fix docs

Use WG_PORT instead of WG_CLIENT_PORT for INIT_PORT fallback to match original behavior
- Changed setup/2.post.ts to use WG_INTERFACE_OVERRIDE_ENV.PORT instead of WG_CLIENT_OVERRIDE_ENV.CLIENT_PORT - Changed sqlite.ts initialSetup to use WG_INTERFACE_OVERRIDE_ENV.PORT for consistency - Updated unattended-setup.md documentation: - Changed INIT_PORT description to clarify it sets both interface port and endpoint port - Updated warning text to reference WG_PORT (not WG_CLIENT_PORT) as the override fallback - This matches the original INIT_PORT behavior where updateHostPort() sets both ports to the same value Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>
2025-11-17 11:44:21 +01:00 · 2025-11-17 10:39:51 +00:00 · 2025-11-17 10:31:11 +00:00 · 2025-11-17 11:26:28 +01:00 · 2025-11-17 11:23:51 +01:00 · 2025-11-17 09:49:53 +00:00
148 changed files with 4654 additions and 11934 deletions
@@ -27,7 +27,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v4
@@ -18,10 +18,10 @@ jobs:
            os: ubuntu-latest
          - platform: linux/arm64
            os: ubuntu-24.04-arm
-          # - platform: linux/arm/v7
-          #   os: ubuntu-24.04-arm
+          - platform: linux/arm/v7
+            os: ubuntu-24.04-arm
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5

      - name: Prepare
        run: |
@@ -30,7 +30,7 @@ jobs:

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@v6
+        uses: docker/metadata-action@v5
        with:
          images: |
            ghcr.io/wg-easy/wg-easy
@@ -38,21 +38,21 @@ jobs:
            latest=false

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v4
+        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@v3

      - name: Build and push by digest
        id: build
-        uses: docker/build-push-action@v7
+        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: ${{ matrix.arch.platform }}
@@ -69,7 +69,7 @@ jobs:
          touch "${{ runner.temp }}/digests/${digest#sha256:}"

      - name: Upload digest
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v5
        with:
          name: digests-${{ env.PLATFORM_PAIR }}
          path: ${{ runner.temp }}/digests/*
@@ -85,32 +85,32 @@ jobs:
    needs: docker-build
    steps:
      - name: Download digests
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@v6
        with:
          path: ${{ runner.temp }}/digests
          pattern: digests-*
          merge-multiple: true

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Login to Codeberg
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: codeberg.org
          username: ${{ secrets.CODEBERG_USER }}
          password: ${{ secrets.CODEBERG_PASS }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@v3

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@v6
+        uses: docker/metadata-action@v5
        with:
          images: |
            ghcr.io/wg-easy/wg-easy
@@ -138,7 +138,7 @@ jobs:
      contents: write
    needs: docker-merge
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5

      - name: Setup Python
        uses: actions/setup-python@v6
@@ -25,10 +25,10 @@ jobs:
            os: ubuntu-latest
          - platform: linux/arm64
            os: ubuntu-24.04-arm
-          # - platform: linux/arm/v7
-          #   os: ubuntu-24.04-arm
+          - platform: linux/arm/v7
+            os: ubuntu-24.04-arm
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          ref: master

@@ -39,7 +39,7 @@ jobs:

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@v6
+        uses: docker/metadata-action@v5
        with:
          images: |
            ghcr.io/wg-easy/wg-easy
@@ -47,21 +47,21 @@ jobs:
            latest=false

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v4
+        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@v3

      - name: Build and push by digest
        id: build
-        uses: docker/build-push-action@v7
+        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: ${{ matrix.arch.platform }}
@@ -78,7 +78,7 @@ jobs:
          touch "${{ runner.temp }}/digests/${digest#sha256:}"

      - name: Upload digest
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v5
        with:
          name: digests-${{ env.PLATFORM_PAIR }}
          path: ${{ runner.temp }}/digests/*
@@ -94,32 +94,32 @@ jobs:
    needs: docker-build
    steps:
      - name: Download digests
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@v6
        with:
          path: ${{ runner.temp }}/digests
          pattern: digests-*
          merge-multiple: true

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Login to Codeberg
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: codeberg.org
          username: ${{ secrets.CODEBERG_USER }}
          password: ${{ secrets.CODEBERG_PASS }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@v3

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@v6
+        uses: docker/metadata-action@v5
        with:
          images: |
            ghcr.io/wg-easy/wg-easy
@@ -147,7 +147,7 @@ jobs:
      contents: write
    needs: docker-merge
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          ref: master

@@ -21,10 +21,10 @@ jobs:
            os: ubuntu-latest
          - platform: linux/arm64
            os: ubuntu-24.04-arm
-          # - platform: linux/arm/v7
-          #   os: ubuntu-24.04-arm
+          - platform: linux/arm/v7
+            os: ubuntu-24.04-arm
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5

      - name: Prepare
        run: |
@@ -32,20 +32,20 @@ jobs:
          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v4
+        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@v3

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build Docker Image
-        uses: docker/build-push-action@v7
+        uses: docker/build-push-action@v6
        with:
          context: .
          push: false
@@ -26,10 +26,10 @@ jobs:
            os: ubuntu-latest
          - platform: linux/arm64
            os: ubuntu-24.04-arm
-          # - platform: linux/arm/v7
-          #   os: ubuntu-24.04-arm
+          - platform: linux/arm/v7
+            os: ubuntu-24.04-arm
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5

      - name: Prepare
        run: |
@@ -38,7 +38,7 @@ jobs:

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@v6
+        uses: docker/metadata-action@v5
        with:
          images: |
            ghcr.io/wg-easy/wg-easy
@@ -46,21 +46,21 @@ jobs:
            latest=false

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v4
+        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@v3

      - name: Build and push by digest
        id: build
-        uses: docker/build-push-action@v7
+        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: ${{ matrix.arch.platform }}
@@ -77,7 +77,7 @@ jobs:
          touch "${{ runner.temp }}/digests/${digest#sha256:}"

      - name: Upload digest
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v5
        with:
          name: digests-${{ env.PLATFORM_PAIR }}
          path: ${{ runner.temp }}/digests/*
@@ -95,32 +95,32 @@ jobs:
    needs: docker-build
    steps:
      - name: Download digests
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@v6
        with:
          path: ${{ runner.temp }}/digests
          pattern: digests-*
          merge-multiple: true

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Login to Codeberg
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: codeberg.org
          username: ${{ secrets.CODEBERG_USER }}
          password: ${{ secrets.CODEBERG_PASS }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@v3

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@v6
+        uses: docker/metadata-action@v5
        with:
          images: |
            ghcr.io/wg-easy/wg-easy
@@ -152,7 +152,7 @@ jobs:
      contents: write
    needs: docker-merge
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5

      - name: Setup Python
        uses: actions/setup-python@v6
@@ -14,9 +14,9 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5

-      - uses: pnpm/action-setup@v6
+      - uses: pnpm/action-setup@v4
        name: Install pnpm
        with:
          run_install: false
@@ -24,7 +24,7 @@ jobs:
      - name: Setup Node
        uses: actions/setup-node@v6
        with:
-          node-version: "lts/krypton"
+          node-version: "lts/jod"
          check-latest: true
          cache: "pnpm"

@@ -47,9 +47,9 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5

-      - uses: pnpm/action-setup@v6
+      - uses: pnpm/action-setup@v4
        name: Install pnpm
        with:
          run_install: false
@@ -57,7 +57,7 @@ jobs:
      - name: Setup Node
        uses: actions/setup-node@v6
        with:
-          node-version: "lts/krypton"
+          node-version: "lts/jod"
          check-latest: true
          cache: "pnpm"

@@ -3,6 +3,7 @@
    "aaron-bond.better-comments",
    "dbaeumer.vscode-eslint",
    "antfu.goto-alias",
+    "visualstudioexptteam.vscodeintellicode",
    "esbenp.prettier-vscode",
    "yoavbls.pretty-ts-errors",
    "bradlc.vscode-tailwindcss",
@@ -7,67 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## [Unreleased]

-### Added
-
- AWG: support for H1-H4 ranges (https://github.com/wg-easy/wg-easy/pull/2480)
- Client Firewall (https://github.com/wg-easy/wg-easy/pull/2418)
- CLI: Show QR code (https://github.com/wg-easy/wg-easy/pull/2518)
- Copy QR code to clipboard / save as png (https://github.com/wg-easy/wg-easy/pull/2521)
-
-### Fixed
-
- Add trailing newline to Prometheus metrics output (https://github.com/wg-easy/wg-easy/pull/2573)
- Correctly use DEBUG env var (https://github.com/wg-easy/wg-easy/pull/2619)
-
-### Changed
-
- Hooks are now Textareas (https://github.com/wg-easy/wg-easy/pull/2522)
- Update to Node Krypton (24) (https://github.com/wg-easy/wg-easy/pull/2536)
- Mobile UI (https://github.com/wg-easy/wg-easy/pull/2569)
- Prevent enabling client when expired (https://github.com/wg-easy/wg-easy/pull/2594)
-
-## [15.2.2] - 2026-02-06
-
-### Added
-
- Added Userspace WireGuard support (https://github.com/wg-easy/wg-easy/pull/2419)
-
-### Fixed
-
- LangSelector overlapping with Buttons (https://github.com/wg-easy/wg-easy/pull/2434)
- AmnzeziaWG config parameters (https://github.com/wg-easy/wg-easy/pull/2440)
- OpenMetrics help string format (https://github.com/wg-easy/wg-easy/pull/2453)
- Reset 2fa when resetting admin password (https://github.com/wg-easy/wg-easy/pull/2461)
-
-### Docs
-
- Replace Watchtower with maintained fork (https://github.com/wg-easy/wg-easy/pull/2456)
-
-## [15.2.1] - 2026-01-14
-
-### Fixed
-
- Icon in Searchbar (https://github.com/wg-easy/wg-easy/commit/458f66818a400f181e2c6326ede077c8793d71f2)
- Interface save not working (https://github.com/wg-easy/wg-easy/commit/48f3fbd715a889e2425702a8a46332f2752aef91)
- Error Messages in Setup (https://github.com/wg-easy/wg-easy/commit/32a055093a76342c40858d8dcf563b0700a8bd48)
-
-## [15.2.0] - 2026-01-12
-
-### Added
+## Added

 - AmneziaWG integration (https://github.com/wg-easy/wg-easy/pull/2102, https://github.com/wg-easy/wg-easy/pull/2226)
 - Search / filter box (https://github.com/wg-easy/wg-easy/pull/2170)
 - `INIT_ALLOWED_IPS` env var (https://github.com/wg-easy/wg-easy/pull/2164)
 - Show client endpoint (https://github.com/wg-easy/wg-easy/pull/2058)
- Add option to view and copy config (https://github.com/wg-easy/wg-easy/pull/2289)

-### Fixed
+## Fixed

 - Fix download as conf.txt (https://github.com/wg-easy/wg-easy/pull/2269)
 - Clean filename for OTL download (https://github.com/wg-easy/wg-easy/pull/2253)
- Text color in admin menu in light mode (https://github.com/wg-easy/wg-easy/pull/2307)

-### Changed
+## Changed

 - Allow lower MTU (https://github.com/wg-easy/wg-easy/pull/2228)
 - Use /32 and /128 for client Cidr (https://github.com/wg-easy/wg-easy/pull/2217)
@@ -75,15 +27,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Publish on Codeberg (https://github.com/wg-easy/wg-easy/pull/2160)
 - Allow empty DNS (https://github.com/wg-easy/wg-easy/pull/2052, https://github.com/wg-easy/wg-easy/pull/2057)
 - Don't include keys in API responses (https://github.com/wg-easy/wg-easy/pull/2015)
- Try all QR ecc levels (https://github.com/wg-easy/wg-easy/pull/2288)
- Update OneTimeLink expiry on reuse (https://github.com/wg-easy/wg-easy/pull/2370)
- Removed ARMv7 support (https://github.com/wg-easy/wg-easy/pull/2369)

-### Docs
+## Docs

 - Add AdGuard Home (https://github.com/wg-easy/wg-easy/pull/2175)
- Add Routed (No NAT) docs (https://github.com/wg-easy/wg-easy/pull/2181, https://github.com/wg-easy/wg-easy/pull/2380)
- Add AmneziaWG docs (https://github.com/wg-easy/wg-easy/pull/2108, https://github.com/wg-easy/wg-easy/pull/2292)
+- Add Routed (No NAT) docs (https://github.com/wg-easy/wg-easy/pull/2181)

 ## [15.1.0] - 2025-07-01

@@ -1,4 +1,4 @@
-FROM docker.io/library/node:krypton-alpine AS build
+FROM docker.io/library/node:jod-alpine AS build
 WORKDIR /app

 # update corepack
@@ -7,7 +7,7 @@ RUN npm install --global corepack@latest
 RUN corepack enable pnpm

 # Copy Web UI
-COPY src/package.json src/pnpm-lock.yaml src/pnpm-workspace.yaml ./
+COPY src/package.json src/pnpm-lock.yaml ./
 RUN pnpm install

 # Build UI
@@ -15,22 +15,14 @@ COPY src ./
 RUN pnpm build

 # Build amneziawg-tools
-RUN apk add linux-headers build-base go git && \
+RUN apk add linux-headers build-base git && \
    git clone https://github.com/amnezia-vpn/amneziawg-tools.git && \
-    git clone https://github.com/amnezia-vpn/amneziawg-go && \
-    cd amneziawg-go && \
-    make && \
-    cd ../amneziawg-tools/src && \
-    make && \
-    sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' ./wg-quick/linux.bash
-
-FROM docker.io/library/node:krypton-alpine AS build-libsql
-WORKDIR /app
-RUN npm install --no-save --omit=dev libsql
+    cd amneziawg-tools/src && \
+    make

 # Copy build result to a new image.
 # This saves a lot of disk space.
-FROM docker.io/library/node:krypton-alpine
+FROM docker.io/library/node:jod-alpine
 WORKDIR /app

 HEALTHCHECK --interval=1m --timeout=5s --retries=3 CMD /usr/bin/timeout 5s /bin/sh -c "/usr/bin/wg show | /bin/grep -q interface || exit 1"
@@ -40,14 +32,12 @@ COPY --from=build /app/.output /app
 # Copy migrations
 COPY --from=build /app/server/database/migrations /app/server/database/migrations
 # libsql (https://github.com/nitrojs/nitro/issues/3328)
-COPY --from=build-libsql /app/node_modules /app/server/node_modules
-
+RUN cd /app/server && \
+    npm install --no-save libsql && \
+    npm cache clean --force
 # cli
 COPY --from=build /app/cli/cli.sh /usr/local/bin/cli
 RUN chmod +x /usr/local/bin/cli
-# Copy amneziawg-go
-COPY --from=build /app/amneziawg-go/amneziawg-go /usr/bin/amneziawg-go
-RUN chmod +x /usr/bin/amneziawg-go
 # Copy amneziawg-tools
 COPY --from=build /app/amneziawg-tools/src/wg /usr/bin/awg
 COPY --from=build /app/amneziawg-tools/src/wg-quick/linux.bash /usr/bin/awg-quick
@@ -62,9 +52,7 @@ RUN apk add --no-cache \
    nftables \
    kmod \
    iptables-legacy \
-    wireguard-go \
-    wireguard-tools && \
-    sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' /usr/bin/wg-quick
+    wireguard-tools

 RUN mkdir -p /etc/amnezia
 RUN ln -s /etc/wireguard /etc/amnezia/amneziawg
@@ -74,7 +62,7 @@ RUN update-alternatives --install /usr/sbin/iptables iptables /usr/sbin/iptables
 RUN update-alternatives --install /usr/sbin/ip6tables ip6tables /usr/sbin/ip6tables-legacy 10 --slave /usr/sbin/ip6tables-restore ip6tables-restore /usr/sbin/ip6tables-legacy-restore --slave /usr/sbin/ip6tables-save ip6tables-save /usr/sbin/ip6tables-legacy-save

 # Set Environment
-ENV DEBUG=Server,WireGuard,Database,CMD,Firewall
+ENV DEBUG=Server,WireGuard,Database,CMD
 ENV PORT=51821
 ENV HOST=0.0.0.0
 ENV INSECURE=false
@@ -1,4 +1,4 @@
-FROM docker.io/library/node:krypton-alpine
+FROM docker.io/library/node:jod-alpine
 WORKDIR /app

 # update corepack
@@ -16,7 +16,6 @@ RUN apk add --no-cache \
    ip6tables \
    kmod \
    iptables-legacy \
-    wireguard-go \
    wireguard-tools

 # Use iptables-legacy
@@ -24,7 +23,7 @@ RUN update-alternatives --install /usr/sbin/iptables iptables /usr/sbin/iptables
 RUN update-alternatives --install /usr/sbin/ip6tables ip6tables /usr/sbin/ip6tables-legacy 10 --slave /usr/sbin/ip6tables-restore ip6tables-restore /usr/sbin/ip6tables-legacy-restore --slave /usr/sbin/ip6tables-save ip6tables-save /usr/sbin/ip6tables-legacy-save

 # Set Environment
-ENV DEBUG=Server,WireGuard,Database,CMD,Firewall
+ENV DEBUG=Server,WireGuard,Database,CMD
 ENV PORT=51821
 ENV HOST=0.0.0.0
 ENV INSECURE=true
@@ -32,7 +31,7 @@ ENV INIT_ENABLED=false
 ENV DISABLE_IPV6=false

 # Install Dependencies
-COPY src/package.json src/pnpm-lock.yaml src/pnpm-workspace.yaml ./
+COPY src/package.json src/pnpm-lock.yaml ./
 RUN pnpm install

 # Copy Project
@@ -1,14 +1,16 @@
 # WireGuard Easy

-[![Build & Publish latest Image](https://github.com/wg-easy/wg-easy/actions/workflows/deploy.yml/badge.svg)](https://github.com/wg-easy/wg-easy/actions/workflows/deploy.yml)
+[![Build & Publish latest Image](https://github.com/wg-easy/wg-easy/actions/workflows/deploy.yml/badge.svg?branch=production)](https://github.com/wg-easy/wg-easy/actions/workflows/deploy.yml)
 [![Lint](https://github.com/wg-easy/wg-easy/actions/workflows/lint.yml/badge.svg?branch=master)](https://github.com/wg-easy/wg-easy/actions/workflows/lint.yml)
 [![GitHub Stars](https://img.shields.io/github/stars/wg-easy/wg-easy)](https://github.com/wg-easy/wg-easy/stargazers)
 [![License](https://img.shields.io/github/license/wg-easy/wg-easy)](LICENSE)
 [![GitHub Release](https://img.shields.io/github/v/release/wg-easy/wg-easy)](https://github.com/wg-easy/wg-easy/releases/latest)
-[![Image Pulls](https://img.shields.io/badge/image_pulls-28M+-blue)](https://github.com/wg-easy/wg-easy/pkgs/container/wg-easy)
+[![Image Pulls](https://img.shields.io/badge/image_pulls-12M+-blue)](https://github.com/wg-easy/wg-easy/pkgs/container/wg-easy)

 You have found the easiest way to install & manage WireGuard on any Linux host!

+<!-- TOOD: update screenshot -->
+
 <p align="center">
  <img src="./assets/screenshot.png" width="802" alt="wg-easy Screenshot" />
 </p>
@@ -31,7 +33,6 @@ You have found the easiest way to install & manage WireGuard on any Linux host!
 - IPv6 support
 - CIDR support
 - 2FA support
- Per-client firewall filtering (requires iptables)

 > [!NOTE]
 > To better manage documentation for this project, it has its own site here: [https://wg-easy.github.io/wg-easy/latest](https://wg-easy.github.io/wg-easy/latest)
@@ -1,63 +0,0 @@
-{
-  "fill" : {
-    "automatic-gradient" : "display-p3:0.48853,0.13220,0.12335,1.00000"
-  },
-  "groups" : [
-    {
-      "layers" : [
-        {
-          "fill" : {
-            "automatic-gradient" : "srgb:1.00000,1.00000,1.00000,1.00000"
-          },
-          "image-name" : "wireguard-logo.png",
-          "name" : "wireguard-logo",
-          "position" : {
-            "scale" : 0.5,
-            "translation-in-points" : [
-              255.828125,
-              -225.5
-            ]
-          }
-        },
-        {
-          "fill-specializations" : [
-            {
-              "value" : {
-                "automatic-gradient" : "srgb:1.00000,1.00000,1.00000,1.00000"
-              }
-            },
-            {
-              "appearance" : "dark",
-              "value" : {
-                "automatic-gradient" : "display-p3:0.48853,0.13220,0.12335,1.00000"
-              }
-            }
-          ],
-          "image-name" : "ticket.png",
-          "name" : "ticket",
-          "position" : {
-            "scale" : 1.2,
-            "translation-in-points" : [
-              -119.91562499999998,
-              165.65625
-            ]
-          }
-        }
-      ],
-      "shadow" : {
-        "kind" : "neutral",
-        "opacity" : 0.5
-      },
-      "translucency" : {
-        "enabled" : true,
-        "value" : 0.5
-      }
-    }
-  ],
-  "supported-platforms" : {
-    "circles" : [
-      "watchOS"
-    ],
-    "squares" : "shared"
-  }
-}
@@ -2,9 +2,7 @@
 title: AmneziaWG
 ---

-## Introduction
-
-**AmneziaWG** is a modified version of the WireGuard protocol with enhanced traffic obfuscation capabilities. AmneziaWG's primary goal is to counter deep packet inspection (DPI) systems and bypass VPN blocking.
+Experimental support for AmneziaWG can be enabled by setting the `EXPERIMENTAL_AWG` environment variable to `true`. This feature is still under development and may change in future releases.

 AmneziaWG adds multi-level transport-layer obfuscation by:

@@ -14,12 +12,6 @@ AmneziaWG adds multi-level transport-layer obfuscation by:

 These measures make it harder for third parties to analyze or identify your traffic, enhancing both privacy and security.

-## Activating AmneziaWG
-
-You must install the [AmneziaWG kernel module](https://github.com/amnezia-vpn/amneziawg-linux-kernel-module) on the host system.
-
-Experimental support for AmneziaWG can be enabled by setting the `EXPERIMENTAL_AWG` environment variable to `true`. Starting from wg-easy version 16, this setting will be enabled by default. This feature is still under development and may change in future releases.
-
 When enabled, wg-easy will automatically detect whether the AmneziaWG kernel module is available. If it is not, the system will fall back to the standard WireGuard module.

 To override this automatic detection, set the `OVERRIDE_AUTO_AWG` environment variable. By default, this variable is unset.
@@ -29,51 +21,17 @@ Possible values:
 - `awg` — Force use of AmneziaWG
 - `wg` — Force use of standard WireGuard

-## AmneziaWG Parameters
-
-Parameter descriptions can be found in the [AmneziaWG documentation](https://docs.amnezia.org/documentation/amnezia-wg) and on the [kernel module page](https://github.com/amnezia-vpn/amneziawg-linux-kernel-module).
-
-All parameters except I1-I5 will be set at first startup. For information on how to set I1-I5 parameters, refer to the [AmneziaWG documentation](https://docs.amnezia.org/documentation/instructions/new-amneziawg-selfhosted/#how-to-extract-a-protocol-signature-for-amneziawg-15-manually).
-
-If a parameter is not set, it will not be added to the configuration. If all AmneziaWG-specific parameters are absent, AmneziaWG will be fully compatible with standard WireGuard.
-
-### Parameter Compatibility Table
-
-| Parameter | Can differ between server and client | Configurable on server | Configurable on client  |
-| --------- | ------------------------------------ | ---------------------- | ----------------------- |
-| Jc        | ✅ Yes                               | ✅                     | ✅                      |
-| Jmin      | ✅ Yes                               | ✅                     | ✅                      |
-| Jmax      | ✅ Yes                               | ✅                     | ✅                      |
-| S1-S4     | ❌ No, must match                    | ✅                     | ❌ (copied from server) |
-| H1-H4     | ❌ No, must match                    | ✅                     | ❌ (copied from server) |
-| I1-I5     | ✅ Yes                               | ✅                     | ✅                      |
-
-## Client Applications
-
-To be able to connect to wg-easy if AmneziaWG is enabled, you must have an AmneziaWG-compatible client. Where an AmneziaWG app is available for your platform, it is recommended to use it rather than Amnezia VPN.
+To be able to connect to wg-easy if AmneziaWG is enabled, you must have a AmneziaWG-compatible client.

 Android:

- [AmneziaWG](https://play.google.com/store/apps/details?id=org.amnezia.awg) - AmneziaWG Official Client
+- [AmneziaWG](https://play.google.com/store/apps/details?id=org.amnezia.awg) - Official Client
 - [WG Tunnel](https://play.google.com/store/apps/details?id=com.zaneschepke.wireguardautotunnel) - Third Party Client
- [Amnezia VPN](https://play.google.com/store/apps/details?id=org.amnezia.vpn) - Amnezia VPN Official Client

 iOS and macOS:

- [AmneziaWG](https://apps.apple.com/us/app/amneziawg/id6478942365) - AmneziaWG Official Client
- [Amnezia VPN](https://apps.apple.com/us/app/amneziavpn/id1600529900) - Amnezia VPN Official Client
+- [AmneziaWG](https://apps.apple.com/us/app/amneziawg/id6478942365) - Official Client

 Windows:

- [AmneziaWG](https://github.com/amnezia-vpn/amneziawg-windows-client/releases) - AmneziaWG Official Client (Requires building from source code)
- [Amnezia VPN](https://amnezia.org/downloads) - Amnezia VPN Official Client
-
-Linux:
-
- [Amnezia VPN](https://amnezia.org/downloads) - Amnezia VPN Official Client
- [amneziawg-tools](https://github.com/amnezia-vpn/amneziawg-tools) - AmneziaWG Tools
-
-OpenWRT:
-
- [AmneziaWG OpenWRT](https://github.com/Slava-Shchipunov/awg-openwrt) - AmneziaWG OpenWRT Packages
- [AmneziaWG OpenWRT](https://github.com/lolo6oT/awg-openwrt) - AmneziaWG OpenWRT Packages
+- [AmneziaWG](https://github.com/amnezia-vpn/amneziawg-windows-client/releases) - Official Client
@@ -20,3 +20,74 @@ You will however still see a IPv6 address in the Web UI, but it won't be used.
 This option can be removed in the future, as more devices support IPv6.

 ///
+
+## Configuration Overrides
+
+These environment variables allow you to override settings that would normally be configured through the Admin Panel. When set, these values take precedence over database settings at runtime.
+
+### Interface Settings
+
+| Env            | Example       | Description               |
+| -------------- | ------------- | ------------------------- |
+| `WG_PORT`      | `51820`       | WireGuard interface port  |
+| `WG_DEVICE`    | `eth0`        | Network device/interface  |
+| `WG_MTU`       | `1420`        | Maximum Transmission Unit |
+| `WG_IPV4_CIDR` | `10.8.0.0/24` | IPv4 CIDR range           |
+| `WG_IPV6_CIDR` | `fdcc::/112`  | IPv6 CIDR range           |
+
+### Client Connection Settings
+
+| Env                               | Example           | Description                     |
+| --------------------------------- | ----------------- | ------------------------------- |
+| `WG_HOST`                         | `vpn.example.com` | Host clients will connect to    |
+| `WG_CLIENT_PORT`                  | `51820`           | Port clients will connect to    |
+| `WG_DEFAULT_DNS`                  | `1.1.1.1,8.8.8.8` | Default DNS servers for clients |
+| `WG_DEFAULT_ALLOWED_IPS`          | `0.0.0.0/0,::/0`  | Default allowed IPs for clients |
+| `WG_DEFAULT_MTU`                  | `1420`            | Default MTU for clients         |
+| `WG_DEFAULT_PERSISTENT_KEEPALIVE` | `25`              | Default persistent keepalive    |
+
+### General Settings
+
+| Env                     | Example           | Description               |
+| ----------------------- | ----------------- | ------------------------- |
+| `WG_SESSION_TIMEOUT`    | `3600`            | Session timeout (seconds) |
+| `WG_METRICS_PASSWORD`   | `mypassword123`   | Metrics endpoint password |
+| `WG_METRICS_PROMETHEUS` | `true` or `false` | Enable Prometheus metrics |
+| `WG_METRICS_JSON`       | `true` or `false` | Enable JSON metrics       |
+
+### Hooks
+
+| Env            | Example                   | Description           |
+| -------------- | ------------------------- | --------------------- |
+| `WG_PRE_UP`    | `echo "Starting WG"`      | PreUp hook command    |
+| `WG_POST_UP`   | `iptables -A FORWARD ...` | PostUp hook command   |
+| `WG_PRE_DOWN`  | `echo "Stopping WG"`      | PreDown hook command  |
+| `WG_POST_DOWN` | `iptables -D FORWARD ...` | PostDown hook command |
+
+/// warning | Override Behavior
+
+When these override environment variables are set:
+
+- The specified values will be used at runtime instead of database settings
+- You can still update these fields through the Web UI and they will be saved to the database
+- However, the overridden values from environment variables will always take precedence at runtime
+- The Web UI will display the database values with warning indicators showing which fields are overridden
+- On first start, if no database values exist, some overridden values will be saved to the database
+
+Some overrides will not be applied to existing clients until they are manually edited.
+
+- `WG_DEFAULT_*` settings will only apply to new clients
+- `WG_IPV4_CIDR` and `WG_IPV6_CIDR` changes will require clients to be manually edited to take effect
+
+///
+
+/// note | Note on Port Variables
+
+- `WG_PORT` - The port WireGuard listens on (interface port)
+- `WG_CLIENT_PORT` - The port clients connect to (endpoint port, uses `WG_PORT` if not set)
+- `PORT` - The port the Web UI listens on (HTTP server port)
+
+In most cases you will only need to set `WG_PORT` to change the WireGuard port.
+Keep in mind that you have to adjust both sides of the port publish option in your docker setup.
+
+///
@@ -11,18 +11,20 @@ These will only be used during the first start of the container. After that, the
 | `INIT_ENABLED`     | `true`                       | Enables the below env vars                                | 0     |
 | `INIT_USERNAME`    | `admin`                      | Sets admin username                                       | 1     |
 | `INIT_PASSWORD`    | `Se!ureP%ssw`                | Sets admin password                                       | 1     |
-| `INIT_HOST`        | `vpn.example.com`            | Host clients will connect to                              | 1     |
-| `INIT_PORT`        | `51820`                      | Port clients will connect to and wireguard will listen on | 1     |
-| `INIT_DNS`         | `1.1.1.1,8.8.8.8`            | Sets global dns setting                                   | 2     |
-| `INIT_IPV4_CIDR`   | `10.8.0.0/24`                | Sets IPv4 cidr                                            | 3     |
-| `INIT_IPV6_CIDR`   | `2001:0DB8::/32`             | Sets IPv6 cidr                                            | 3     |
-| `INIT_ALLOWED_IPS` | `10.8.0.0/24,2001:0DB8::/32` | Sets global Allowed IPs                                   | 4     |
+| `INIT_HOST`        | `vpn.example.com`            | Host clients will connect to                              | 2     |
+| `INIT_PORT`        | `51820`                      | Port clients will connect to and WireGuard will listen on | 2     |
+| `INIT_DNS`         | `1.1.1.1,8.8.8.8`            | Sets global dns setting                                   | 3     |
+| `INIT_IPV4_CIDR`   | `10.8.0.0/24`                | Sets IPv4 cidr                                            | 4     |
+| `INIT_IPV6_CIDR`   | `2001:0DB8::/32`             | Sets IPv6 cidr                                            | 4     |
+| `INIT_ALLOWED_IPS` | `10.8.0.0/24,2001:0DB8::/32` | Sets global Allowed IPs                                   | 5     |

 /// warning | Variables have to be used together

 If variables are in the same group, you have to set all of them. For example, if you set `INIT_IPV4_CIDR`, you also have to set `INIT_IPV6_CIDR`.

-If you want to skip the setup process, you have to configure group `1`
+To skip the setup process, you must configure groups `1` and `2`. You can alternatively use `WG_HOST` and `WG_PORT` to set group `2` without using the `INIT_` variables.
+
+Avoid setting both `INIT_` and `WG_` variables for the same setting to prevent confusion.
 ///

 /// note | Security
@@ -7,7 +7,7 @@ This guide will help you migrate from `v14` to version `v15` of `wg-easy`.
 ## Changes

 - This is a complete rewrite of the `wg-easy` project, therefore the configuration files and the way you interact with the project have changed.
- If you use armv6 or armv7, you unfortunately won't be able to migrate to `v15`.
+- If you use armv6, you unfortunately won't be able to migrate to `v15`.
 - If you are connecting to the Web UI via HTTP, you need to set the `INSECURE` environment variable to `true` in the new container.

 ## Migration
@@ -51,7 +51,9 @@ In the setup wizard, select that you already have a configuration file and uploa

 ### Environment Variables

-v15 does not use the same environment variables as v14, most of them have been moved to the Admin Panel in the Web UI.
+v15 does use some of the environment variables as v14. View [Configuration Overrides](../config/optional-config.md#configuration-overrides) to see which environment variables are supported in v15.
+
+If you want to be able to change settings through the Web UI, do not set the corresponding environment variables, as they will override the database settings. Instead, manually change the settings through the Web UI after the migration.

