2025-04-20 07:56:36 +02:00
187 changed files with 7572 additions and 12694 deletions
--- a/.github/workflows/build-deb.yml
+++ b/.github/workflows/build-deb.yml
@ -1,24 +1,6 @@
 name: Build Debian packages
-on:
+on: [push, pull_request]
  push:
    branches:
    - '*'
    paths:
    - .github/workflows/build-deb.yml
    - contrib/**
    - daemon/**
    - debian/**
    - i18n/**
    - libi2pd/**
    - libi2pd_client/**
    - Makefile
    - Makefile.linux
    tags:
    - '*'
  pull_request:
    branches:
    - '*'
 jobs:
  build:
@ -32,30 +14,26 @@ jobs:
    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
      with:
        fetch-depth: 0
    - name: Commit Hash
      id: commit
      uses: prompt/actions-commit-hash@v3.0.0
    - name: Build package
      uses: jtdor/build-deb-action@v1
      with:
        docker-image: debian:${{ matrix.dist }}-slim
        buildpackage-opts: --build=binary --no-sign
-        before-build-hook: debchange --controlmaint --local "+${{ steps.commit.outputs.short }}~${{ matrix.dist }}" -b --distribution ${{ matrix.dist }} "CI build"
+        before-build-hook: debchange --controlmaint --local "+${{ github.sha }}~${{ matrix.dist }}" -b --distribution ${{ matrix.dist }} "CI build"
        extra-build-deps: devscripts git
    - name: Upload package
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
      with:
        name: i2pd_${{ matrix.dist }}
        path: debian/artifacts/i2pd_*.deb
    - name: Upload debugging symbols
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
      with:
        name: i2pd-dbgsym_${{ matrix.dist }}
        path: debian/artifacts/i2pd-dbgsym_*.deb
--- a/.github/workflows/build-freebsd.yml
+++ b/.github/workflows/build-freebsd.yml
@ -1,24 +1,6 @@
 name: Build on FreeBSD
-on:
+on: [push, pull_request]
  push:
    branches:
    - '*'
    paths:
    - .github/workflows/build-freebsd.yml
    - build/CMakeLists.txt
    - build/cmake_modules/**
    - daemon/**
    - i18n/**
    - libi2pd/**
    - libi2pd_client/**
    - Makefile
    - Makefile.bsd
    tags:
    - '*'
  pull_request:
    branches:
    - '*'
 jobs:
  build:
@ -27,7 +9,7 @@ jobs:
    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Test in FreeBSD
      id: test
@ -44,7 +26,7 @@ jobs:
          gmake -j2
    - name: Upload artifacts
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
      with:
        name: i2pd-freebsd
        path: build/i2pd
--- a/.github/workflows/build-osx.yml
+++ b/.github/workflows/build-osx.yml
@ -1,22 +1,6 @@
 name: Build on OSX
-on:
+on: [push, pull_request]
  push:
    branches:
    - '*'
    paths:
    - .github/workflows/build-osx.yml
    - daemon/**
    - i18n/**
    - libi2pd/**
    - libi2pd_client/**
    - Makefile
    - Makefile.homebrew
    tags:
    - '*'
  pull_request:
    branches:
    - '*'
 jobs:
  build:
@ -30,16 +14,13 @@ jobs:
    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
-    - name: Install required formulae
+    - name: install packages
      run: |
        find /usr/local/bin -lname '*/Library/Frameworks/Python.framework/*' -delete
        brew update
        brew install boost miniupnpc openssl@1.1
-    - name: List installed formulae
+    - name: build application
      run: brew list
    - name: Build application
      run: make HOMEBREW=1 USE_UPNP=${{ matrix.with_upnp }} PREFIX=$GITHUB_WORKSPACE/output -j3
--- a/.github/workflows/build-windows-msvc.yml
+++ b/.github/workflows/build-windows-msvc.yml
@ -0,0 +1,52 @@
 name: Build on Windows with MSVC
 on: [push, pull_request]
 jobs:
  build:
    name: Build
    runs-on: windows-latest
    strategy:
      fail-fast: false
    steps:
    - name: Checkout
      uses: actions/checkout@v3
      with:
        fetch-depth: 0
    - name: Build and install zlib
      run: |
        powershell -Command "(Invoke-WebRequest -Uri https://raw.githubusercontent.com/r4sas/zlib.install/master/install.bat -OutFile install_zlib.bat)"
        powershell -Command "(Get-Content install_zlib.bat) | Set-Content install_zlib.bat" # fixing line endings
        set BUILD_TYPE=Debug
        ./install_zlib.bat
        set BUILD_TYPE=Release
        ./install_zlib.bat
        del install_zlib.bat
    - name: Install Boost
      uses: crazy-max/ghaction-chocolatey@v2
      with:
        args: install boost-msvc-14.3 --version=1.81.0
    - name: Install OpenSSL
      uses: crazy-max/ghaction-chocolatey@v2
      with:
        args: install openssl
    - name: Configure
      working-directory: build
      run: cmake -DWITH_STATIC=ON .
    - name: Build
      working-directory: build
      run: cmake --build . --config Debug -- -m
    - name: Upload artifacts
      uses: actions/upload-artifact@v3
      with:
        name: i2pd-msvc
        path: build/Debug/i2pd.*
--- a/.github/workflows/build-windows-msvc.yml-disabled
+++ b/.github/workflows/build-windows-msvc.yml-disabled
@ -1,80 +0,0 @@
 name: Build on Windows with MSVC
 on:
  push:
    branches:
    - '*'
    paths:
    - .github/workflows/build-windows-msvc.yml
    - build/CMakeLists.txt
    - build/cmake_modules/**
    - daemon/**
    - i18n/**
    - libi2pd/**
    - libi2pd_client/**
    - Win32/**
    tags:
    - '*'
  pull_request:
    branches:
    - '*'
 jobs:
  build:
    name: Build
    runs-on: windows-latest
    env:
      boost_path: ${{ github.workspace }}\boost_1_83_0
      openssl_path: ${{ github.workspace }}\openssl_3_2_1
    strategy:
      fail-fast: false
    steps:
    - name: Checkout
      uses: actions/checkout@v4
      with:
        fetch-depth: 0
    - name: Build and install zlib
      run: |
        powershell -Command "(Invoke-WebRequest -Uri https://raw.githubusercontent.com/r4sas/zlib.install/master/install.bat -OutFile install_zlib.bat)"
        powershell -Command "(Get-Content install_zlib.bat) | Set-Content install_zlib.bat" # fixing line endings
        set BUILD_TYPE=Debug
        ./install_zlib.bat
        set BUILD_TYPE=Release
        ./install_zlib.bat
        del install_zlib.bat
    - name: Install Boost
      run: |
        powershell -Command "(Start-BitsTransfer -Source https://sourceforge.net/projects/boost/files/boost-binaries/1.83.0/boost_1_83_0-msvc-14.3-64.exe/download -Destination boost_1_83_0-msvc-14.3-64.exe)"
        ./boost_1_83_0-msvc-14.3-64.exe /DIR="${{env.boost_path}}" /VERYSILENT /SUPPRESSMSGBOXES /SP-
    - name: Install OpenSSL
      run: |
        powershell -Command "(Start-BitsTransfer -Source https://slproweb.com/download/Win64OpenSSL-3_2_1.exe -Destination Win64OpenSSL-3_2_1.exe)"
        ./Win64OpenSSL-3_2_1.exe /DIR="${{env.openssl_path}}" /TASKS="copytobin" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
    - name: Make copy of the OpenSSL libraries for CMake
      run: |
        dir ${{ github.workspace }}
        dir ${{env.openssl_path}}\lib\VC
        dir ${{env.openssl_path}}\lib\VC\x64\
        dir ${{env.openssl_path}}\lib\VC\x64\MTd\
        xcopy /s /y "${{env.openssl_path}}\lib\VC\x64\MTd" "${{env.openssl_path}}\lib"
    - name: Configure
      working-directory: build
      run: cmake -DBoost_ROOT="${{env.boost_path}}" -DOPENSSL_ROOT_DIR="${{env.openssl_path}}" -DWITH_STATIC=ON .
