix race condition with JWT group sync (#1486 ) This PR fixes the issue that caused JWT group membership not being store Therefore causing many event logs and inconsistency	2024-01-20 23:50:57 +01:00
pascal-fischer	131d9f1bc7	Add getGroupByName method (#1481 ) * add get group by name method to account manager * remove contains function and add proper description for GetGroupByName method * add to mock server	2024-01-19 15:41:27 +01:00
pascal-fischer	f099e02b34	Fix preshared key not persisted in config (#1474 ) * replace the preshared key attribute in LoginRequest protobuff with an optional replacement * mark old field as deprecated * fix ui client to also keep preshared key	2024-01-19 10:30:41 +01:00
Maycon Santos	93646e6a13	Upgrade integrations versions to 8a7c87accb22 (#1482 ) * Upgrade integrations versions to 8a7c87accb22 * sync go sum	2024-01-18 18:20:59 +01:00
Zoltan Papp	67a2127fd7	Add iOS build test (#1412 ) * merge validate workflows into mobile --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>	2024-01-18 18:20:23 +01:00
dependabot[bot]	dd7fcbd083	Bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#1401 ) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-18 16:02:08 +01:00
xcf13363175	d5f330b9c0	Fix musl build (#1480 ) * Update go.mod * Update go.sum	2024-01-18 15:44:33 +01:00
Maycon Santos	9fa0fbda0d	Enable group propagation by default (#1469 ) Group updates to user auto groups will propagate by default for new accounts	2024-01-15 19:26:27 +01:00
Zoltan Papp	5a7aa461de	Remove debug lines (#1468 ) Remove print lines from EBPF code	2024-01-15 18:04:19 +01:00
Maycon Santos	e9c967b27c	Add support for setting interface name and wireguard port (#1467 ) This PR adds support for setting the wireguard interface name and port with the netbird up command	2024-01-15 15:53:23 +01:00
Zoltan Papp	ace588758c	Update Java and specify version of cmdline tool (#1456 )	2024-01-12 12:31:14 +01:00
Yury Gargay	8bb16e016c	Fix typo in iface/tun_usp_linux.go (#1457 )	2024-01-12 09:36:06 +01:00
Misha Bragin	6a2a97f088	Fix client SSH server error log (#1455 )	2024-01-11 14:36:27 +01:00
Zoltan Papp	3591795a58	Fix allow netbird traffic for nftables and userspace (#1446 ) Add default allow rules for input and output chains as part of the allownetbird call for userspace mode	2024-01-11 12:21:58 +01:00
Yury Gargay	5311ce4e4a	Soft deprecate Rules API (#1454 )	2024-01-10 13:55:11 +01:00
Maycon Santos	c61cb00f40	Add external-ip support for coturn (#1439 ) Handles the case when users are running Coturn with peers in the same network, and these peers connect to the relay server via private IP addresses (e.g., Oracle cloud), which causes relay candidates to be allocated using private IP addresses. This causes issues with external peers who can't reach these private addresses. Use the provided IP address with NETBIRD_TURN_EXTERNAL_IP or discover the address via https://jsonip.com API. For quick-start guide with Zitadel, we only use the discover method with the external API	2024-01-10 13:03:46 +01:00
pascal-fischer	72a1e97304	add unimplemented as a valid error in SSO check (#1440 )	2024-01-10 08:54:05 +01:00
Zoltan Papp	5242851ecc	Use cached wintun zip package in github workflows (#1448 )	2024-01-09 10:21:53 +01:00
pascal-fischer	cb69348a30	Update contribution and readme file (#1447 ) Include the release of rosenpass and the update to go 1.21 in the dev containers and readme	2024-01-08 15:41:22 +01:00
Zoltan Papp	69dbcbd362	Remove duplicated chain add (#1444 ) Remove duplicated chain add operation	2024-01-08 13:29:53 +01:00