 ### Done

@@ -20,7 +20,7 @@ File: `/etc/docker/containers/watchtower/docker-compose.yml`
 ```yaml
 services:
    watchtower:
-        image: nickfedor/watchtower:latest
+        image: containrrr/watchtower:latest
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
        env_file:
@@ -8,7 +8,7 @@ title: Basic Installation

 1. You need to have a host that you can manage
 2. You need to have a domain name or a public IP address
-3. You need a supported architecture (x86_64, arm64)
+3. You need a supported architecture (x86_64, arm64, armv7)
 4. You need curl installed on your host

 ## Install Docker
@@ -93,19 +93,3 @@ PostDown
 ```shell
 iptables -D INPUT -p udp -m udp --dport {{port}} -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; ip6tables -D INPUT -p udp -m udp --dport {{port}} -j ACCEPT; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -D FORWARD -o wg0 -j ACCEPT
 ```
-
-/// warning | Important: When using nftables use the following hooks instead.
-
-PostUp
-
-```shell
-nft add chain ip filter WG_EASY; nft add rule ip filter DOCKER-USER jump WG_EASY; nft add rule ip filter WG_EASY iifname {{device}} accept; nft add rule ip filter WG_EASY oifname {{device}} accept; nft add chain ip6 filter WG_EASY; nft add rule ip6 filter DOCKER-USER jump WG_EASY; nft add rule ip6 filter WG_EASY iifname {{device}} accept; nft add rule ip6 filter WG_EASY oifname {{device}} accept;
-```
-
-PostDown
-
-```shell
-nft delete rule ip filter DOCKER-USER handle $(nft -a list chain ip filter DOCKER-USER | awk '/jump WG_EASY/ {print $NF}'); nft flush chain ip filter WG_EASY; nft delete chain ip filter WG_EASY; nft delete rule ip6 filter DOCKER-USER handle $(nft -a list chain ip6 filter DOCKER-USER | awk '/jump WG_EASY/ {print $NF}'); nft flush chain ip6 filter WG_EASY; nft delete chain ip6 filter WG_EASY
-```
-
-///
@@ -6,20 +6,6 @@ hide:

 Here are some frequently asked questions or errors about `wg-easy`. If you have a question that is not answered here, please feel free to open a discussion on GitHub.

-## How do I restrict client access to specific networks or servers?
-
-Use the **Per-Client Firewall** feature to enforce server-side restrictions on what each client can access.
-
-**Requirements:** This feature requires `iptables` (and `ip6tables` for IPv6) to be installed on the host system.
-
-1. Enable "Per-Client Firewall" in **Admin Panel → Interface**
-2. Edit a client and configure "Firewall Allowed IPs"
-3. Specify which destinations the client should be allowed to access
-
-Unlike "Allowed IPs" which only controls client-side routing, firewall rules are enforced by the server and cannot be bypassed.
-
-See the [Admin Panel Guide](./guides/admin.md#per-client-firewall) and [Client Guide](./guides/clients.md#firewall-allowed-ips) for detailed configuration.
-
 ## Error: WireGuard exited with the error: Cannot find device "wg0"

 This error indicates that the WireGuard interface `wg0` does not exist. This can happen if the WireGuard kernel module is not loaded or if the interface was not created properly.
@@ -109,31 +95,3 @@ To resolve this issue, you can try the following steps:
    ```shell
     echo "ip6table_filter" | sudo tee -a /etc/modules
    ```
-
-## Clients lose connectivity after restarting the container when using multiple networks?
-
-When you attach multiple Docker networks (e.g., `wg` and a reverse proxy network like `traefik` or `nginx`) to the `wg-easy` container, Docker might assign the network interfaces randomly (e.g., swapping `eth0` and `eth1`). Since `wg-easy` expects the wireguard interface to act as `eth0` and configures `POSTROUTING` rules for it, connectivity will break if the interfaces are swapped upon container restart.
-
-To solve this, specify the `interface_name` and `gw_priority` explicitly in your `docker-compose.yml` file to guarantee that the `wg` network always binds to `eth0` and acts as the default gateway.
-
-**Example `docker-compose.yml`:**
-
-```yaml
-services:
-    wg-easy:
-        # ... other configuration ...
-        networks:
-            wg:
-                interface_name: eth0
-                gw_priority: 1
-                ipv4_address: 10.42.42.42
-            nginx:
-                interface_name: eth1
-                gw_priority: 0
-
-networks:
-    wg:
-        # ... wg network config ...
-    nginx:
-        external: true
-```
@@ -12,7 +12,7 @@ Before you can get started with deploying your own VPN, there are some requireme

 1. You need to have a host that you can manage
 2. You need to have a domain name or a public IP address
-3. You need a supported architecture (x86_64, arm64)
+3. You need a supported architecture (x86_64, arm64, armv7)

 ### Host Setup

@@ -45,15 +45,15 @@ All workflows are using the tagging convention listed below. It is subsequently
 | tag           | Type                            | Example                                                       | Description                                                                   |
 | ------------- | ------------------------------- | ------------------------------------------------------------- | ----------------------------------------------------------------------------- |
 | `15`          | latest minor for that major tag | `ghcr.io/wg-easy/wg-easy:15`                                  | latest features for specific major versions, no breaking changes, recommended |
+| `latest`      | latest tag                      | `ghcr.io/wg-easy/wg-easy:latest` or `ghcr.io/wg-easy/wg-easy` | points to latest release, can include breaking changes                        |
 | `15.0`        | latest patch for that minor tag | `ghcr.io/wg-easy/wg-easy:15.0`                                | latest patches for specific minor version                                     |
 | `15.0.0`      | specific tag                    | `ghcr.io/wg-easy/wg-easy:15.0.0`                              | specific release, no updates                                                  |
 | `edge`        | push to `master`                | `ghcr.io/wg-easy/wg-easy:edge`                                | mostly unstable, gets frequent package and code updates                       |
 | `development` | pull requests                   | `ghcr.io/wg-easy/wg-easy:development`                         | used for development, testing code from PRs                                   |
-| `latest`      | latest tag                      | `ghcr.io/wg-easy/wg-easy:latest` or `ghcr.io/wg-easy/wg-easy` | points to the v14 release, should be avoided                                  |

 <!-- ref: major version (check links too) -->

-When publishing a tag we follow the [Semantic Versioning][semver] specification. Pin to the latest major version to avoid breaking changes (e.g. `15`), avoid using the `latest` tag.
+When publishing a tag we follow the [Semantic Versioning][semver] specification. The `latest` tag is always pointing to the latest stable release. If you want to avoid breaking changes, use the major version tag (e.g. `15`).

 [github-ci]: https://github.com/wg-easy/wg-easy/actions
 [ghcr-image]: https://github.com/wg-easy/wg-easy/pkgs/container/wg-easy
@@ -2,42 +2,4 @@
 title: Admin Panel
 ---

-## Interface Settings
-
-### Per-Client Firewall
-
-Enable server-side firewall filtering to enforce network access restrictions per client.
-
-When enabled, each client can have custom "Firewall Allowed IPs" configured that restrict which destinations they can access through the VPN. These restrictions are enforced by the server using iptables/ip6tables and cannot be bypassed by the client.
-
-/// warning | Experimental Feature
-
-This feature is currently experimental. While functional, it should be thoroughly tested in your environment before relying on it for production security requirements. Always verify that firewall rules are working as expected using test traffic or by manually inspecting the rules.
-
-///
-
-**Requirements:**
-
- `iptables` must be installed on the host system
- `ip6tables` must be installed if IPv6 is enabled (default)
- The feature cannot be enabled if these tools are not available
-
-/// note
-Most Linux distributions include iptables by default. If you're running in a minimal container environment, you may need to install the `iptables` package on the host system.
-///
-
-**Enable this feature if you want to:**
-
- Restrict certain clients to only access specific servers or networks
- Prevent clients from accessing the internet while allowing LAN access
- Enforce port-based restrictions (e.g., only allow HTTP/HTTPS)
- Separate routing configuration from security enforcement
-
-**How it works:**
-
-1. Enable "Per-Client Firewall" in Admin Panel → Interface
-2. Edit any client to see the new "Firewall Allowed IPs" field
-3. Specify allowed destinations (IPs, subnets, ports) for that client
-4. Server enforces these rules automatically
-
-See [Edit Client → Firewall Allowed IPs](./clients.md#firewall-allowed-ips) for detailed configuration syntax and examples.
+TODO
@@ -41,31 +41,3 @@ docker compose exec -it wg-easy cli db:admin:reset --password <new_password>
 ```

 This will reset the password for the admin user to the new password you provided. If you include special characters in the password, make sure to escape them properly.
-
-### Show Clients
-
-List all clients that are currently configured with details such as client ID, Name, Public Key, and enabled status.
-
-```shell
-cli clients:list
-```
-
-### Show Client QR Code
-
-Display the QR code for a specific client, which can be scanned by a compatible app to import the client's configuration.
-
-```shell
-cli clients:qr <client_id>
-```
-
-Replace `<client_id>` with the actual client ID you want to show the QR code for.
-
-/// warning | IPv6 Support
-
-IPv6 support is enabled by default, even if you disabled it using environment variables. To disable it pass the `--no-ipv6` flag when running the CLI.
-
-```shell
-cli clients:qr <client_id> --no-ipv6
-```
-
-///
@@ -19,58 +19,7 @@ Which IPs will be routed through the VPN.

 This will not prevent the user from modifying it locally and accessing IP ranges that they should not be able to access.

-Use the Firewall Allowed IPs feature to prevent access to IP ranges that the user should not be able to access.
-
-## Firewall Allowed IPs
-
-/// note | Attention
-
-This field only appears when **Per-Client Firewall** is enabled in the Admin Panel → Interface settings.
-
-///
-
-Server-side firewall rules that restrict which destinations the client can access, regardless of their local configuration.
-
-Unlike "Allowed IPs" which only controls routing on the client side, these rules are enforced by the server using iptables/ip6tables and cannot be bypassed by the client.
-
-**Supported Formats:**
-
- `10.10.0.3`, `2001:db8::1` - Allow access to a single IP address
- `10.10.0.0/24`, `2001:db8::/32` - Allow access to an entire subnet
- `192.168.1.5:443` - Allow access to specific port (TCP+UDP)
- `192.168.1.5:443/tcp` - Allow access to specific port (TCP only)
- `192.168.1.5:443/udp` - Allow access to specific port (UDP only)
- `10.10.0.0/24:443` - Allow access to an entire subnet on a specific port (TCP+UDP)
- `10.10.0.0/24:443/tcp` - Allow access to an entire subnet on a specific port (TCP only)
- `10.10.0.0/24:443/udp` - Allow access to an entire subnet on a specific port (UDP only)
- `[2001:db8::1]:443` - IPv6 address with port (brackets required)
- `[2001:db8::/32]:443/tcp` - IPv6 CIDR with port and protocol
-
-/// warning | Invalid Formats
-
-Protocol specifiers (`/tcp` or `/udp`) require a port number. The following formats are **not supported** and will result in an error:
-
- `10.10.0.3/tcp` (use `10.10.0.3:443/tcp` instead)
- `10.10.0.0/24/udp` (use `10.10.0.0/24:53/udp` instead)
-
-///
-
-**Behavior:**
-
- **Empty**: Falls back to the client's "Allowed IPs" setting
- **Specified**: Only listed destinations are accessible (allow-only, everything else is blocked)
- **Disable for specific client**: To disable firewall filtering for a single client while keeping it enabled for others, add `0.0.0.0/0, ::/0` to allow all traffic
-
-/// note
-To allow clients to reach the VPN server itself (e.g. for DNS), include the server's VPN address in the firewall allowed IPs.
-///
-
-**Use Case Examples**:
-
- Allow only specific servers: `10.10.0.5`
- Allow only internal network: `10.10.0.0/24, 192.168.1.0/24`
- Allow only web browsing: `0.0.0.0/0:80, 0.0.0.0/0:443, [::/0]:80, [::/0]:443`
- Block internet, allow LAN: Leave "Allowed IPs" as `0.0.0.0/0, ::/0` but set Firewall IPs to `10.0.0.0/8, 192.168.0.0/16`
+Use firewall rules to prevent access to IP ranges that the user should not be able to access.

 ## Server Allowed IPs

@@ -8,7 +8,7 @@ hide:

 /// info | This Documentation is Versioned

-**Make sure** to select the correct version of this documentation! It should match the version of the image you are using. The default version corresponds to [the most recent stable release][docs-tagging].
+**Make sure** to select the correct version of this documentation! It should match the version of the image you are using. The default version corresponds to the `:latest` image tag - [the most recent stable release][docs-tagging].
 ///

 This documentation provides you not only with the basic setup and configuration of `wg-easy` but also with advanced configuration, elaborate usage scenarios, detailed examples, hints and more.
@@ -7,11 +7,10 @@
    "build": "docker build -t wg-easy .",
    "docs:preview": "docker run --rm -it -p 8080:8080 -v ./docs:/docs squidfunk/mkdocs-material serve -a 0.0.0.0:8080",
    "scripts:version": "bash scripts/version.sh",
-    "scripts:i18n": "bash scripts/i18n.sh",
    "format:check:docs": "prettier --check docs"
  },
  "devDependencies": {
-    "prettier": "^3.8.3"
+    "prettier": "^3.6.2"
  },
-  "packageManager": "pnpm@11.1.2"
+  "packageManager": "pnpm@10.21.0"
 }
@@ -9,16 +9,16 @@ importers:
  .:
    devDependencies:
      prettier:
-        specifier: ^3.8.3
-        version: 3.8.3
+        specifier: ^3.6.2
+        version: 3.6.2

 packages:

-  prettier@3.8.3:
-    resolution: {integrity: sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==}
+  prettier@3.6.2:
+    resolution: {integrity: sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ==}
    engines: {node: '>=14'}
    hasBin: true

 snapshots:

-  prettier@3.8.3: {}
+  prettier@3.6.2: {}
@@ -30,7 +30,6 @@ echo "Updated package.json to version $new_version"

 echo "----"
 echo "If you changed the major version, remember to update the docker-compose.yml file and docs (search for: ref: major version)"
-echo "Make sure to stage any changes before proceeding (e.g. Changelog updates)."
 echo "----"

 echo "If you did everything press 'y' to commit the changes and create a new tag"
@@ -23,6 +23,4 @@ logs
 .env.*
 !.env.example

-coverage/
-
 wg-easy.db
@@ -1 +0,0 @@
-setups.@nuxt/test-utils="4.0.3"
@@ -1,7 +0,0 @@
-:root {
-  color-scheme: light;
-}
-
-.dark {
-  color-scheme: dark;
-}
@@ -1,29 +0,0 @@
-<template>
-  <div class="overflow-x-auto rounded border-2 border-red-800 py-2">
-    <pre
-      class="mx-2 inline-block"
-      @click="selectCode"
-    ><code ref="codeBlock">{{ code }}</code></pre>
-  </div>
-</template>
-
-<script setup lang="ts">
-defineProps<{
-  code: string;
-}>();
-
-const codeBlock = useTemplateRef('codeBlock');
-
-function selectCode() {
-  // TODO: keyboard support?
-  if (codeBlock.value) {
-    const range = document.createRange();
-    range.selectNodeContents(codeBlock.value);
-    const sel = window.getSelection();
-    if (sel) {
-      sel.removeAllRanges();
-      sel.addRange(range);
-    }
-  }
-}
-</script>
@@ -18,7 +18,7 @@
        >
          <slot name="description" />
        </DialogDescription>
-        <div class="mt-6 flex flex-wrap justify-end gap-2">
+        <div class="mt-6 flex justify-end gap-2">
          <slot name="actions" />
        </div>
      </DialogContent>
@@ -1,10 +0,0 @@
-<template>
-  <textarea
-    v-model="data"
-    class="rounded-lg border-2 border-gray-100 text-gray-500 focus:border-red-800 focus:outline-0 focus:ring-0 dark:border-neutral-800 dark:bg-neutral-700 dark:text-neutral-200 dark:placeholder:text-neutral-400"
-  />
-</template>
-
-<script lang="ts" setup>
-const data = defineModel<string>();
-</script>
@@ -16,7 +16,7 @@
 </template>

 <script setup lang="ts">
-import type { ApexChart, ApexOptions } from 'apexcharts';
+import type { ApexOptions } from 'apexcharts';

 defineProps<{
  client: LocalClient;
@@ -1,7 +1,7 @@
 <template>
  <ClientCardCharts :client="client" />
  <div
-    class="relative flex flex-col justify-between gap-3 px-3 py-3 sm:flex-row md:py-5"
+    class="relative z-10 flex flex-col justify-between gap-3 px-3 py-3 sm:flex-row md:py-5"
  >
    <div class="flex w-full items-center gap-3 md:gap-4">
      <ClientCardAvatar :client="client" />
@@ -9,7 +9,7 @@
        <div class="flex flex-grow flex-col gap-1">
          <ClientCardName :client="client" />
          <div
-            class="flex flex-col text-xs text-gray-500 dark:text-neutral-400"
+            class="flex flex-col pb-1 text-xs text-gray-500 md:inline-block md:pb-0 dark:text-neutral-400"
          >
            <div>
              <ClientCardAddress :client="client" />
@@ -1,5 +1,7 @@
 <template>
-  <div class="block text-xs text-gray-500 dark:text-neutral-400">
+  <div
+    class="block pb-1 text-xs text-gray-500 md:inline-block md:pb-0 dark:text-neutral-400"
+  >
    <span class="inline-block">{{ expiredDateFormat(client.expiresAt) }}</span>
  </div>
 </template>
@@ -1,9 +1,11 @@
 <template>
  <div
-    class="break-all text-sm text-gray-700 md:text-base dark:text-neutral-200"
+    class="text-sm text-gray-700 md:text-base dark:text-neutral-200"
    :title="$t('client.createdOn') + $d(new Date(client.createdAt))"
  >
-    {{ client.name }}
+    <span class="border-b-2 border-t-2 border-transparent">
+      {{ client.name }}
+    </span>
  </div>
 </template>

@@ -1,74 +0,0 @@
-<template>
-  <BaseDialog :trigger-class="triggerClass">
-    <template #trigger>
-      <slot />
-    </template>
-    <template #title>
-      {{ $t('client.config') }}
-    </template>
-    <template #description>
-      <div v-if="status === 'success'">
-        <BaseCodeBlock :code="config ?? ''" />
-      </div>
-      <div v-else>
-        <span>{{ $t('general.loading') }}</span>
-      </div>
-    </template>
-    <template #actions>
-      <DialogClose as-child>
-        <BaseSecondaryButton>{{ $t('dialog.cancel') }}</BaseSecondaryButton>
-      </DialogClose>
-      <DialogClose as-child>
-        <BasePrimaryButton @click="copyCode">
-          {{ $t('copy.copy') }}
-        </BasePrimaryButton>
-      </DialogClose>
-    </template>
-  </BaseDialog>
-</template>
-
-<script setup lang="ts">
-const props = defineProps<{ triggerClass?: string; clientId: number }>();
-
-const toast = useToast();
-const { copied, copy, isSupported } = useClipboard({
-  // fallback does not work
-  legacy: false,
-});
-
-const { data: config, status } = useFetch(
-  `/api/client/${props.clientId}/configuration`,
-  {
-    responseType: 'text',
-    server: false,
-  }
-);
-
-async function copyCode() {
-  if (status.value !== 'success') {
-    return;
-  }
-
-  if (!isSupported.value) {
-    toast.showToast({
-      type: 'error',
-      message: $t('copy.notSupported'),
-    });
-    return;
-  }
-
-  await copy(config.value ?? '');
-
-  if (copied.value) {
-    toast.showToast({
-      type: 'success',
-      message: $t('copy.copied'),
-    });
-  } else {
-    toast.showToast({
-      type: 'error',
-      message: $t('copy.failed'),
-    });
-  }
-}
-</script>
@@ -3,7 +3,7 @@
    {{ $t('client.empty') }}<br /><br />
    <ClientsCreateDialog>
      <BaseSecondaryButton as="span">
-        <IconsPlus class="mr-2 w-4" />
+        <IconsPlus class="w-4 md:mr-2" />
        <span class="text-sm">{{ $t('client.new') }}</span>
      </BaseSecondaryButton>
    </ClientsCreateDialog>
@@ -1,8 +1,8 @@
 <template>
  <ClientsCreateDialog>
    <BaseSecondaryButton as="span">
-      <IconsPlus class="mr-2 w-4" />
-      <span class="text-sm">{{ $t('client.newShort') }}</span>
+      <IconsPlus class="w-4 md:mr-2" />
+      <span class="text-sm max-md:hidden">{{ $t('client.newShort') }}</span>
    </BaseSecondaryButton>
  </ClientsCreateDialog>
 </template>
@@ -5,25 +5,11 @@
    </template>
    <template #description>
      <div class="bg-white">
-        <img ref="img" :src="qrCode" />
+        <img :src="qrCode" />
      </div>
    </template>
    <template #actions>
-      <BaseSecondaryButton
-        class="flex items-center gap-2"
-        :title="$t('client.copyPng')"
-        @click="copyPng"
-      >
-        <IconsCopy class="size-5" /> PNG
-      </BaseSecondaryButton>
-      <BaseSecondaryButton
-        class="flex items-center gap-2"
-        :title="$t('client.downloadPng')"
-        @click="downloadPng"
-      >
-        <IconsDownload class="size-5" /> PNG
-      </BaseSecondaryButton>
-      <DialogClose as-child>
+      <DialogClose>
        <BaseSecondaryButton>{{ $t('dialog.cancel') }}</BaseSecondaryButton>
      </DialogClose>
    </template>
@@ -32,87 +18,4 @@

 <script setup lang="ts">
 defineProps<{ qrCode: string }>();
-
-const toast = useToast();
-const img = useTemplateRef('img');
-
-async function svgToPng() {
-  if (!img.value || !img.value.complete || img.value.naturalWidth === 0) {
-    throw new Error('image is not loaded');
-  }
-
-  const width = 1000;
-  const height = 1000;
-
-  const canvas = document.createElement('canvas');
-  canvas.width = width;
-  canvas.height = height;
-  const ctx = canvas.getContext('2d');
-  if (!ctx) {
-    throw new Error('was not able to create 2d context');
-  }
-  ctx.drawImage(img.value!, 0, 0, width, height);
-
-  return new Promise<Blob>((res, rej) => {
-    canvas.toBlob((blob) => {
-      if (!blob) {
-        return rej(new Error('was not able to create blob'));
-      }
-      return res(blob);
-    }, 'image/png');
-  });
-}
-
-async function downloadPng() {
-  try {
-    const blob = await svgToPng();
-
-    const url = URL.createObjectURL(blob);
-    const a = document.createElement('a');
-    a.href = url;
-    a.download = 'client-config.png';
-    document.body.appendChild(a);
-    a.click();
-    document.body.removeChild(a);
-    URL.revokeObjectURL(url);
-  } catch (e) {
-    console.error('failed to download png', e);
-    toast.showToast({
-      type: 'error',
-      message: $t('toast.unknown'),
-    });
-  }
-}
-
-async function copyPng() {
-  const blob = await svgToPng().catch((e) => {
-    console.error('failed to convert svg to png', e);
-    toast.showToast({
-      type: 'error',
-      message: $t('toast.unknown'),
-    });
-  });
-  if (!blob) {
-    return;
-  }
-
-  try {
-    await navigator.clipboard.write([
-      new ClipboardItem({
-        [blob.type]: blob,
-      }),
-    ]);
-
-    toast.showToast({
-      type: 'success',
-      message: $t('copy.copied'),
-    });
-  } catch (e) {
-    console.error('failed to copy png', e);
-    toast.showToast({
-      type: 'error',
-      message: $t('copy.failed'),
-    });
-  }
-}
 </script>
@@ -1,14 +1,14 @@
 <template>
-  <div class="relative">
+  <div class="relative w-60 md:mr-2">
    <div class="relative flex h-full items-center">
-      <IconsMagnifyingGlass
+      <MagnifyingGlassIcon
        class="absolute left-2.5 h-4 w-4 text-gray-400 dark:text-neutral-500"
      />
      <input
        v-model="searchQuery"
        type="text"
        :placeholder="$t('client.search')"
-        class="w-full rounded bg-white px-8 py-2 text-sm text-gray-900 shadow-sm ring-1 ring-gray-300 transition-all placeholder:text-gray-400 focus:border-transparent focus:outline-none focus:ring-2 focus:ring-red-600 dark:bg-neutral-800 dark:text-white dark:ring-neutral-700 dark:placeholder:text-neutral-500 dark:focus:ring-red-700"
+        class="w-full rounded bg-white py-2 pr-8 text-sm text-gray-900 shadow-sm ring-1 ring-gray-300 transition-all placeholder:text-gray-400 focus:border-transparent focus:outline-none focus:ring-2 focus:ring-red-600 dark:bg-neutral-800 dark:text-white dark:ring-neutral-700 dark:placeholder:text-neutral-500 dark:focus:ring-red-700"
        @input="updateSearch"
      />
      <button
@@ -1,8 +1,11 @@
 <template>
  <BasePrimaryButton @click="toggleSort">
-    <IconsArrowDown v-if="globalStore.sortClient === true" class="mr-2 w-4" />
-    <IconsArrowUp v-else class="mr-2 w-4" />
-    <span class="text-sm">{{ $t('client.sort') }}</span>
+    <IconsArrowDown
+      v-if="globalStore.sortClient === true"
+      class="w-4 md:mr-2"
+    />
+    <IconsArrowUp v-else class="w-4 md:mr-2" />
+    <span class="text-sm max-md:hidden"> {{ $t('client.sort') }}</span>
  </BasePrimaryButton>
 </template>

@@ -1,5 +1,12 @@
 <template>
  <div class="flex flex-col gap-2">
+    <div
+      v-if="overridden"
+      class="flex w-fit items-center gap-2 rounded-lg bg-amber-50 p-2 text-sm text-amber-700 dark:bg-amber-900/20 dark:text-amber-400"
+    >
+      <IconsWarning class="size-4" />
+      <span>This field is overridden by an environment variable</span>
+    </div>
    <div v-if="data?.length === 0">
      {{ emptyText || $t('form.noItems') }}
    </div>
@@ -12,22 +19,34 @@
          class="rounded-lg border-2 border-gray-100 text-gray-500 focus:border-red-800 focus:outline-0 focus:ring-0 dark:border-neutral-800 dark:bg-neutral-700 dark:text-neutral-200 dark:placeholder:text-neutral-400"
          @input="update($event, i)"
        />
-        <BaseSecondaryButton type="button" class="rounded-lg" @click="del(i)">
-          {{ '-' }}
-        </BaseSecondaryButton>
+        <BaseSecondaryButton
+          as="input"
+          type="button"
+          class="rounded-lg"
+          value="-"
+          @click="del(i)"
+        />
      </div>
    </div>
    <div class="mt-2">
-      <BasePrimaryButton type="button" class="rounded-lg" @click="add">
-        {{ $t('form.add') }}
-      </BasePrimaryButton>
+      <BasePrimaryButton
+        as="input"
+        type="button"
+        class="rounded-lg"
+        :value="$t('form.add')"
+        @click="add"
+      />
    </div>
  </div>
 </template>

 <script lang="ts" setup>
 const data = defineModel<string[]>();
-defineProps<{ emptyText?: string[]; name: string }>();
+defineProps<{
+  emptyText?: string[];
+  name: string;
+  overridden?: boolean;
+}>();

 function update(e: Event, i: number) {
  const v = (e.target as HTMLInputElement).value;
@@ -1,10 +1,10 @@
 <template>
-  <h3 class="col-span-full flex items-center py-6 text-2xl">
+  <h4 class="col-span-full flex items-center py-6 text-2xl">
    <slot />
    <BaseTooltip v-if="description" :text="description">
      <IconsInfo class="size-4" />
    </BaseTooltip>
-  </h3>
+  </h4>
 </template>

 <script lang="ts" setup>
@@ -6,6 +6,12 @@
    <BaseTooltip v-if="description" :text="description">
      <IconsInfo class="size-4" />
    </BaseTooltip>
+    <BaseTooltip
+      v-if="overridden"
+      text="This field is overridden by an environment variable"
+    >
+      <IconsWarning class="size-4 text-amber-500" />
+    </BaseTooltip>
  </div>
  <div class="flex gap-1">
    <BaseInput
@@ -38,6 +44,7 @@ defineProps<{
  description?: string;
  placeholder?: string;
  url: '/api/admin/ip-info' | '/api/setup/4';
+  overridden?: boolean;
 }>();

 const data = defineModel<string | null>({
@@ -1,7 +1,7 @@
 <template>
-  <RLabel :for="props.for" class="md:leading-[2.75rem]">
-    <slot />
-  </RLabel>
+  <RLabel :for="props.for" class="md:align-middle md:leading-10"
+    ><slot
+  /></RLabel>
 </template>

 <script lang="ts" setup>
@@ -12,15 +12,23 @@
          class="rounded-lg border-2 border-gray-100 text-gray-500 focus:border-red-800 focus:outline-0 focus:ring-0 dark:border-neutral-800 dark:bg-neutral-700 dark:text-neutral-200 dark:placeholder:text-neutral-400"
          @input="update($event, i)"
        />
-        <BaseSecondaryButton type="button" class="rounded-lg" @click="del(i)">
-          {{ '-' }}
-        </BaseSecondaryButton>
+        <BaseSecondaryButton
+          as="input"
+          type="button"
+          class="rounded-lg"
+          value="-"
+          @click="del(i)"
+        />
      </div>
    </div>
    <div class="mt-2">
-      <BasePrimaryButton type="button" class="rounded-lg" @click="add">
-        {{ $t('form.add') }}
-      </BasePrimaryButton>
+      <BasePrimaryButton
+        as="input"
+        type="button"
+        class="rounded-lg"
+        :value="$t('form.add')"
+        @click="add"
+      />
    </div>
  </div>
 </template>
@@ -6,6 +6,12 @@
    <BaseTooltip v-if="description" :text="description">
      <IconsInfo class="size-4" />
    </BaseTooltip>
+    <BaseTooltip
+      v-if="overridden"
+      text="This field is overridden by an environment variable"
+    >
+      <IconsWarning class="size-4 text-amber-500" />
+    </BaseTooltip>
  </div>
  <BaseInput
    :id="id"
@@ -24,6 +30,7 @@ defineProps<{
  description?: string;
  autocomplete?: string;
  placeholder?: string;
+  overridden?: boolean;
 }>();

 const data = defineModel<string | null>({
@@ -6,12 +6,23 @@
    <BaseTooltip v-if="description" :text="description">
      <IconsInfo class="size-4" />
    </BaseTooltip>
+    <BaseTooltip
+      v-if="overridden"
+      text="This field is overridden by an environment variable"
+    >
+      <IconsWarning class="size-4 text-amber-500" />
+    </BaseTooltip>
  </div>
  <BaseInput :id="id" v-model.number="data" :name="id" type="number" />
 </template>

 <script lang="ts" setup>
-defineProps<{ id: string; label: string; description?: string }>();
+defineProps<{
+  id: string;
+  label: string;
+  description?: string;
+  overridden?: boolean;
+}>();

 const data = defineModel<number>();
 </script>
@@ -6,13 +6,22 @@
    <BaseTooltip v-if="description" :text="description">
      <IconsInfo class="size-4" />
    </BaseTooltip>
+    <BaseTooltip
+      v-if="overridden"
+      text="This field is overridden by an environment variable"
+    >
+      <IconsWarning class="size-4 text-amber-500" />
+    </BaseTooltip>
  </div>
-  <div class="my-auto">
-    <BaseSwitch :id="id" v-model="data" />
-  </div>
+  <BaseSwitch :id="id" v-model="data" />
 </template>