    - name: Build
      working-directory: build
      run: cmake --build . --config Debug -- -m
    - name: Upload artifacts
      uses: actions/upload-artifact@v4
      with:
        name: i2pd-msvc
        path: build/Debug/i2pd.*
--- a/.github/workflows/build-windows.yml
+++ b/.github/workflows/build-windows.yml
@ -1,25 +1,6 @@
 name: Build on Windows
-on:
+on: [push, pull_request]
  push:
    branches:
    - '*'
    paths:
    - .github/workflows/build-windows.yml
    - build/CMakeLists.txt
    - build/cmake_modules/**
    - daemon/**
    - i18n/**
    - libi2pd/**
    - libi2pd_client/**
    - Win32/**
    - Makefile
    - Makefile.mingw
    tags:
    - '*'
  pull_request:
    branches:
    - '*'
 defaults:
  run:
@ -42,7 +23,7 @@ jobs:
    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
      with:
        fetch-depth: 0
@ -63,7 +44,7 @@ jobs:
        make USE_UPNP=yes DEBUG=no USE_GIT_VERSION=yes -j3
    - name: Upload artifacts
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
      with:
        name: i2pd-${{ matrix.arch_short }}.exe
        path: i2pd.exe
@ -84,7 +65,7 @@ jobs:
    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
      with:
        fetch-depth: 0
@ -102,7 +83,7 @@ jobs:
        cmake --build . -- -j3
    - name: Upload artifacts
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
      with:
        name: i2pd-cmake-${{ matrix.arch_short }}.exe
        path: build/i2pd.exe
@ -116,7 +97,7 @@ jobs:
    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
      with:
        fetch-depth: 0
@ -125,126 +106,34 @@ jobs:
      with:
        msystem: MINGW32
        install: base-devel git mingw-w64-i686-gcc mingw-w64-i686-boost mingw-w64-i686-openssl mingw-w64-i686-miniupnpc
        cache: true
        update: true
-    - name: Clone MinGW packages repository and revert boost to 1.85.0
+    - name: Build WinXP-capable CRT packages
      run: |
        git clone https://github.com/msys2/MINGW-packages
-        cd MINGW-packages
+        pushd MINGW-packages
-        git checkout 4cbb366edf2f268ac3146174b40ce38604646fc5 mingw-w64-boost
+        pushd mingw-w64-headers-git
        cd mingw-w64-boost
        sed -i 's/boostorg.jfrog.io\/artifactory\/main/archives.boost.io/' PKGBUILD
    # headers
    - name: Get headers package version
      id:  version-headers
      run: |
        echo "version=$(pacman -Si mingw-w64-i686-headers-git | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
    - name: Cache headers package
      uses: actions/cache@v4
      id: cache-headers
      with:
        path: MINGW-packages/mingw-w64-headers-git/*.zst
        key: winxp-headers-${{ steps.version-headers.outputs.version }}
    - name: Build WinXP-capable headers package
      if: steps.cache-headers.outputs.cache-hit != 'true'
      run: |
        cd MINGW-packages/mingw-w64-headers-git
        sed -i 's/0x601/0x501/' PKGBUILD
-        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm
-    - name: Install headers package
+        pacman --noconfirm -U mingw-w64-i686-headers-git-*-any.pkg.tar.zst
-      run: pacman --noconfirm -U MINGW-packages/mingw-w64-headers-git/mingw-w64-i686-*-any.pkg.tar.zst
+        popd
        pushd mingw-w64-crt-git
        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm
        pacman --noconfirm -U mingw-w64-i686-crt-git-*-any.pkg.tar.zst
        popd
        pushd mingw-w64-winpthreads-git
        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm
        pacman --noconfirm -U mingw-w64-i686-libwinpthread-git-*-any.pkg.tar.zst mingw-w64-i686-winpthreads-git-*-any.pkg.tar.zst
        popd
        popd
    # CRT
    - name: Get crt package version
      id:  version-crt
      run: |
        echo "version=$(pacman -Si mingw-w64-i686-crt-git | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
    - name: Cache crt package
      uses: actions/cache@v4
      id: cache-crt
      with:
        path: MINGW-packages/mingw-w64-crt-git/*.zst
        key: winxp-crt-${{ steps.version-crt.outputs.version }}
    - name: Build WinXP-capable crt package
      if: steps.cache-crt.outputs.cache-hit != 'true'
      run: |
        cd MINGW-packages/mingw-w64-crt-git
        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
    - name: Install crt package
      run: pacman --noconfirm -U MINGW-packages/mingw-w64-crt-git/mingw-w64-i686-*-any.pkg.tar.zst
    # winpthreads
    - name: Get winpthreads package version
      id:  version-winpthreads
      run: |
        echo "version=$(pacman -Si mingw-w64-i686-winpthreads-git | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
    - name: Cache winpthreads package
      uses: actions/cache@v4
      id: cache-winpthreads
      with:
        path: MINGW-packages/mingw-w64-winpthreads-git/*.zst
        key: winxp-winpthreads-${{ steps.version-winpthreads.outputs.version }}
    - name: Build WinXP-capable winpthreads package
      if: steps.cache-winpthreads.outputs.cache-hit != 'true'
      run: |
        cd MINGW-packages/mingw-w64-winpthreads-git
        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
    - name: Install winpthreads package
      run: pacman --noconfirm -U MINGW-packages/mingw-w64-winpthreads-git/mingw-w64-i686-*-any.pkg.tar.zst
    # OpenSSL
    - name: Get openssl package version
      id:  version-openssl
      run: |
        echo "version=$(pacman -Si mingw-w64-i686-openssl | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
    - name: Cache openssl package
      uses: actions/cache@v4
      id: cache-openssl
      with:
        path: MINGW-packages/mingw-w64-openssl/*.zst
        key: winxp-openssl-${{ steps.version-openssl.outputs.version }}
    - name: Build WinXP-capable openssl package
      if: steps.cache-openssl.outputs.cache-hit != 'true'
      run: |
        cd MINGW-packages/mingw-w64-openssl
        gpg --recv-keys D894E2CE8B3D79F5
        gpg --recv-keys 216094DFD0CB81EF
        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
    - name: Install openssl package
      run: pacman --noconfirm -U MINGW-packages/mingw-w64-openssl/mingw-w64-i686-*-any.pkg.tar.zst
    # Boost
    #- name: Get boost package version
    #  id:  version-boost
    #  run: |
    #    echo "version=$(pacman -Si mingw-w64-i686-boost | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
    - name: Cache boost package
      uses: actions/cache@v4
      id: cache-boost
      with:
        path: MINGW-packages/mingw-w64-boost/*.zst
        key: winxp-boost-1.85.0+crt-${{ steps.version-headers.outputs.version }}+ossl-${{ steps.version-openssl.outputs.version }}
    # Rebuild package if packages above has changed
    - name: Build WinXP-capable boost package
      if: steps.cache-boost.outputs.cache-hit != 'true'
      run: |
        cd MINGW-packages/mingw-w64-boost
        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
    - name: Remove boost packages
      run: pacman --noconfirm -R mingw-w64-i686-boost mingw-w64-i686-boost-libs
    - name: Install boost package
      run: pacman --noconfirm -U MINGW-packages/mingw-w64-boost/mingw-w64-i686-*-any.pkg.tar.zst
    # Building i2pd
    - name: Build application
      run: |
        mkdir -p obj/Win32 obj/libi2pd obj/libi2pd_client obj/daemon
        make USE_UPNP=yes DEBUG=no USE_GIT_VERSION=yes USE_WINXP_FLAGS=yes -j3
    - name: Upload artifacts
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
      with:
        name: i2pd-xp.exe
        path: i2pd.exe
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -1,24 +1,6 @@
 name: Build on Ubuntu
-on:
+on: [push, pull_request]
  push:
    branches:
    - '*'
    paths:
    - .github/workflows/build.yml
    - build/CMakeLists.txt
    - build/cmake_modules/**
    - daemon/**
    - i18n/**