pascal-fischer	5de4acf2fe	Integrate Rosenpass (#1153 ) This PR aims to integrate Rosenpass with NetBird. It adds a manager for Rosenpass that starts a Rosenpass server and handles the managed peers. It uses the cunicu/go-rosenpass implementation. Rosenpass will then negotiate a pre-shared key every 2 minutes and apply it to the wireguard connection. The Feature can be enabled by setting a flag during the netbird up --enable-rosenpass command. If two peers are both support and have the Rosenpass feature enabled they will create a post-quantum secure connection. If one of the peers or both don't have this feature enabled or are running an older version that does not have this feature yet, the NetBird client will fall back to a plain Wireguard connection without pre-shared keys for those connections (keeping Rosenpass negotiation for the rest). Additionally, this PR includes an update of all Github Actions workflows to use go version 1.21.0 as this is a requirement for the integration. --------- Co-authored-by: braginini <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>	2024-01-08 12:25:35 +01:00
Prasad Manigaradi	aa3b79d311	Update setup.env.example (#1433 ) This parameter is required as per the documentation, but was missing in the default example.	2024-01-08 10:09:41 +01:00
Maycon Santos	8b4ec96516	Update user's last login when authenticating a peer (#1437 ) * Update user's last login when authenticating a peer Prior to this update the user's last login only updated on dashboard authentication * use account and user methods	2024-01-06 12:57:05 +01:00
Maycon Santos	1f3a12d941	Cancel peer expiration scheduled job when deleting account (#1434 )	2024-01-04 17:10:55 +01:00
Zoltan Papp	1de3bb5420	Netstack (#1403 ) Add netstack support for the agent to run it without privileges. - use interface for tun device - use common IPC for userspace WireGuard integration - move udpmux creation and sharedsock to tun layer	2024-01-03 16:06:20 +01:00
Zoltan Papp	163933d429	Fix route change notifier (#1431 ) Compare the differences between the new routes and initial routes	2024-01-03 11:54:19 +01:00
Misha Bragin	875a2e2b63	Add iOS support to README (#1430 )	2024-01-02 20:21:06 +01:00
Maycon Santos	fd8bba6aa3	Fix Windows settings popup with mesa 3d openGL emulator (#1428 ) By copying the emulator driver next to our binary, our GUI setting popup works on remote desktop connections the dll is added as part of our sign pipelines workflow	2024-01-02 16:16:20 +01:00
Maycon Santos	86908eee58	Fix Windows name on WMI error (#1426 ) Before, netbird would exit and prevent the agent from starting if getting the system name using WMI was an issue. This change returns a default value in this case	2024-01-01 21:28:42 +01:00
Maycon Santos	c1caec3fcb	Update management-integrations/additions (#1425 )	2024-01-01 20:17:29 +01:00
Maycon Santos	b28b8fce50	Remove the user from the cache without refreshing it (#1422 ) Some IdPs might have eventual consistency for their API calls, and refreshing the cache with its data may return the deleted user as part of the account Introduce a new account manager method, removeUserFromCache, to remove the user from the local cache without refresh	2024-01-01 19:17:44 +01:00
Maycon Santos	f780f17f85	Use integrated activity store (#1421 ) --------- Co-authored-by: braginini <bangvalo@gmail.com>	2024-01-01 19:11:11 +01:00
Maycon Santos	5903715a61	Update cloud management URL to https://api.netbird.io:443 (#1402 ) With this change we are updating client configuration files to use the new domain	2023-12-27 20:56:04 +01:00
Bethuel Mmbaga	5469de53c5	Fix quickstart script incompatibility with latest Zitadel version (#1400 )	2023-12-27 16:15:06 +01:00
Zoltan Papp	bc3d647d6b	Update pion v3 (#1398 ) Update Pion related versions to the latest --------- Co-authored-by: Yury Gargay <yury.gargay@gmail.com>	2023-12-20 23:02:42 +01:00
pascal-fischer	7060b63838	use specific apline image version so the iptables will be installed with version 1.8.9 instead of 1.8.10 (#1405 )	2023-12-20 19:41:57 +01:00