 <script lang="ts" setup>
-defineProps<{ id: string; label: string; description?: string }>();
+defineProps<{
+  id: string;
+  label: string;
+  description?: string;
+  overridden?: boolean;
+}>();
 const data = defineModel<boolean>();
 </script>
@@ -1,29 +0,0 @@
-<template>
-  <div class="flex items-center">
-    <FormLabel :for="id">
-      {{ label }}
-    </FormLabel>
-    <BaseTooltip v-if="description" :text="description">
-      <IconsInfo class="size-4" />
-    </BaseTooltip>
-  </div>
-  <BaseTextArea
-    :id="id"
-    v-model.trim="data"
-    :name="id"
-    :autocomplete="autocomplete"
-    :disabled="disabled"
-  />
-</template>
-
-<script lang="ts" setup>
-defineProps<{
-  id: string;
-  label: string;
-  description?: string;
-  autocomplete?: string;
-  disabled?: boolean;
-}>();
-
-const data = defineModel<string>();
-</script>
@@ -6,6 +6,12 @@
    <BaseTooltip v-if="description" :text="description">
      <IconsInfo class="size-4" />
    </BaseTooltip>
+    <BaseTooltip
+      v-if="overridden"
+      text="This field is overridden by an environment variable"
+    >
+      <IconsWarning class="size-4 text-amber-500" />
+    </BaseTooltip>
  </div>
  <BaseInput
    :id="id"
@@ -24,6 +30,7 @@ defineProps<{
  description?: string;
  autocomplete?: string;
  disabled?: boolean;
+  overridden?: boolean;
 }>();

 const data = defineModel<string>();
@@ -1,12 +1,12 @@
 <template>
  <Toggle
    :pressed="globalStore.uiShowCharts"
-    class="group flex h-8 w-8 items-center justify-center rounded-full bg-gray-200 transition hover:bg-gray-300 dark:bg-neutral-700 dark:hover:bg-neutral-600"
+    class="group inline-flex h-8 w-8 cursor-pointer items-center justify-center whitespace-nowrap rounded-full bg-gray-200 transition hover:bg-gray-300 dark:bg-neutral-700 dark:hover:bg-neutral-600"
    :title="$t('layout.toggleCharts')"
    @update:pressed="globalStore.toggleCharts"
  >
    <IconsChart
-      class="h-5 w-5 transition group-data-[state=on]:fill-gray-600 dark:text-neutral-400 dark:group-data-[state=on]:fill-gray-300"
+      class="h-5 w-5 fill-gray-400 transition group-data-[state=on]:fill-gray-600 dark:fill-neutral-600 dark:group-data-[state=on]:fill-neutral-400"
    />
  </Toggle>
 </template>
@@ -1,5 +1,5 @@
 <template>
-  <NuxtLink to="/" class="max-sm:mb-4">
+  <NuxtLink to="/" class="mb-4">
    <h1 class="text-4xl font-medium dark:text-neutral-200">
      <img
        src="/logo.png"
@@ -5,7 +5,7 @@
      authStore.userData &&
      hasPermissions(authStore.userData, 'admin', 'any')
    "
-    class="font-small rounded-md bg-red-800 p-4 text-sm text-white shadow-lg dark:bg-red-100 dark:text-red-600"
+    class="font-small mb-10 rounded-md bg-red-800 p-4 text-sm text-white shadow-lg dark:bg-red-100 dark:text-red-600"
    :title="`v${globalStore.information.currentRelease} → v${globalStore.information.latestRelease.version}`"
  >
    <div class="container mx-auto flex flex-auto flex-row items-center">
@@ -1,7 +0,0 @@
-<template>
-  <ClipboardDocumentIcon />
-</template>
-
-<script lang="ts" setup>
-import ClipboardDocumentIcon from '@heroicons/vue/24/outline/esm/ClipboardDocumentIcon';
-</script>
@@ -1,7 +0,0 @@
-<template>
-  <MagnifyingGlassIcon />
-</template>
-
-<script lang="ts" setup>
-import MagnifyingGlassIcon from '@heroicons/vue/24/outline/esm/MagnifyingGlassIcon';
-</script>
@@ -1,9 +1,7 @@
 <template>
-  <div class="container mx-auto max-w-3xl">
-    <div
-      class="mx-3 overflow-hidden rounded-lg bg-white text-gray-700 shadow-md dark:bg-neutral-700 dark:text-neutral-200"
-    >
-      <slot />
-    </div>
+  <div
+    class="container mx-auto max-w-3xl overflow-hidden rounded-lg bg-white px-3 text-gray-700 shadow-md md:px-0 dark:bg-neutral-700 dark:text-neutral-200"
+  >
+    <slot />
  </div>
 </template>
@@ -1,5 +1,5 @@
 <template>
-  <div class="flex flex-shrink-0 flex-col items-center gap-2 sm:flex-row">
+  <div class="flex flex-shrink-0 items-center space-x-2">
    <slot />
  </div>
 </template>
@@ -1,6 +1,6 @@
 <template>
  <div
-    class="flex flex-col items-center gap-2 border-b-2 border-gray-100 p-3 px-5 sm:flex-row dark:border-neutral-600"
+    class="flex flex-auto flex-grow flex-row items-center border-b-2 border-gray-100 p-3 px-5 dark:border-neutral-600"
  >
    <slot />
  </div>
@@ -1,5 +1,11 @@
 <template>
-  <h2 class="flex-1 break-all text-2xl font-medium">
-    <slot />
+  <h2 class="flex-1 text-2xl font-medium">
+    {{ text }}
  </h2>
 </template>
+
+<script setup lang="ts">
+const { text } = defineProps<{
+  text: string;
+}>();
+</script>
@@ -7,7 +7,7 @@
        href="https://github.com/wg-easy/wg-easy"
        >WireGuard Easy</a
      >
-      ({{ globalStore.information?.currentRelease }}) © 2021-2026 by
+      ({{ globalStore.information?.currentRelease }}) © 2021-2025 by
      <a
        class="hover:underline"
        target="_blank"
@@ -1,8 +1,6 @@
 <template>
  <div>
-    <header
-      class="mx-auto my-4 flex max-w-3xl flex-col justify-center max-md:px-3"
-    >
+    <header class="mx-auto mt-4 flex max-w-3xl flex-col justify-center">
      <div
        class="mb-5 w-full"
        :class="
@@ -19,7 +17,7 @@
          <UiUserMenu v-if="loggedIn" />
        </div>
      </div>
-      <HeaderUpdate class="my-4" />
+      <HeaderUpdate class="mt-4" />
    </header>
    <slot />
    <UiFooter />
@@ -4,27 +4,25 @@ export default defineNuxtRouteMiddleware(async (to) => {
    return;
  }

-  const event = useRequestEvent();
-
  const authStore = useAuthStore();
-  authStore.userData = await authStore.getSession(event);
+  const userData = await authStore.getSession();

  // skip login if already logged in
  if (to.path === '/login') {
-    if (authStore.userData?.username) {
+    if (userData?.username) {
      return navigateTo('/', { redirectCode: 302 });
    }
    return;
  }

  // Require auth for every page other than Login
-  if (!authStore.userData?.username) {
+  if (!userData?.username) {
    return navigateTo('/login', { redirectCode: 302 });
  }

  // Check for admin access
  if (to.path.startsWith('/admin')) {
-    if (!hasPermissions(authStore.userData, 'admin', 'any')) {
+    if (!hasPermissions(userData, 'admin', 'any')) {
      return abortNavigation('Not allowed to access Admin Panel');
    }
  }
@@ -2,47 +2,34 @@
  <div>
    <div class="container mx-auto p-4">
      <div class="flex flex-col gap-4 lg:flex-row">
-        <div
-          class="overflow-hidden rounded-lg bg-white text-gray-700 shadow-md lg:w-64 dark:bg-neutral-700 dark:text-neutral-200"
-        >
-          <PanelHead>
-            <PanelHeadTitle>
-              <NuxtLink to="/admin">
-                {{ t('pages.admin.panel') }}
-              </NuxtLink>
-            </PanelHeadTitle>
-          </PanelHead>
-          <PanelBody>
-            <nav class="flex flex-col gap-2">
-              <NuxtLink
-                v-for="(item, index) in menuItems"
-                :key="index"
-                :to="`/admin/${item.id}`"
-                class="group rounded"
-                active-class="bg-red-800 active"
+        <div class="rounded-lg bg-white p-4 lg:w-64 dark:bg-neutral-700">
+          <NuxtLink to="/admin">
+            <h2 class="mb-4 text-xl font-bold dark:text-neutral-200">
+              {{ t('pages.admin.panel') }}
+            </h2>
+          </NuxtLink>
+          <div class="flex flex-col space-y-2">
+            <NuxtLink
+              v-for="(item, index) in menuItems"
+              :key="index"
+              :to="`/admin/${item.id}`"
+              active-class="bg-red-800 rounded"
+            >
+              <BaseSecondaryButton
+                as="span"
+                class="w-full cursor-pointer rounded p-2 font-medium transition-colors duration-200 hover:bg-red-800 dark:text-neutral-200"
              >
-                <BaseSecondaryButton
-                  as="span"
-                  class="w-full font-medium group-[.active]:text-white"
-                >
-                  {{ item.name }}
-                </BaseSecondaryButton>
-              </NuxtLink>
-            </nav>
-          </PanelBody>
+                {{ item.name }}
+              </BaseSecondaryButton>
+            </NuxtLink>
+          </div>
        </div>

        <div
-          class="flex-1 overflow-hidden rounded-lg bg-white text-gray-700 shadow-md dark:bg-neutral-700 dark:text-neutral-200"
+          class="flex-1 rounded-lg bg-white p-6 dark:bg-neutral-700 dark:text-neutral-200"
        >
-          <PanelHead>
-            <PanelHeadTitle>
-              {{ activeMenuItem.name }}
-            </PanelHeadTitle>
-          </PanelHead>
-          <PanelBody>
-            <NuxtPage />
-          </PanelBody>
+          <h1 class="mb-6 text-3xl font-bold">{{ activeMenuItem.name }}</h1>
+          <NuxtPage />
        </div>
      </div>
    </div>
@@ -50,6 +37,9 @@
 </template>

 <script setup lang="ts">
+const authStore = useAuthStore();
+authStore.update();
+
 const { t } = useI18n();

 const route = useRoute();
@@ -9,12 +9,14 @@
          :label="$t('general.host')"
          :description="$t('admin.config.hostDesc')"
          url="/api/admin/ip-info"
+          :overridden="overrides?.host"
        />
        <FormNumberField
          id="port"
          v-model="data.port"
          :label="$t('general.port')"
          :description="$t('admin.config.portDesc')"
+          :overridden="overrides?.port"
        />
      </FormGroup>
      <FormGroup>
@@ -24,13 +26,18 @@
        <FormArrayField
          v-model="data.defaultAllowedIps"
          name="defaultAllowedIps"
+          :overridden="overrides?.defaultAllowedIps"
        />
      </FormGroup>
      <FormGroup>
        <FormHeading :description="$t('admin.config.dnsDesc')">
          {{ $t('general.dns') }}
        </FormHeading>
-        <FormArrayField v-model="data.defaultDns" name="defaultDns" />
+        <FormArrayField
+          v-model="data.defaultDns"
+          name="defaultDns"
+          :overridden="overrides?.defaultDns"
+        />
      </FormGroup>
      <FormGroup>
        <FormHeading>{{ $t('form.sectionAdvanced') }}</FormHeading>
@@ -39,12 +46,14 @@
          v-model="data.defaultMtu"
          :label="$t('general.mtu')"
          :description="$t('admin.config.mtuDesc')"
+          :overridden="overrides?.defaultMtu"
        />
        <FormNumberField
          id="defaultPersistentKeepalive"
          v-model="data.defaultPersistentKeepalive"
          :label="$t('general.persistentKeepalive')"
          :description="$t('admin.config.persistentKeepaliveDesc')"
+          :overridden="overrides?.defaultPersistentKeepalive"
        />
      </FormGroup>
      <FormGroup v-if="globalStore.information?.isAwg">
@@ -118,6 +127,12 @@ const { data: _data, refresh } = await useFetch(`/api/admin/userconfig`, {
  method: 'get',
 });

+const { data: overridesData } = await useFetch(`/api/admin/overrides`, {
+  method: 'get',
+});
+
+const overrides = computed(() => overridesData.value?.userConfig);
+
 const data = toRef(_data.value);

 const _submit = useSubmit(
@@ -7,6 +7,7 @@
          v-model="data.sessionTimeout"
          :label="$t('admin.general.sessionTimeout')"
          :description="$t('admin.general.sessionTimeoutDesc')"
+          :overridden="overrides?.sessionTimeout"
        />
      </FormGroup>
      <FormGroup>
@@ -16,18 +17,21 @@
          v-model="data.metricsPassword"
          :label="$t('admin.general.metricsPassword')"
          :description="$t('admin.general.metricsPasswordDesc')"
+          :overridden="overrides?.metricsPassword"
        />
        <FormSwitchField
          id="prometheus"
          v-model="data.metricsPrometheus"
          :label="$t('admin.general.prometheus')"
          :description="$t('admin.general.prometheusDesc')"
+          :overridden="overrides?.metricsPrometheus"
        />
        <FormSwitchField
          id="json"
          v-model="data.metricsJson"
          :label="$t('admin.general.json')"
          :description="$t('admin.general.jsonDesc')"
+          :overridden="overrides?.metricsJson"
        />
      </FormGroup>
      <FormGroup>
@@ -43,6 +47,13 @@
 const { data: _data, refresh } = await useFetch(`/api/admin/general`, {
  method: 'get',
 });
+
+const { data: overridesData } = await useFetch(`/api/admin/overrides`, {
+  method: 'get',
+});
+
+const overrides = computed(() => overridesData.value?.general);
+
 const data = toRef(_data.value);

 const _submit = useSubmit(
@@ -2,25 +2,29 @@
  <main v-if="data">
    <FormElement @submit.prevent="submit">
      <FormGroup>
-        <FormTextArea
+        <FormTextField
          id="PreUp"
          v-model="data.preUp"
          :label="$t('hooks.preUp')"
+          :overridden="overrides?.preUp"
        />
-        <FormTextArea
+        <FormTextField
          id="PostUp"
          v-model="data.postUp"
          :label="$t('hooks.postUp')"
+          :overridden="overrides?.postUp"
        />
-        <FormTextArea
+        <FormTextField
          id="PreDown"
          v-model="data.preDown"
          :label="$t('hooks.preDown')"
+          :overridden="overrides?.preDown"
        />
-        <FormTextArea
+        <FormTextField
          id="PostDown"
          v-model="data.postDown"
          :label="$t('hooks.postDown')"
+          :overridden="overrides?.postDown"
        />
      </FormGroup>
      <FormGroup>
@@ -37,6 +41,12 @@ const { data: _data, refresh } = await useFetch(`/api/admin/hooks`, {
  method: 'get',
 });

+const { data: overridesData } = await useFetch(`/api/admin/overrides`, {
+  method: 'get',
+});
+
+const overrides = computed(() => overridesData.value?.hooks);
+
 const data = toRef(_data.value);

 const _submit = useSubmit(
@@ -7,18 +7,21 @@
          v-model="data.mtu"
          :label="$t('general.mtu')"
          :description="$t('admin.interface.mtuDesc')"
+          :overridden="overrides?.mtu"
        />
        <FormNumberField
          id="port"
          v-model="data.port"
          :label="$t('general.port')"
          :description="$t('admin.interface.portDesc')"
+          :overridden="overrides?.port"
        />
        <FormTextField
          id="device"
          v-model="data.device"
          :label="$t('admin.interface.device')"
          :description="$t('admin.interface.deviceDesc')"
+          :overridden="overrides?.device"
        />
      </FormGroup>
      <FormGroup v-if="globalStore.information?.isAwg">
@@ -69,30 +72,6 @@
          :label="$t('awg.s4Label')"
          :description="$t('awg.s4Description')"
        />
-        <FormNullTextField
-          id="h1"
-          v-model="data.h1"
-          :label="$t('awg.h1Label')"
-          :description="$t('awg.h1Description')"
-        />
-        <FormNullTextField
-          id="h2"
-          v-model="data.h2"
-          :label="$t('awg.h2Label')"
-          :description="$t('awg.h2Description')"
-        />
-        <FormNullTextField
-          id="h3"
-          v-model="data.h3"
-          :label="$t('awg.h3Label')"
-          :description="$t('awg.h3Description')"
-        />
-        <FormNullTextField
-          id="h4"
-          v-model="data.h4"
-          :label="$t('awg.h4Label')"
-          :description="$t('awg.h4Description')"
-        />
        <FormNullTextField
          id="i1"
          v-model="data.i1"
@@ -123,14 +102,29 @@
          :label="$t('awg.i5Label')"
          :description="$t('awg.i5Description')"
        />
-      </FormGroup>
-      <FormGroup>
-        <FormHeading>{{ $t('admin.interface.firewall') }}</FormHeading>
-        <FormSwitchField
-          id="firewallEnabled"
-          v-model="data.firewallEnabled"
-          :label="$t('admin.interface.firewallEnabled')"
-          :description="$t('admin.interface.firewallEnabledDesc')"
+        <FormNullNumberField
+          id="h1"
+          v-model="data.h1"
+          :label="$t('awg.h1Label')"
+          :description="$t('awg.h1Description')"
+        />
+        <FormNullNumberField
+          id="h2"
+          v-model="data.h2"
+          :label="$t('awg.h2Label')"
+          :description="$t('awg.h2Description')"
+        />
+        <FormNullNumberField
+          id="h3"
+          v-model="data.h3"
+          :label="$t('awg.h3Label')"
+          :description="$t('awg.h3Description')"
+        />
+        <FormNullNumberField
+          id="h4"
+          v-model="data.h4"
+          :label="$t('awg.h4Label')"
+          :description="$t('awg.h4Description')"
        />
      </FormGroup>
      <FormGroup>
@@ -173,6 +167,12 @@ const { data: _data, refresh } = await useFetch(`/api/admin/interface`, {
  method: 'get',
 });

+const { data: overridesData } = await useFetch(`/api/admin/overrides`, {
+  method: 'get',
+});
+
+const overrides = computed(() => overridesData.value?.interface);
+
 const data = toRef(_data.value);

 const _submit = useSubmit(
@@ -180,15 +180,7 @@ const _submit = useSubmit(
  {
    method: 'post',
  },
-  {
-    revert: async (success) => {
-      await revert();
-      if (success) {
-        // Refresh global store information after successful save
-        await globalStore.refreshInformation();
-      }
-    },
-  }
+  { revert }
 );

 function submit() {
@@ -2,9 +2,7 @@
  <main v-if="data">
    <Panel>
      <PanelHead>
-        <PanelHeadTitle>
-          {{ data.name }}
-        </PanelHeadTitle>
+        <PanelHeadTitle :text="data.name" />
      </PanelHead>
      <PanelBody>
        <FormElement @submit.prevent="submit">
@@ -63,12 +61,6 @@
              name="serverAllowedIps"
            />
          </FormGroup>
-          <FormGroup v-if="globalStore.information?.firewallEnabled">
-            <FormHeading :description="$t('client.firewallIpsDesc')">
-              {{ $t('client.firewallIps') }}
-            </FormHeading>
-            <FormNullArrayField v-model="data.firewallIps" name="firewallIps" />
-          </FormGroup>
          <FormGroup>
            <FormHeading :description="$t('client.dnsDesc')">
              {{ $t('general.dns') }}
@@ -149,25 +141,25 @@
            <FormHeading :description="$t('client.hooksDescription')">
              {{ $t('client.hooks') }}
            </FormHeading>
-            <FormTextArea
+            <FormTextField
              id="PreUp"
              v-model="data.preUp"
              :description="$t('client.hooksLeaveEmpty')"
              :label="$t('hooks.preUp')"
            />
-            <FormTextArea
+            <FormTextField
              id="PostUp"
              v-model="data.postUp"
              :description="$t('client.hooksLeaveEmpty')"
              :label="$t('hooks.postUp')"
            />
-            <FormTextArea
+            <FormTextField
              id="PreDown"
              v-model="data.preDown"
              :description="$t('client.hooksLeaveEmpty')"
              :label="$t('hooks.preDown')"
            />
-            <FormTextArea
+            <FormTextField
              id="PostDown"
              v-model="data.postDown"
              :description="$t('client.hooksLeaveEmpty')"
@@ -187,25 +179,13 @@
              @delete="deleteClient"
            >
              <FormSecondaryActionField
-                :label="$t('client.delete')"
+                label="Delete"
                class="w-full"
                type="button"
                tabindex="-1"
                as="span"
              />
            </ClientsDeleteDialog>
-            <ClientsConfigDialog
-              trigger-class="col-span-2"
-              :client-id="data.id"
-            >
-              <FormSecondaryActionField
-                :label="$t('client.viewConfig')"
-                class="w-full"
-                type="button"
-                tabindex="-1"
-                as="span"
-              />
-            </ClientsConfigDialog>
          </FormGroup>
        </FormElement>
      </PanelBody>
@@ -214,7 +194,9 @@
 </template>

 <script lang="ts" setup>
+const authStore = useAuthStore();
 const globalStore = useGlobalStore();
+authStore.update();

 const route = useRoute();
 const id = route.params.id as string;
@@ -2,15 +2,11 @@
  <main>
    <Panel>
      <PanelHead>
-        <PanelHeadTitle>
-          {{ $t('pages.clients') }}
-        </PanelHeadTitle>
+        <PanelHeadTitle :text="$t('pages.clients')" />
        <PanelHeadBoat>
          <ClientsSearch />
-          <div class="flex gap-2">
-            <ClientsSort />
-            <ClientsNew />
-          </div>
+          <ClientsSort />
+          <ClientsNew />
        </PanelHeadBoat>
      </PanelHead>

@@ -33,6 +29,9 @@
 </template>

 <script setup lang="ts">
+const authStore = useAuthStore();
+authStore.update();
+
 const globalStore = useGlobalStore();
 const clientsStore = useClientsStore();

@@ -67,6 +67,9 @@
 </template>

 <script setup lang="ts">
+const authStore = useAuthStore();
+authStore.update();
+
 const toast = useToast();
 const { t } = useI18n();

@@ -2,9 +2,7 @@
  <main>
    <Panel>
      <PanelHead>
-        <PanelHeadTitle>
-          {{ $t('pages.me') }}
-        </PanelHeadTitle>
+        <PanelHeadTitle :text="$t('pages.me')" />
      </PanelHead>
      <PanelBody class="dark:text-neutral-200">
        <FormElement @submit.prevent="submit">
@@ -122,6 +120,7 @@
 import { encodeQR } from 'qr';

 const authStore = useAuthStore();
+authStore.update();

 const name = ref(authStore.userData?.name);
 const email = ref(authStore.userData?.email);
@@ -55,9 +55,15 @@ const _submit = useSubmit(
    method: 'post',
  },
  {
-    revert: async (success) => {
+    revert: async (success, data) => {
      if (success) {
-        await navigateTo('/setup/3');
+        if (data?.setupDone) {
+          // Setup is complete, redirect to success page
+          await navigateTo('/setup/success');
+        } else {
+          // Continue to step 3
+          await navigateTo('/setup/3');
+        }
      }
    },
    noSuccessToast: true,
@@ -1,25 +1,18 @@
-import type { H3Event } from 'h3';
-import type { SharedPublicUser } from '~~/shared/utils/permissions';
-
 export const useAuthStore = defineStore('Auth', () => {
-  const userData = useState<SharedPublicUser | null>('user-data', () => null);
+  const { data: userData, refresh: update } = useFetch('/api/session', {
+    method: 'get',
+  });

-  async function getSession(event?: H3Event) {
-    const fetch = event?.$fetch || $fetch;
+  async function getSession() {
    try {
-      const data = await fetch('/api/session', {
+      const { data } = await useFetch('/api/session', {
        method: 'get',
      });
-      return data;
+      return data.value;
    } catch {
      return null;
    }
  }

-  async function update() {
-    const data = await getSession();
-    userData.value = data;
-  }
-
  return { userData, update, getSession };
 });
@@ -66,11 +66,10 @@ export const useClientsStore = defineStore('Clients', () => {
      const clientPersist = clientsPersist.value[client.id]!;

      // Debug
-      /* client.transferRx =
-        clientPersist.transferRxPrevious + Math.random() * 1000;
-      client.transferTx =
-        clientPersist.transferTxPrevious + Math.random() * 1000;
-      client.latestHandshakeAt = new Date().toISOString(); */
+      // client.transferRx = this.clientsPersist[client.id].transferRxPrevious + Math.random() * 1000;
+      // client.transferTx = this.clientsPersist[client.id].transferTxPrevious + Math.random() * 1000;
+      // client.latestHandshakeAt = new Date();
+      // this.requiresPassword = true;

      clientPersist.transferRxCurrent =
        (client.transferRx ?? 0) - clientPersist.transferRxPrevious;
@@ -1,10 +1,7 @@
 export const useGlobalStore = defineStore('Global', () => {
-  const { data: information, refresh: refreshInformation } = useFetch(
-    '/api/information',
-    {
-      method: 'get',
-    }
-  );
+  const { data: information } = useFetch('/api/information', {
+    method: 'get',
+  });

  const sortClient = ref(true); // Sort clients by name, true = asc, false = desc

@@ -25,7 +22,6 @@ export const useGlobalStore = defineStore('Global', () => {
  return {
    sortClient,
    information,
-    refreshInformation,
    uiShowCharts,
    toggleCharts,
    uiChartType,
@@ -1,71 +0,0 @@
-import { defineCommand } from 'citty';
-import { consola } from 'consola';
-import { eq } from 'drizzle-orm';
-
-import { db, schema } from '../db';
-import { hashPassword } from '../../server/utils/password';
-
-export default defineCommand({
-  meta: {
-    name: 'db:admin:reset',
-    description: 'Reset the admin user password and TOTP settings',
-  },
-  args: {
-    password: {
-      type: 'string',
-      description: 'New password for the admin user',
-      required: false,
-    },
-  },
-  async run(ctx) {
-    let password = ctx.args.password || undefined;
-    if (!password) {
-      password = await consola.prompt('Please enter a new password:', {
-        type: 'text',
-      });
-    }
-    if (!password) {
-      consola.error('Password is required');
-      return;
-    }
-    if (password.length < 12) {
-      consola.error('Password must be at least 12 characters long');
-      return;
-    }
-    consola.info('Setting new password for admin user...');
-    const hash = await hashPassword(password);
-
-    const user = await db.transaction(async (tx) => {
-      const user = await tx
-        .select()
-        .from(schema.user)
-        .where(eq(schema.user.id, 1))
-        .get();
-
-      if (!user) {
-        consola.error('Admin user not found');
-        return;
-      }
-
-      await tx
-        .update(schema.user)
-        .set({
-          password: hash,
-          totpVerified: false,
-          totpKey: null,
-        })
-        .where(eq(schema.user.id, 1));
-
-      return user;
-    });
-
-    if (!user) {
-      consola.error('Failed to update admin user');
-      return;
-    }
-
-    consola.success(
-      `Successfully updated admin user ${user.id} (${user.username})`
-    );
-  },
-});
@@ -1,29 +0,0 @@
-import { defineCommand } from 'citty';
-import { consola } from 'consola';
-
-import { db } from '../db';
-
-export default defineCommand({
-  meta: {
-    name: 'clients:list',
-    description: 'List all clients',
-  },
-  async run() {
-    consola.info('Listing all clients...');
-    const clients = await db.query.client.findMany({
-      columns: {
-        id: true,
-        name: true,
-        publicKey: true,
-        enabled: true,
-      },
-    });
-
-    if (clients.length === 0) {
-      consola.info('No clients found');
-      return;
-    }
-
-    console.table(clients);
-  },
-});
@@ -1,71 +0,0 @@
-import { defineCommand } from 'citty';
-import { consola } from 'consola';
-import { eq } from 'drizzle-orm';
-
-import { wg } from '../../server/utils/wgHelper';
-import { encodeQRCodeTerm } from '../../server/utils/qr';
-import { db, schema } from '../db';
-
-export default defineCommand({
-  meta: {
-    name: 'clients:qr',
-    description: 'Generate QR code for a client',
-  },
-  args: {
-    id: {
-      required: true,
-      type: 'positional',
-    },
-    ipv6: {
-      required: false,
-      type: 'boolean',
-      default: true,
-    },
-  },
-  async run(ctx) {
-    const clientId = Number(ctx.args.id);
-    const enableIpv6 = ctx.args.ipv6;
-
-    if (Number.isNaN(clientId)) {
-      consola.error('Invalid client ID');
-      return;
-    }
-
-    consola.info('Generating QR code for client...');
-
-    const wgInterface = await db.query.wgInterface.findFirst({
-      where: eq(schema.wgInterface.name, 'wg0'),
-    });
-    if (!wgInterface) {
-      consola.error('WireGuard interface not found');
-      return;
-    }
-
-    const userConfig = await db.query.userConfig.findFirst({
-      where: eq(schema.userConfig.id, 'wg0'),
-    });
-    if (!userConfig) {
-      consola.error('User config not found');
-      return;
-    }
-
-    const client = await db.query.client.findFirst({
-      where: eq(schema.client.id, clientId),
-    });
-    if (!client) {
-      consola.error(`Client with ID ${clientId} not found`);
-      return;
-    }
-
-    const clientConfig = wg.generateClientConfig(
-      wgInterface,
-      userConfig,
-      client,
-      {
-        enableIpv6,
-      }
-    );
-
-    consola.log(encodeQRCodeTerm(clientConfig));
-  },
-});
@@ -1,10 +0,0 @@
-import { createClient } from '@libsql/client';
-import { drizzle } from 'drizzle-orm/libsql';
-
-import * as schema from '../server/database/schema';
-
-//const client = createClient({ url: 'file:../data/wg-easy.db' });
-const client = createClient({ url: 'file:/etc/wireguard/wg-easy.db' });
-export const db = drizzle({ client, schema });
-
-export { schema };
@@ -1,38 +1,82 @@
 #!/usr/bin/env node

-import type { Resolvable, SubCommandsDef } from 'citty';
+// ! Auto Imports are not supported in this file
+
+import { drizzle } from 'drizzle-orm/libsql';
+import { createClient } from '@libsql/client';
 import { defineCommand, runMain } from 'citty';
+import { consola } from 'consola';
+import { eq } from 'drizzle-orm';

 import packageJson from '../package.json';
+import * as schema from '../server/database/schema';
+import { hashPassword } from '../server/utils/password';

-// Commands
-import dbAdminReset from './admin/reset';
-import clientsList from './clients/list';
-import clientsQr from './clients/qr';
-const subCommands = [dbAdminReset, clientsList, clientsQr] as const;
+const client = createClient({ url: 'file:/etc/wireguard/wg-easy.db' });
+const db = drizzle({ client, schema });

-// from citty
-function resolveValue<T>(input: Resolvable<T>): T | Promise<T> {
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  return typeof input === 'function' ? (input as any)() : input;
-}
-
-async function generateSubCommands(): Promise<SubCommandsDef> {
-  const subCommandsMap: Record<string, SubCommandsDef[string]> = {};
-
-  for (const cmd of subCommands) {
-    const cmdMeta = await resolveValue(cmd.meta || {});
-    if (!cmdMeta.name) {
-      console.warn('Skipping command without name:', cmd);
-      continue;
+const dbAdminReset = defineCommand({
+  meta: {
+    name: 'db:admin:reset',
+    description: 'Reset the admin user',
+  },
+  args: {
+    password: {
+      type: 'string',
+      description: 'New password for the admin user',
+      required: false,
+    },
+  },
+  async run(ctx) {
+    let password = ctx.args.password || undefined;
+    if (!password) {
+      password = await consola.prompt('Please enter a new password:', {
+        type: 'text',
+      });
    }
-    subCommandsMap[cmdMeta.name] = cmd;
-  }
+    if (!password) {
+      consola.error('Password is required');
+      return;
+    }
+    if (password.length < 12) {
+      consola.error('Password must be at least 12 characters long');
+      return;
+    }
+    console.info('Setting new password for admin user...');
+    const hash = await hashPassword(password);

-  return subCommandsMap;
-}
+    const user = await db.transaction(async (tx) => {
+      const user = await tx
+        .select()
+        .from(schema.user)
+        .where(eq(schema.user.id, 1))
+        .get();