    - libi2pd/**
    - libi2pd_client/**
    - Makefile
    - Makefile.linux
    tags:
    - '*'
  pull_request:
    branches:
    - '*'
 jobs:
  build-make:
@ -32,7 +14,7 @@ jobs:
    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: install packages
      run: |
@ -53,7 +35,7 @@ jobs:
    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: install packages
      run: |
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -37,29 +37,29 @@ jobs:
    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
+      uses: docker/setup-qemu-action@v2
    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v2
    - name: Login to DockerHub
-      uses: docker/login-action@v3
+      uses: docker/login-action@v2
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}
    - name: Login to GitHub Container registry
-      uses: docker/login-action@v3
+      uses: docker/login-action@v2
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}
    - name: Build container for ${{ matrix.archname }}
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v3
      with:
        context: ./contrib/docker
        file: ./contrib/docker/Dockerfile
@ -82,22 +82,22 @@ jobs:
    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
+      uses: docker/setup-qemu-action@v2
    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v2
    - name: Login to DockerHub
-      uses: docker/login-action@v3
+      uses: docker/login-action@v2
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}
    - name: Login to GitHub Container registry
-      uses: docker/login-action@v3
+      uses: docker/login-action@v2
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
@ -108,7 +108,7 @@ jobs:
      uses: Noelware/docker-manifest-action@master
      with:
        inputs: purplei2p/i2pd:latest
-        tags: purplei2p/i2pd:latest-amd64,purplei2p/i2pd:latest-i386,purplei2p/i2pd:latest-arm64,purplei2p/i2pd:latest-armv7
+        images: purplei2p/i2pd:latest-amd64,purplei2p/i2pd:latest-i386,purplei2p/i2pd:latest-arm64,purplei2p/i2pd:latest-armv7
        push: true
    - name: Create and push latest manifest image to GHCR
@ -116,7 +116,7 @@ jobs:
      uses: Noelware/docker-manifest-action@master
      with:
        inputs: ghcr.io/purplei2p/i2pd:latest
-        tags: ghcr.io/purplei2p/i2pd:latest-amd64,ghcr.io/purplei2p/i2pd:latest-i386,ghcr.io/purplei2p/i2pd:latest-arm64,ghcr.io/purplei2p/i2pd:latest-armv7
+        images: ghcr.io/purplei2p/i2pd:latest-amd64,ghcr.io/purplei2p/i2pd:latest-i386,ghcr.io/purplei2p/i2pd:latest-arm64,ghcr.io/purplei2p/i2pd:latest-armv7
        push: true
    - name: Store release version to env
@ -128,7 +128,7 @@ jobs:
      uses: Noelware/docker-manifest-action@master
      with:
        inputs: purplei2p/i2pd:latest,purplei2p/i2pd:latest-release,purplei2p/i2pd:release-${{ env.RELEASE_VERSION }}
-        tags: purplei2p/i2pd:latest-amd64,purplei2p/i2pd:latest-i386,purplei2p/i2pd:latest-arm64,purplei2p/i2pd:latest-armv7
+        images: purplei2p/i2pd:latest-amd64,purplei2p/i2pd:latest-i386,purplei2p/i2pd:latest-arm64,purplei2p/i2pd:latest-armv7
        push: true
    - name: Create and push release manifest to GHCR
@ -136,5 +136,5 @@ jobs:
      uses: Noelware/docker-manifest-action@master
      with:
        inputs: ghcr.io/purplei2p/i2pd:latest,ghcr.io/purplei2p/i2pd:latest-release,ghcr.io/purplei2p/i2pd:release-${{ env.RELEASE_VERSION }}
-        tags: ghcr.io/purplei2p/i2pd:latest-amd64,ghcr.io/purplei2p/i2pd:latest-i386,ghcr.io/purplei2p/i2pd:latest-arm64,ghcr.io/purplei2p/i2pd:latest-armv7
+        images: ghcr.io/purplei2p/i2pd:latest-amd64,ghcr.io/purplei2p/i2pd:latest-i386,ghcr.io/purplei2p/i2pd:latest-arm64,ghcr.io/purplei2p/i2pd:latest-armv7
        push: true
--- a/229
+++ b/229
@ -1,234 +1,7 @@
 # for this file format description,
 # see https://github.com/olivierlacan/keep-a-changelog
-## [2.56.0] - 2025-02-11
+## [2.50.0] - 2023-12-23
 ### Added
 - Config params for shared local destination
 - AddressBook full addresses cache
 - Decline transit tunnel to duplicated router
 - Recreate tunnels in random order
 ### Changed
 - Exclude disk operations from SSU2 and NTCP2 threads
 - Set minimal version for peer test to 0.9.62
 - Send ack requested flag after second SSU2 resend attempt
 - Shorter ECIESx25519 ack request interval for datagram and I2CP sessions
 - Don't change datagram routing path too often if unidirectional data stream
 - Reduce LeaseSet and local RouterInfo publishing confirmation intervals
 - Don't delete buffer of connected routers or if an update received
 - Smaller RouterInfo request timeout if sent directly
 - Persist local RouterInfo in separate thread
 - Don't recalculate and process ranges for every SSU2 Ack block
 - Reseeds list
 ### Fixed
 - Termination deadlock if SAM session is active
 - Race condition at tunnel endpoint
 - Inbound tunnel build encryption
 ## [2.55.0] - 2024-12-30
 ### Added
 - Support boost 1.87
 - "i2p.streaming.maxConcurrentStreams" tunnel's param to limit number of simultaneous streams
 - Separate thread for tunnel build requests
 - Show next peer and connectivity on "Transit tunnels" page
 - Tunnel name for local destination thread
 - Throttle incoming ECIESx25519 sessions
 - Send tunnel data to transport session directly if possible
 - Publish 'R' cap for yggdrasil-only routers, and 'U' cap for routers through proxy
 - Random tunnel rejection when medium congestion
 - Save unreachable router's endpoint to use it next time without introducers
 - Recognize symmetric NAT from peer test message 7
 - Resend HolePunch and RelayResponse messages
 ### Changed
 - Removed own implementation of AESNI and always use one from openssl
 - Renamed main thread to i2pd-daemon
 - Set i2p.streaming.profile=2 for shared local destination
 - Reduced LeaseSet and RouterInfo lookup timeouts
 - Cleanup ECIES sessions and tags more often
 - Check LeaseSet expiration time
 - Handle NTCP2 session handshakes in separate thread
 - Limit last decline time by 1.5 hours in router's profile
 - Don't handle RelayRequest and RelayIntro with same nonce twice
 - Increased hole punch expiration interval
 - Send peer test message 6 with delay if message 4 was received before message 5
 - Pre-calculate more x25519 keys for transports in runtime
 - Don't request LeaseSet for incoming stream
 - Terminate incoming stream right away if no remote LeaseSet
 - Handle choked, new RTO and window size calculation and resetting algorithm for streams
 ### Fixed
 - Empty string in addressbook subscriptions
 - ECIESx25519 sessions without destination
 - Missing RouterInfo buffer in NetDb
 - Invalid I2PControl certificate
 - Routers disappear from NetDb when offline
 - Peer test message 6 sent to unknown endpoint
 - Race condition with LeaseSet update
 - Excessive CPU usage by streams
 - Crash on shutdown
 ## [2.54.0] - 2024-10-06
 ### Added
 - Maintain recently connected routers list to avoid false-positive peer test
 - Limited connectivity mode(through proxy)
 - "i2p.streaming.profile" tunnel's param to let tunnel select also low-bandwidth routers
 - Limit stream's inbound speed
 - Periodic ack requests in ratchets session
 - Set congestion cap G immediately if through proxy
 - Show tunnel's routers bandwidth caps in web console
 - Handle immediate ack requested flag in SSU2 data packets
 - Resend and ack peer test and relay messages
 - "senduseragent" HTTP proxy's param to pass through user's User-Agent
 ### Changed
 - Exclude 'N' routers from high-bandwidth routers for client tunnels
 - C++11 support has been dropped, the minimal requirement is C++17 now, C++20 for some compilers
 - Removed dependency from boost::date_time and boost::filesystem
 - Set default i2cp.leaseSetEncType to 0,4 and to 4 for server tunnels
 - Handle i2cp.inboundlimit and i2cp.outboundlimit params in I2CP
 - Publish LeaseSet with new timestamp update if tunnel was replaced in the same second
 - Increase max number of generated tags to 800 per tagset
 - Routing path expiration by time instead num attempts
 - Save timestamp from epoch instead local time to profiles
 - Update introducer's iTag if session to introducer was replaced to new one
 - RTT, window size and number of NACKs calculation for streaming
 - Don't select same peer for tunnel too often
 - Use WinApi for data path UTF-8 conversion for Windows
 ### Fixed
 - Jump link crash if address book is disabled
 - Race condition if connect through an introducer
 - "Date" header in I2PControl response
 - Incomplete response from web console
 - AEAD verification with LibreSSL
 - Number of generated tags and new keys for follow-on tagsets
 - Expired leases in LeaseSet
 - Attempts to send HolePunch to 0.0.0.0
 - Incorrect options size in quick ack streaming packet
 - Low bandwidth router appeared as first peer in high-bandwidth client tunnel
 ## [2.53.1] - 2024-07-29
 ### Changed
 - I2CP performance improvement
 ### Fixed
 - 100% CPU usage after I2CP/SAM/BOB session termination
 - Incorrect client limits returned through I2CP
 - Build with LibreSSL
 ## [2.53.0] - 2024-07-19
 ### Added
 - New congestion control algorithm for streaming
 - Support miniupnp-2.2.8
 - Limit stream's outbound speed
 - Flood to next day closest floodfills before UTC midnight
 - Recognize duplicated routers and bypass them
 - Random SSU2 resend interval
 ### Changed
 - Set minimal version to 0.9.69 for floodfills and 0.9.58 for client tunnels
 - Removed openssl 1.0.2 support
 - Move unsent I2NP messages to the new session if replaced
 - Use mt19937 RNG instead rand()
 - Update router's congestion caps before initial publishing
 - Don't try introducer with invalid address
 - Select newest introducers to publish
 - Don't request relay tag for every session if we have enough introducers
 - Update timestamp for non-reachable or hidden router
 - Reset streaming routing path if duplicated SYN received
 - Update LeaseSet if inbound tunnel failed
 - Reseeds list
 ### Fixed
 - Crash when a destination gets terminated
 - Expired offline signature upon destination creation
 - Race condition between local RouterInfo buffer creation and sending it through the transports
 ## [2.52.0] - 2024-05-12
 ### Added
 - Separate threads for persisting RouterInfos and profiles to disk
 - Give preference to address with direct connection
 - Exclude addresses with incorrect static or intro key
 - Avoid two firewalled routers in the row in tunnel
 - Drop unsolicited database search replies
 ### Changed
 - Increase number of hashes to 16 in exploratory lookup reply
 - Reduce number of a RouterInfo lookup attempts to 5
 - Reset stream RTO if outbound tunnel was changed
 - Insert previously excluded floodfill back when successfully connected
 - Increase maximum stream resend attempts to 9
 - Reply to exploratory lookups with only confirmed routers if low tunnel build rate
 - Don't accept too old RouterInfo
 - Build client tunnels through confirmed routers only if low tunnel build rate
 - Manage netDb requests more frequently
 - Don't reply with closer than us only floodfills for lookup
 ### Fixed
 - Crash on router lookup if exploratory pool is not ready
 - Race condition in excluded peers for next lookup
 - Excessive number of lookups for same destination
 - Race condition with transport peers during shutdown
 - Corrupted RouterInfo files
 ## [2.51.0] - 2024-04-06
 ### Added
 - Non-blocking mode for UDP sockets
 - Set SSU2 socket buffer size based on bandwidth limit
 - Encrypted tunnel tests
 - Support for multiple UDP server tunnels on one destination
 - Publish medium congestion indication
 - Local domain sockets for SOCKS proxy upstream
 - Tunnel status "declined" in web console
 - SAM error reply "Incompatible crypto" if remote destination has incompatible crypto
 - Reduce amount of traffic by handling local message drops
 - Keep SSU2 socket open even if it fails to bind
 - Lower SSU2 resend traffic spikes
 - Expiration for messages in SSU2 send queue
 - Use EWMA for stream RTT estimation
 - Request choking delay if too many NACKs in stream
 - Allow 0ms latency for tunnel
 - Randomize tunnels selection for tests
 ### Changed
 - Upstream SOCKS proxy from SOCKS4 to SOCKS5
 - Transit tunnels limit to 4 bytes. Default value to 10K
 - Reply CANT_REACH_PEER if connect to ourselves in SAM
 - Don't send already expired I2NP messages
 - Use monotonic timer to measure tunnel test latency
 - Standard NTCP2 frame doesn't exceed 16K
 - Always send request through tunnels in case of restricted routes
 - Don't delete connected routers from NetDb
 - Send lookup reply directly to reply tunnel gateway if possible
 - Reduce unreachable router ban interval to 8 minutes
 - Don't request banned routers / don't try to connect to unreachable router
 - Consider 'M' routers as low bandwidth
 - Limit minimal received SSU2 packet size to 40 bytes
 - Bob picks peer test session only if Charlie's address supports peer testing
 - Reject peer test msg 2 if peer testing is not supported
 - Don't request termination if SSU2 session was not established
 - Set maximum SSU2 queue size depending on RTT value
 - New streaming RTT calculation algorithm
 - Don't double initial RTO for streams when changing tunnels
 - Restore failed tunnel if test or data for inbound tunnel received
 - Don't fail last remaining tunnel in pool
 - Publish LeasetSet again if local destination was not ready or no tunnels
 - Make more attempts to pick high bandwidth hop for client tunnel
 - Reduced SSU2 session termination timeout to 165 seconds
 - Reseeds list
 ### Fixed
 - ECIESx25519 symmetric key tagset early expiration
 - Encrypted LeaseSet lookup
 - Outbound tunnel build fails if it's endpoint is the same as reply tunnel gateway
 - I2PControl RouterManager returns invalid JSON when unknown params are passed
 - Mix of data between different UDP sessions on the same server
 - TARGET_OS_SIMULATOR check
 - Handling of "reservedrange" param
 - New NTCP2 session gets teminated upon termination of old one
 - New SSU2 session gets teminated upon termination of old one
 - Peer test to non-supporting router
 - Streaming ackThrough off 1 if number of NACKs exceeds 255
 - Race condition in ECIESx25519 tags table
 - Good tunnel becomes failed
 - Crash when packet comes to terminated stream
 - Stream hangs during LeaseSet update
 ## [2.50.2] - 2024-01-06
 ###Fixed
 - Crash with OpenSSL 3.2.0
 - False positive clock skew detection
 ## [2.50.1] - 2023-12-23
 ###Fixed
 - Support for new EdDSA usage behavior in OpenSSL 3.2.0
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-Copyright (c) 2013-2025, The PurpleI2P Project
+Copyright (c) 2013-2023, The PurpleI2P Project
 All rights reserved.
--- a/4
+++ b/4
@ -29,6 +29,7 @@ DAEMON_SRC_DIR := daemon
 # import source files lists
 include filelist.mk
 USE_AESNI       := $(or $(USE_AESNI),yes)
 USE_STATIC      := $(or $(USE_STATIC),no)
 USE_UPNP        := $(or $(USE_UPNP),no)
 DEBUG           := $(or $(DEBUG),yes)
@ -69,9 +70,6 @@ else ifneq (, $(findstring freebsd, $(SYS))$(findstring openbsd, $(SYS)))
 else ifneq (, $(findstring haiku, $(SYS)))
 	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
 	include Makefile.haiku
 else ifneq (, $(findstring solaris, $(SYS)))
 	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
 	include Makefile.solaris
 else # not supported
 	$(error Not supported platform)
 endif
--- a/Makefile.bsd
+++ b/Makefile.bsd
@ -1,22 +1,13 @@
 CXX = clang++
 CXXFLAGS ?= ${CXX_DEBUG} -Wall -Wextra -Wno-unused-parameter -pedantic -Wno-misleading-indentation