-const subCommandsMap = await generateSubCommands();
+      if (!user) {
+        consola.error('Admin user not found');
+        return;
+      }
+
+      await tx
+        .update(schema.user)
+        .set({
+          password: hash,
+        })
+        .where(eq(schema.user.id, 1));
+
+      return user;
+    });
+
+    if (!user) {
+      consola.error('Failed to update admin user');
+      return;
+    }
+
+    consola.success(
+      `Successfully updated admin user ${user.id} (${user.username})`
+    );
+  },
+});

 const main = defineCommand({
  meta: {
@@ -40,7 +84,9 @@ const main = defineCommand({
    version: packageJson.version,
    description: 'Command Line Interface',
  },
-  subCommands: subCommandsMap,
+  subCommands: {
+    'db:admin:reset': dbAdminReset,
+  },
 });

 runMain(main);
@@ -1,12 +0,0 @@
-{
-  "compilerOptions": {
-    "lib": ["ESNext"],
-    "module": "esnext",
-    "target": "es2024",
-    "esModuleInterop": true,
-    "strict": true,
-    "skipLibCheck": true,
-    "moduleResolution": "bundler"
-  },
-  "include": ["./**/*.ts"]
-}
@@ -7,19 +7,12 @@ import it from './locales/it.json';
 import ru from './locales/ru.json';
 import zhhk from './locales/zh-HK.json';
 import zhcn from './locales/zh-CN.json';
-import zhtw from './locales/zh-TW.json';
 import ko from './locales/ko.json';
 import es from './locales/es.json';
 import ptbr from './locales/pt-BR.json';
 import tr from './locales/tr.json';
 import bn from './locales/bn.json';
 import id from './locales/id.json';
-import nl from './locales/nl.json';
-import nb from './locales/nb.json';
-import bg from './locales/bg.json';
-import gl from './locales/gl.json';
-import cs from './locales/cs.json';
-import vi from './locales/vi.json';