 DEFINES = -D_GLIBCXX_USE_NANOSLEEP=1
 INCFLAGS = -I/usr/include/ -I/usr/local/include/
 LDFLAGS = ${LD_DEBUG} -Wl,-rpath,/usr/local/lib -L/usr/local/lib
 LDLIBS = -lssl -lcrypto -lz -lpthread -lboost_system -lboost_program_options
 ## NOTE: NEEDED_CXXFLAGS is here so that custom CXXFLAGS can be specified at build time
 ## **without** overwriting the CXXFLAGS which we need in order to build.
 ## For example, when adding 'hardening flags' to the build
 ## (e.g. -fstack-protector-strong -Wformat -Werror=format-security), we do not want to remove
 ## -std=c++11. If you want to remove this variable please do so in a way that allows setting
 ## custom FLAGS to work at build-time.
-CXXVER := $(shell $(CXX) -dumpversion|cut -c 1-2)
+NEEDED_CXXFLAGS = -std=c++11
-ifeq (${CXXVER}, "4.") # older clang always returned 4.2.1
+DEFINES = -D_GLIBCXX_USE_NANOSLEEP=1
-	$(error Compiler too old)
+INCFLAGS = -I/usr/include/ -I/usr/local/include/
-else ifeq (${CXXVER}, ${filter ${CXXVER},16 17 18 19})  # clang 16 - 19
+LDFLAGS = ${LD_DEBUG} -Wl,-rpath,/usr/local/lib -L/usr/local/lib
-	NEEDED_CXXFLAGS = -std=c++20
+LDLIBS = -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
 else
 	NEEDED_CXXFLAGS = -std=c++17
 endif
--- a/Makefile.haiku
+++ b/Makefile.haiku
@ -1,12 +1,8 @@
 ifeq ($(shell $(CXX) -dumpmachine | cut -c 1-4), i586)
 CXX = g++-x86
 else
 CXX = g++
-endif
+CXXFLAGS := -Wall -std=c++11
 CXXFLAGS := -Wall -std=c++20
 INCFLAGS = -I/system/develop/headers
 DEFINES = -D_DEFAULT_SOURCE -D_GNU_SOURCE
-LDLIBS = -lbe -lbsd -lnetwork -lz -lssl -lcrypto -lboost_program_options -lpthread
+LDLIBS = -lbe -lbsd -lnetwork -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
 ifeq ($(USE_UPNP),yes)
 	DEFINES += -DUSE_UPNP
--- a/Makefile.homebrew
+++ b/Makefile.homebrew
@ -1,33 +1,41 @@
 # root directory holding homebrew
-BREWROOT = /opt/homebrew
+BREWROOT = /usr/local
 BOOSTROOT = ${BREWROOT}/opt/boost
 SSLROOT = ${BREWROOT}/opt/openssl@1.1
 UPNPROOT = ${BREWROOT}/opt/miniupnpc
 CXXFLAGS = ${CXX_DEBUG} -Wall -std=c++11 -DMAC_OSX -Wno-overloaded-virtual
 INCFLAGS = -I${SSLROOT}/include -I${BOOSTROOT}/include
 LDFLAGS = ${LD_DEBUG}
-CXXFLAGS ?= ${CXX_DEBUG} -Wall -Wno-overloaded-virtual
+ifndef TRAVIS
-NEEDED_CXXFLAGS ?= -std=c++17
+	CXX = clang++
-INCFLAGS ?= -I${SSLROOT}/include -I${BOOSTROOT}/include
+endif
 LDFLAGS ?= ${LD_DEBUG}
 DEFINES += -DMAC_OSX
 ifeq ($(USE_STATIC),yes)
-	LDLIBS = -lz ${SSLROOT}/lib/libcrypto.a ${SSLROOT}/lib/libssl.a ${BOOSTROOT}/lib/libboost_system.a ${BOOSTROOT}/lib/libboost_filesystem.a ${BOOSTROOT}/lib/libboost_program_options.a
+	LDLIBS = -lz ${SSLROOT}/lib/libcrypto.a ${SSLROOT}/lib/libssl.a ${BOOSTROOT}/lib/libboost_system.a ${BOOSTROOT}/lib/libboost_date_time.a ${BOOSTROOT}/lib/libboost_filesystem.a ${BOOSTROOT}/lib/libboost_program_options.a -lpthread
 ifeq ($(USE_UPNP),yes)
 	LDLIBS += ${UPNPROOT}/lib/libminiupnpc.a
 endif
 	LDLIBS +=  -lpthread -ldl
 else
 	LDFLAGS += -L${SSLROOT}/lib -L${BOOSTROOT}/lib
-	LDLIBS = -lz -lssl -lcrypto -lboost_system -lboost_filesystem -lboost_program_options -lpthread
+	LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
 ifeq ($(USE_UPNP),yes)
 	LDFLAGS += -L${UPNPROOT}/lib
 	LDLIBS += -lminiupnpc
 endif
 endif
 ifeq ($(USE_UPNP),yes)
-	DEFINES += -DUSE_UPNP
+	LDFLAGS += -ldl
 	CXXFLAGS += -DUSE_UPNP
 	INCFLAGS += -I${UPNPROOT}/include
 	ifeq ($(USE_STATIC),yes)
 		LDLIBS += ${UPNPROOT}/lib/libminiupnpc.a
 	else
 		LDFLAGS += -L${UPNPROOT}/lib
 		LDLIBS += -lminiupnpc
 	endif
 endif
 # OSX Notes
 # http://www.hutsby.net/2011/08/macs-with-aes-ni.html
 # Seems like all recent Mac's have AES-NI, after firmware upgrade 2.2
 # Found no good way to detect it from command line. TODO: Might be some osx sysinfo magic
 ifeq ($(USE_AESNI),yes)
 	CXXFLAGS += -D__AES__ -maes
 endif
 install: all
--- a/Makefile.linux
+++ b/Makefile.linux
@ -9,17 +9,24 @@ LDFLAGS ?= ${LD_DEBUG}
 ## -std=c++11. If you want to remove this variable please do so in a way that allows setting
 ## custom FDLAGS to work at build-time.
-# detect proper flag for c++17 support by compilers
+# detect proper flag for c++11 support by compilers
 CXXVER := $(shell $(CXX) -dumpversion)
 ifeq ($(shell expr match $(CXX) 'clang'),5)
 	NEEDED_CXXFLAGS += -std=c++11
 else ifeq ($(shell expr match ${CXXVER} "4\.[0-9][0-9]"),4) # gcc >= 4.10
 	NEEDED_CXXFLAGS += -std=c++11
 else ifeq ($(shell expr match ${CXXVER} "4\.[8-9]"),3) # gcc 4.8 - 4.9
 	NEEDED_CXXFLAGS += -std=c++11 -D_GLIBCXX_USE_NANOSLEEP=1
 else ifeq ($(shell expr match ${CXXVER} "[5-6]"),1) # gcc 5 - 6
 	NEEDED_CXXFLAGS += -std=c++11
 	LDLIBS = -latomic
 else ifeq ($(shell expr match ${CXXVER} "[7-9]"),1) # gcc 7 - 9
 	NEEDED_CXXFLAGS += -std=c++17
-else ifeq ($(shell expr match ${CXXVER} "[8-9]"),1) # gcc 8 - 9
+	LDLIBS = -latomic
 else ifeq ($(shell expr match ${CXXVER} "1[0-9]"),2) # gcc 10+
 #	NEEDED_CXXFLAGS += -std=c++20
 	NEEDED_CXXFLAGS += -std=c++17
-	LDLIBS = -lboost_system -lstdc++fs
+	LDLIBS = -latomic
 else ifeq ($(shell expr match ${CXXVER} "1[0-2]"),2) # gcc 10 - 12
 	NEEDED_CXXFLAGS += -std=c++17
 else ifeq ($(shell expr match ${CXXVER} "1[3-9]"),2) # gcc 13+
 	NEEDED_CXXFLAGS += -std=c++20
 else # not supported
 $(error Compiler too old)
 endif
@ -31,6 +38,9 @@ ifeq ($(USE_STATIC),yes)
 #   Using 'getaddrinfo' in statically linked applications requires at runtime
 #   the shared libraries from the glibc version used for linking
 	LIBDIR := /usr/lib/$(SYS)
 	LDLIBS += $(LIBDIR)/libboost_system.a
 	LDLIBS += $(LIBDIR)/libboost_date_time.a
 	LDLIBS += $(LIBDIR)/libboost_filesystem.a
 	LDLIBS += $(LIBDIR)/libboost_program_options.a
 	LDLIBS += $(LIBDIR)/libssl.a
 	LDLIBS += $(LIBDIR)/libcrypto.a
@ -40,7 +50,7 @@ ifeq ($(USE_UPNP),yes)
 endif
 	LDLIBS += -lpthread -ldl
 else
-	LDLIBS += -lssl -lcrypto -lz -lboost_program_options -lpthread -latomic
+	LDLIBS += -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
 ifeq ($(USE_UPNP),yes)
 	LDLIBS += -lminiupnpc
 endif
@ -51,6 +61,13 @@ ifeq ($(USE_UPNP),yes)
 	DEFINES += -DUSE_UPNP
 endif
 ifeq ($(USE_AESNI),yes)
 ifneq (, $(findstring i386, $(SYS))$(findstring i686, $(SYS))$(findstring x86_64, $(SYS))) # only x86-based CPU supports that
 	NEEDED_CXXFLAGS += -maes
 	DEFINES += -D__AES__
 endif
 endif
 install: all
 	install -d ${PREFIX}/bin
 	install -m 755 ${I2PD} ${PREFIX}/bin
--- a/Makefile.mingw
+++ b/Makefile.mingw
@ -7,7 +7,7 @@ CXXFLAGS := $(CXX_DEBUG) -fPIC -msse
 INCFLAGS := -I$(DAEMON_SRC_DIR) -IWin32
 LDFLAGS := ${LD_DEBUG} -static -fPIC -msse
-NEEDED_CXXFLAGS += -std=c++20
+NEEDED_CXXFLAGS += -std=c++17
 DEFINES += -DWIN32_LEAN_AND_MEAN
 # UPNP Support
@ -16,11 +16,9 @@ ifeq ($(USE_UPNP),yes)
 	LDLIBS = -lminiupnpc
 endif
 ifeq ($(USE_WINXP_FLAGS), yes)
 	DEFINES += -DWINVER=0x0501 -D_WIN32_WINNT=0x0501
 endif
 LDLIBS += \
 	$(MINGW_PREFIX)/lib/libboost_system-mt.a \
 	$(MINGW_PREFIX)/lib/libboost_date_time-mt.a \
 	$(MINGW_PREFIX)/lib/libboost_filesystem-mt.a \
 	$(MINGW_PREFIX)/lib/libboost_program_options-mt.a \
 	$(MINGW_PREFIX)/lib/libssl.a \
@ -42,6 +40,16 @@ ifeq ($(USE_WIN32_APP), yes)
 	DAEMON_OBJS += $(patsubst %.rc,obj/%.o,$(DAEMON_RC))
 endif
 ifeq ($(USE_WINXP_FLAGS), yes)
 	DEFINES += -DWINVER=0x0501 -D_WIN32_WINNT=0x0501
 endif
 ifeq ($(USE_AESNI),yes)
 	NEEDED_CXXFLAGS += -maes
 	LDFLAGS += -maes
 	DEFINES += -D__AES__
 endif
 ifeq ($(USE_ASLR),yes)
 	LDFLAGS += -Wl,--nxcompat -Wl,--high-entropy-va -Wl,--dynamicbase,--export-all-symbols
 endif
--- a/Makefile.osx
+++ b/Makefile.osx
@ -1,5 +1,5 @@
 CXX = clang++
-CXXFLAGS := ${CXX_DEBUG} -Wall -std=c++17
+CXXFLAGS := ${CXX_DEBUG} -Wall -std=c++11
 INCFLAGS = -I/usr/local/include
 DEFINES := -DMAC_OSX
 LDFLAGS := -Wl,-rpath,/usr/local/lib -L/usr/local/lib
@ -7,9 +7,9 @@ LDFLAGS += -Wl,-dead_strip
 LDFLAGS += -Wl,-dead_strip_dylibs
 ifeq ($(USE_STATIC),yes)
-	LDLIBS = -lz /usr/local/lib/libssl.a /usr/local/lib/libcrypto.a /usr/local/lib/libboost_system.a /usr/local/lib/libboost_filesystem.a /usr/local/lib/libboost_program_options.a -lpthread
+	LDLIBS = -lz /usr/local/lib/libcrypto.a /usr/local/lib/libssl.a /usr/local/lib/libboost_system.a /usr/local/lib/libboost_date_time.a /usr/local/lib/libboost_filesystem.a /usr/local/lib/libboost_program_options.a -lpthread
 else
-	LDLIBS = -lz -lssl -lcrypto -lboost_system -lboost_filesystem -lboost_program_options -lpthread
+	LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
 endif
 ifeq ($(USE_UPNP),yes)
@ -25,5 +25,9 @@ endif
 OSARCH = $(shell uname -p)
 ifneq ($(OSARCH),powerpc)
-	CXXFLAGS += -msse
+	ifeq ($(USE_AESNI),yes)
 		CXXFLAGS += -D__AES__ -maes
 	else
 		CXXFLAGS += -msse
 	endif
 endif
--- a/Makefile.solaris
+++ b/Makefile.solaris
@ -1,9 +0,0 @@
 CXX = g++
 INCFLAGS = -I/usr/openssl/3/include
 CXXFLAGS := -Wall -std=c++20
 LDLIBS = -L/usr/openssl/3/lib/64 -lssl -lcrypto -lboost_program_options -lz -lpthread -lsocket
 ifeq ($(USE_UPNP),yes)
 	DEFINES += -DUSE_UPNP
 	LDLIBS += -lminiupnpc
 endif
--- a/Win32/Win32App.cpp
+++ b/Win32/Win32App.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -145,7 +145,7 @@ namespace win32
 		s << bytes << " Bytes\n";
 	}
-	static void ShowNetworkStatus (std::stringstream& s, RouterStatus status, bool testing, RouterError error)
+	static void ShowNetworkStatus (std::stringstream& s, RouterStatus status, bool testing)
 	{
 		switch (status)
 		{
@ -158,24 +158,18 @@ namespace win32
 		};
 		if (testing)
 			s << " (Test)";
-		if (error != eRouterErrorNone)
+		if (i2p::context.GetError () != eRouterErrorNone)
 		{
-			switch (error)
+			switch (i2p::context.GetError ())
 			{
 				case eRouterErrorClockSkew:
-					s << " - " << tr("Clock skew");
+					s << " - Clock skew";
 				break;
 				case eRouterErrorOffline:
-					s << " - " << tr("Offline");
+					s << " - Offline";
 				break;
 				case eRouterErrorSymmetricNAT:
-					s << " - " << tr("Symmetric NAT");
+					s << " - Symmetric NAT";
 				break;
 				case eRouterErrorFullConeNAT:
 					s << " - " << tr("Full cone NAT");
 				break;
 				case eRouterErrorNoDescriptors:
 					s << " - " << tr("No Descriptors");
 				break;
 				default: ;
 			}
@ -186,11 +180,11 @@ namespace win32
 	{
 		s << "\n";
 		s << "Status: ";
-		ShowNetworkStatus (s, i2p::context.GetStatus (), i2p::context.GetTesting(), i2p::context.GetError ());
+		ShowNetworkStatus (s, i2p::context.GetStatus (), i2p::context.GetTesting ());
 		if (i2p::context.SupportsV6 ())
 		{
 			s << " / ";
-			ShowNetworkStatus (s, i2p::context.GetStatusV6 (), i2p::context.GetTestingV6(), i2p::context.GetErrorV6 ());
+			ShowNetworkStatus (s, i2p::context.GetStatusV6 (), i2p::context.GetTestingV6 ());
 		}
 		s << "; ";
 		s << "Success Rate: " << i2p::tunnel::tunnels.GetTunnelCreationSuccessRate() << "%\n";
@ -313,7 +307,7 @@ namespace win32
 					}
 					case ID_DATADIR:
 					{
-						std::string datadir(i2p::fs::GetDataDir());
+						std::string datadir(i2p::fs::GetUTF8DataDir());
 						ShellExecute(NULL, "explore", datadir.c_str(), NULL, NULL, SW_SHOWNORMAL);
 						return 0;
 					}
@ -355,7 +349,9 @@ namespace win32
 						}
 					}
 				}
 #if (__cplusplus >= 201703L) // C++ 17 or higher
 				[[fallthrough]];
 #endif
 			}
 			case WM_TRAYICON:
 			{
--- a/Win32/Win32NetState.cpp
+++ b/Win32/Win32NetState.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2020, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -73,24 +73,16 @@ void UnSubscribeFromEvents()
 		}
 		if (pNetEvent)
 		{
 			pNetEvent->Release();
 		}
 		if (pCPContainer)
 		{
 			pCPContainer->Release();
 		}
 		if (pNetworkListManager)
 		{
 			pNetworkListManager->Release();
 		}
 		if (pUnknown)
 		{
 			pUnknown->Release();
 		}
 		CoUninitialize();
 	}
--- a/Win32/Win32NetState.h
+++ b/Win32/Win32NetState.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2020, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -15,11 +15,10 @@
 #include "Log.h"
 #include "Transports.h"
-class CNetworkListManagerEvent final : public INetworkListManagerEvents
+class CNetworkListManagerEvent : public INetworkListManagerEvents
 {
 public:
 	CNetworkListManagerEvent() : m_ref(1) { }
 	~CNetworkListManagerEvent() { }
 	HRESULT STDMETHODCALLTYPE QueryInterface(REFIID riid, void **ppvObject)
 	{
--- a/build/CMakeLists.txt
+++ b/build/CMakeLists.txt
@ -29,6 +29,7 @@ project(
 )
 # configurable options
 option(WITH_AESNI           "Use AES-NI instructions set"             ON)
 option(WITH_HARDENING       "Use hardening compiler flags"            OFF)
 option(WITH_LIBRARY         "Build library"                           ON)
 option(WITH_BINARY          "Build binary"                            ON)
@ -155,6 +156,20 @@ else()
  endif()
  set(CMAKE_CXX_FLAGS_MINSIZEREL "${CMAKE_CXX_FLAGS_MINSIZEREL} -ffunction-sections -fdata-sections")
  set(CMAKE_EXE_LINKER_FLAGS_MINSIZEREL "-Wl,--gc-sections") # -flto is added from above
  # check for c++17 & c++11 support
  include(CheckCXXCompilerFlag)
  CHECK_CXX_COMPILER_FLAG("-std=c++17" CXX17_SUPPORTED)
  CHECK_CXX_COMPILER_FLAG("-std=c++11" CXX11_SUPPORTED)
  if(CXX17_SUPPORTED)
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++17")
  elseif(CXX11_SUPPORTED)
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
  else()
    message(SEND_ERROR "C++17 nor C++11 standard not seems to be supported by compiler. Too old version?")