 export default defineI18nConfig(() => ({
  legacy: false,
@@ -34,18 +27,11 @@ export default defineI18nConfig(() => ({
    ru,
    'zh-HK': zhhk,
    'zh-CN': zhcn,
-    'zh-TW': zhtw,
    ko,
    es,
    'pt-BR': ptbr,
    tr,
    bn,
    id,
-    nl,
-    nb,
-    bg,
-    gl,
-    cs,
-    vi,
  },
 }));
@@ -1,286 +0,0 @@
-{
-  "pages": {
-    "me": "Профил",
-    "clients": "Клиенти",
-    "admin": {
-      "panel": "Админ Панел",
-      "general": "Общи",
-      "config": "Конфигурация",
-      "interface": "Интерфейс",
-      "hooks": "Hooks"
-    }
-  },
-  "user": {
-    "email": "Имейл"
-  },
-  "me": {
-    "currentPassword": "Текуща парола",
-    "enable2fa": "Активирай двуфакторна автентикация",
-    "enable2faDesc": "Сканирай QR кода с твоето приложение за автентикатор или въведи ключа ръчно.",
-    "2faKey": "TOTP ключ",
-    "2faCodeDesc": "Въведи кода от твоето приложение за автентикатор.",
-    "disable2fa": "Деактивирай двуфакторна автентикация",
-    "disable2faDesc": "Въведи паролата си, за да деактивираш двуфакторната автентикация."
-  },
-  "general": {
-    "name": "Име",
-    "username": "Потребителско име",
-    "password": "Парола",
-    "newPassword": "Нова парола",
-    "updatePassword": "Обнови парола",
-    "mtu": "MTU",
-    "allowedIps": "Разрешени IP-та",
-    "dns": "DNS",
-    "persistentKeepalive": "Постоянно поддържане на връзката",
-    "logout": "Изход",
-    "continue": "Продължи",
-    "host": "Хост",
-    "port": "Порт",
-    "yes": "Да",
-    "no": "Не",
-    "confirmPassword": "Потвърди парола",
-    "loading": "Зареждане...",
-    "2fa": "Двуфакторна автентикация",
-    "2faCode": "TOTP код"
-  },
-  "setup": {
-    "welcome": "Добре дошъл в първоначалната настройка на wg-easy",
-    "welcomeDesc": "Откри най-лесния начин да инсталираш и управляваш WireGuard на всеки Linux сървър",
-    "existingSetup": "Имаш ли вече съществуваща инсталация?",
-    "createAdminDesc": "Моля, първо въведи администраторско потребителско име и силна сигурна парола. Тези данни ще се използват за вход в административния панел.",
-    "setupConfigDesc": "Моля, въведи хост и порт. Тази информация ще се използва при генериране на клиентски конфигурации за WireGuard.",
-    "setupMigrationDesc": "Ако желаеш да мигрираш данните от предишна версия на wg-easy, качи резервното копие.",
-    "upload": "Качи",
-    "migration": "Възстанови от резервно копие:",
-    "createAccount": "Създай акаунт",
-    "successful": "Настройката е успешна",
-    "hostDesc": "Публично име/адрес, към който клиентите ще се свързват",
-    "portDesc": "Публичен UDP порт, на който клиентите ще се свързват и на който WireGuard слуша"
-  },
-  "update": {
-    "updateAvailable": "Налична е актуализация!",
-    "update": "Актуализирай"
-  },
-  "theme": {
-    "dark": "Тъмна тема",
-    "light": "Светла тема",
-    "system": "Системна тема"
-  },
-  "layout": {
-    "toggleCharts": "Покажи/скрий графики",
-    "donate": "Дарение"
-  },
-  "login": {
-    "signIn": "Вход",
-    "rememberMe": "Запомни ме",
-    "rememberMeDesc": "Остани влязъл след затваряне на браузъра",
-    "insecure": "Не можеш да влезеш през несигурна връзка. Използвай HTTPS.",
-    "2faRequired": "Изисква се двуфакторна автентикация",
-    "2faWrong": "Грешен код за двуфакторна автентикация"
-  },
-  "client": {
-    "empty": "Все още няма клиенти.",
-    "newShort": "Нов",
-    "sort": "Сортирай",
-    "create": "Създай клиент",
-    "created": "Клиентът е създаден",
-    "new": "Нов клиент",
-    "name": "Име",
-    "expireDate": "Дата на изтичане",
-    "expireDateDesc": "Дата, след която клиентът ще бъде деактивиран. Празно = постоянен",
-    "delete": "Изтрий",
-    "deleteClient": "Изтрий клиент",
-    "deleteDialog1": "Сигурен ли си, че искаш да изтриеш",
-    "deleteDialog2": "Това действие е необратимо.",
-    "enabled": "Активен",
-    "address": "Адрес",
-    "serverAllowedIps": "Разрешени IP-та от сървъра",
-    "otlDesc": "Генерирай кратък еднократен линк",
-    "permanent": "Постоянно",
-    "createdOn": "Създаден на ",
-    "lastSeen": "Последно видян на ",
-    "totalDownload": "Общо изтеглени: ",
-    "totalUpload": "Общо качени: ",
-    "newClient": "Нов клиент",
-    "disableClient": "Деактивирай клиент",
-    "enableClient": "Активирай клиент",
-    "noPrivKey": "Този клиент няма известен частен ключ. Не може да се създаде конфигурация.",
-    "showQR": "Покажи QR код",
-    "downloadConfig": "Изтегли конфигурация",
-    "allowedIpsDesc": "Кои IP-та ще се насочват през VPN (замества глобалната настройка)",
-    "serverAllowedIpsDesc": "Кои IP-та сървърът ще насочва към клиента",
-    "mtuDesc": "Задава максималния размер на пакета (MTU) за VPN тунела",
-    "persistentKeepaliveDesc": "Интервал (в секунди) за изпращане на keep-alive пакети. 0 = изключено",
-    "hooks": "Hooks",
-    "hooksDescription": "Hooks работят само с wg-quick",
-    "hooksLeaveEmpty": "Само за wg-quick. В противен случай остави празно",
-    "dnsDesc": "DNS сървър, който клиентите ще използват (замества глобалната настройка)",
-    "notConnected": "Клиентът не е свързан",
-    "endpoint": "Крайна точка",
-    "endpointDesc": "IP адресът на клиента, от който е установена WireGuard връзката",
-    "search": "Търси клиенти...",
-    "config": "Конфигурация",
-    "viewConfig": "Прегледай конфигурацията"
-  },
-  "dialog": {
-    "change": "Промени",
-    "cancel": "Отказ",
-    "create": "Създай"
-  },
-  "toast": {
-    "success": "Успех",
-    "saved": "Запазено",
-    "error": "Грешка"
-  },
-  "form": {
-    "actions": "Действия",
-    "save": "Запази",
-    "revert": "Отмени промените",
-    "sectionGeneral": "Общи",
-    "sectionAdvanced": "Разширени",
-    "noItems": "Няма елементи",
-    "nullNoItems": "Няма елементи. Използва се глобалната конфигурация",
-    "add": "Добави"
-  },
-  "admin": {
-    "general": {
-      "sessionTimeout": "Време на сесията",
-      "sessionTimeoutDesc": "Продължителност на сесията при „Запомни ме“ (в секунди)",
-      "metrics": "Метрики",
-      "metricsPassword": "Парола",
-      "metricsPasswordDesc": "Bearer парола за достъп до metrics ендпойнт (парола или argon2 хеш)",
-      "json": "JSON",
-      "jsonDesc": "Път за метрики в JSON формат",
-      "prometheus": "Prometheus",
-      "prometheusDesc": "Път за Prometheus метрики"
-    },
-    "config": {
-      "connection": "Връзка",
-      "hostDesc": "Публично име/адрес за клиентите (инвалидира конфигурациите)",
-      "portDesc": "Публичен UDP порт за клиентите (инвалидира конфигурациите; вероятно искаш да смениш и порта на интерфейса)",
-      "allowedIpsDesc": "Разрешени IP-та за клиентите (глобална настройка)",
-      "dnsDesc": "DNS сървър за клиентите (глобална настройка)",
-      "mtuDesc": "MTU, който ще ползват клиентите (само за нови клиенти)",
-      "persistentKeepaliveDesc": "Интервал в секунди за keep-alive към сървъра. 0 = изключено (само за нови клиенти)",
-      "suggest": "Предложи",
-      "suggestDesc": "Избери IP адрес или хост за полето Host"
-    },
-    "interface": {
-      "cidrSuccess": "CIDR променен",
-      "device": "Устройство",
-      "deviceDesc": "Мрежово устройство, през което да се препраща WireGuard трафикът",
-      "mtuDesc": "MTU, който ще ползва WireGuard",
-      "portDesc": "UDP порт, на който слуша WireGuard (вероятно искаш да смениш и порта в Config)",
-      "changeCidr": "Смени CIDR",
-      "restart": "Рестартирай интерфейс",
-      "restartDesc": "Рестартиране на WireGuard интерфейса",
-      "restartWarn": "Сигурен ли си, че искаш да рестартираш интерфейса? Всички клиенти ще бъдат изключени.",
-      "restartSuccess": "Интерфейсът е рестартиран"
-    },
-    "introText": "Добре дошъл в административния панел.\n\nТук можеш да управляваш общите настройки, конфигурацията, настройките на интерфейса и hooks.\n\nЗапочни, като избереш някоя от секциите в страничното меню."
-  },
-  "zod": {
-    "generic": {
-      "required": "{0} е задължително",
-      "validNumber": "{0} трябва да е валидно число",
-      "validString": "{0} трябва да е валиден текст",
-      "validBoolean": "{0} трябва да е валидна булева стойност",
-      "validArray": "{0} трябва да е валиден масив",
-      "stringMin": "{0} трябва да съдържа поне {1} символа",
-      "numberMin": "{0} трябва да е поне {1}"
-    },
-    "client": {
-      "id": "ID на клиента",
-      "name": "Име",
-      "expiresAt": "Изтича на",
-      "address4": "IPv4 адрес",
-      "address6": "IPv6 адрес",
-      "serverAllowedIps": "Разрешени IP-та от сървъра"
-    },
-    "user": {
-      "username": "Потребителско име",
-      "password": "Парола",
-      "remember": "Запомни",
-      "name": "Име",
-      "email": "Имейл",
-      "emailInvalid": "Имейлът трябва да е валиден",
-      "passwordMatch": "Паролите трябва да съвпадат",
-      "totpEnable": "Активиране на TOTP",
-      "totpEnableTrue": "TOTP Enable трябва да е true",
-      "totpCode": "TOTP код"
-    },
-    "userConfig": {
-      "host": "Хост"
-    },
-    "general": {
-      "sessionTimeout": "Време на сесията",
-      "metricsEnabled": "Метрики",
-      "metricsPassword": "Парола за метрики"
-    },
-    "interface": {
-      "cidr": "CIDR",
-      "device": "Устройство",
-      "cidrValid": "CIDR трябва да е валиден"
-    },
-    "otl": "Еднократен линк",
-    "stringMalformed": "Невалиден формат на низа",
-    "body": "Тялото трябва да е валиден обект",
-    "hook": "Hook",
-    "enabled": "Активиран",
-    "mtu": "MTU",
-    "port": "Порт",
-    "persistentKeepalive": "Постоянно поддържане на връзката",
-    "address": "IP адрес",
-    "dns": "DNS",
-    "allowedIps": "Разрешени IP-та",
-    "file": "Файл"
-  },
-  "hooks": {
-    "preUp": "PreUp",
-    "postUp": "PostUp",
-    "preDown": "PreDown",
-    "postDown": "PostDown"
-  },
-  "copy": {
-    "notSupported": "Копиране не се поддържа",
-    "copied": "Копирано!",
-    "failed": "Копирането неуспешно",
-    "copy": "Копирай"
-  },
-  "awg": {
-    "jCLabel": "Брой junk пакети (Jc)",
-    "jCDescription": "Брой junk пакети за изпращане (1–128, препоръчително: 4–12)",
-    "jMinLabel": "Минимален размер на junk пакети (Jmin)",
-    "jMinDescription": "Минимален размер на junk пакетите (0–1279*, препоръчително: 8, трябва да е < Jmax)",
-    "jMaxLabel": "Максимален размер на junk пакети (Jmax)",
-    "jMaxDescription": "Максимален размер на junk пакетите (1–1280*, препоръчително: 80, трябва да е > Jmin)",
-    "s1Label": "Размер на junk в init пакета (S1)",
-    "s1Description": "Размер на junk в init пакета (0–1132 [1280*−148=1132], препоръчително: 15–150, S1+56 ≠ S2)",
-    "s2Label": "Размер на junk в отговорния пакет (S2)",
-    "s2Description": "Размер на junk в response пакета (0–1188 [1280*−92=1188], препоръчително: 15–150)",
-    "s3Label": "Размер на junk в cookie reply пакета (S3)",
-    "s3Description": "Размер на junk в cookie reply пакета",
-    "s4Label": "Размер на junk в транспортния пакет (S4)",
-    "s4Description": "Размер на junk в транспортния пакет",
-    "h1Label": "Init magic header (H1)",
-    "h1Description": "Стойност на хедера в init пакета (5–2147483647, уникална спрямо H2–H4)",
-    "h2Label": "Response magic header (H2)",
-    "h2Description": "Стойност на хедера в response пакета (5–2147483647, уникална спрямо H1, H3, H4)",
-    "h3Label": "Cookie reply magic header (H3)",
-    "h3Description": "Стойност на хедера в cookie reply пакета (5–2147483647, уникална спрямо H1, H2, H4)",
-    "h4Label": "Transport magic header (H4)",
-    "h4Description": "Стойност на хедера в транспортния пакет (5–2147483647, уникална спрямо H1–H3)",
-    "i1Label": "Специален junk пакет 1 (I1)",
-    "i1Description": "Пакет за имитация на протокол в hex формат: <b 0x...>",
-    "i2Label": "Специален junk пакет 2 (I2)",
-    "i2Description": "Пакет за имитация на протокол в hex формат: <b 0x...>",
-    "i3Label": "Специален junk пакет 3 (I3)",
-    "i3Description": "Пакет за имитация на протокол в hex формат: <b 0x...>",
-    "i4Label": "Специален junk пакет 4 (I4)",
-    "i4Description": "Пакет за имитация на протокол в hex формат: <b 0x...>",
-    "i5Label": "Специален junk пакет 5 (I5)",
-    "i5Description": "Пакет за имитация на протокол в hex формат: <b 0x...>",
-    "mtuNote": "Стойностите зависят от MTU",
-    "obfuscationParameters": "Параметри за обфускация на AmneziaWG"
-  }
-}
@@ -1,287 +0,0 @@
-{
-  "pages": {
-    "me": "Účet",
-    "clients": "Klienti",
-    "admin": {
-      "panel": "Administrace",
-      "general": "Obecné",
-      "config": "Konfigurace",
-      "interface": "Rozhraní",
-      "hooks": "Nastavení reakcí"
-    }
-  },
-  "user": {
-    "email": "E-mail"
-  },
-  "me": {
-    "currentPassword": "Aktuální heslo",
-    "enable2fa": "Zapnout dvoufázové ověření (2FA)",
-    "enable2faDesc": "Naskenujte QR kód ve své autentizační aplikaci nebo zadejte klíč ručně.",
-    "2faKey": "TOTP klíč",
-    "2faCodeDesc": "Zadejte kód z vaší autentizační aplikace.",
-    "disable2fa": "Vypnout dvoufázové ověření",
-    "disable2faDesc": "Pro vypnutí dvoufázového ověření zadejte své heslo."
-  },
-  "general": {
-    "name": "Jméno",
-    "username": "Uživatelské jméno",
-    "password": "Heslo",
-    "newPassword": "Nové heslo",
-    "updatePassword": "Aktualizovat heslo",
-    "mtu": "MTU",
-    "allowedIps": "Povolené IP adresy",
-    "dns": "DNS",
-    "persistentKeepalive": "Persistent Keepalive",
-    "logout": "Odhlásit se",
-    "continue": "Pokračovat",
-    "host": "Hostitel",
-    "port": "Port",
-    "yes": "Ano",
-    "no": "Ne",
-    "confirmPassword": "Potvrdit heslo",
-    "loading": "Načítání...",
-    "2fa": "Dvoufázové ověření",
-    "2faCode": "TOTP kód"
-  },
-  "setup": {
-    "welcome": "Vítejte u první instalace wg-easy",
-    "welcomeDesc": "Našli jste nejjednodušší způsob, jak instalovat a spravovat WireGuard na jakémkoliv Linuxovém hostiteli",
-    "existingSetup": "Máte již existující nastavení?",
-    "createAdminDesc": "Nejprve zadejte uživatelské jméno administrátora a silné heslo. Tyto údaje budou použity pro přihlášení do administrace.",
-    "setupConfigDesc": "Zadejte údaje o hostiteli a portu. Tyto informace budou použity pro konfiguraci klientů při nastavování WireGuard na jejich zařízeních.",
-    "setupMigrationDesc": "Pokud chcete migrovat data z předchozí verze wg-easy do nové instalace, nahrajte soubor se zálohou.",
-    "upload": "Nahrát",
-    "migration": "Obnovit zálohu:",
-    "createAccount": "Vytvořit účet",
-    "successful": "Nastavení bylo úspěšné",
-    "hostDesc": "Veřejný název hostitele, ke kterému se budou klienti připojovat",
-    "portDesc": "Veřejný UDP port, ke kterému se budou klienti připojovat a na kterém bude WireGuard naslouchat"
-  },
-  "update": {
-    "updateAvailable": "Je k dispozici aktualizace!",
-    "update": "Aktualizovat"
-  },
-  "theme": {
-    "dark": "Tmavý režim",
-    "light": "Světlý režim",
-    "system": "Systémové nastavení"
-  },
-  "layout": {
-    "toggleCharts": "Zobrazit/skrýt grafy",
-    "donate": "Přispět"
-  },
-  "login": {
-    "signIn": "Přihlásit se",
-    "rememberMe": "Zapamatovat si mě",
-    "rememberMeDesc": "Zůstat přihlášen i po zavření prohlížeče",
-    "insecure": "Nemůžete se přihlásit přes nezabezpečené připojení. Použijte HTTPS.",
-    "2faRequired": "Je vyžadováno dvoufázové ověření",
-    "2faWrong": "Neplatný kód dvoufázového ověření"
-  },
-  "client": {
-    "empty": "Zatím zde nejsou žádní klienti.",
-    "newShort": "Nový",
-    "sort": "Seřadit",
-    "create": "Vytvořit klienta",
-    "created": "Klient vytvořen",
-    "new": "Nový klient",
-    "name": "Jméno",
-    "expireDate": "Datum vypršení",
-    "expireDateDesc": "Datum, kdy bude klient deaktivován. Ponechte prázdné pro trvalý přístup.",
-    "delete": "Smazat",
-    "deleteClient": "Smazat klienta",
-    "deleteDialog1": "Opravdu chcete smazat uživatele",
-    "deleteDialog2": "Tuto akci nelze vzít zpět.",
-    "enabled": "Aktivní",
-    "address": "Adresa",
-    "serverAllowedIps": "Povolené IP adresy serveru",
-    "otlDesc": "Generovat krátký jednorázový odkaz",
-    "permanent": "Trvalý",
-    "createdOn": "Vytvořeno dne ",
-    "lastSeen": "Naposledy viděn ",
-    "totalDownload": "Celkem staženo: ",
-    "totalUpload": "Celkem nahráno: ",
-    "newClient": "Nový klient",
-    "disableClient": "Deaktivovat klienta",
-    "enableClient": "Aktivovat klienta",
-    "noPrivKey": "Tento klient nemá známý soukromý klíč. Nelze vytvořit konfiguraci.",
-    "showQR": "Zobrazit QR kód",
-    "downloadConfig": "Stáhnout konfiguraci",
-    "allowedIpsDesc": "Které IP adresy budou směrovány přes VPN (přebíjí globální nastavení)",
-    "serverAllowedIpsDesc": "Které IP adresy bude server směrovat ke klientovi",
-    "mtuDesc": "Nastavuje maximální velikost přenášeného paketu (MTU) pro VPN tunel",
-    "persistentKeepaliveDesc": "Nastavuje interval (v sekundách) pro udržovací pakety. 0 pro vypnutí",
-    "hooks": "Hooky",
-    "hooksDescription": "Hooky fungují pouze s wg-quick",
-    "hooksLeaveEmpty": "Pouze pro wg-quick. Jinak ponechte prázdné",
-    "dnsDesc": "DNS server, který budou klienti používat (přebíjí globální nastavení)",
-    "notConnected": "Klient není připojen",
-    "endpoint": "Koncový bod",
-    "endpointDesc": "IP adresa klienta, ze které je navázáno spojení WireGuard",
-    "search": "Hledat klienty...",
-    "config": "Konfigurace",
-    "viewConfig": "Zobrazit konfiguraci"
-  },
-  "dialog": {
-    "change": "Změnit",
-    "cancel": "Zrušit",
-    "create": "Vytvořit"
-  },
-  "toast": {
-    "success": "Úspěch",
-    "saved": "Uloženo",
-    "error": "Chyba"
-  },
-  "form": {
-    "actions": "Akce",
-    "save": "Uložit",
-    "revert": "Vrátit změny",
-    "sectionGeneral": "Obecné",
-    "sectionAdvanced": "Pokročilé",
-    "noItems": "Žádné položky",
-    "nullNoItems": "Žádné položky. Používá se globální konfigurace",
-    "add": "Přidat"
-  },
-  "admin": {
-    "general": {
-      "sessionTimeout": "Vypršení relace",
-      "sessionTimeoutDesc": "Doba trvání relace pro 'Zapamatovat si mě' (sekundy)",
-      "metrics": "Metriky",
-      "metricsPassword": "Heslo",
-      "metricsPasswordDesc": "Bearer heslo pro koncový bod metrik (heslo nebo argon2 hash)",
-      "json": "JSON",
-      "jsonDesc": "Cesta pro metriky ve formátu JSON",
-      "prometheus": "Prometheus",
-      "prometheusDesc": "Cesta pro metriky Prometheus"
-    },
-    "config": {
-      "connection": "Připojení",
-      "hostDesc": "Veřejný název hostitele, ke kterému se klienti připojují (zneplatní stávající konfigurace)",
-      "portDesc": "Veřejný UDP port, ke kterému se klienti připojují (zneplatní stávající konfigurace, pravděpodobně budete chtít změnit i Port rozhraní)",
-      "allowedIpsDesc": "Povolené IP adresy, které budou klienti používat (globální nastavení)",
-      "dnsDesc": "DNS server, který budou klienti používat (globální nastavení)",
-      "mtuDesc": "MTU, které budou klienti používat (pouze pro nové klienty)",
-      "persistentKeepaliveDesc": "Interval v sekundách pro odesílání udržovacích paketů na server. 0 = vypnuto (pouze pro nové klienty)",
-      "suggest": "Navrhnout",
-      "suggestDesc": "Vyberte IP adresu nebo název hostitele pro pole Hostitel"
-    },
-    "interface": {
-      "cidrSuccess": "CIDR změněn",
-      "device": "Zařízení",
-      "deviceDesc": "Ethernetové zařízení, přes které má být provoz WireGuard přeposílán",
-      "mtuDesc": "MTU, které bude WireGuard používat",
-      "portDesc": "UDP port, na kterém bude WireGuard naslouchat (pravděpodobně budete chtít změnit i Konfigurační port)",
-      "changeCidr": "Změnit CIDR",
-      "restart": "Restartovat rozhraní",
-      "restartDesc": "Restartovat rozhraní WireGuard",
-      "restartWarn": "Opravdu chcete restartovat rozhraní? Dojde k odpojení všech klientů.",
-      "restartSuccess": "Rozhraní bylo restartováno"
-    },
-    "introText": "Vítejte v administraci.\n\nZde můžete spravovat obecná nastavení, konfiguraci, nastavení rozhraní a hooky.\n\nZačněte výběrem jedné ze sekcí v bočním panelu."
-  },
-  "zod": {
-    "generic": {
-      "required": "Pole {0} je povinné",
-      "validNumber": "{0} musí být platné číslo",
-      "validNumberRange": "{0} musí být platné číslo nebo rozsah čísel",
-      "validString": "{0} musí být platný řetězec",
-      "validBoolean": "{0} musí být platná logická hodnota",
-      "validArray": "{0} musí být platné pole",
-      "stringMin": "{0} musí mít alespoň {1} znak(ů)",
-      "numberMin": "{0} musí být alespoň {1}"
-    },
-    "client": {
-      "id": "ID klienta",
-      "name": "Jméno",
-      "expiresAt": "Vyprší dne",
-      "address4": "IPv4 adresa",
-      "address6": "IPv6 adresa",
-      "serverAllowedIps": "Povolené IP adresy serveru"
-    },
-    "user": {
-      "username": "Uživatelské jméno",
-      "password": "Heslo",
-      "remember": "Pamatovat si",
-      "name": "Jméno",
-      "email": "E-mail",
-      "emailInvalid": "E-mail musí být platná e-mailová adresa",
-      "passwordMatch": "Hesla se musí shodovat",
-      "totpEnable": "Zapnout TOTP",
-      "totpEnableTrue": "Zapnutí TOTP musí být potvrzeno",
-      "totpCode": "TOTP kód"
-    },
-    "userConfig": {
-      "host": "Hostitel"
-    },
-    "general": {
-      "sessionTimeout": "Vypršení relace",
-      "metricsEnabled": "Metriky",
-      "metricsPassword": "Heslo k metrikám"
-    },
-    "interface": {
-      "cidr": "CIDR",
-      "device": "Zařízení",
-      "cidrValid": "CIDR musí být platný"
-    },
-    "otl": "Jednorázový odkaz",
-    "stringMalformed": "Řetězec má nesprávný formát",
-    "body": "Tělo požadavku musí být platný objekt",
-    "hook": "Hook",
-    "enabled": "Aktivní",
-    "mtu": "MTU",
-    "port": "Port",
-    "persistentKeepalive": "Persistent Keepalive",
-    "address": "IP adresa",
-    "dns": "DNS",
-    "allowedIps": "Povolené IP adresy",
-    "file": "Soubor"
-  },
-  "hooks": {
-    "preUp": "PreUp",
-    "postUp": "PostUp",
-    "preDown": "PreDown",
-    "postDown": "PostDown"
-  },
-  "copy": {
-    "notSupported": "Kopírování není podporováno",
-    "copied": "Zkopírováno!",
-    "failed": "Kopírování selhalo",
-    "copy": "Kopírovat"
-  },
-  "awg": {
-    "jCLabel": "Počet junk paketů (Jc)",
-    "jCDescription": "Počet odesílaných junk paketů (1-128, doporučeno: 4-12)",
-    "jMinLabel": "Min. velikost junk paketu (Jmin)",
-    "jMinDescription": "Minimální velikost junk paketů (0-1279*, doporučeno: 8, musí být < Jmax)",
-    "jMaxLabel": "Max. velikost junk paketu (Jmax)",
-    "jMaxDescription": "Maximální velikost junk paketů (1-1280*, doporučeno: 80, musí být > Jmin)",
-    "s1Label": "Velikost junk dat u Init paketu (S1)",
-    "s1Description": "Velikost junk dat u Init paketu (0-1132, doporučeno: 15-150, S1+56 ≠ S2)",
-    "s2Label": "Velikost junk dat u Response paketu (S2)",
-    "s2Description": "Velikost junk dat u Response paketu (0-1188, doporučeno: 15-150)",
-    "s3Label": "Velikost junk dat u Cookie reply paketu (S3)",
-    "s3Description": "Velikost junk dat u paketu s odpovědí na cookie",
-    "s4Label": "Velikost junk dat u Transport paketu (S4)",
-    "s4Description": "Velikost junk dat u transportního paketu",
-    "h1Label": "Init magic header (H1)",
-    "h1Description": "Hodnota nebo rozsah hlavičky Init paketu (X nebo X-Y, kde X<Y. Min 5, max 2147483647. Nesmí se překrývat s ostatními hlavičkami)",
-    "h2Label": "Response magic header (H2)",
-    "h2Description": "Hodnota nebo rozsah hlavičky Response paketu (X nebo X-Y, kde X<Y. Min 5, max 2147483647. Nesmí se překrývat s ostatními hlavičkami)",
-    "h3Label": "Cookie reply magic header (H3)",
-    "h3Description": "Hodnota nebo rozsah hlavičky Cookie reply paketu (X nebo X-Y, kde X<Y. Min 5, max 2147483647. Nesmí se překrývat s ostatními hlavičkami)",
-    "h4Label": "Transport magic header (H4)",
-    "h4Description": "Hodnota nebo rozsah hlavičky Transport paketu (X nebo X-Y, kde X<Y. Min 5, max 2147483647. Nesmí se překrývat s ostatními hlavičkami)",
-    "i1Label": "Speciální junk paket 1 (I1)",
-    "i1Description": "Paket pro napodobení protokolu v hex formátu: <b 0x...>",
-    "i2Label": "Speciální junk paket 2 (I2)",
-    "i2Description": "Paket pro napodobení protokolu v hex formátu: <b 0x...>",
-    "i3Label": "Speciální junk paket 3 (I3)",
-    "i3Description": "Paket pro napodobení protokolu v hex formátu: <b 0x...>",
-    "i4Label": "Speciální junk paket 4 (I4)",
-    "i4Description": "Paket pro napodobení protokolu v hex formátu: <b 0x...>",
-    "i5Label": "Speciální junk paket 5 (I5)",
-    "i5Description": "Paket pro napodobení protokolu v hex formátu: <b 0x...>",
-    "mtuNote": "Hodnoty závisí na nastavení MTU",
-    "obfuscationParameters": "AmneziaWG parametry obfuskace"
-  }
-}
@@ -11,12 +11,12 @@
    }
  },
  "user": {
-    "email": "E-Mail"
+    "email": "Email"
  },
  "me": {
    "currentPassword": "Aktuelles Passwort",
-    "enable2fa": "Zwei-Faktor-Authentifizierung aktivieren",
-    "enable2faDesc": "Scannen Sie den QR-Code mit Ihrer Authentifizierungs-App oder geben Sie den Schlüssel manuell ein.",
+    "enable2fa": "Zwei-Faktor-Authentifizierunng aktivieren",
+    "enable2faDesc": "Scannen Sie den QR-Code mit ihrer Authentifizierungs-App oder geben Sie den Schlüssel manuell ein.",
    "2faKey": "TOTP-Schlüssel",
    "2faCodeDesc": "Geben Sie den Code aus Ihrer Authentifizierungs-App ein.",
    "disable2fa": "Zwei-Faktor-Authentifizierung deaktivieren",
@@ -45,26 +45,26 @@
  },
  "setup": {
    "welcome": "Willkommen zur Ersteinrichtung von wg-easy",
-    "welcomeDesc": "Sie haben den einfachsten Weg gefunden, WireGuard auf jedem Linux-Server zu installieren und zu verwalten.",
+    "welcomeDesc": "Das ist der einfachste Weg, um Wireguard auf jedem Linux-Server zu installieren und zu betreiben.",
    "existingSetup": "Haben Sie eine bestehende Einrichtung?",
-    "createAdminDesc": "Bitte geben Sie zuerst einen Admin-Benutzernamen sowie ein starkes, sicheres Passwort ein. Diese Anmeldedaten benötigen Sie, um sich in der Admin-Konsole anzumelden.",
+    "createAdminDesc": "Bitte geben Sie zuerst einen Admin-Benutzernamen sowie ein starkes, sicheres Passwort ein. Diese Anmeldedaten benötigen Sie, um sich im Admin-Panel anzumelden.",
    "setupConfigDesc": "Bitte geben Sie die Host- und Portinformationen ein. Diese werden für die Client-Konfiguration verwendet, wenn Sie WireGuard auf Ihren Geräten einrichten.",
    "setupMigrationDesc": "Bitte halten Sie die Sicherungsdatei bereit, wenn Sie Ihre Daten von Ihrer vorherigen wg-easy Version auf ihre neue Einrichtung migrieren möchten.",
    "upload": "Hochladen",
-    "migration": "Backup wiederherstellen:",
+    "migration": "Sicherung wiederherstellen:",
    "createAccount": "Konto erstellen",
    "successful": "Einrichtung erfolgreich",
    "hostDesc": "Öffentlicher Hostname mit dem sich die Clients verbinden",
-    "portDesc": "Öffentlicher UDP-Port an dem sich die Clients verbinden und auf dem WireGuard läuft"
+    "portDesc": "Öffentlicher UDP-Port an dem sich die Clients verbinden und auf dem Wireguard läuft"
  },
  "update": {
-    "updateAvailable": "Ein neues Update ist verfügbar!",
+    "updateAvailable": "Es ist ein neue Aktualisierung verfügbar!",
    "update": "Aktualisieren"
  },
  "theme": {
    "dark": "Dunkles Thema",
    "light": "Helles Thema",
-    "system": "System Thema"
+    "system": "System-Thema"
  },
  "layout": {
    "toggleCharts": "Statistiken ein-/ausblenden",
@@ -84,17 +84,16 @@
    "sort": "Sortieren",
    "create": "Client erstellen",
    "created": "Client wurde erstellt",
-    "new": "Neuer Client",
+    "new": "Neuer client",
    "name": "Name",
    "expireDate": "Ablaufdatum",
-    "expireDateDesc": "Datum, an dem der Client deaktiviert wird. Leer lassen für dauerhaft aktiv.",
-    "delete": "Löschen",
+    "expireDateDesc": "Datum, an dem der Client deaktiviert wird. Leer lassen, damit dies nie passiert.",
    "deleteClient": "Client löschen",
-    "deleteDialog1": "Sind Sie sicher, dass Sie diesen Client löschen möchten",
+    "deleteDialog1": "Sind Sie sicher, dass Sie diesen Client löschen wollen",
    "deleteDialog2": "Diese Aktion kann nicht rückgängig gemacht werden.",
    "enabled": "Aktiviert",
    "address": "Adresse",
-    "serverAllowedIps": "Serverseitig erlaubte IP-Adressen",
+    "serverAllowedIps": "serverseitig erlaubte IP-Adressen",
    "otlDesc": "Einen kurzen Einmal-Link erzeugen",
    "permanent": "Dauerhaft",
    "createdOn": "Angelegt am ",
@@ -113,18 +112,8 @@
    "persistentKeepaliveDesc": "Legt das Intervall (in Sekunden) für Keepalive-Pakete fest. 0 deaktiviert es",
    "hooks": "Hooks",
    "hooksDescription": "Hooks funktionieren nur mit wg-quick",
-    "hooksLeaveEmpty": "Nur für wg-quick. Andernfalls leer lassen",
-    "dnsDesc": "DNS-Server, den die Clients benutzen (überschreibt die globale Konfiguration)",
-    "notConnected": "Client nicht verbunden",
-    "endpoint": "Endpunkt",
-    "endpointDesc": "IP-Adresse des Clients, von dem aus die WireGuard-Verbindung hergestellt wird",
-    "search": "Suche Clients...",
-    "config": "Konfiguration",
-    "viewConfig": "Konfiguration anzeigen",
-    "firewallIps": "Firewall erlaubte IPs",
-    "firewallIpsDesc": "Ziel-IPs/CIDRs, auf die dieser Client zugreifen darf (serverseitig erzwingen). Lassen Sie das Feld leer, um die Liste der zugelassenen IPs zu verwenden. Unterstützt optionale Port- und Protokollfilterung. Die Syntax finden Sie in der Dokumentation.",
-    "downloadPng": "Herunterladen PNG",
-    "copyPng": "Kopieren PNG"
+    "hooksLeaveEmpty": "Nur für wg-quick. Sonst leer lassen",
+    "dnsDesc": "DNS-Server, den die Clients benutzen (überschreibt die globale Konfiguration)"
  },
  "dialog": {
    "change": "Ändern",
@@ -134,8 +123,7 @@
  "toast": {
    "success": "Erfolg",
    "saved": "Gespeichert",
-    "error": "Fehler",
-    "unknown": "Unbekannter Fehler. Weitere Informationen finden Sie in der Konsole."
+    "error": "Fehler"
  },
  "form": {
    "actions": "Aktionen",
@@ -162,28 +150,25 @@
    "config": {
      "connection": "Verbindung",
      "hostDesc": "Öffentlicher Hostname mit dem sich die Clients verbinden (überschreibt die Konfiguration)",
-      "portDesc": "Öffentlicher UDP-Port an dem sich die Clients verbinden (überschreibt die Konfiguration, vermutlich wollen Sie auch den Interface-Port ändern)",
+      "portDesc": "Öffentlicher UDP-Port an dem sich die Clients verbinden (überschreibt die Konfiguration, vermutlich wollen Sie ebenfalls den Port der Weboberfläche ändern)",
      "allowedIpsDesc": "Erlaubte IP-Adressen, die die Clients nutzen werden (Globale Konfiguration)",
      "dnsDesc": "DNS-Server, den die Clients nutzen werden (Globale Konfiguration)",
      "mtuDesc": "MTU, den die Clients benutzen werden (nur für neue Clients)",
-      "persistentKeepaliveDesc": "Intervall in Sekunden, in dem Keepalive-Pakete an den Server gesendet werden. 0 = deaktiviert (nur für neue Clients)",
+      "persistentKeepaliveDesc": "Intervall in Sekunden, in dem Keepalive-Packete an den Server gesendet werden. 0 = deaktiviert (nur für neue Clients)",
      "suggest": "Vorschlagen",
      "suggestDesc": "Wählen Sie eine IP-Adresse oder einen Hostnamen für das Host-Feld aus"
    },
    "interface": {
      "cidrSuccess": "CIDR wurde geändert",
      "device": "Gerät",
-      "deviceDesc": "Ethernet-Gerät, durch das der WireGuard-Datenverkehr geleitet werden soll",
+      "deviceDesc": "Ethernet-Gerät, durch das der Wireguard-Datenverkehr geleitet werden soll",
      "mtuDesc": "MTU, den WireGuard benutzen wird",
-      "portDesc": "UDP-Port, auf dem WireGuard lauschen wird (Sie wollen wahrscheinlich auch den Interface-Port ändern)",
+      "portDesc": "UDP Port, auf dem WireGuard lauschen wird (Sie wollen wahrscheinlich auch den Config-Port ändern)",
      "changeCidr": "CIDR ändern",
      "restart": "Interface neu starten",
      "restartDesc": "Das WireGuard-Interface neu starten",
-      "restartWarn": "Sind Sie sicher, dass Sie das Interface neu starten möchten? Dies wird die Verbindungen aller Clients trennen.",
-      "restartSuccess": "Interface neu gestartet",
-      "firewall": "Datenverkehr Filterung",
-      "firewallEnabled": "Firewall pro Client aktivieren",
-      "firewallEnabledDesc": "Beschränken Sie den Client-Datenverkehr mithilfe von iptables auf bestimmte Ziel-IP-Adressen. Bei Aktivierung kann für jeden Client eine Liste der zulässigen Ziele konfiguriert werden."
+      "restartWarn": "Sind Sie sicher, dass Sie das Interface neu starten wollen? Dies wird die Verbindungen aller Clients trennen.",
+      "restartSuccess": "Interface neu gestartet"
    },
    "introText": "Willkommen in der Admin-Konsole.\n\nHier können Sie die allgemeinen Einstellungen, die Konfiguration, die Schnittstelleneinstellungen und die Hooks verwalten.\n\nBeginnen Sie, indem Sie einen der Bereiche in der Seitenleiste auswählen."
  },
@@ -191,7 +176,6 @@
    "generic": {
      "required": "{0} ist erforderlich",
      "validNumber": "{0} muss eine Zahl sein",
-      "validNumberRange": "{0} muss eine gültige Zahl oder ein gültiger Zahlenbereich sein",
      "validString": "{0} muss eine Zeichenkette sein",
      "validBoolean": "{0} muss ein Wahrheitswert sein",
      "validArray": "{0} muss eine Liste sein",
@@ -204,17 +188,15 @@
      "expiresAt": "Läuft ab am",
      "address4": "IPv4-Adresse",
      "address6": "IPv6-Adresse",
-      "serverAllowedIps": "Serverseitig erlaubte IP-Adressen",
-      "firewallIps": "Von der Firewall zugelassene IP-Adressen",
-      "firewallIpsInvalid": "Ungültiger IP-Eintrag in der Firewall. Informationen zur unterstützten Syntax finden Sie in der Dokumentation."
+      "serverAllowedIps": "serverseitig erlaubte IP-Adressen"
    },
    "user": {
      "username": "Benutzername",
      "password": "Passwort",
      "remember": "Merken",
      "name": "Name",
-      "email": "E-Mail",
-      "emailInvalid": "Die E-Mail-Adresse muss gültig sein",
+      "email": "Email",
+      "emailInvalid": "Die Email-Adresse muss valide sein",
      "passwordMatch": "Die Passwörter müssen übereinstimmen",
      "totpEnable": "TOTP aktivieren",
      "totpEnableTrue": "\"TOTP aktivieren\" muss ausgewählt sein",
@@ -230,8 +212,8 @@
    },
    "interface": {
      "cidr": "CIDR",
-      "device": "Gerät",
-      "cidrValid": "CIDR muss gültig sein"
+      "device": "Geräte",
+      "cidrValid": "CIDR muss valide sein"
    },
    "otl": "Einmal-Link",
    "stringMalformed": "Zeichenkette ist fehlerhaft",
@@ -251,47 +233,5 @@
    "postUp": "PostUp",
    "preDown": "PreDown",
    "postDown": "PostDown"
-  },
-  "copy": {
-    "notSupported": "Kopieren ist nicht unterstützt",
-    "copied": "Kopiert!",
-    "failed": "Kopieren fehlgeschlagen",
-    "copy": "Kopieren"
-  },
-  "awg": {
-    "jCLabel": "Anzahl der Junk-Pakete (Jc)",
-    "jCDescription": "Anzahl der zu sendenden Junk-Pakete (1-128, empfohlen: 4-12)",
-    "jMinLabel": "Minimale Junk-Paketgröße (Jmin)",
-    "jMinDescription": "Mindestgröße von Junk-Paketen (0-1279*, empfohlen: 8, muss < Jmax sein)",
-    "jMaxLabel": "Maximale Junk-Paketgröße (Jmax)",
-    "jMaxDescription": "Maximalgröße von Junk-Paketen (1-1280*, empfohlen: 80, muss > Jmin sein)",