  endif()
 endif()
 if(CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
@ -184,6 +199,16 @@ if(UNIX)
  endif()
 endif()
 # Note: AES-NI and AVX is available on x86-based CPU's.
 # Here also ARM64 implementation, but currently we don't support it.
 # MSVC is not supported due to different ASM processing, so we hope OpenSSL has its own checks to run optimized code.
 if(WITH_AESNI AND (ARCHITECTURE MATCHES "x86_64" OR ARCHITECTURE MATCHES "i386"))
  if(NOT MSVC)
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -maes")
  endif()
  add_definitions(-D__AES__)
 endif()
 if(WITH_ADDRSANITIZER)
  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fno-omit-frame-pointer")
  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")
@ -198,10 +223,6 @@ if(WITH_THREADSANITIZER)
  endif()
 endif()
 if (CMAKE_COMPILER_IS_GNUCC AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 10.0 AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 8.0) # gcc 8-9
    list(APPEND CMAKE_REQUIRED_LIBRARIES "stdc++fs")
 endif()
 # Use std::atomic instead of GCC builtins on macOS PowerPC:
 # For more information refer to: https://github.com/PurpleI2P/i2pd/issues/1726#issuecomment-1306335111
 # This has been fixed in Boost 1.81, nevertheless we retain the setting for the sake of compatibility.
@ -256,14 +277,14 @@ else()
  if(NOT MSVC)
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC")
  endif()
-  add_definitions(-DBOOST_ATOMIC_DYN_LINK -DBOOST_SYSTEM_DYN_LINK -DBOOST_FILESYSTEM_DYN_LINK -DBOOST_PROGRAM_OPTIONS_DYN_LINK)
+  add_definitions(-DBOOST_ATOMIC_DYN_LINK -DBOOST_SYSTEM_DYN_LINK -DBOOST_FILESYSTEM_DYN_LINK -DBOOST_PROGRAM_OPTIONS_DYN_LINK -DBOOST_DATE_TIME_DYN_LINK -DBOOST_REGEX_DYN_LINK)
  if(WIN32)
    set(Boost_USE_STATIC_LIBS OFF)
    set(Boost_USE_STATIC_RUNTIME OFF)
  endif()
 endif()
-find_package(Boost REQUIRED COMPONENTS system filesystem program_options)
+find_package(Boost REQUIRED COMPONENTS system filesystem program_options date_time OPTIONAL_COMPONENTS atomic)
 if(NOT DEFINED Boost_FOUND)
  message(SEND_ERROR "Boost is not found, or your boost version was below 1.46. Please download Boost!")
 endif()
@ -291,26 +312,6 @@ if(ZLIB_FOUND)
  link_directories(${ZLIB_ROOT}/lib)
 endif()
 # C++ standard to use, based on compiler and version of boost
 if(NOT MSVC)
 # check for c++20 & c++17 support
  include(CheckCXXCompilerFlag)
  if(Boost_VERSION VERSION_GREATER_EQUAL "1.83") # min boost version for c++20
    CHECK_CXX_COMPILER_FLAG("-std=c++20" CXX20_SUPPORTED)
  endif()
  CHECK_CXX_COMPILER_FLAG("-std=c++17" CXX17_SUPPORTED)
  if(CXX20_SUPPORTED)
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++20")
  elseif(CXX17_SUPPORTED)
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++17")
  else()
    message(SEND_ERROR "C++20 nor C++17 standard not seems to be supported by compiler. Too old version?")
  endif()
 endif()
 # load includes
 include_directories(SYSTEM ${Boost_INCLUDE_DIRS} ${OPENSSL_INCLUDE_DIR} ${ZLIB_INCLUDE_DIR})
@ -321,9 +322,9 @@ message(STATUS "Compiler vendor    : ${CMAKE_CXX_COMPILER_ID}")
 message(STATUS "Compiler version   : ${CMAKE_CXX_COMPILER_VERSION}")
 message(STATUS "Compiler path      : ${CMAKE_CXX_COMPILER}")
 message(STATUS "Architecture       : ${ARCHITECTURE}")
 message(STATUS "Compiler flags     : ${CMAKE_CXX_FLAGS}")
 message(STATUS "Install prefix:    : ${CMAKE_INSTALL_PREFIX}")
 message(STATUS "Options:")
 message(STATUS "  AESNI            : ${WITH_AESNI}")
 message(STATUS "  HARDENING        : ${WITH_HARDENING}")
 message(STATUS "  LIBRARY          : ${WITH_LIBRARY}")
 message(STATUS "  BINARY           : ${WITH_BINARY}")
--- a/build/cmake_modules/CheckAtomic.cmake
+++ b/build/cmake_modules/CheckAtomic.cmake
@ -8,7 +8,7 @@ INCLUDE(CheckLibraryExists)
 function(check_working_cxx_atomics varname)
  set(OLD_CMAKE_REQUIRED_FLAGS ${CMAKE_REQUIRED_FLAGS})
-  set(CMAKE_REQUIRED_FLAGS "${CMAKE_REQUIRED_FLAGS} -std=c++17")
+  set(CMAKE_REQUIRED_FLAGS "${CMAKE_REQUIRED_FLAGS} -std=c++11")
  CHECK_CXX_SOURCE_COMPILES("
 #include <atomic>
 std::atomic<int> x;
@ -25,7 +25,7 @@ endfunction(check_working_cxx_atomics)
 function(check_working_cxx_atomics64 varname)
  set(OLD_CMAKE_REQUIRED_FLAGS ${CMAKE_REQUIRED_FLAGS})
-  set(CMAKE_REQUIRED_FLAGS "-std=c++17 ${CMAKE_REQUIRED_FLAGS}")
+  set(CMAKE_REQUIRED_FLAGS "-std=c++11 ${CMAKE_REQUIRED_FLAGS}")
  CHECK_CXX_SOURCE_COMPILES("
 #include <atomic>
 #include <cstdint>
--- a/build/cmake_modules/GetGitRevisionDescription.cmake
+++ b/build/cmake_modules/GetGitRevisionDescription.cmake
@ -59,7 +59,7 @@ get_filename_component(_gitdescmoddir ${CMAKE_CURRENT_LIST_FILE} PATH)