-    "s1Label": "Junk-Paketgröße des Init-Pakets (S1)",
-    "s1Description": "Junk-Paketgröße des Init-Pakets (0-1132[1280* - 148 = 1132], empfohlen: 15-150, S1+56 ≠ S2)",
-    "s2Label": "Junk-Paketgröße des Antwort-Pakets (S2)",
-    "s2Description": "Junk-Paketgröße des Antwort-Pakets (0-1188[1280* - 92 = 1188], empfohlen: 15-150)",
-    "s3Label": "Junk-Paketgröße des Cookie-Antwort-Pakets (S3)",
-    "s3Description": "Junk-Paketgröße des Cookie-Antwort-Pakets",
-    "s4Label": "Junk-Paketgröße des Transport-Pakets (S4)",
-    "s4Description": "Junk-Paketgröße des Transport-Pakets",
-    "h1Label": "Init-Magic-Header (H1)",
-    "h1Description": "Wert des Init-Paket-Headers (5-2147483647, muss eindeutig zu H2-H4 sein)",
-    "h2Label": "Antwort-Magic-Header (H2)",
-    "h2Description": "Wert des Antwort-Paket-Headers (5-2147483647, muss eindeutig zu H1, H3, H4 sein)",
-    "h3Label": "Cookie-Antwort-Magic-Header (H3)",
-    "h3Description": "Wert des Cookie-Antwort-Paket-Headers (5-2147483647, muss eindeutig zu H1, H2, H4 sein)",
-    "h4Label": "Transport-Magic-Header (H4)",
-    "h4Description": "Wert des Transport-Paket-Headers (5-2147483647, muss eindeutig zu H1-H3 sein)",
-    "i1Label": "Spezial-Junk-Paket 1 (I1)",
-    "i1Description": "Protokoll-Nachahmungspaket im Hex-Format: <b 0x...>",
-    "i2Label": "Spezial-Junk-Paket 2 (I2)",
-    "i2Description": "Protokoll-Nachahmungspaket im Hex-Format: <b 0x...>",
-    "i3Label": "Spezial-Junk-Paket 3 (I3)",
-    "i3Description": "Protokoll-Nachahmungspaket im Hex-Format: <b 0x...>",
-    "i4Label": "Spezial-Junk-Paket 4 (I4)",
-    "i4Description": "Protokoll-Nachahmungspaket im Hex-Format: <b 0x...>",
-    "i5Label": "Spezial-Junk-Paket 5 (I5)",
-    "i5Description": "Protokoll-Nachahmungspaket im Hex-Format: <b 0x...>",
-    "mtuNote": "Werte hängen von der MTU ab",
-    "obfuscationParameters": "AmneziaWG Verschleierungsparameter"
  }
 }
@@ -88,7 +88,6 @@
    "name": "Name",
    "expireDate": "Expire Date",
    "expireDateDesc": "Date the client will be disabled. Blank for permanent",
-    "delete": "Delete",
    "deleteClient": "Delete Client",
    "deleteDialog1": "Are you sure you want to delete",
    "deleteDialog2": "This action cannot be undone.",
@@ -118,13 +117,7 @@
    "notConnected": "Client not connected",
    "endpoint": "Endpoint",
    "endpointDesc": "IP of the client from which the WireGuard connection is established",
-    "search": "Search clients...",
-    "config": "Configuration",
-    "viewConfig": "View Configuration",
-    "firewallIps": "Firewall Allowed IPs",
-    "firewallIpsDesc": "Destination IPs/CIDRs this client can access (server-side enforcement). Leave empty to use Allowed IPs. Supports optional port and protocol filtering. See docs for syntax.",
-    "downloadPng": "Download PNG",
-    "copyPng": "Copy PNG"
+    "search": "Search clients..."
  },
  "dialog": {
    "change": "Change",
@@ -134,8 +127,7 @@
  "toast": {
    "success": "Success",
    "saved": "Saved",
-    "error": "Error",
-    "unknown": "Unknown error. See console for more details"
+    "error": "Error"
  },
  "form": {
    "actions": "Actions",
@@ -180,10 +172,7 @@
      "restart": "Restart Interface",
      "restartDesc": "Restart the WireGuard interface",
      "restartWarn": "Are you sure to restart the interface? This will disconnect all clients.",
-      "restartSuccess": "Interface restarted",
-      "firewall": "Traffic Filtering",
-      "firewallEnabled": "Enable Per-Client Firewall",
-      "firewallEnabledDesc": "Restrict client traffic to specific destination IPs using iptables. When enabled, each client can be configured with allowed destinations."
+      "restartSuccess": "Interface restarted"
    },
    "introText": "Welcome to the admin panel.\n\nHere you can manage the general settings, the configuration, the interface settings and the hooks.\n\nStart by choosing one of the sections in the sidebar."
  },
@@ -191,7 +180,6 @@
    "generic": {
      "required": "{0} is required",
      "validNumber": "{0} must be a valid number",
-      "validNumberRange": "{0} must be a valid number or number range",
      "validString": "{0} must be a valid string",
      "validBoolean": "{0} must be a valid boolean",
      "validArray": "{0} must be a valid array",
@@ -204,9 +192,7 @@
      "expiresAt": "Expires At",
      "address4": "IPv4 Address",
      "address6": "IPv6 Address",
-      "serverAllowedIps": "Server Allowed IPs",
-      "firewallIps": "Firewall Allowed IPs",
-      "firewallIpsInvalid": "Invalid firewall IP entry. See docs for supported syntax."
+      "serverAllowedIps": "Server Allowed IPs"
    },
    "user": {
      "username": "Username",
@@ -252,12 +238,6 @@
    "preDown": "PreDown",
    "postDown": "PostDown"
  },
-  "copy": {
-    "notSupported": "Copy is not supported",
-    "copied": "Copied!",
-    "failed": "Copy failed",
-    "copy": "Copy"
-  },
  "awg": {
    "jCLabel": "Junk packet count (Jc)",
    "jCDescription": "Number of junk packets to send (1-128, recommended: 4-12)",
@@ -273,14 +253,6 @@
    "s3Description": "Cookie reply packet junk size",
    "s4Label": "Transport packet junk size (S4)",
    "s4Description": "Transport packet junk size",
-    "h1Label": "Init magic header (H1)",
-    "h1Description": "Init packet header value or range (X or X-Y, where X<Y. Min 5, max 2147483647. Value or range must not overlap with other headers)",
-    "h2Label": "Response magic header (H2)",
-    "h2Description": "Response packet header value or range (X or X-Y, where X<Y. Min 5, max 2147483647. Value or range must not overlap with other headers)",
-    "h3Label": "Cookie reply magic header (H3)",
-    "h3Description": "Cookie reply packet header value or range (X or X-Y, where X<Y. Min 5, max 2147483647. Value or range must not overlap with other headers)",
-    "h4Label": "Transport magic header (H4)",
-    "h4Description": "Transport packet header value or range (X or X-Y, where X<Y. Min 5, max 2147483647. Value or range must not overlap with other headers)",
    "i1Label": "Special junk packet 1 (I1)",
    "i1Description": "Protocol mimic packet in hex format: <b 0x...>",
    "i2Label": "Special junk packet 2 (I2)",
@@ -291,6 +263,14 @@
    "i4Description": "Protocol mimic packet in hex format: <b 0x...>",
    "i5Label": "Special junk packet 5 (I5)",
    "i5Description": "Protocol mimic packet in hex format: <b 0x...>",
+    "h1Label": "Init magic header (H1)",
+    "h1Description": "Init packet header value (5-2147483647, must be unique from H2-H4)",
+    "h2Label": "Response magic header (H2)",
+    "h2Description": "Response packet header value (5-2147483647, must be unique from H1, H3, H4)",
+    "h3Label": "Cookie reply magic header (H3)",
+    "h3Description": "Cookie reply packet header value (5-2147483647, must be unique from H1, H2, H4)",
+    "h4Label": "Transport magic header (H4)",
+    "h4Description": "Transport packet header value (5-2147483647, must be unique from H1-H3)",
    "mtuNote": "Values depend on the MTU",
    "obfuscationParameters": "AmneziaWG Obfuscation Parameters"
  }
@@ -116,14 +116,7 @@
    "dnsDesc": "Servidor DNS que usarán los clientes (anula la configuración global)",
    "notConnected": "Cliente no conectado",
    "endpoint": "Punto de conexión",
-    "endpointDesc": "IP del cliente desde donde se establece la conexión WireGuard",
-    "search": "Buscar clientes...",
-    "config": "Configuración",
-    "viewConfig": "Ver configuración",
-    "firewallIps": "IPs permitidas del cortafuegos",
-    "firewallIpsDesc": "IPs/CIDRs de destino a las que este cliente puede acceder (aplicado en el servidor). Deja vacío para usar IPs permitidas. Admite filtrado opcional de puertos y protocolos. Consulta la documentación para la sintaxis.",
-    "downloadPng": "Descargar PNG",
-    "copyPng": "Copiar PNG"
+    "endpointDesc": "IP del cliente desde donde se establece la conexión WireGuard"
  },
  "dialog": {
    "change": "Cambiar",
@@ -133,8 +126,7 @@
  "toast": {
    "success": "Éxito",
    "saved": "Guardado",
-    "error": "Error",
-    "unknown": "Error desconocido. Revisa la consola para más detalles"
+    "error": "Error"
  },
  "form": {
    "actions": "Acciones",
@@ -179,10 +171,7 @@
      "restart": "Reiniciar interfaz",
      "restartDesc": "Reiniciar la interfaz de WireGuard",
      "restartWarn": "¿Estás seguro de reiniciar la interfaz? Esto desconectará a todos los clientes.",
-      "restartSuccess": "Interfaz reiniciada",
-      "firewall": "Filtrado de tráfico",
-      "firewallEnabled": "Habilitar cortafuegos por cliente",
-      "firewallEnabledDesc": "Restringe el tráfico del cliente a IPs de destino específicas usando iptables. Cuando está activado, cada cliente puede configurarse con destinos permitidos."
+      "restartSuccess": "Interfaz reiniciada"
    },
    "introText": "Bienvenido al panel de administración.\n\nAquí puedes gestionar los ajustes generales, la configuración, la interfaz y los hooks.\n\nEmpieza eligiendo una de las secciones en la barra lateral."
  },
@@ -190,7 +179,6 @@
    "generic": {
      "required": "{0} es obligatorio",
      "validNumber": "{0} debe ser un número válido",
-      "validNumberRange": "{0} debe ser un número válido o un rango de números",
      "validString": "{0} debe ser una cadena válida",
      "validBoolean": "{0} debe ser un booleano válido",
      "validArray": "{0} debe ser una lista válida",
@@ -203,9 +191,7 @@
      "expiresAt": "Expira el",
      "address4": "Dirección IPv4",
      "address6": "Dirección IPv6",
-      "serverAllowedIps": "IPs permitidas del servidor",
-      "firewallIps": "IPs permitidas del cortafuegos",
-      "firewallIpsInvalid": "Entrada de IP de cortafuegos no válida. Consulta la documentación para la sintaxis compatible."
+      "serverAllowedIps": "IPs permitidas del servidor"
    },
    "user": {
      "username": "Usuario",
@@ -250,47 +236,5 @@
    "postUp": "PostUp",
    "preDown": "PreDown",
    "postDown": "PostDown"
-  },
-  "copy": {
-    "notSupported": "La copia no es compatible",
-    "copied": "¡Copiado!",
-    "failed": "Error al copiar",
-    "copy": "Copiar"
-  },
-  "awg": {
-    "jCLabel": "Número de paquetes basura (Jc)",
-    "jCDescription": "Número de paquetes basura a enviar (1-128, recomendado: 4-12)",
-    "jMinLabel": "Tamaño mínimo de paquete basura (Jmin)",
-    "jMinDescription": "Tamaño mínimo de los paquetes basura (0-1279*, recomendado: 8, debe ser < Jmax)",
-    "jMaxLabel": "Tamaño máximo de paquete basura (Jmax)",
-    "jMaxDescription": "Tamaño máximo de los paquetes basura (1-1280*, recomendado: 80, debe ser > Jmin)",
-    "s1Label": "Tamaño de basura del paquete Init (S1)",
-    "s1Description": "Tamaño de basura del paquete Init (0-1132[1280* - 148 = 1132], recomendado: 15-150, S1+56 ≠ S2)",
-    "s2Label": "Tamaño de basura del paquete de respuesta (S2)",
-    "s2Description": "Tamaño de basura del paquete de respuesta (0-1188[1280* - 92 = 1188], recomendado: 15-150)",
-    "s3Label": "Tamaño de basura del paquete de respuesta de cookie (S3)",
-    "s3Description": "Tamaño de basura del paquete de respuesta de cookie",
-    "s4Label": "Tamaño de basura del paquete de transporte (S4)",
-    "s4Description": "Tamaño de basura del paquete de transporte",
-    "h1Label": "Cabecera mágica Init (H1)",
-    "h1Description": "Valor o rango de cabecera del paquete Init (X o X-Y, donde X<Y. Mín 5, máx 2147483647. El valor o rango no debe solaparse con otras cabeceras)",
-    "h2Label": "Cabecera mágica de respuesta (H2)",
-    "h2Description": "Valor o rango de cabecera del paquete de respuesta (X o X-Y, donde X<Y. Mín 5, máx 2147483647. El valor o rango no debe solaparse con otras cabeceras)",
-    "h3Label": "Cabecera mágica de respuesta de cookie (H3)",
-    "h3Description": "Valor o rango de cabecera del paquete de respuesta de cookie (X o X-Y, donde X<Y. Mín 5, máx 2147483647. El valor o rango no debe solaparse con otras cabeceras)",
-    "h4Label": "Cabecera mágica de transporte (H4)",
-    "h4Description": "Valor o rango de cabecera del paquete de transporte (X o X-Y, donde X<Y. Mín 5, máx 2147483647. El valor o rango no debe solaparse con otras cabeceras)",
-    "i1Label": "Paquete basura especial 1 (I1)",
-    "i1Description": "Paquete que imita protocolo en formato hex: <b 0x...>",
-    "i2Label": "Paquete basura especial 2 (I2)",
-    "i2Description": "Paquete que imita protocolo en formato hex: <b 0x...>",
-    "i3Label": "Paquete basura especial 3 (I3)",
-    "i3Description": "Paquete que imita protocolo en formato hex: <b 0x...>",
-    "i4Label": "Paquete basura especial 4 (I4)",
-    "i4Description": "Paquete que imita protocolo en formato hex: <b 0x...>",
-    "i5Label": "Paquete basura especial 5 (I5)",
-    "i5Description": "Paquete que imita protocolo en formato hex: <b 0x...>",
-    "mtuNote": "Los valores dependen de la MTU",
-    "obfuscationParameters": "Parámetros de ofuscación AmneziaWG"
  }
 }
@@ -15,12 +15,12 @@
  },
  "me": {
    "currentPassword": "Mot de passe actuel",
-    "enable2fa": "Activer l'authentification à deux facteurs",
+    "enable2fa": "Activer l'authentification à double facteur",
    "enable2faDesc": "Scannez le code QR avec votre application d'authentification ou saisissez la clé manuellement.",
    "2faKey": "Clé TOTP",
    "2faCodeDesc": "Saisissez le code de votre application d'authentification.",
-    "disable2fa": "Désactiver l'authentification à deux facteurs",
-    "disable2faDesc": "Saisissez votre mot de passe pour désactiver l'authentification à deux facteurs."
+    "disable2fa": "Désactiver l'authentification à double facteur",
+    "disable2faDesc": "Saisissez votre mot de passe pour désactiver l'authentification à double facteur"
  },
  "general": {
    "name": "Nom",
@@ -40,7 +40,7 @@
    "no": "Non",
    "confirmPassword": "Confirmer le mot de passe",
    "loading": "Chargement...",
-    "2fa": "Authentification à deux facteurs",
+    "2fa": "Authentification à double facteur",
    "2faCode": "Code TOTP"
  },
  "setup": {
@@ -51,7 +51,7 @@
    "setupConfigDesc": "Veuillez saisir les informations relatives à l'hôte et au port. Ceci sera utilisé pour la configuration du client lors de la mise en place de WireGuard sur les appareils.",
    "setupMigrationDesc": "Veuillez fournir le fichier de sauvegarde si vous souhaitez migrer vos données de la version précédente de wg-easy vers votre nouvelle installation.",
    "upload": "Téléverser",
-    "migration": "Restaurer la sauvegarde :",
+    "migration": "Restaurer la sauvegarde:",
    "createAccount": "Créer un compte",
    "successful": "Installation réussie",
    "hostDesc": "Nom d'hôte public auquel les clients se connecteront",
@@ -75,8 +75,8 @@
    "rememberMe": "Se souvenir de moi",
    "rememberMeDesc": "Rester connecté après avoir fermé le navigateur",
    "insecure": "Vous ne pouvez pas vous connecter avec une connexion non sécurisée. Utilisez HTTPS.",
-    "2faRequired": "L'authentification à deux facteurs est requise",
-    "2faWrong": "Le code d'authentification à deux facteurs est incorrect"
+    "2faRequired": "Une authentification à double facteur est requise",
+    "2faWrong": "L'authentification à double facteur est incorrecte"
  },
  "client": {
    "empty": "Il n'y a pas encore de clients.",
@@ -88,19 +88,18 @@
    "name": "Nom",
    "expireDate": "Date d'expiration",
    "expireDateDesc": "Date à laquelle le client sera désactivé. Vide pour permanent",
-    "delete": "Supprimer",
    "deleteClient": "Supprimer le client",
    "deleteDialog1": "Êtes-vous sûr de vouloir supprimer",
    "deleteDialog2": "Cette action ne peut être annulée.",
    "enabled": "Activé",
    "address": "Adresse",
-    "serverAllowedIps": "IPs autorisées par le serveur",
+    "serverAllowedIps": "Serveur IPs autorisées",
    "otlDesc": "Générer un lien court et unique",
    "permanent": "Permanent",
    "createdOn": "Créé le ",
    "lastSeen": "Dernière visite le ",
-    "totalDownload": "Téléchargement total : ",
-    "totalUpload": "Téléversement total : ",
+    "totalDownload": "Téléchargement total: ",
+    "totalUpload": "Téléversement total: ",
    "newClient": "Nouveau client",
    "disableClient": "Désactiver le client",
    "enableClient": "Activer le client",
@@ -109,7 +108,7 @@
    "downloadConfig": "Télécharger la configuration",
    "allowedIpsDesc": "Quelles IPs seront acheminées par le VPN (remplace la configuration globale)",
    "serverAllowedIpsDesc": "Les IPs que le serveur acheminera vers le client",
-    "mtuDesc": "Définit l'unité de transmission maximale (taille des paquets) pour le tunnel VPN",
+    "mtuDesc": "Définit le nombre maximum d'unités de transmission (taille des paquets) pour le tunnel VPN.",
    "persistentKeepaliveDesc": "Définit l'intervalle (en secondes) pour les paquets keep-alive. 0 le désactive",
    "hooks": "Hooks",
    "hooksDescription": "Les hooks ne fonctionnent qu'avec wg-quick",
@@ -117,14 +116,7 @@
    "dnsDesc": "Serveur DNS que les clients utiliseront (remplace la configuration globale)",
    "notConnected": "Client non connecté",
    "endpoint": "Endpoint",
-    "endpointDesc": "Adresse IP du client à partir duquel la connexion WireGuard est établie",
-    "search": "Rechercher des clients...",
-    "config": "Configuration",
-    "viewConfig": "Voir la configuration",
-    "firewallIps": "IPs autorisées par le pare-feu",
-    "firewallIpsDesc": "IPs/CIDRs de destination auxquels ce client peut accéder (application côté serveur). Laissez vide pour utiliser les IPs autorisées. Prend en charge le filtrage optionnel par port et protocole. Voir la documentation pour la syntaxe.",
-    "downloadPng": "Télécharger le PNG",
-    "copyPng": "Copier le PNG"
+    "endpointDesc": "Adresse IP du client à partir duquel la connexion WireGuard est établie"
  },
  "dialog": {
    "change": "Modifier",
@@ -134,8 +126,7 @@
  "toast": {
    "success": "Réussite",
    "saved": "Sauvegardé",
-    "error": "Erreur",
-    "unknown": "Erreur inconnue. Consultez la console pour plus de détails"
+    "error": "Erreur"
  },
  "form": {
    "actions": "Actions",
@@ -155,9 +146,9 @@
      "metricsPassword": "Mot de passe",
      "metricsPasswordDesc": "Mot de passe Bearer pour le endpoint des métriques (mot de passe ou argon2 hash)",
      "json": "JSON",
-      "jsonDesc": "Route pour les métriques au format JSON",
+      "jsonDesc": "Acheminement pour les métriques au format JSON",
      "prometheus": "Prometheus",
-      "prometheusDesc": "Route pour les métriques Prometheus"
+      "prometheusDesc": "Acheminement pour les métriques de Prometheus"
    },
    "config": {
      "connection": "Connexion",
@@ -180,10 +171,7 @@
      "restart": "Redémarrer l'interface",
      "restartDesc": "Redémarre l'interface WireGuard",
      "restartWarn": "Êtes-vous sûr de redémarrer l'interface ? Cela déconnectera tous les clients.",
-      "restartSuccess": "Interface redémarrée",
-      "firewall": "Filtrage du trafic",
-      "firewallEnabled": "Activer le pare-feu par client",
-      "firewallEnabledDesc": "Restreindre le trafic des clients à des IPs de destination spécifiques via iptables. Lorsqu'il est activé, chaque client peut être configuré avec des destinations autorisées."
+      "restartSuccess": "Interface redémarrée"
    },
    "introText": "Bienvenue dans le panel d'administration.\n\nVous pouvez y gérer les paramètres généraux, la configuration, les paramètres de l'interface et les hooks.\n\nCommencez par choisir l'une des sections de la barre latérale."
  },
@@ -191,22 +179,19 @@
    "generic": {
      "required": "{0} est requis",
      "validNumber": "{0} doit être un nombre valide",
-      "validNumberRange": "{0} doit être un nombre ou une plage de nombres valide",
      "validString": "{0} doit être une chaîne de caractères valide",
-      "validBoolean": "{0} doit être un booléen valide",
+      "validBoolean": "{0} doit être une variable valide",
      "validArray": "{0} doit être un tableau valide",
-      "stringMin": "{0} doit comporter au moins {1} caractère(s)",
+      "stringMin": "{0} doit être d'au moins {1} Caractère",
      "numberMin": "{0} doit être d'au moins {1}"
    },
    "client": {
-      "id": "ID du client",
+      "id": "Client ID",
      "name": "Nom",
      "expiresAt": "Expire le",
      "address4": "Adresse IPv4",
      "address6": "Adresse IPv6",
-      "serverAllowedIps": "IPs autorisées par le serveur",
-      "firewallIps": "IPs autorisées par le pare-feu",
-      "firewallIpsInvalid": "Entrée d'IP de pare-feu invalide. Voir la documentation pour la syntaxe supportée."
+      "serverAllowedIps": "Serveur IPs autorisées"
    },
    "user": {
      "username": "Nom d'utilisateur",
@@ -251,47 +236,5 @@
    "postUp": "PostUp",
    "preDown": "PreDown",
    "postDown": "PostDown"
-  },
-  "copy": {
-    "notSupported": "La copie n'est pas prise en charge",
-    "copied": "Copié !",
-    "failed": "Échec de la copie",
-    "copy": "Copier"
-  },
-  "awg": {
-    "jCLabel": "Nombre de paquets parasites (Jc)",
-    "jCDescription": "Nombre de paquets parasites à envoyer (1-128, recommandé : 4-12)",
-    "jMinLabel": "Taille min des paquets parasites (Jmin)",
-    "jMinDescription": "Taille minimale des paquets parasites (0-1279*, recommandé : 8, doit être < Jmax)",
-    "jMaxLabel": "Taille max des paquets parasites (Jmax)",
-    "jMaxDescription": "Taille maximale des paquets parasites (1-1280*, recommandé : 80, doit être > Jmin)",
-    "s1Label": "Taille parasite du paquet init (S1)",
-    "s1Description": "Taille parasite du paquet d'initialisation (0-1132[1280* - 148 = 1132], recommandé : 15-150, S1+56 ≠ S2)",
-    "s2Label": "Taille parasite du paquet réponse (S2)",
-    "s2Description": "Taille parasite du paquet de réponse (0-1188[1280* - 92 = 1188], recommandé : 15-150)",
-    "s3Label": "Taille parasite du paquet cookie reply (S3)",
-    "s3Description": "Taille parasite du paquet de réponse cookie",
-    "s4Label": "Taille parasite du paquet transport (S4)",
-    "s4Description": "Taille parasite du paquet de transport",
-    "h1Label": "En-tête magique init (H1)",
-    "h1Description": "Valeur ou plage de l'en-tête du paquet init (X ou X-Y, où X<Y. Min 5, max 2147483647. La valeur ou la plage ne doit pas chevaucher les autres en-têtes)",
-    "h2Label": "En-tête magique réponse (H2)",
-    "h2Description": "Valeur ou plage de l'en-tête du paquet réponse (X ou X-Y, où X<Y. Min 5, max 2147483647. La valeur ou la plage ne doit pas chevaucher les autres en-têtes)",
-    "h3Label": "En-tête magique cookie reply (H3)",
-    "h3Description": "Valeur ou plage de l'en-tête du paquet cookie reply (X ou X-Y, où X<Y. Min 5, max 2147483647. La valeur ou la plage ne doit pas chevaucher les autres en-têtes)",
-    "h4Label": "En-tête magique transport (H4)",
-    "h4Description": "Valeur ou plage de l'en-tête du paquet transport (X ou X-Y, où X<Y. Min 5, max 2147483647. La valeur ou la plage ne doit pas chevaucher les autres en-têtes)",
-    "i1Label": "Paquet parasite spécial 1 (I1)",
-    "i1Description": "Paquet de simulation de protocole en format hexadécimal : <b 0x...>",
-    "i2Label": "Paquet parasite spécial 2 (I2)",
-    "i2Description": "Paquet de simulation de protocole en format hexadécimal : <b 0x...>",
-    "i3Label": "Paquet parasite spécial 3 (I3)",
-    "i3Description": "Paquet de simulation de protocole en format hexadécimal : <b 0x...>",
-    "i4Label": "Paquet parasite spécial 4 (I4)",
-    "i4Description": "Paquet de simulation de protocole en format hexadécimal : <b 0x...>",
-    "i5Label": "Paquet parasite spécial 5 (I5)",
-    "i5Description": "Paquet de simulation de protocole en format hexadécimal : <b 0x...>",
-    "mtuNote": "Les valeurs dépendent du MTU",
-    "obfuscationParameters": "Paramètres d'obfuscation AmneziaWG"
  }
 }
@@ -1,296 +0,0 @@
-{
-  "pages": {
-    "me": "Conta",
-    "clients": "Clientes",
-    "admin": {
-      "panel": "Panel de administración",
-      "general": "Xeral",
-      "config": "Configuración",
-      "interface": "Interface",
-      "hooks": "Hooks"
-    }
-  },
-  "user": {
-    "email": "Correo electrónico"
-  },
-  "me": {
-    "currentPassword": "Contrasinal actual",
-    "enable2fa": "Activar a autenticación de dobre factor",
-    "enable2faDesc": "Escanea o código QR coa túa aplicación de autenticación ou introduce a chave manualmente.",
-    "2faKey": "Chave TOTP",
-    "2faCodeDesc": "Introduce o código da túa aplicación de autenticación.",
-    "disable2fa": "Desactivar a autenticación de dobre factor",
-    "disable2faDesc": "Introduce o teu contrasinal para desactivar a autenticación de dobre factor."
-  },
-  "general": {
-    "name": "Nome",
-    "username": "Nome de usuario",
-    "password": "Contrasinal",
-    "newPassword": "Novo contrasinal",
-    "updatePassword": "Actualizar contrasinal",
-    "mtu": "MTU",
-    "allowedIps": "IP permitidas",
-    "dns": "DNS",
-    "persistentKeepalive": "Keepalive persistente",
-    "logout": "Pechar sesión",
-    "continue": "Continuar",
-    "host": "Host",
-    "port": "Porto",
-    "yes": "Si",
-    "no": "Non",
-    "confirmPassword": "Confirmar o contrasinal",
-    "loading": "Cargando...",
-    "2fa": "Autenticación de dobre factor",
-    "2faCode": "Código TOTP"
-  },
-  "setup": {
-    "welcome": "Benvido á túa primeira configuración de wg-easy",
-    "welcomeDesc": "Atopaches a forma máis doada de instalar e xestionar WireGuard en calquera sistema Linux",
-    "existingSetup": "Tes unha configuración existente?",
-    "createAdminDesc": "Por favor, introduce primeiro un usuario administrador cun contrasinal seguro. Esta información empregarase para acceder ao panel de administración.",
-    "setupConfigDesc": "Por favor, introduce a información do host e do porto. Isto empregarase para a configuración dos clientes ao configurar WireGuard nos seus dispositivos.",
-    "setupMigrationDesc": "Por favor, fornece o ficheiro da copia de seguridade se queres migrar os datos da túa versión anterior de wg-easy á nova configuración.",
-    "upload": "Subir",
-    "migration": "Recuperar a copia de seguridade:",
-    "createAccount": "Crear conta",
-    "successful": "Configuración completada con éxito",
-    "hostDesc": "Nome de host público ao que se conectarán os clientes",
-    "portDesc": "Porto UDP público ao que se conectarán os clientes e no que escoitará WireGuard"
-  },
-  "update": {
-    "updateAvailable": "Hai unha actualización dispoñible!",
-    "update": "Actualizar"
-  },
-  "theme": {
-    "dark": "Tema escuro",
-    "light": "Tema claro",
-    "system": "Tema do sistema"
-  },
-  "layout": {
-    "toggleCharts": "Amosar/Ocultar gráficas",
-    "donate": "Doar"
-  },
-  "login": {
-    "signIn": "Iniciar sesión",
-    "rememberMe": "Lembrarme",
-    "rememberMeDesc": "Manter a sesión iniciada ao pechar o navegador",
-    "insecure": "Non podes iniciar sesión cunha conexión insegura. Usa HTTPS.",
-    "2faRequired": "É necesaria a autenticación de dobre factor",
-    "2faWrong": "A autenticación de dobre factor é incorrecta"
-  },
-  "client": {
-    "empty": "Aínda non hai clientes.",
-    "newShort": "Novo",
-    "sort": "Ordenar",
-    "create": "Crear cliente",
-    "created": "Cliente creado",
-    "new": "Novo cliente",
-    "name": "Nome",
-    "expireDate": "Data de caducidade",
-    "expireDateDesc": "Data na que o cliente será desactivado. Déixao en branco para permanente",
-    "delete": "Eliminar",
-    "deleteClient": "Eliminar cliente",
-    "deleteDialog1": "Seguro que queres eliminar",
-    "deleteDialog2": "Esta acción non se pode desfacer.",
-    "enabled": "Activado",
-    "address": "Enderezo",
-    "serverAllowedIps": "IP permitidas polo servidor",
-    "otlDesc": "Xerar ligazón curta dun só uso",
-    "permanent": "Permanente",
-    "createdOn": "Creado o ",
-    "lastSeen": "Visto por última vez o ",
-    "totalDownload": "Descarga total: ",
-    "totalUpload": "Subida total: ",
-    "newClient": "Novo cliente",
-    "disableClient": "Desactivar cliente",
-    "enableClient": "Activar cliente",
-    "noPrivKey": "Este cliente non ten unha chave privada coñecida. Non se pode crear a configuración.",
-    "showQR": "Amosar código QR",
-    "downloadConfig": "Descargar configuración",
-    "allowedIpsDesc": "IP que se encamiñarán a través da VPN (sobrescribe a configuración global)",
-    "serverAllowedIpsDesc": "IP que o servidor encamiñará ao cliente",
-    "mtuDesc": "Define a unidade máxima de transmisión (tamaño do paquete) para o túnel VPN",
-    "persistentKeepaliveDesc": "Define o intervalo (en segundos) para os paquetes keep-alive. 0 desactívaos",
-    "hooks": "Hooks",
-    "hooksDescription": "Os hooks só funcionan con wg-quick",
-    "hooksLeaveEmpty": "Só para wg-quick. Noutro caso, déixao baleiro",
-    "dnsDesc": "Servidor DNS que empregarán os clientes (sobrescribe a configuración global)",
-    "notConnected": "Cliente non conectado",
-    "endpoint": "Punto final",
-    "endpointDesc": "IP do cliente desde a que se establece a conexión WireGuard",
-    "search": "Buscar clientes...",
-    "config": "Configuración",
-    "viewConfig": "Ver configuración",
-    "firewallIps": "IPs permitidas do cortalumes",
-    "firewallIpsDesc": "IPs/CIDRs de destino aos que este cliente pode acceder (aplicado no lado do servidor). Déixao baleiro para usar as IPs permitidas. Admite filtrado opcional por porto e protocolo. Consulta a documentación para a sintaxe.",
-    "downloadPng": "Descargar PNG",
-    "copyPng": "Copiar PNG"
-  },
-  "dialog": {
-    "change": "Cambiar",
-    "cancel": "Cancelar",
-    "create": "Crear"
-  },
-  "toast": {
-    "success": "Éxito",
-    "saved": "Gardado",
-    "error": "Erro"
-  },
-  "form": {
-    "actions": "Accións",
-    "save": "Gardar",
-    "revert": "Reverter",
-    "sectionGeneral": "Xeral",
-    "sectionAdvanced": "Avanzado",
-    "noItems": "Sen elementos",
-    "nullNoItems": "Sen elementos. Usando a configuración global",
-    "add": "Engadir"
-  },
-  "admin": {
-    "general": {
-      "sessionTimeout": "Tempo límite da sesión",
-      "sessionTimeoutDesc": "Duración da sesión para Lembrarme (segundos)",
-      "metrics": "Métricas",
-      "metricsPassword": "Contrasinal",
-      "metricsPasswordDesc": "Contrasinal Bearer para o endpoint de métricas (contrasinal ou hash argon2)",
-      "json": "JSON",
-      "jsonDesc": "Ruta para as métricas en formato JSON",
-      "prometheus": "Prometheus",
-      "prometheusDesc": "Ruta para as métricas de Prometheus"
-    },
-    "config": {
-      "connection": "Conexión",
-      "hostDesc": "Nome de host público ao que se conectarán os clientes (invalida a configuración)",
-      "portDesc": "Porto UDP público ao que se conectarán os clientes (invalida a configuración; probablemente tamén queiras cambiar o Porto da interface)",
-      "allowedIpsDesc": "IPs permitidas que usarán os clientes (configuración global)",
-      "dnsDesc": "Servidor DNS que usarán os clientes (configuración global)",
-      "mtuDesc": "MTU que usarán os clientes (só para clientes novos)",
-      "persistentKeepaliveDesc": "Intervalo en segundos para enviar keepalives ao servidor. 0 = desactivado (só para clientes novos)",
-      "suggest": "Suxerir",
-      "suggestDesc": "Escolle un enderezo IP ou nome de host para o campo Host"
-    },
-    "interface": {
-      "cidrSuccess": "CIDR cambiado",
-      "device": "Dispositivo",
-      "deviceDesc": "Dispositivo Ethernet polo que se redirixirá o tráfico de WireGuard",
-      "mtuDesc": "MTU que usará WireGuard",
-      "portDesc": "Porto UDP no que WireGuard escoitará (probablemente tamén queiras cambiar o Porto da configuración)",
-      "changeCidr": "Cambiar CIDR",
-      "restart": "Reiniciar interface",
-      "restartDesc": "Reiniciar a interface de WireGuard",
-      "restartWarn": "Seguro que queres reiniciar a interface? Isto desconectará todos os clientes.",
-      "restartSuccess": "Interface reiniciada",
-      "firewall": "Filtrado de tráfico",
-      "firewallEnabled": "Activar devasa por cliente",
-      "firewallEnabledDesc": "Restrinxir o tráfico dos clientes a IPs de destino específicas usando iptables. Cando está activado, cada cliente pode configurarse con destinos permitidos."
-    },
-    "introText": "Benvido ao panel de administración.\n\nAquí podes xestionar a configuración xeral, a configuración, os axustes da interface e os hooks.\n\nComeza escollendo unha das seccións na barra lateral."
-  },
-  "zod": {
-    "generic": {
-      "required": "{0} é obrigatorio",
-      "validNumber": "{0} debe ser un número válido",
-      "validNumberRange": "{0} debe ser un número válido ou un rango de números",
-      "validString": "{0} debe ser unha cadea válida",
-      "validBoolean": "{0} debe ser un booleano válido",
-      "validArray": "{0} debe ser un array válido",
-      "stringMin": "{0} debe ter polo menos {1} carácter",
-      "numberMin": "{0} debe ser polo menos {1}"
-    },
-    "client": {
-      "id": "ID do cliente",
-      "name": "Nome",
-      "expiresAt": "Caduca o",
-      "address4": "Enderezo IPv4",
-      "address6": "Enderezo IPv6",
-      "serverAllowedIps": "IPs permitidas do servidor",
-      "firewallIps": "IPs permitidas da devasa",
-      "firewallIpsInvalid": "Entrada de IP da devasa non válida. Consulta a documentación para a sintaxe admitida."
-    },
-    "user": {
-      "username": "Nome de usuario",
-      "password": "Contrasinal",
-      "remember": "Lembrar",
-      "name": "Nome",
-      "email": "Correo electrónico",
-      "emailInvalid": "O correo electrónico debe ser válido",
-      "passwordMatch": "Os contrasinais deben coincidir",
-      "totpEnable": "Activar TOTP",
-      "totpEnableTrue": "Activar TOTP debe ser verdadeiro",
-      "totpCode": "Código TOTP"
-    },
-    "userConfig": {
-      "host": "Host"
-    },
-    "general": {
-      "sessionTimeout": "Tempo límite da sesión",
-      "metricsEnabled": "Métricas",
-      "metricsPassword": "Contrasinal das métricas"
-    },
-    "interface": {
-      "cidr": "CIDR",
-      "device": "Dispositivo",
-      "cidrValid": "O CIDR debe ser válido"
-    },
-    "otl": "Ligazón dun só uso",
-    "stringMalformed": "A cadea está mal formada",
-    "body": "O corpo debe ser un obxecto válido",
-    "hook": "Hook",
-    "enabled": "Activado",
-    "mtu": "MTU",
-    "port": "Porto",
-    "persistentKeepalive": "Keepalive persistente",
-    "address": "Enderezo IP",
-    "dns": "DNS",
-    "allowedIps": "IPs permitidas",
-    "file": "Ficheiro"
-  },
-  "hooks": {
-    "preUp": "PreUp",
-    "postUp": "PostUp",
-    "preDown": "PreDown",
-    "postDown": "PostDown"
-  },
-  "copy": {
-    "notSupported": "Copiar non é compatible",
-    "copied": "Copiado!",
-    "failed": "Erro ao copiar",
-    "copy": "Copiar"
-  },
-  "awg": {
-    "jCLabel": "Número de paquetes lixo (Jc)",
-    "jCDescription": "Número de paquetes lixo para enviar (1-128, recomendado: 4-12)",
-    "jMinLabel": "Tamaño mínimo dos paquetes lixo (Jmin)",
-    "jMinDescription": "Tamaño mínimo dos paquetes lixo (0-1279*, recomendado: 8, debe ser < Jmax)",
-    "jMaxLabel": "Tamaño máximo dos paquetes lixo (Jmax)",
-    "jMaxDescription": "Tamaño máximo dos paquetes lixo (1-1280*, recomendado: 80, debe ser > Jmin)",
-    "s1Label": "Tamaño lixo do paquete de inicio (S1)",
-    "s1Description": "Tamaño lixo do paquete de inicio (0-1132[1280* - 148 = 1132], recomendado: 15-150, S1+56 ≠ S2)",
-    "s2Label": "Tamaño lixo do paquete de resposta (S2)",
-    "s2Description": "Tamaño lixo do paquete de resposta (0-1188[1280* - 92 = 1188], recomendado: 15-150)",
-    "s3Label": "Tamaño lixo do paquete de resposta cookie (S3)",
-    "s3Description": "Tamaño lixo do paquete de resposta cookie",
-    "s4Label": "Tamaño lixo do paquete de transporte (S4)",
-    "s4Description": "Tamaño lixo do paquete de transporte",
-    "h1Label": "Cabeceira máxica de inicio (H1)",
-    "h1Description": "Valor ou rango da cabeceira do paquete de inicio (X ou X-Y, onde X<Y. Mín 5, máx 2147483647. O valor ou rango non debe solaparse con outras cabeceiras)",
-    "h2Label": "Cabeceira máxica de resposta (H2)",
-    "h2Description": "Valor ou rango da cabeceira do paquete de resposta (X ou X-Y, onde X<Y. Mín 5, máx 2147483647. O valor ou rango non debe solaparse con outras cabeceiras)",
-    "h3Label": "Cabeceira máxica da resposta cookie (H3)",
-    "h3Description": "Valor ou rango da cabeceira do paquete de resposta cookie (X ou X-Y, onde X<Y. Mín 5, máx 2147483647. O valor ou rango non debe solaparse con outras cabeceiras)",
-    "h4Label": "Cabeceira máxica de transporte (H4)",
-    "h4Description": "Valor ou rango da cabeceira do paquete de transporte (X ou X-Y, onde X<Y. Mín 5, máx 2147483647. O valor ou rango non debe solaparse con outras cabeceiras)",
-    "i1Label": "Paquete lixo especial 1 (I1)",
-    "i1Description": "Paquete de simulación de protocolo en formato hexadecimal: <b 0x...>",
-    "i2Label": "Paquete lixo especial 2 (I2)",
-    "i2Description": "Paquete de simulación de protocolo en formato hexadecimal: <b 0x...>",
-    "i3Label": "Paquete lixo especial 3 (I3)",
-    "i3Description": "Paquete de simulación de protocolo en formato hexadecimal: <b 0x...>",
-    "i4Label": "Paquete lixo especial 4 (I4)",
-    "i4Description": "Paquete de simulación de protocolo en formato hexadecimal: <b 0x...>",
-    "i5Label": "Paquete lixo especial 5 (I5)",
-    "i5Description": "Paquete de simulación de protocolo en formato hexadecimal: <b 0x...>",
-    "mtuNote": "Os valores dependen da MTU",
-    "obfuscationParameters": "Parámetros de ofuscación de AmneziaWG"
-  }
-}
@@ -1,286 +0,0 @@
-{
-  "pages": {
-    "me": "Konto",
-    "clients": "Klienter",
-    "admin": {
-      "panel": "Adminpanel",
-      "general": "Generelt",
-      "config": "Oppsett",
-      "interface": "Grensesnitt",
-      "hooks": "Hooks"
-    }
-  },
-  "user": {
-    "email": "E-post"
-  },
-  "me": {
-    "currentPassword": "Nåværende passord",
-    "enable2fa": "Aktiver tofaktorautentisering",
-    "enable2faDesc": "Skann QR-koden med autentiseringsappen din eller skriv inn nøkkelen manuelt.",
-    "2faKey": "TOTP-nøkkel",
-    "2faCodeDesc": "Skriv inn koden fra autentiseringsappen din.",
-    "disable2fa": "Deaktiver tofaktorautentisering",
-    "disable2faDesc": "Skriv inn passordet ditt for å deaktivere tofaktorautentisering."
-  },
-  "general": {
-    "name": "Navn",
-    "username": "Brukernavn",
-    "password": "Passord",
-    "newPassword": "Nytt passord",
-    "updatePassword": "Oppdater passord",
-    "mtu": "MTU",
-    "allowedIps": "Tillatte IP-er",
-    "dns": "DNS",
-    "persistentKeepalive": "Vedvarende keepalive",
-    "logout": "Logg ut",
-    "continue": "Fortsett",
-    "host": "Vert",
-    "port": "Port",
-    "yes": "Ja",
-    "no": "Nei",
-    "confirmPassword": "Bekreft passord",
-    "loading": "Laster...",
-    "2fa": "Tofaktorautentisering",
-    "2faCode": "TOTP-kode"
-  },
-  "setup": {
-    "welcome": "Velkommen til ditt oppsett av wg-easy",
-    "welcomeDesc": "Du har funnet den enkleste måten å installere og administrere WireGuard på en hvilken som helst Linux-vert",
-    "existingSetup": "Har du et eksisterende oppsett?",
-    "createAdminDesc": "Skriv først inn et adminbrukernavn og et sterkt, sikkert passord. Denne informasjonen brukes til å logge inn i administrasjonspanelet.",
-    "setupConfigDesc": "Skriv inn vert- og portinformasjon. Dette brukes til klientkonfigurasjonen når du setter opp WireGuard på enhetene deres.",
-    "setupMigrationDesc": "Oppgi sikkerhetskopifilen hvis du vil migrere dataene dine fra forrige wg-easy-versjon til det nye oppsettet.",
-    "upload": "Last opp",
-    "migration": "Gjenopprett sikkerhetskopien:",
-    "createAccount": "Opprett konto",
-    "successful": "Oppsett vellykket",
-    "hostDesc": "Offentlig vertsnavn klienter vil koble seg til",
-    "portDesc": "Offentlig UDP-port klienter vil koble til og WireGuard vil lytte på"
-  },
-  "update": {
-    "updateAvailable": "En oppdatering er tilgjengelig!",
-    "update": "Oppdater"
-  },
-  "theme": {
-    "dark": "Mørkt tema",
-    "light": "Lyst tema",
-    "system": "Systemtema"
-  },
-  "layout": {
-    "toggleCharts": "Vis/skjul diagrammer",
-    "donate": "Doner"
-  },
-  "login": {
-    "signIn": "Logg inn",
-    "rememberMe": "Husk meg",
-    "rememberMeDesc": "Hold deg innlogget etter at nettleseren lukkes",
-    "insecure": "Du kan ikke logge inn med en usikker tilkobling. Bruk HTTPS.",
-    "2faRequired": "Tofaktorautentisering er påkrevd",
-    "2faWrong": "Tofaktorautentisering er feil"
-  },
-  "client": {
-    "empty": "Det finnes ingen klienter ennå.",
-    "newShort": "Ny",
-    "sort": "Sorter",
-    "create": "Opprett klient",
-    "created": "Klient opprettet",
-    "new": "Ny klient",
-    "name": "Navn",
-    "expireDate": "Utløpsdato",
-    "expireDateDesc": "Datoen klienten blir deaktivert. Tomt for permanent",
-    "delete": "Slett",
-    "deleteClient": "Slett klient",
-    "deleteDialog1": "Er du sikker på at du vil slette",
-    "deleteDialog2": "Denne handlingen kan ikke angres.",
-    "enabled": "Aktivert",
-    "address": "Adresse",
-    "serverAllowedIps": "Server tillatte IP-er",
-    "otlDesc": "Generer kort engangslenke",
-    "permanent": "Permanent",
-    "createdOn": "Opprettet ",
-    "lastSeen": "Sist sett ",
-    "totalDownload": "Totalt nedlastet: ",
-    "totalUpload": "Totalt opplastet: ",
-    "newClient": "Ny klient",
-    "disableClient": "Deaktiver klient",
-    "enableClient": "Aktiver klient",
-    "noPrivKey": "Denne klienten har ingen kjent privat nøkkel. Kan ikke opprette konfigurasjon.",
-    "showQR": "Vis QR-kode",
-    "downloadConfig": "Last ned konfigurasjon",
-    "allowedIpsDesc": "Hvilke IP-er som rutes gjennom VPN (overstyrer global konfig)",
-    "serverAllowedIpsDesc": "Hvilke IP-er serveren ruter til klienten",
-    "mtuDesc": "Setter maksimal overføringsenhet (pakkestørrelse) for VPN-tunnelen",
-    "persistentKeepaliveDesc": "Setter intervallet (i sekunder) for keepalive-pakker. 0 deaktiverer det",
-    "hooks": "Hooks",
-    "hooksDescription": "Hooks fungerer bare med wg-quick",
-    "hooksLeaveEmpty": "Kun for wg-quick. Ellers la det være tomt",
-    "dnsDesc": "DNS-server klienter vil bruke (overstyrer global konfig)",
-    "notConnected": "Klient ikke tilkoblet",
-    "endpoint": "Endepunkt",
-    "endpointDesc": "IP-en til klienten som WireGuard-tilkoblingen etableres fra",
-    "search": "Søk etter klienter...",
-    "config": "Konfigurasjon",
-    "viewConfig": "Vis konfigurasjon"
-  },
-  "dialog": {
-    "change": "Endre",
-    "cancel": "Avbryt",
-    "create": "Opprett"
-  },
-  "toast": {
-    "success": "Vellykket",
-    "saved": "Lagret",
-    "error": "Feil"
-  },
-  "form": {
-    "actions": "Handlinger",
-    "save": "Lagre",
-    "revert": "Tilbakestill",
-    "sectionGeneral": "Generelt",
-    "sectionAdvanced": "Avansert",
-    "noItems": "Ingen elementer",
-    "nullNoItems": "Ingen elementer. Bruker global konfig",
-    "add": "Legg til"
-  },
-  "admin": {
-    "general": {
-      "sessionTimeout": "Øktutløp",
-      "sessionTimeoutDesc": "Øktvarighet for Husk meg (sekunder)",
-      "metrics": "Målinger",
-      "metricsPassword": "Passord",
-      "metricsPasswordDesc": "Bearer-passord for metrics-endepunktet (passord eller argon2-hash)",
-      "json": "JSON",
-      "jsonDesc": "Rute for metrics i JSON-format",
-      "prometheus": "Prometheus",
-      "prometheusDesc": "Rute for Prometheus-målinger"
-    },
-    "config": {
-      "connection": "Tilkobling",
-      "hostDesc": "Offentlig vertsnavn klienter vil koble til (ugyldiggjør konfig)",
-      "portDesc": "Offentlig UDP-port klienter vil koble til (ugyldiggjør konfig, du vil sannsynligvis også endre Grensesnitt-port)",
-      "allowedIpsDesc": "Tillatte IP-er klienter vil bruke (global konfig)",
-      "dnsDesc": "DNS-server klienter vil bruke (global konfig)",
-      "mtuDesc": "MTU klienter vil bruke (kun for nye klienter)",
-      "persistentKeepaliveDesc": "Intervall i sekunder for å sende keepalives til serveren. 0 = deaktivert (kun for nye klienter)",
-      "suggest": "Foreslå",
-      "suggestDesc": "Velg en IP-adresse eller et vertsnavn for Vert-feltet"
-    },
-    "interface": {
-      "cidrSuccess": "CIDR endret",
-      "device": "Enhet",
-      "deviceDesc": "Ethernet-enhet som WireGuard-trafikken skal videresendes gjennom",
-      "mtuDesc": "MTU WireGuard vil bruke",
-      "portDesc": "UDP-port WireGuard vil lytte på (du vil sannsynligvis også endre Konfig-port)",
-      "changeCidr": "Endre CIDR",
-      "restart": "Start grensesnitt på nytt",
-      "restartDesc": "Start WireGuard-grensesnittet på nytt",
-      "restartWarn": "Er du sikker på at du vil starte grensesnittet på nytt? Dette vil koble fra alle klienter.",
-      "restartSuccess": "Grensesnitt startet på nytt"
-    },
-    "introText": "Velkommen til adminpanelet.\n\nHer kan du administrere de generelle innstillingene, konfigurasjonen, grensesnittinnstillingene og hooks.\n\nStart med å velge en av seksjonene i sidepanelet."
-  },
-  "zod": {
-    "generic": {
-      "required": "{0} er påkrevd",
-      "validNumber": "{0} må være et gyldig tall",
-      "validString": "{0} må være en gyldig streng",
-      "validBoolean": "{0} må være en gyldig boolsk verdi",
-      "validArray": "{0} må være en gyldig liste",
-      "stringMin": "{0} må være minst {1} tegn",
-      "numberMin": "{0} må være minst {1}"
-    },
-    "client": {
-      "id": "Klient-ID",
-      "name": "Navn",
-      "expiresAt": "Utløper",
-      "address4": "IPv4-adresse",
-      "address6": "IPv6-adresse",
-      "serverAllowedIps": "Server tillatte IP-er"
-    },
-    "user": {
-      "username": "Brukernavn",
-      "password": "Passord",
-      "remember": "Husk",
-      "name": "Navn",
-      "email": "E-post",
-      "emailInvalid": "E-post må være en gyldig e-postadresse",
-      "passwordMatch": "Passord må være like",
-      "totpEnable": "TOTP aktivert",
-      "totpEnableTrue": "TOTP aktivert må være sant",
-      "totpCode": "TOTP-kode"
-    },
-    "userConfig": {
-      "host": "Vert"
-    },
-    "general": {
-      "sessionTimeout": "Øktutløp",
-      "metricsEnabled": "Målinger",
-      "metricsPassword": "Målingspassord"
-    },
-    "interface": {
-      "cidr": "CIDR",
-      "device": "Enhet",
-      "cidrValid": "CIDR må være gyldig"
-    },
-    "otl": "Engangslenke",
-    "stringMalformed": "Strengen er ugyldig",
-    "body": "Innholdet må være et gyldig objekt",
-    "hook": "Hook",
-    "enabled": "Aktivert",
-    "mtu": "MTU",
-    "port": "Port",
-    "persistentKeepalive": "Vedvarende keepalive",
-    "address": "IP-adresse",
-    "dns": "DNS",
-    "allowedIps": "Tillatte IP-er",
-    "file": "Fil"
-  },
-  "hooks": {
-    "preUp": "PreUp",
-    "postUp": "PostUp",
-    "preDown": "PreDown",
-    "postDown": "PostDown"
-  },
-  "copy": {
-    "notSupported": "Kopiering støttes ikke",
-    "copied": "Kopiert!",
-    "failed": "Kopiering mislyktes",
-    "copy": "Kopier"
-  },
-  "awg": {
-    "jCLabel": "Antall junk-pakker (Jc)",
-    "jCDescription": "Antall junk-pakker som skal sendes (1-128, anbefalt: 4-12)",
-    "jMinLabel": "Min. størrelse på junk-pakker (Jmin)",
-    "jMinDescription": "Minimum størrelse på junk-pakker (0-1279*, anbefalt: 8, må være < Jmax)",
-    "jMaxLabel": "Maks. størrelse på junk-pakker (Jmax)",
-    "jMaxDescription": "Maksimal størrelse på junk-pakker (1-1280*, anbefalt: 80, må være > Jmin)",
-    "s1Label": "Init-pakke junk-størrelse (S1)",
-    "s1Description": "Init-pakke junk-størrelse (0-1132[1280* - 148 = 1132], anbefalt: 15-150, S1+56 ≠ S2)",
-    "s2Label": "Svarpakke junk-størrelse (S2)",
-    "s2Description": "Svarpakke junk-størrelse (0-1188[1280* - 92 = 1188], anbefalt: 15-150)",
-    "s3Label": "Cookie-svarpakke junk-størrelse (S3)",
-    "s3Description": "Cookie-svarpakke junk-størrelse",
-    "s4Label": "Transportpakke junk-størrelse (S4)",
-    "s4Description": "Transportpakke junk-størrelse",
-    "h1Label": "Init magisk header (H1)",
-    "h1Description": "Init-pakke header-verdi (5-2147483647, må være unik fra H2-H4)",
-    "h2Label": "Svar magisk header (H2)",
-    "h2Description": "Svarpakke header-verdi (5-2147483647, må være unik fra H1, H3, H4)",
-    "h3Label": "Cookie-svar magisk header (H3)",
-    "h3Description": "Cookie-svarpakke header-verdi (5-2147483647, må være unik fra H1, H2, H4)",
-    "h4Label": "Transport magisk header (H4)",
-    "h4Description": "Transportpakke header-verdi (5-2147483647, må være unik fra H1-H3)",
-    "i1Label": "Spesiell junk-pakke 1 (I1)",
-    "i1Description": "Protokolllignende pakke i heksformat: <b 0x...>",
-    "i2Label": "Spesiell junk-pakke 2 (I2)",
-    "i2Description": "Protokolllignende pakke i heksformat: <b 0x...>",
-    "i3Label": "Spesiell junk-pakke 3 (I3)",
-    "i3Description": "Protokolllignende pakke i heksformat: <b 0x...>",
-    "i4Label": "Spesiell junk-pakke 4 (I4)",
-    "i4Description": "Protokolllignende pakke i heksformat: <b 0x...>",
-    "i5Label": "Spesiell junk-pakke 5 (I5)",
-    "i5Description": "Protokolllignende pakke i heksformat: <b 0x...>",
-    "mtuNote": "Verdier avhenger av MTU",
-    "obfuscationParameters": "AmneziaWG obfuskasjonsparametere"
-  }
-}
@@ -1,297 +0,0 @@
-{
-  "pages": {
-    "me": "Account",
-    "clients": "Cliënten",
-    "admin": {
-      "panel": "Admin-paneel",
-      "general": "Algemeen",
-      "config": "Configuratie",
-      "interface": "Interface",
-      "hooks": "Hooks"
-    }
-  },
-  "user": {
-    "email": "E-mail"
-  },
-  "me": {
-    "currentPassword": "Huidig wachtwoord",
-    "enable2fa": "Twee-factor-authenticatie inschakelen",
-    "enable2faDesc": "Scan de QR-code met uw authenticator-app of voer de sleutel handmatig in.",
-    "2faKey": "TOTP-sleutel",
-    "2faCodeDesc": "Voer de code in van uw authenticator-app.",
-    "disable2fa": "Twee-factor-authenticatie uitschakelen",
-    "disable2faDesc": "Voer uw wachtwoord in om de twee-factor-authenticatie uit te schakelen."
-  },
-  "general": {
-    "name": "Naam",
-    "username": "Gebruikersnaam",
-    "password": "Wachtwoord",
-    "newPassword": "Nieuw wachtwoord",
-    "updatePassword": "Wachtwoord bijwerken",
-    "mtu": "MTU",
-    "allowedIps": "Toegestane IP's",
-    "dns": "DNS",
-    "persistentKeepalive": "Aanhoudende verbinding",
-    "logout": "Uitloggen",
-    "continue": "Doorgaan",
-    "host": "Host",
-    "port": "Poort",
-    "yes": "Ja",
-    "no": "Nee",
-    "confirmPassword": "Wachtwoord bevestigen",
-    "loading": "Laden...",
-    "2fa": "Twee-factor-authenticatie uitschakelen",
-    "2faCode": "TOTP-code"
-  },
-  "setup": {
-    "welcome": "Welkom bij uw eerste installatie van wg-easy",
-    "welcomeDesc": "U hebt de gemakkelijkste manier gevonden om WireGuard op elke Linux-host te installeren en te beheren",
-    "existingSetup": "Heeft u een bestaande installatie?",
-    "createAdminDesc": "Voer eerst een beheerdersgebruikersnaam en een sterk veilig wachtwoord in. Deze gegevens worden gebruikt om in te loggen op uw beheerderspaneel.",
-    "setupConfigDesc": "Voer alstublieft de host- en poortinformatie in. Dit wordt gebruikt voor de clientconfiguratie bij het instellen van WireGuard op hun apparaten.",
-    "setupMigrationDesc": "Geef alstublieft het back-upbestand als u uw gegevens van uw vorige wg-easy-versie naar uw nieuwe installatie wilt overzetten.",
-    "upload": "Uploaden",
-    "migration": "Herstel de back-up:",
-    "createAccount": "Account aanmaken",
-    "successful": "Installatie succesvol",
-    "hostDesc": "Publieke hostnaam waar clients verbinding mee maken",
-    "portDesc": "Publieke UDP-poort waarop clients verbinding maken en waarop WireGuard luistert"
-  },
-  "update": {
-    "updateAvailable": "Er is een update beschikbaar!",
-    "update": "Bijwerken"
-  },
-  "theme": {
-    "dark": "Donker thema",
-    "light": "Licht thema",
-    "system": "Systeem-thema"
-  },
-  "layout": {
-    "toggleCharts": "Grafieken tonen/verbergen",
-    "donate": "Donatie"
-  },
-  "login": {
-    "signIn": "Inloggen",
-    "rememberMe": "Onthoud mij",
-    "rememberMeDesc": "Ingelogd blijven na het sluiten van de browser",
-    "insecure": "U kunt niet inloggen via een onveilige verbinding. Gebruik HTTPS.",
-    "2faRequired": "Twee-factor-authenticatie is vereist",
-    "2faWrong": "Twee-factor-authenticatiecode is fout"
-  },
-  "client": {
-    "empty": "Er zijn nog geen cliënten.",
-    "newShort": "Nieuw",
-    "sort": "Sortering",
-    "create": "Cliënt aanmaken",
-    "created": "Cliënt aangemaakt",
-    "new": "Nieuwe cliënt",
-    "name": "Naam",
-    "expireDate": "Verloopdatum",
-    "expireDateDesc": "Datum waarop de cliënt wordt uitgeschakeld. Laat leeg voor permanent.",
-    "delete": "Verwijderen",
-    "deleteClient": "Cliënt verwijderen",
-    "deleteDialog1": "Weet u zeker dat u wilt verwijderen",
-    "deleteDialog2": "Deze actie kan niet ongedaan worden gemaakt.",
-    "enabled": "Ingeschakeld",
-    "address": "Adres",
-    "serverAllowedIps": "Toegestane IP's van de server",
-    "otlDesc": "Korte eenmalige link genereren",
-    "permanent": "Permanent",
-    "createdOn": "Aangemaakt op ",
-    "lastSeen": "Laatst gezien op ",
-    "totalDownload": "Totaal gedownload: ",
-    "totalUpload": "Totaal geüpload: ",
-    "newClient": "Nieuwe cliënt",
-    "disableClient": "Cliënt uitschakelen",
-    "enableClient": "Cliënt inschakelen",
-    "noPrivKey": "Deze cliënt heeft geen bekende privésleutel. Kan de configuratie niet aanmaken.",
-    "showQR": "QR-code weergeven",
-    "downloadConfig": "Configuratie downloaden",
-    "allowedIpsDesc": "Welke IP's via de VPN worden geleid (overschrijft algemene instellingen)",
-    "serverAllowedIpsDesc": "Naar welke IP's de server het cliëntverkeer zal routeren",
-    "mtuDesc": "Stelt de maximale transmissie-eenheid (pakketgrootte) voor de VPN-tunnel in",
-    "persistentKeepaliveDesc": "Stelt het interval (seconden) in voor keep-alive-pakketten. 0 schakelt dit uit",
-    "hooks": "Hooks",
-    "hooksDescription": "Hooks functioneren alleen met wg-quick",
-    "hooksLeaveEmpty": "Alleen voor wg-quick. Anders leeg laten",
-    "dnsDesc": "DNS-serverclients zullen gebruiken (overschrijft algemene instellingen)",
-    "notConnected": "Cliënt niet verbonden",
-    "endpoint": "Eindpunt",
-    "endpointDesc": "IP van de cliënt vanaf welke de WireGuard-verbinding tot stand wordt gebracht",
-    "search": "Cliënten zoeken...",
-    "config": "Configuratie",
-    "viewConfig": "Configuratie weergeven",
-    "firewallIps": "Firewall-toegestane IPs",
-    "firewallIpsDesc": "Bestemmings-IP's/CIDR's waartoe deze client toegang heeft (handhaving aan de serverzijde). Laat leeg om Toegestane IP's te gebruiken. Ondersteunt optionele poort - en protocolfiltering. Zie documentatie voor syntaxis.",
-    "downloadPng": "PNG downloaden",
-    "copyPng": "PNG kopiëren"
-  },
-  "dialog": {
-    "change": "Wijzigen",
-    "cancel": "Annuleren",
-    "create": "Aanmaken"
-  },
-  "toast": {
-    "success": "Succes",
-    "saved": "Opgeslagen",
-    "error": "Fout",
-    "unknown": "Onbekende fout. Zie console voor meer details"
-  },
-  "form": {
-    "actions": "Acties",
-    "save": "Opslaan",
-    "revert": "Terugzetten",
-    "sectionGeneral": "Algemeen",
-    "sectionAdvanced": "Geavanceerd",
-    "noItems": "Geen items",
-    "nullNoItems": "Geen items. Globale configuratie gebruiken",
-    "add": "Toevoegen"
-  },
-  "admin": {
-    "general": {
-      "sessionTimeout": "Sessie verlopen",
-      "sessionTimeoutDesc": "Sessieduur voor Onthoud mij (sec.)",
-      "metrics": "Metrics",
-      "metricsPassword": "Wachtwoord",
-      "metricsPasswordDesc": "Bearer-wachtwoord voor het metrics-eindpunt (wachtwoord of argon2-hash)",
-      "json": "JSON",
-      "jsonDesc": "Route voor metrics in JSON-formaat",
-      "prometheus": "Prometheus",
-      "prometheusDesc": "Route voor Prometheus-metrics"
-    },
-    "config": {
-      "connection": "Verbinding",
-      "hostDesc": "Publieke hostnaam waarmee cliënten verbinding maken (maakt configuratie ongedaan)",
-      "portDesc": "Publieke UDP-poort waarmee clients verbinding maken (maakt configuratie ongedaan; u dient waarschijnlijk ook de interfacepoort te wijzigen)",
-      "allowedIpsDesc": "Toegestane IP's die cliënten zullen gebruiken (algemene configuratie)",
-      "dnsDesc": "DNS-server die cliënten zullen gebruiken (algemene configuratie)",
-      "mtuDesc": "MTU die cliënten zullen gebruiken (alleen voor nieuwe cliënten)",
-      "persistentKeepaliveDesc": "Interval in seconden om keepalives naar de server te sturen. 0 = uitgeschakeld (alleen voor nieuwe cliënten)",
-      "suggest": "Voorstellen",
-      "suggestDesc": "Kies een IP-adres of hostnaam voor het veld Host"
-    },
-    "interface": {
-      "cidrSuccess": "CIDR gewijzigd",
-      "device": "Apparaat",
-      "deviceDesc": "Ethernet-apparaat waar het WireGuard-verkeer doorheen moet worden doorgestuurd",
-      "mtuDesc": "MTU die WireGuard zal toepassen",
-      "portDesc": "UDP-poort waarop WireGuard zal luisteren (u dient waarschijnlijk ook de Config-poort te wijzigen)",
-      "changeCidr": "CIDR wijzigen",
-      "restart": "Interface opnieuw starten",
-      "restartDesc": "WireGuard-interface opnieuw starten",
-      "restartWarn": "Weet u zeker dat u de interface wilt herstarten? Dit zal alle cliënten loskoppelen.",
-      "restartSuccess": "Interface opnieuw gestart",
-      "firewall": "Traffic-filtering",
-      "firewallEnabled": "Per-Client Firewall inschakelen",
-      "firewallEnabledDesc": "Beperk het cliëntverkeer tot specifieke bestemmings-IP's met behulp van iptables. Indien ingeschakeld, kan elke cliënt worden geconfigureerd met toegestane bestemmingen."
-    },
-    "introText": "Welkom bij het Admin-paneel.\n\nHier kunt u de algemene instellingen, de configuratie, de interface-instellingen en de hooks beheren.\n\nBegin met het kiezen van een van de secties in de zijbalk."
-  },
-  "zod": {
-    "generic": {
-      "required": "{0} is vereist",
-      "validNumber": "{0} moet een geldig getal zijn",
-      "validNumberRange": "{0} moet een geldig getal of bereik zijn",
-      "validString": "{0} moet een geldige tekenreeks zijn",
-      "validBoolean": "{0} moet een geldige boolean zijn",
-      "validArray": "{0} moet een geldige array zijn",
-      "stringMin": "{0} moet minstens {1} teken bevatten",
-      "numberMin": "{0} moet minstens {1} zijn"
-    },
-    "client": {
-      "id": "Cliënt-ID",
-      "name": "Naam",
-      "expiresAt": "Verloopt op",
-      "address4": "IPv4-adres",
-      "address6": "IPv6-adres",
-      "serverAllowedIps": "Toegestane IP's van de server",
-      "firewallIps": "Firewall-toegestane IPs",
-      "firewallIpsInvalid": "Ongeldige IP-invoer van firewall. Zie documentatie voor ondersteunde syntaxis."
-    },
-    "user": {
-      "username": "Gebruikersnaam",
-      "password": "Wachtwoord",
-      "remember": "Onthouden",
-      "name": "Naam",
-      "email": "E-mail",
-      "emailInvalid": "E-mail moet een geldig e-mailadres zijn",
-      "passwordMatch": "Wachtwoorden moeten overeenkomen",
-      "totpEnable": "TOTP inschakelen",
-      "totpEnableTrue": "TOTP inschakelen moet waar zijn",
-      "totpCode": "TOTP-code"
-    },
-    "userConfig": {
-      "host": "Host"
-    },
-    "general": {
-      "sessionTimeout": "Sessie-verlooptijd",
-      "metricsEnabled": "Metrics",
-      "metricsPassword": "Metrics-wachtwoord"
-    },
-    "interface": {
-      "cidr": "CIDR",
-      "device": "Apparaat",
-      "cidrValid": "CIDR moet geldig zijn"
-    },
-    "otl": "Eenmalige link",
-    "stringMalformed": "Tekenreeks is beschadigd",
-    "body": "Body moet een geldig object bevatten",
-    "hook": "Hook",
-    "enabled": "Ingeschakeld",
-    "mtu": "MTU",
-    "port": "Poort",
-    "persistentKeepalive": "Aanhoudende verbinding",
-    "address": "IP-adres",
-    "dns": "DNS",
-    "allowedIps": "Toegestane IP's",
-    "file": "Bestand"
-  },
-  "hooks": {
-    "preUp": "Pre-Up",
-    "postUp": "Post-Up",
-    "preDown": "Pre-Down",
-    "postDown": "Post-Down"
-  },
-  "copy": {
-    "notSupported": "Kopiëren wordt niet ondersteund",
-    "copied": "Gekopieerd!",
-    "failed": "Kopiëren is mislukt",
-    "copy": "Kopiëren"
-  },
-  "awg": {
-    "jCLabel": "Junk packet count (Jc)",
-    "jCDescription": "Aantal te verzenden junk packets (1-128, aanbevolen: 4-12)",
-    "jMinLabel": "Junk packet min size (Jmin)",
-    "jMinDescription": "Minimale grootte van junk packets (0-1279*, aanbevolen: 8, moet zijn < Jmax)",
-    "jMaxLabel": "Junk packet max size (Jmax)",
-    "jMaxDescription": "Maximale grootte van junk packets (1-1280*, aanbevolen: 80, moet zijn > Jmin)",
-    "s1Label": "Init packet junk size (S1)",
-    "s1Description": "Grootte Init packet junk (0-1132[1280* - 148 = 1132], aanbevolen: 15-150, S1+56 ≠ S2)",
-    "s2Label": "Response packet junk size (S2)",
-    "s2Description": "Grootte Response packet junk (0-1188[1280* - 92 = 1188], aanbevolen: 15-150)",
-    "s3Label": "Cookie reply packet junk size (S3)",
-    "s3Description": "Grootte Cookie reply packet junk",
-    "s4Label": "Transport packet junk size (S4)",
-    "s4Description": "Grootte Transport packet junk",
-    "h1Label": "Init magic header (H1)",
-    "h1Description": "Waarde of bereik Init packet header (X of X-Y, waarbij X<Y. Min. 5, max. 2147483647. Waarde of bereik mag niet overlappen met andere headers)",
-    "h2Label": "Response magic header (H2)",
-    "h2Description": "Waarde of bereik Response packet header (X of X-Y, waarbij X<Y. Min. 5, max. 2147483647. Waarde of bereik mag niet overlappen met andere headers)",
-    "h3Label": "Cookie reply magic header (H3)",
-    "h3Description": "Waarde of bereik Cookie reply packet header (X of X-Y, waarbij X<Y. Min. 5, max. 2147483647. Waarde of bereik mag niet overlappen met andere headers)",
-    "h4Label": "Transport magic header (H4)",
-    "h4Description": "Waarde of bereik Transport packet header (X of X-Y, waarbij X<Y. Min. 5, max. 2147483647. Waarde of bereik mag niet overlappen met andere headers)",
-    "i1Label": "Special junk packet 1 (I1)",
-    "i1Description": "Protocol mimic packet in hex formaat: <b 0x...>",
-    "i2Label": "Special junk packet 2 (I2)",
-    "i2Description": "Protocol mimic packet in hex formaat: <b 0x...>",
-    "i3Label": "Special junk packet 3 (I3)",
-    "i3Description": "Protocol mimic packet in hex formaat: <b 0x...>",
-    "i4Label": "Special junk packet 4 (I4)",
-    "i4Description": "Protocol mimic packet in hex formaat: <b 0x...>",
-    "i5Label": "Special junk packet 5 (I5)",
-    "i5Description": "Protocol mimic packet in hex formaat: <b 0x...>",
-    "mtuNote": "Waarden zijn afhankelijk van de MTU",
-    "obfuscationParameters": "AmneziaWG Obfuscation Parameters"
-  }
-}
@@ -1,9 +1,9 @@
 {
  "pages": {
    "me": "Konto",
-    "clients": "Klienci",
+    "clients": "Konta",
    "admin": {
-      "panel": "Panel administratora",
+      "panel": "Panel administracyjny",
      "general": "Ogólne",
      "config": "Konfiguracja",
      "interface": "Interfejs",
@@ -16,22 +16,22 @@
  "me": {
    "currentPassword": "Aktualne hasło",
    "enable2fa": "Włącz uwierzytelnianie dwuskładnikowe",
-    "enable2faDesc": "Zeskanuj kod QR aplikacją uwierzytelniającą lub wprowadź klucz ręcznie.",
+    "enable2faDesc": "Zeskanuj kod QR w aplikacji uwierzytelniającej lub wprowadź klucz ręcznie.",
    "2faKey": "Klucz TOTP",
    "2faCodeDesc": "Wprowadź kod z aplikacji uwierzytelniającej.",
    "disable2fa": "Wyłącz uwierzytelnianie dwuskładnikowe",
-    "disable2faDesc": "Wprowadź hasło, aby wyłączyć uwierzytelnianie dwuskładnikowe."
+    "disable2faDesc": "Wprowadź swoje hasło, aby wyłączyć uwierzytelnianie dwuskładnikowe."
  },
  "general": {
    "name": "Nazwa",
    "username": "Nazwa użytkownika",
    "password": "Hasło",
    "newPassword": "Nowe hasło",
-    "updatePassword": "Aktualizuj hasło",
+    "updatePassword": "Zmień hasło",
    "mtu": "MTU",
    "allowedIps": "Dozwolone adresy IP",
    "dns": "DNS",
-    "persistentKeepalive": "Utrzymywanie połączenia (Keepalive)",
+    "persistentKeepalive": "Stałe utrzymywanie połączenia",
    "logout": "Wyloguj",
    "continue": "Kontynuuj",
    "host": "Host",
@@ -44,42 +44,42 @@
    "2faCode": "Kod TOTP"
  },
  "setup": {
-    "welcome": "Witaj w pierwszej konfiguracji wg-easy",
-    "welcomeDesc": "Znalazłeś najłatwiejszy sposób na instalację i zarządzanie WireGuard na dowolnym hoście Linux",
-    "existingSetup": "Czy masz już istniejącą konfigurację?",
-    "createAdminDesc": "Najpierw wprowadź nazwę użytkownika administratora i silne hasło. Dane te będą używane do logowania się do panelu administracyjnego.",
-    "setupConfigDesc": "Wprowadź informacje o hoście i porcie. Zostaną one użyte do konfiguracji klientów podczas ustawiania WireGuard na ich urządzeniach.",
-    "setupMigrationDesc": "Wskaż plik kopii zapasowej, jeśli chcesz przenieść dane z poprzedniej wersji wg-easy do nowej konfiguracji.",
+    "welcome": "Witamy w pierwszej konfiguracji wg-easy",
+    "welcomeDesc": "Znalazłeś najprostszy sposób na instalację i zarządzanie WireGuard na dowolnym serwerze Linux",
+    "existingSetup": "Masz już istniejącą konfigurację?",
+    "createAdminDesc": "Podaj nazwę użytkownika administratora oraz silne, bezpieczne hasło. Informacje te będą używane do logowania w panelu administracyjnym.",
+    "setupConfigDesc": "Podaj informacje o hoście i porcie. Będą one używane w konfiguracji klienta podczas uruchamiania WireGuard na jego urządzeniach.",
+    "setupMigrationDesc": "Podaj plik kopii zapasowej, jeśli chcesz przenieść dane ze starszej wersji wg-easy do nowej instalacji.",
    "upload": "Prześlij",
    "migration": "Przywróć kopię zapasową:",
    "createAccount": "Utwórz konto",
    "successful": "Konfiguracja zakończona sukcesem",
-    "hostDesc": "Publiczna nazwa hosta, z którą będą łączyć się klienci",
-    "portDesc": "Publiczny port UDP, na którym WireGuard będzie nasłuchiwać i z którym połączą się klienci"
+    "hostDesc": "Publiczny host, do którego będą łączyć się klienci",
+    "portDesc": "Publiczny port UDP, na którym WireGuard będzie nasłuchiwał i do którego będą łączyć się klienci"
  },
  "update": {
    "updateAvailable": "Dostępna jest aktualizacja!",
    "update": "Aktualizuj"
  },
  "theme": {
-    "dark": "Ciemny motyw",
-    "light": "Jasny motyw",
+    "dark": "Motyw ciemny",
+    "light": "Motyw jasny",
    "system": "Motyw systemowy"
  },
  "layout": {
    "toggleCharts": "Pokaż/ukryj wykresy",
-    "donate": "Dotacja"
+    "donate": "Wesprzyj"
  },
  "login": {
    "signIn": "Zaloguj się",
    "rememberMe": "Zapamiętaj mnie",
    "rememberMeDesc": "Pozostań zalogowany po zamknięciu przeglądarki",
-    "insecure": "Nie możesz zalogować się przez niezabezpieczone połączenie. Użyj HTTPS.",
-    "2faRequired": "Wymagane jest uwierzytelnianie dwuskładnikowe",
-    "2faWrong": "Błędny kod uwierzytelniania dwuskładnikowego"
+    "insecure": "Nie możesz się zalogować przez niezabezpieczone połączenie. Użyj HTTPS.",
+    "2faRequired": "Wymagane uwierzytelnianie dwuskładnikowe",
+    "2faWrong": "Nieprawidłowy kod uwierzytelniania dwuskładnikowego"
  },
  "client": {
-    "empty": "Nie ma jeszcze żadnych klientów.",
+    "empty": "Brak klientów.",
    "newShort": "Nowy",
    "sort": "Sortuj",
    "create": "Utwórz klienta",
@@ -87,44 +87,36 @@
    "new": "Nowy klient",
    "name": "Nazwa",
    "expireDate": "Data wygaśnięcia",
-    "expireDateDesc": "Data, w której klient zostanie wyłączony. Pozostaw puste dla bezterminowego dostępu",
-    "delete": "Usuń",
+    "expireDateDesc": "Data, po której klient zostanie wyłączony. Puste = na stałe",
    "deleteClient": "Usuń klienta",
-    "deleteDialog1": "Czy na pewno chcesz usunąć klienta",
-    "deleteDialog2": "Tej operacji nie można cofnąć.",
+    "deleteDialog1": "Czy na pewno chcesz usunąć",
+    "deleteDialog2": "Tej akcji nie można cofnąć.",
    "enabled": "Włączony",
    "address": "Adres",
    "serverAllowedIps": "Dozwolone adresy IP serwera",
-    "otlDesc": "Generuj krótki link jednorazowy",
+    "otlDesc": "Wygeneruj jednorazowy krótki link",
    "permanent": "Stały",
-    "createdOn": "Utworzono: ",
-    "lastSeen": "Ostatnio widziany: ",
-    "totalDownload": "Pobieranie łącznie: ",
-    "totalUpload": "Wysyłanie łącznie: ",
+    "createdOn": "Utworzony ",
+    "lastSeen": "Ostatnio widziany ",
+    "totalDownload": "Łączne pobieranie: ",
+    "totalUpload": "Łączne wysyłanie: ",
    "newClient": "Nowy klient",
    "disableClient": "Wyłącz klienta",
    "enableClient": "Włącz klienta",
-    "noPrivKey": "Ten klient nie posiada klucza prywatnego. Nie można utworzyć konfiguracji.",
+    "noPrivKey": "Ten klient nie ma znanego klucza prywatnego. Nie można utworzyć konfiguracji.",
    "showQR": "Pokaż kod QR",
    "downloadConfig": "Pobierz konfigurację",
-    "allowedIpsDesc": "Adresy IP kierowane przez VPN (nadpisuje konfigurację globalną)",
-    "serverAllowedIpsDesc": "Adresy IP, które serwer będzie kierował do klienta",
-    "mtuDesc": "Ustawia maksymalną jednostkę transmisji (rozmiar pakietu) dla tunelu VPN",
-    "persistentKeepaliveDesc": "Ustawia interwał (w sekundach) dla pakietów utrzymujących połączenie. 0 wyłącza.",
+    "allowedIpsDesc": "Które adresy IP będą kierowane przez VPN (nadpisuje konfigurację globalną)",
+    "serverAllowedIpsDesc": "Które adresy IP serwer będzie kierował do klienta",
+    "mtuDesc": "Ustawia maksymalny rozmiar pakietu (MTU) dla tunelu VPN",
+    "persistentKeepaliveDesc": "Ustawia interwał (w sekundach) wysyłania pakietów keep-alive. 0 = wyłączone",
    "hooks": "Hooki",
    "hooksDescription": "Hooki działają tylko z wg-quick",
-    "hooksLeaveEmpty": "Tylko dla wg-quick. W przeciwnym razie pozostaw puste",
-    "dnsDesc": "Serwer DNS dla klientów (nadpisuje konfigurację globalną)",
-    "notConnected": "Klient niepołączony",
+    "hooksLeaveEmpty": "Tylko dla wg-quick. W innym przypadku pozostaw puste",
+    "dnsDesc": "Serwer DNS, którego będą używać klienci (nadpisuje konfigurację globalną)",
+    "notConnected": "Klient nie jest połączony",
    "endpoint": "Punkt końcowy",
-    "endpointDesc": "Adres IP klienta, z którego ustanowiono połączenie WireGuard",
-    "search": "Szukaj klientów...",
-    "config": "Konfiguracja",
-    "viewConfig": "Zobacz konfigurację",
-    "firewallIps": "Dozwolone IP zapory",
-    "firewallIpsDesc": "Docelowe adresy IP/CIDR, do których ten klient ma dostęp (wymuszane po stronie serwera). Pozostaw puste, aby użyć Dozwolonych IP. Obsługuje opcjonalne filtrowanie portów i protokołów. Zobacz dokumentację dla składni.",
-    "downloadPng": "Pobierz PNG",
-    "copyPng": "Kopiuj PNG"
+    "endpointDesc": "Adres IP klienta, z którego ustanawiane jest połączenie WireGuard"
  },
  "dialog": {
    "change": "Zmień",
@@ -134,8 +126,7 @@
  "toast": {
    "success": "Sukces",
    "saved": "Zapisano",
-    "error": "Błąd",
-    "unknown": "Nieznany błąd. Sprawdź konsolę, aby uzyskać więcej szczegółów"
+    "error": "Błąd"
  },
  "form": {
    "actions": "Akcje",
@@ -144,16 +135,16 @@
    "sectionGeneral": "Ogólne",
    "sectionAdvanced": "Zaawansowane",
    "noItems": "Brak elementów",
-    "nullNoItems": "Brak elementów. Używanie konfiguracji globalnej",
+    "nullNoItems": "Brak elementów. Używana konfiguracja globalna",
    "add": "Dodaj"
  },
  "admin": {
    "general": {
      "sessionTimeout": "Limit czasu sesji",
-      "sessionTimeoutDesc": "Czas trwania sesji dla 'Zapamiętaj mnie' (w sekundach)",
+      "sessionTimeoutDesc": "Czas trwania sesji dla opcji Zapamiętaj mnie (w sekundach)",
      "metrics": "Metryki",
      "metricsPassword": "Hasło",
-      "metricsPasswordDesc": "Hasło Bearer dla punktu końcowego metryk (hasło lub hash argon2)",
+      "metricsPasswordDesc": "Hasło Bearer dla endpointu metryk (hasło lub hash argon2)",
      "json": "JSON",
      "jsonDesc": "Ścieżka dla metryk w formacie JSON",
      "prometheus": "Prometheus",
@@ -161,63 +152,57 @@
    },
    "config": {
      "connection": "Połączenie",
-      "hostDesc": "Publiczna nazwa hosta, z którą będą łączyć się klienci (unieważnia konfigurację)",
-      "portDesc": "Publiczny port UDP klientów (unieważnia konfigurację; zaleca się także zmianę Portu Interfejsu)",
+      "hostDesc": "Publiczny host, do którego będą łączyć się klienci (unieważnia konfigurację)",
+      "portDesc": "Publiczny port UDP, do którego będą łączyć się klienci (unieważnia konfigurację, prawdopodobnie należy też zmienić port interfejsu)",
      "allowedIpsDesc": "Dozwolone adresy IP klientów (konfiguracja globalna)",
      "dnsDesc": "Serwer DNS klientów (konfiguracja globalna)",
      "mtuDesc": "MTU klientów (tylko dla nowych klientów)",
-      "persistentKeepaliveDesc": "Interwał wysyłania pakietów keepalive do serwera (sekundy). 0 = wyłączone (tylko dla nowych klientów)",
+      "persistentKeepaliveDesc": "Interwał w sekundach dla keepalive do serwera. 0 = wyłączone (tylko dla nowych klientów)",
      "suggest": "Sugeruj",
      "suggestDesc": "Wybierz adres IP lub nazwę hosta dla pola Host"
    },
    "interface": {
      "cidrSuccess": "Zmieniono CIDR",
      "device": "Urządzenie",
-      "deviceDesc": "Interfejs sieciowy, przez który ma być przekazywany ruch WireGuard",
-      "mtuDesc": "MTU, którego będzie używać WireGuard",
-      "portDesc": "Port UDP, na którym będzie nasłuchiwać WireGuard (zaleca się także zmianę Portu Konfiguracji)",
+      "deviceDesc": "Urządzenie sieciowe, przez które ma być przekazywany ruch WireGuard",
+      "mtuDesc": "MTU używane przez WireGuard",
+      "portDesc": "Port UDP, na którym WireGuard będzie nasłuchiwał (prawdopodobnie trzeba też zmienić port w konfiguracji)",
      "changeCidr": "Zmień CIDR",
-      "restart": "Restartuj interfejs",
+      "restart": "Restart interfejsu",
      "restartDesc": "Zrestartuj interfejs WireGuard",
-      "restartWarn": "Czy na pewno chcesz zrestartować interfejs? Spowoduje to rozłączenie wszystkich klientów.",
-      "restartSuccess": "Interfejs zrestartowany",
-      "firewall": "Filtrowanie ruchu",
-      "firewallEnabled": "Włącz zaporę per-klient",
-      "firewallEnabledDesc": "Ogranicz ruch klienta do określonych docelowych adresów IP za pomocą iptables. Gdy włączone, każdy klient może mieć skonfigurowane dozwolone cele."
+      "restartWarn": "Czy na pewno chcesz zrestartować interfejs? Wszyscy klienci zostaną rozłączeni.",
+      "restartSuccess": "Interfejs zrestartowany"
    },
-    "introText": "Witaj w panelu administratora.\n\nTutaj możesz zarządzać ustawieniami ogólnymi, konfiguracją, ustawieniami interfejsu i hookami.\n\nZacznij od wybrania jednej z sekcji na pasku bocznym."
+    "introText": "Witamy w panelu administracyjnym.\n\nTutaj możesz zarządzać ustawieniami ogólnymi, konfiguracją, interfejsem i hookami.\n\nZacznij od wybrania jednej z sekcji w pasku bocznym."
  },
  "zod": {
    "generic": {
      "required": "{0} jest wymagane",
      "validNumber": "{0} musi być prawidłową liczbą",
-      "validNumberRange": "{0} musi być prawidłową liczbą lub zakresem liczb",
-      "validString": "{0} musi być prawidłowym ciągiem znaków",
+      "validString": "{0} musi być prawidłowym tekstem",
      "validBoolean": "{0} musi być prawidłową wartością logiczną",
      "validArray": "{0} musi być prawidłową tablicą",
      "stringMin": "{0} musi mieć co najmniej {1} znaków",
-      "numberMin": "{0} musi wynosić co najmniej {1}"
+      "numberMin": "{0} musi być co najmniej {1}"
    },
    "client": {
      "id": "ID klienta",
      "name": "Nazwa",
-      "expiresAt": "Wygasa dnia",
+      "expiresAt": "Wygasa",
      "address4": "Adres IPv4",
      "address6": "Adres IPv6",
-      "serverAllowedIps": "Dozwolone IP serwerowe",
-      "firewallIps": "Dozwolone IP zapory",
-      "firewallIpsInvalid": "Nieprawidłowy wpis IP zapory. Zobacz dokumentację dla obsługiwanej składni."
+      "serverAllowedIps": "Dozwolone adresy IP serwera"
    },
    "user": {
      "username": "Nazwa użytkownika",
      "password": "Hasło",
      "remember": "Zapamiętaj",
-      "name": "Nazwa",
+      "name": "Imię",
      "email": "E-mail",
-      "emailInvalid": "E-mail musi być prawidłowym adresem",
+      "emailInvalid": "E-mail musi być prawidłowy",
      "passwordMatch": "Hasła muszą się zgadzać",
      "totpEnable": "Włącz TOTP",
-      "totpEnableTrue": "Włączenie TOTP musi mieć wartość prawda",
+      "totpEnableTrue": "TOTP musi być włączone",
      "totpCode": "Kod TOTP"
    },
    "userConfig": {
@@ -226,24 +211,24 @@
    "general": {
      "sessionTimeout": "Limit czasu sesji",
      "metricsEnabled": "Metryki",
-      "metricsPassword": "Hasło metryk"
+      "metricsPassword": "Hasło do metryk"
    },
    "interface": {
      "cidr": "CIDR",
      "device": "Urządzenie",
      "cidrValid": "CIDR musi być prawidłowy"
    },
-    "otl": "Link jednorazowy",
-    "stringMalformed": "Ciąg znaków jest zniekształcony",
-    "body": "Body musi być prawidłowym obiektem",
+    "otl": "Jednorazowy link",
+    "stringMalformed": "Nieprawidłowy format tekstu",
+    "body": "Treść musi być prawidłowym obiektem",
    "hook": "Hook",
    "enabled": "Włączone",
    "mtu": "MTU",
    "port": "Port",
-    "persistentKeepalive": "Utrzymywanie połączenia",
+    "persistentKeepalive": "Stałe utrzymywanie połączenia",
    "address": "Adres IP",
    "dns": "DNS",
-    "allowedIps": "Dozwolone IP",
+    "allowedIps": "Dozwolone adresy IP",
    "file": "Plik"
  },
  "hooks": {
@@ -251,47 +236,5 @@
    "postUp": "PostUp",
    "preDown": "PreDown",
    "postDown": "PostDown"
-  },
-  "copy": {
-    "notSupported": "Kopiowanie nie jest obsługiwane",
-    "copied": "Skopiowano!",
-    "failed": "Kopiowanie nieudane",
-    "copy": "Kopiuj"
-  },
-  "awg": {
-    "jCLabel": "Liczba pakietów śmieci (Jc)",
-    "jCDescription": "Liczba pakietów śmieci do wysłania (1-128, zalecane: 4-12)",
-    "jMinLabel": "Minimalny rozmiar pakietu śmieci (Jmin)",
-    "jMinDescription": "Minimalny rozmiar pakietów śmieci (0-1279*, zalecane: 8, musi być < Jmax)",
-    "jMaxLabel": "Maksymalny rozmiar pakietu śmieci (Jmax)",
-    "jMaxDescription": "Maksymalny rozmiar pakietów śmieci (1-1280*, zalecane: 80, musi być > Jmin)",
-    "s1Label": "Rozmiar śmieci pakietu inicjującego (S1)",
-    "s1Description": "Rozmiar śmieci pakietu inicjującego (0-1132, zalecane: 15-150, S1+56 ≠ S2)",
-    "s2Label": "Rozmiar śmieci pakietu odpowiedzi (S2)",
-    "s2Description": "Rozmiar śmieci pakietu odpowiedzi (0-1188, zalecane: 15-150)",
-    "s3Label": "Rozmiar śmieci pakietu odpowiedzi cookie (S3)",
-    "s3Description": "Rozmiar śmieci pakietu odpowiedzi cookie",
-    "s4Label": "Rozmiar śmieci pakietu transportowego (S4)",
-    "s4Description": "Rozmiar śmieci pakietu transportowego",
-    "h1Label": "Magiczny nagłówek inicjujący (H1)",
-    "h1Description": "Wartość lub zakres nagłówka pakietu inicjującego (X lub X-Y, gdzie X < Y. Min 5, max 2147483647. Wartości nie mogą nakładać się na inne nagłówki)",
-    "h2Label": "Magiczny nagłówek odpowiedzi (H2)",
-    "h2Description": "Wartość lub zakres nagłówka pakietu odpowiedzi (X lub X-Y, gdzie X < Y. Min 5, max 2147483647. Wartości nie mogą nakładać się na inne nagłówki)",
-    "h3Label": "Magiczny nagłówek odpowiedzi cookie (H3)",
-    "h3Description": "Wartość lub zakres nagłówka pakietu odpowiedzi cookie (X lub X-Y, gdzie X < Y. Min 5, max 2147483647. Wartości nie mogą nakładać się na inne nagłówki)",
-    "h4Label": "Magiczny nagłówek transportowy (H4)",
-    "h4Description": "Wartość lub zakres nagłówka pakietu transportowego (X lub X-Y, gdzie X < Y. Min 5, max 2147483647. Wartości nie mogą nakładać się na inne nagłówki)",
-    "i1Label": "Specjalny pakiet śmieci 1 (I1)",
-    "i1Description": "Pakiet imitujący protokół w formacie hex: <b 0x...>",
-    "i2Label": "Specjalny pakiet śmieci 2 (I2)",
-    "i2Description": "Pakiet imitujący protokół w formacie hex: <b 0x...>",
-    "i3Label": "Specjalny pakiet śmieci 3 (I3)",
-    "i3Description": "Pakiet imitujący protokół w formacie hex: <b 0x...>",
-    "i4Label": "Specjalny pakiet śmieci 4 (I4)",
-    "i4Description": "Pakiet imitujący protokół w formacie hex: <b 0x...>",
-    "i5Label": "Specjalny pakiet śmieci 5 (I5)",
-    "i5Description": "Pakiet imitujący protokół w formacie hex: <b 0x...>",
-    "mtuNote": "Wartości zależą od MTU",
-    "obfuscationParameters": "Parametry maskowania AmneziaWG"
  }
 }
@@ -3,10 +3,10 @@
    "me": "Аккаунт",
    "clients": "Клиенты",
    "admin": {
-      "panel": "Админ-панель",
-      "general": "Общие настройки",
+      "panel": "Админ панель",
+      "general": "Общие",
      "config": "Конфигурация",
-      "interface": "Сетевой интерфейс",
+      "interface": "Интерфейс",
      "hooks": "Хуки"
    }
  },
@@ -16,11 +16,11 @@
  "me": {
    "currentPassword": "Текущий пароль",
    "enable2fa": "Включить двухфакторную аутентификацию",
-    "enable2faDesc": "Отсканируйте QR‑код с помощью приложения‑аутентификатора или введите ключ вручную.",
-    "2faKey": "Ключ TOTP",
-    "2faCodeDesc": "Введите код из приложения‑аутентификатора.",
+    "enable2faDesc": "Отсканируйте QR-код приложением-аутентификатором или введите ключ вручную.",
+    "2faKey": "TOTP-ключ",
+    "2faCodeDesc": "Введите код из приложения-аутентификатора.",
    "disable2fa": "Отключить двухфакторную аутентификацию",
-    "disable2faDesc": "Введите пароль, чтобы отключить двухфакторную аутентификацию."
+    "disable2faDesc": "Введите пароль, чтобы отключить двухфакторную аутентификацию"
  },
  "general": {
    "name": "Имя",
@@ -29,9 +29,9 @@
    "newPassword": "Новый пароль",
    "updatePassword": "Обновить пароль",
    "mtu": "MTU",
-    "allowedIps": "Разрешённые IP‑адреса",
+    "allowedIps": "Разрешённые IP",
    "dns": "DNS",
-    "persistentKeepalive": "Постоянное поддержание соединения",
+    "persistentKeepalive": "Постоянный keepalive",
    "logout": "Выйти",
    "continue": "Продолжить",
    "host": "Хост",
@@ -41,21 +41,21 @@
    "confirmPassword": "Подтвердите пароль",
    "loading": "Загрузка...",
    "2fa": "Двухфакторная аутентификация",
-    "2faCode": "Код TOTP"
+    "2faCode": "TOTP‑код"
  },
  "setup": {
    "welcome": "Добро пожаловать в первичную настройку wg-easy",
-    "welcomeDesc": "Вы нашли самый простой способ установить и управлять WireGuard на любом Linux‑хосте",
-    "existingSetup": "У вас уже есть существующая настройка?",
-    "createAdminDesc": "Сначала введите имя администратора и надёжный пароль. Эти данные будут использоваться для входа в Админ-панель.",
-    "setupConfigDesc": "Введите данные хоста и порта. Они будут использоваться для настройки клиента при установке WireGuard на устройствах.",
-    "setupMigrationDesc": "Укажите файл резервной копии, если хотите перенести данные из предыдущей версии wg-easy.",
+    "welcomeDesc": "Вы нашли самый простой способ установить и управлять WireGuard на любом Linux-хосте",
+    "existingSetup": "У вас уже есть существующая установка?",
+    "createAdminDesc": "Сначала введите имя администратора и надёжный пароль. Эти данные понадобятся для входа в панель управления",
+    "setupConfigDesc": "Введите информацию о хосте и порте. Она будет использоваться в конфигурации клиента при установке WireGuard на устройствах",
+    "setupMigrationDesc": "Укажите файл резервной копии, если хотите перенести данные из предыдущей версии wg-easy",
    "upload": "Загрузить",
    "migration": "Восстановить из резервной копии:",
    "createAccount": "Создать аккаунт",
-    "successful": "Настройка завершена успешно",
+    "successful": "Настройка успешна",
    "hostDesc": "Публичное имя хоста, к которому будут подключаться клиенты",
-    "portDesc": "Публичный UDP‑порт, к которому будут подключаться клиенты и на котором будет слушать WireGuard"
+    "portDesc": "Публичный UDP‑порт для подключения клиентов и прослушивания WireGuard"
  },
  "update": {
    "updateAvailable": "Доступно обновление!",
@@ -68,7 +68,7 @@
  },
  "layout": {
    "toggleCharts": "Показать/скрыть графики",
-    "donate": "Поддержать"
+    "donate": "Пожертвовать"
  },
  "login": {
    "signIn": "Войти",
@@ -87,19 +87,18 @@
    "new": "Новый клиент",
    "name": "Имя",
    "expireDate": "Дата отключения",
-    "expireDateDesc": "Дата, когда клиент будет отключён. Оставьте пустым для бессрочного доступа",
-    "delete": "Удалить",
+    "expireDateDesc": "Дата, когда клиент будет отключён. Пусто — бессрочно",
    "deleteClient": "Удалить клиента",
    "deleteDialog1": "Вы уверены, что хотите удалить",
-    "deleteDialog2": "Это действие нельзя отменить.",
-    "enabled": "Включён",
+    "deleteDialog2": "Это действие необратимо.",
+    "enabled": "Включен",
    "address": "Адрес",
-    "serverAllowedIps": "Разрешённые IP‑адреса сервера",
-    "otlDesc": "Сгенерировать короткую одноразовую ссылку",
-    "permanent": "Бессрочный",
+    "serverAllowedIps": "Разрешённые IP сервера",
+    "otlDesc": "Сгенерировать одноразовую короткую ссылку",
+    "permanent": "Постоянный",
    "createdOn": "Создан ",
    "lastSeen": "Последнее подключение ",
-    "totalDownload": "Всего скачано: ",
+    "totalDownload": "Всего загружено: ",
    "totalUpload": "Всего отправлено: ",
    "newClient": "Новый клиент",
    "disableClient": "Отключить клиента",
@@ -107,53 +106,45 @@
    "noPrivKey": "У этого клиента нет приватного ключа. Невозможно создать конфигурацию.",
    "showQR": "Показать QR‑код",
    "downloadConfig": "Скачать конфигурацию",
-    "allowedIpsDesc": "Какие IP‑адреса будут маршрутизироваться через VPN (переопределяет глобальную конфигурацию)",
-    "serverAllowedIpsDesc": "Какие IP‑адреса сервер будет отправлять клиенту",
-    "mtuDesc": "Максимальный размер пакета (MTU) для VPN‑туннеля",
-    "persistentKeepaliveDesc": "Устанавливает интервал (в секундах) для пакетов поддержания соединения. 0 — Отключить",
+    "allowedIpsDesc": "Какие IP будут маршрутизироваться через VPN (перезаписывает общую конфигурацию)",
+    "serverAllowedIpsDesc": "Какие IP сервер будет отправлять клиенту",
+    "mtuDesc": "Максимальный размер пакета для VPN‑туннеля",
+    "persistentKeepaliveDesc": "Интервал пакетов для поддержания соединения (в секундах). 0 — отключено.",
    "hooks": "Хуки",
-    "hooksDescription": "Хуки работают только с wg‑quick",
-    "hooksLeaveEmpty": "Только для wg‑quick. В остальных случаях оставьте пустым",
-    "dnsDesc": "DNS‑сервер, который будут использовать клиенты (переопределяет глобальную конфигурацию)",
+    "hooksDescription": "Хуки работают только с wg-quick",
+    "hooksLeaveEmpty": "Только для wg-quick. Иначе оставьте пустым",
+    "dnsDesc": "DNS‑сервер, который будут использовать клиенты (перезаписывает общую конфигурацию)",
    "notConnected": "Клиент не подключен",
-    "endpoint": "Точка подключения",
-    "endpointDesc": "IP‑адрес клиента, с которого установлено соединение WireGuard",
-    "search": "Поиск клиентов...",
-    "config": "Конфигурация",
-    "viewConfig": "Просмотреть конфигурацию",
-    "firewallIps": "Разрешённые фаерволом IP-адреса",
-    "firewallIpsDesc": "IP‑адреса/CIDR-диапазоны, к которым может получить доступ клиент (проверка на сервере). Оставьте пустым, будут использоваться «Разрешённые IP‑адреса» (AllowedIPs). Поддерживается фильтрация по портам и протоколам. Подробности см. в документации.",
-    "downloadPng": "Скачать PNG",
-    "copyPng": "Копировать PNG"
+    "endpoint": "Конечная точка",
+    "endpointDesc": "IP-адрес клиента, с которого установлено соединение WireGuard"
  },
  "dialog": {
    "change": "Изменить",
-    "cancel": "Отменить",
+    "cancel": "Отмена",
    "create": "Создать"
  },
  "toast": {
-    "success": "Успешно",
+    "success": "Успех",
    "saved": "Сохранено",
-    "error": "Ошибка",
-    "unknown": "Неизвестная ошибка. Подробности см. в консоли браузера"
+    "error": "Ошибка"
  },
  "form": {
    "actions": "Действия",
    "save": "Сохранить",
    "revert": "Отменить",
    "sectionGeneral": "Общие",
-    "sectionAdvanced": "Расширенные",
+    "sectionAdvanced": "Дополнительно",
    "noItems": "Нет элементов",
    "nullNoItems": "Нет элементов. Используется глобальная конфигурация",
    "add": "Добавить"
  },
  "admin": {
    "general": {
-      "sessionTimeout": "Время жизни сессии",
-      "sessionTimeoutDesc": "Длительность сессии для «Запомнить меня» (в секундах)",
+      "sessionTimeout": "Тайм-аут сессии",
+      "sessionTimeoutDesc": "Длительность сеанса для \"Запомнить меня\" (секунды)",
      "metrics": "Метрики",
      "metricsPassword": "Пароль",
-      "metricsPasswordDesc": "Пароль Bearer для конечной точки метрик (пароль или хэш argon2)",
+      "metricsPasswordDesc": "Пароль Bearer для эндпоинта метрик (пароль или хеш argon2)",
      "json": "JSON",
      "jsonDesc": "Путь для метрик в формате JSON",
      "prometheus": "Prometheus",
@@ -161,89 +152,83 @@
    },
    "config": {
      "connection": "Соединение",
-      "hostDesc": "Публичное имя хоста для подключения клиентов (обнуляет конфигурацию)",
-      "portDesc": "Публичный UDP‑порт для подключения клиентов (также рекомендуется изменить порт интерфейса)",
-      "allowedIpsDesc": "Разрешённые IP‑адреса для клиентов (глобальная конфигурация)",
-      "dnsDesc": "DNS‑сервер для клиентов (глобальная конфигурация)",
+      "hostDesc": "Публичное имя хоста для подключения клиентов (сбросит конфигурацию)",
+      "portDesc": "Публичный UDP‑порт для подключения клиентов (также стоит изменить порт интерфейса)",
+      "allowedIpsDesc": "Разрешённые IP для клиентов (общая конфигурация)",
+      "dnsDesc": "DNS‑сервер для клиентов (общая конфигурация)",
      "mtuDesc": "MTU для клиентов (только для новых)",
-      "persistentKeepaliveDesc": "Интервал в секундах для отправки пакетов поддержания соединения на сервер. 0 = отключено (только для новых клиентов)",
-      "suggest": "Предложить",
-      "suggestDesc": "Выберите IP‑адрес или имя хоста для поля «Хост»"
+      "persistentKeepaliveDesc": "Интервал отправки keepalive на сервер (секунды). 0 = отключено (только для новых)",
+      "suggest": "Определить",
+      "suggestDesc": "Выберите IP‑адрес или имя хоста для поля Host"
    },
    "interface": {
      "cidrSuccess": "CIDR изменён",
      "device": "Устройство",
-      "deviceDesc": "Сетевое устройство Ethernet, через которое должен проходить трафик WireGuard",
-      "mtuDesc": "MTU, который будет использовать WireGuard",
-      "portDesc": "UDP‑порт, на котором будет слушать WireGuard (возможно, также нужно изменить порт в конфигурации)",
+      "deviceDesc": "Сетевое устройство, через которое должен проходить трафик WireGuard",
+      "mtuDesc": "MTU, который использует WireGuard",
+      "portDesc": "UDP‑порт, на котором WireGuard будет слушать (возможно, нужно изменить и порт конфигурации)",
      "changeCidr": "Изменить CIDR",
      "restart": "Перезапустить интерфейс",
-      "restartDesc": "Перезапустить сетевой интерфейс WireGuard",
-      "restartWarn": "Вы уверены, что хотите перезапустить сетевой интерфейс? Это приведёт к отключению всех клиентов.",
-      "restartSuccess": "Интерфейс перезапущен",
-      "firewall": "Фильтрация трафика",
-      "firewallEnabled": "Включить фаервол для отдельных клиентов",
-      "firewallEnabledDesc": "Ограничить трафик клиентов до определённых IP‑адресов с помощью iptables. При включении для каждого клиента можно настроить список разрешённых адресов."
+      "restartDesc": "Перезапустить интерфейс WireGuard",
+      "restartWarn": "Вы уверены, что хотите перезапустить интерфейс? Все клиенты будут отключены.",
+      "restartSuccess": "Интерфейс перезапущен"
    },
-    "introText": "Добро пожаловать в панель администратора.\n\nЗдесь вы можете управлять общими настройками, конфигурацией, настройками интерфейса и хуками.\n\nНачните с выбора одного из разделов на боковой панели."
+    "introText": "Добро пожаловать в панель администратора.\n\nЗдесь вы можете управлять общими настройками, конфигурацией, параметрами интерфейса и хуками.\n\nНачните с выбора раздела в боковой панели."
  },
  "zod": {
    "generic": {
-      "required": "{0} обязательно для заполнения",
-      "validNumber": "{0} должно быть числом",
-      "validNumberRange": "{0} должно быть числом или диапазоном чисел",
-      "validString": "{0} должно быть строкой",
-      "validBoolean": "{0} должно быть логическим значением",
-      "validArray": "{0} должно быть массивом",
-      "stringMin": "{0} должно содержать не менее {1} символа",
-      "numberMin": "{0} должно быть не менее {1}"
+      "required": "{0} обязательное поле",
+      "validNumber": "{0} должен быть числом",
+      "validString": "{0} должна быть строкой",
+      "validBoolean": "{0} должен быть булевым значением",
+      "validArray": "{0} должен быть массивом",
+      "stringMin": "{0} должен содержать не менее {1} символов",
+      "numberMin": "{0} должен быть не меньше {1}"
    },
    "client": {
      "id": "ID клиента",
      "name": "Имя",
-      "expiresAt": "Дата окончания действия",
-      "address4": "IPv4‑адрес",
-      "address6": "IPv6‑адрес",
-      "serverAllowedIps": "Разрешённые IP‑адреса сервера",
-      "firewallIps": "Разрешённые фаерволом IP-адреса",
-      "firewallIpsInvalid": "Некорректная запись IP-адреса для фаервола. Поддерживаемый синтаксис см. в документации"
+      "expiresAt": "Действителен до",
+      "address4": "IPv4 адрес",
+      "address6": "IPv6 адрес",
+      "serverAllowedIps": "Разрешённые IP сервера"
    },
    "user": {
      "username": "Имя пользователя",
      "password": "Пароль",
      "remember": "Запомнить",
      "name": "Имя",
-      "email": "Электронная почта",
-      "emailInvalid": "Адрес электронной почты должен быть корректным",
+      "email": "Email",
+      "emailInvalid": "Email должен быть валидным",
      "passwordMatch": "Пароли должны совпадать",
      "totpEnable": "Включить TOTP",
-      "totpEnableTrue": "TOTP должен быть включён",
-      "totpCode": "Код TOTP"
+      "totpEnableTrue": "Необходимо включить TOTP",
+      "totpCode": "TOTP‑код"
    },
    "userConfig": {
      "host": "Хост"
    },
    "general": {
-      "sessionTimeout": "Время жизни сессии",
+      "sessionTimeout": "Тайм-аут сессии",
      "metricsEnabled": "Метрики",
      "metricsPassword": "Пароль для метрик"
    },
    "interface": {
      "cidr": "CIDR",
      "device": "Устройство",
-      "cidrValid": "CIDR должен быть корректным"
+      "cidrValid": "CIDR должен быть валидным"
    },
    "otl": "Одноразовая ссылка",
    "stringMalformed": "Строка имеет неверный формат",
-    "body": "Тело должно быть корректным объектом",
+    "body": "Тело должно быть объектом",
    "hook": "Хук",
    "enabled": "Включено",
    "mtu": "MTU",
    "port": "Порт",
-    "persistentKeepalive": "Постоянное поддержание соединения",
+    "persistentKeepalive": "Поддерживать соединение",
    "address": "IP‑адрес",
    "dns": "DNS",
-    "allowedIps": "Разрешённые IP‑адреса",
+    "allowedIps": "Разрешённые IP",
    "file": "Файл"
  },
  "hooks": {
@@ -251,47 +236,5 @@
    "postUp": "PostUp",
    "preDown": "PreDown",
    "postDown": "PostDown"
-  },
-  "copy": {
-    "notSupported": "Копирование не поддерживается",
-    "copied": "Скопировано!",
-    "failed": "Ошибка копирования",
-    "copy": "Копировать"
-  },
-  "awg": {
-    "jCLabel": "Количество мусорных пакетов (Jc)",
-    "jCDescription": "Число мусорных пакетов для отправки (1-128, рекомендуется: 4-12)",
-    "jMinLabel": "Минимальный размер мусорных пакетов (Jmin)",
-    "jMinDescription": "Минимальный размер мусорных пакетов (0-1279*, рекомендуется: 8, должен быть < Jmax)",
-    "jMaxLabel": "Максимальный размер мусорных пакетов (Jmax)",
-    "jMaxDescription": "Максимальный размер мусорных пакетов (1-1280*, рекомендуется: 80, должен быть > Jmin)",
-    "s1Label": "Размер мусорных данных в init-пакете (S1)",
-    "s1Description": "Размер мусорных данных в init-пакете (0-1132[1280* - 148 = 1132], рекомендуется: 15-150, S1+56 ≠ S2)",
-    "s2Label": "Размер мусорных данных в ответном пакете (S2)",
-    "s2Description": "Размер мусорных данных в ответном пакете (0-1188[1280* - 92 = 1188], рекомендуется: 15-150)",
-    "s3Label": "Размер мусорных данных в cookie-reply пакете (S3)",
-    "s3Description": "Размер мусорных данных в cookie-reply пакете",
-    "s4Label": "Размер мусорных данных в транспортном пакете (S4)",
-    "s4Description": "Размер мусорных данных в транспортном пакете",
-    "h1Label": "Init magic заголовок (H1)",
-    "h1Description": "Значение или диапазон заголовка init-пакета (X или X-Y, где X < Y. От 5 до 2147483647. Диапазоны H1–H4 не должны пересекаться между собой)",
-    "h2Label": "Response magic заголовок (H2)",
-    "h2Description": "Значение или диапазон заголовка ответного пакета (X или X-Y, где X < Y. От 5 до 2147483647. Диапазоны H1–H4 не должны пересекаться между собой)",
-    "h3Label": "Cookie reply magic заголовок (H3)",
-    "h3Description": "Значение или диапазон заголовка cookie-reply пакета (X или X-Y, где X < Y. От 5 до 2147483647. Диапазоны H1–H4 не должны пересекаться между собой)",
-    "h4Label": "Transport magic заголовок (H4)",
-    "h4Description": "Значение или диапазон заголовка транспортного пакета (X или X-Y, где X < Y. От 5 до 2147483647. Диапазоны H1–H4 не должны пересекаться между собой)",
-    "i1Label": "Специальный мусорный пакет 1 (I1)",
-    "i1Description": "Пакет имитации протокола в hex формате: <b 0x...>",
-    "i2Label": "Специальный мусорный пакет 2 (I2)",
-    "i2Description": "Пакет имитации протокола в hex формате: <b 0x...>",
-    "i3Label": "Специальный мусорный пакет 3 (I3)",
-    "i3Description": "Пакет имитации протокола в hex формате: <b 0x...>",
-    "i4Label": "Специальный мусорный пакет 4 (I4)",
-    "i4Description": "Пакет имитации протокола в hex формате: <b 0x...>",
-    "i5Label": "Специальный мусорный пакет 5 (I5)",
-    "i5Description": "Пакет имитации протокола в hex формате: <b 0x...>",
-    "mtuNote": "Значения зависят от MTU",
-    "obfuscationParameters": "Параметры обфускации AmneziaWG"
  }
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Bernd Storath	da61cb680f	fix docs	2025-11-17 11:44:21 +01:00
copilot-swe-agent[bot]	8b5e6c4c7a	Use WG_PORT instead of WG_CLIENT_PORT for INIT_PORT fallback to match original behavior - Changed setup/2.post.ts to use WG_INTERFACE_OVERRIDE_ENV.PORT instead of WG_CLIENT_OVERRIDE_ENV.CLIENT_PORT - Changed sqlite.ts initialSetup to use WG_INTERFACE_OVERRIDE_ENV.PORT for consistency - Updated unattended-setup.md documentation: - Changed INIT_PORT description to clarify it sets both interface port and endpoint port - Updated warning text to reference WG_PORT (not WG_CLIENT_PORT) as the override fallback - This matches the original INIT_PORT behavior where updateHostPort() sets both ports to the same value Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>	2025-11-17 10:39:51 +00:00
copilot-swe-agent[bot]	e192855280	Fix discrepancies: use WG_CLIENT_PORT instead of WG_PORT for setup fallback - Fixed setup/2.post.ts to use WG_CLIENT_OVERRIDE_ENV.CLIENT_PORT instead of WG_INTERFACE_OVERRIDE_ENV.PORT - Fixed sqlite.ts initialSetup to use WG_CLIENT_OVERRIDE_ENV.CLIENT_PORT for consistency - Corrected unattended-setup.md documentation: - Changed INIT_HOST and INIT_PORT from group "1*" to group "2" - Clarified INIT_PORT description as "Port clients will connect to (endpoint port)" - Updated group numbers: DNS is group 3, CIDR is group 4, Allowed IPs is group 5 - Fixed warning text: setup requires groups 1 and 2, and use WG_CLIENT_PORT (not WG_PORT) - Ensures consistency between code behavior and documentation Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>	2025-11-17 10:31:11 +00:00
Bernd Storath	3a52e1321b	fix description	2025-11-17 11:26:28 +01:00
Bernd Storath	b29703af86	fix override and init option	2025-11-17 11:23:51 +01:00
copilot-swe-agent[bot]	516a3fa72c	Skip setup step 4 (host/port) when override vars are set - Modified setup/2.post.ts to check for WG_HOST and WG_CLIENT_PORT overrides - If both overrides are set, auto-populate host/port and mark setup as complete - Updated setup/2.vue to check setup status after user creation and redirect appropriately - Modified setup middleware to allow access to success page during setup - Setup now completes after step 2 when host/port are provided via environment variables Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>	2025-11-17 09:49:53 +00:00
Bernd Storath	e5cdb2b57a	update docs	2025-11-17 10:42:21 +01:00
copilot-swe-agent[bot]	7fbc1cef68	Allow override vars to skip initial setup; split username/password from host/port in groups - Modified initialSetup to use WG_* override vars as fallback for INIT_* vars - Split group 1: USERNAME and PASSWORD remain in group 1 - Moved HOST and PORT to group 2 (can use WG_HOST and WG_CLIENT_PORT) - DNS moved to group 3 (can use WG_DEFAULT_DNS) - CIDR moved to group 4 (can use WG_IPV4_CIDR and WG_IPV6_CIDR) - Allowed IPs moved to group 5 (can use WG_DEFAULT_ALLOWED_IPS) - Updated documentation to explain override fallback behavior - Setup can now be skipped with INIT_USERNAME, INIT_PASSWORD, and override vars Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>	2025-11-17 09:34:01 +00:00
Bernd Storath	432e7a8197	update migration guide	2025-11-17 10:18:58 +01:00
Bernd Storath	d12045e10c	fix ui, fix client	2025-11-17 10:15:22 +01:00
copilot-swe-agent[bot]	015f3c5ba2	Fix documentation discrepancy about UI behavior - Corrected override behavior description in optional-config.md - Web UI displays database values with warning indicators, not overridden values - Clarified that overrides take precedence at runtime, not in the UI display Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>	2025-11-17 08:44:54 +00:00
Bernd Storath	e42f7313ab	fixes	2025-11-17 09:37:06 +01:00
Bernd Storath	993c130f65	format code	2025-11-14 15:41:48 +01:00
copilot-swe-agent[bot]	fbf24410db	Add metrics password override and implement frontend UI indicators Backend changes: - Added WG_METRICS_PASSWORD environment variable override - Updated applyGeneralOverrides() to include metrics password - Updated /api/admin/overrides endpoint to include metrics password Frontend changes: - Added override indicators (warning icons with tooltips) to all form fields - Updated TextField, NumberField, NullTextField, SwitchField, HostField, ArrayField components - Added overridden prop support to all form components - Fetched /api/admin/overrides in all admin pages (interface, general, config, hooks) - Warning icon displays when field is overridden by environment variable - ArrayField shows banner when overridden - Updated documentation with WG_METRICS_PASSWORD Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>	2025-11-14 14:30:56 +00:00
copilot-swe-agent[bot]	c1d5822f41	Add hooks overrides support with environment variables - Added WG_PRE_UP, WG_POST_UP, WG_PRE_DOWN, WG_POST_DOWN environment variables - Created applyHooksOverrides() helper function - Updated WireGuard service to apply hooks overrides when generating config - Updated /api/admin/overrides endpoint to include hooks override information - Updated documentation with hooks environment variables Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>	2025-11-14 14:10:07 +00:00
copilot-swe-agent[bot]	268916782d	Return database values in GET endpoints; add overrides info route; remove comments - GET endpoints now return raw database values (not overridden values) - Created /api/admin/overrides route that returns which fields are overridden by env vars - Removed comments from POST endpoints - Admin panel can now show database values and display indicators for overridden fields Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>	2025-11-14 13:52:54 +00:00
copilot-swe-agent[bot]	11ab71b5d2	Allow admin panel updates to be saved while overrides remain effective; remove WG_ENABLED - Remove WG_ENABLED environment variable (interface cannot be disabled) - Allow all admin panel updates to be saved to database - Environment variable overrides take precedence at runtime only - Users can now update values in admin panel even when overridden - Updated documentation to clarify override behavior Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>	2025-11-14 13:41:33 +00:00
copilot-swe-agent[bot]	67185192fd	Refactor environment variables with shorter names and add comprehensive override support - Rename OVERRIDE_INTERFACE_* to WG_* (shorter, non-conflicting) - Add interface overrides: WG_PORT, WG_DEVICE, WG_MTU, WG_IPV4_CIDR, WG_IPV6_CIDR, WG_ENABLED - Add client config overrides: WG_HOST, WG_CLIENT_PORT, WG_DEFAULT_DNS, WG_DEFAULT_ALLOWED_IPS, WG_DEFAULT_MTU, WG_DEFAULT_PERSISTENT_KEEPALIVE - Add general config overrides: WG_SESSION_TIMEOUT, WG_METRICS_PROMETHEUS, WG_METRICS_JSON - Update all API endpoints to apply and filter overrides - Update documentation with all new environment variables - Exclude AmneziaWG parameters (j, s, i, h) as requested Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>	2025-11-14 13:25:22 +00:00
copilot-swe-agent[bot]	5fd3ee9843	Format documentation with prettier Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>	2025-11-14 13:04:57 +00:00
copilot-swe-agent[bot]	e444936c04	Add environment variables to override admin panel interface settings Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>	2025-11-14 13:01:39 +00:00
copilot-swe-agent[bot]	5d6c35b183	Initial plan	2025-11-14 12:51:40 +00:00