 # function returns an empty string via _git_dir_var.
 #
 # Example: Given a path C:/bla/foo/bar and assuming C:/bla/.git exists and
-# neither foo nor bar contain a file/directory .git. This will return
+# neither foo nor bar contain a file/directory .git. This wil return
 # C:/bla/.git
 #
 function(_git_find_closest_git_dir _start_dir _git_dir_var)
--- a/build/win_installer.iss
+++ b/build/win_installer.iss
@ -24,7 +24,7 @@ ExtraDiskSpaceRequired=15
 AppID={{621A23E0-3CF4-4BD6-97BC-4835EA5206A2}
 AppVerName={#I2Pd_AppName}
-AppCopyright=Copyright (c) 2013-2024, The PurpleI2P Project
+AppCopyright=Copyright (c) 2013-2022, The PurpleI2P Project
 AppPublisherURL=http://i2pd.website/
 AppSupportURL=https://github.com/PurpleI2P/i2pd/issues
 AppUpdatesURL=https://github.com/PurpleI2P/i2pd/releases
--- a/contrib/apparmor/usr.sbin.i2pd
+++ b/contrib/apparmor/usr.sbin.i2pd
@ -4,7 +4,7 @@
 #
 #include <tunables/global>
-profile i2pd /{usr/,}bin/i2pd {
+profile i2pd /{usr/,}sbin/i2pd {
  #include <abstractions/base>
  #include <abstractions/openssl>
  #include <abstractions/nameservice>
@ -14,12 +14,12 @@ profile i2pd /{usr/,}bin/i2pd {
  /var/lib/i2pd/** rw,
  /var/log/i2pd/i2pd.log w,
  /{var/,}run/i2pd/i2pd.pid rwk,
-  /{usr/,}bin/i2pd mr,
+  /{usr/,}sbin/i2pd mr,
  @{system_share_dirs}/i2pd/** r,
  # user homedir (if started not by init.d or systemd)
  owner @{HOME}/.i2pd/   rw,
  owner @{HOME}/.i2pd/** rwk,
-  #include if exists <local/usr.bin.i2pd>
+  #include if exists <local/usr.sbin.i2pd>
 }
--- a/contrib/certificates/reseed/admin_at_stormycloud.org.crt
+++ b/contrib/certificates/reseed/admin_at_stormycloud.org.crt
@ -1,34 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIF1zCCA7+gAwIBAgIRAMDqFR09Xuj8ZUu+oetSvAEwDQYJKoZIhvcNAQELBQAw
 dTELMAkGA1UEBhMCWFgxCzAJBgNVBAcTAlhYMQswCQYDVQQJEwJYWDEeMBwGA1UE
 ChMVSTJQIEFub255bW91cyBOZXR3b3JrMQwwCgYDVQQLEwNJMlAxHjAcBgNVBAMM
 FWFkbWluQHN0b3JteWNsb3VkLm9yZzAeFw0yNDAxMjUxNDE1MzBaFw0zNDAxMjUx
 NDE1MzBaMHUxCzAJBgNVBAYTAlhYMQswCQYDVQQHEwJYWDELMAkGA1UECRMCWFgx
 HjAcBgNVBAoTFUkyUCBBbm9ueW1vdXMgTmV0d29yazEMMAoGA1UECxMDSTJQMR4w
 HAYDVQQDDBVhZG1pbkBzdG9ybXljbG91ZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUA
 A4ICDwAwggIKAoICAQDbGX+GikPzQXr9zvkrhfO9g0l49KHLNQhUKYqd6T+PfnGo
 Fm0d3ZZVVQZ045vWgroOXDGGZZWxUIlb2inRaR2DF1TxN3pPYt59RgY9ZQ9+TL7o
 isY91krCRygY8EcAmHIjlfZQ9dBVcL7CfyT0MYZA5Efee9+NDHSewTfQP9T2faIE
 83Fcyd93a2mIHYjKUbJnojng/wgsy8srbsEuuTok4MIQmDj+B5nz+za2FgI0/ydh
 srlMt4aGJF4/DIem9z9d0zBCOkwrmtFIzjNF1mOSA8ES4m5YnKA/y9rZlRidLPGu
 prbXhPVnqHeOnHMz2QCw1wbVo504kl0bMqyEz2tVWsO9ep7iZoQs2xkFAEaegYNT
 QLUpwVGlyuq3wXXwopFRffOSimGSazICwWI6j+K0pOtgefNJaWrqKYvtkj1SbK2L
 LBNUIENz6VnB7KPRckuX6zxC8PpOiBK9BcftfO+xAz/wC6qq3riBPw30KKSym0nC
 Zp5KciDn4Phtw9PGq8Bkl8SyWl0jtFnfTB1tzJkisf2qKcNHaFTEe2JW763YLbh/
 AU+8X8evFu40qLgvOgKoyy5DLy6i8zetX+3t9K0Fxt9+Vzzq6lm5V/RS8iIPPn+M
 q1/3Z5kD0KQBG9h/Gl8BH+lB71ZxPAOZ3SMu8DJZcxBLVmDWqQPCr5CKnoz0swID
 AQABo2IwYDAOBgNVHQ8BAf8EBAMCAoQwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG
 AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHgYDVR0OBBcEFWFkbWluQHN0b3JteWNs
 b3VkLm9yZzANBgkqhkiG9w0BAQsFAAOCAgEARWOJ69vTHMneSXYscha+4Ytjg0RM
 faewJNEGj8qy/Qvh9si2bWYNPRK6BlbHFS7pRYBLAnhaeLBGVv1CCR6GUMMe74zQ
 UuMeAoWU6qMDmB3GfYoZJh8sIxpwHqyJeTdeccRbZ4sX4F6u3IHPXYiU/AgbYqH7
 pYXQg2lCjXZYaDFAlEf5SlYUDOhhXe5kR8Edhlrsu32/JzA1DQK0JjxKCBp+DQmA
 ltdOpQtAg03fHP4ssdj7VvjIDl28iIlATwBvHrdNm7T0tYWn6TWhvxbRqvfTxfaH
 MvxnPdIJwNP4/9TyQkwjwHb1h+ucho3CnxI/AxspdOvT1ElMhP6Ce6rcS9pk11Rl
 x0ChsqpWwDg7KYpg0qZFSKCTBp4zBq9xoMJ6BQcgMfyl736WbsCzFTEyfifp8beg
 NxUa/Qk7w7cuSPGyMIKNOmOR7FLlFbtocy8sXVsUQdqnp/edelufdNe39U9uNtY6
 yoXI9//Tc6NgOwy2Oyia0slZ5qHRkB7e4USXMRzJ3p4q9eCVKjAJs81Utp7O2U+9
 vhbhwWP8CAnNTT1E5WS6EKtfrdqF7wjkV+noPGLDGmrXi01J1fSMAjMfVO+7/LOL
 UN+G4ybKWnEhhOO27yidN8Xx6UrCS23DBlPPQAeA74dTsTExiOxf1o1EXzcQiMyO
 LAj3/Ojbi1xkWhI=
 -----END CERTIFICATE-----
--- a/contrib/certificates/reseed/hiduser0_at_mail.i2p.crt
+++ b/contrib/certificates/reseed/hiduser0_at_mail.i2p.crt
@ -0,0 +1,32 @@
 -----BEGIN CERTIFICATE-----
 MIIFgTCCA2mgAwIBAgIETWAY1DANBgkqhkiG9w0BAQ0FADBxMQswCQYDVQQGEwJY
 WDELMAkGA1UECAwCWFgxCzAJBgNVBAcMAlhYMR4wHAYDVQQKDBVJMlAgQW5vbnlt
 b3VzIE5ldHdvcmsxDDAKBgNVBAsMA0kyUDEaMBgGA1UEAwwRaGlkdXNlcjBAbWFp
 bC5pMnAwHhcNMjExMjEzMTU0MDI3WhcNMzExMjExMTU0MDI3WjBxMQswCQYDVQQG
 EwJYWDELMAkGA1UECAwCWFgxCzAJBgNVBAcMAlhYMR4wHAYDVQQKDBVJMlAgQW5v
 bnltb3VzIE5ldHdvcmsxDDAKBgNVBAsMA0kyUDEaMBgGA1UEAwwRaGlkdXNlcjBA
 bWFpbC5pMnAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXnjJ8UQ0f
 lHHpfPMiHofBPSuL4sbOJY6fOXwPhSg/h6THh9DS/ZWmJXQ3qRD0glDVtv4/Dr/9
 ldGQ5eltF9iCFXCQlMEy2HjQrBKq0nsl7RpYK12cyMaod0kkzCUk9ITLi9CmHM3Z
 gQZcmG8TWjFEpDR+idx/QkQt2pcO4vzWlDit3Vh4ivnbX5jGQHbsVjQEMQWxr+pX
 dsS+YQpjZ6RBmrooGTPO8QDOOeYLAn0lCjmffc/kzIH9E/p4/O0rOpyhVYbdxUD1
 5wkqN9l4yrtxmORG/PudnRQQ0r4TUq8vsxfGY0Euo9IbhgXF2Parel1ZhDxB1WZV
 VwWtgLIh9jGA1UMa8SYKnEfp8LWNZ3b3mUUnZb3kMrLk6jGYRWNsHmamhd4mC7AZ
 qf/8lOkEIw3bPd3YguCDRVcLui5BwIEZmqXg8uoESxfO/sW3pBrN/8M7MkTex9kN
 vjitGDDXvenK27qmNgZxbBlX72yTSfys7XTYTLnxZC8AwdAo2Wz9Z6HhGiPonf2h
 vZkc9ZxuE0jFIrsbJra4X7iyjXgi4vV4ARNg/9Ft6F4/OIbECgeDcBQqq4TlT2bZ
 EfWVrBbqXoj5vNsLigIkd+AyUNwPYEcB5IFSiiOh98pC7BH3pg0m8U5YBjxe1i+9
 EQOOG0Qtx+JigXZHu6bGE0Twy9zy+UzoKQIDAQABoyEwHzAdBgNVHQ4EFgQUGK1b
 0DkL6aLalcfBc/Uj/SF08C0wDQYJKoZIhvcNAQENBQADggIBAMpXM82bJDpH1TlH
 TvhU3Z7nfZdvEhOQfujaFUYiuNripuEKcFGn948+DvAG0FUN+uNlJoqOVs8D7InD
 gWlA9zpqw5Cl5Hij/Wns9QbXuAHJeA23fVUoaM2A6v9ifcIQ1A+rDuRQAo6/64KW
 ChTg2e99RBpfGOyqgeh7tLLe0lPPekVpKHFuXabokaKRDuBcVHcUL4tWXe3dcyqa
 Ej/PJrrS+nWL0EGZ4q80CEd2LPuDzPxNGCJt/R7ZfadENWajcgcXGceh1QBzozrB
 SL/Ya6wF9SrsB7V/r5wX0LM4ZdDaLWbtmUe5Op0h/ZMH25Sa8xAXVz+O9L6sWSoO
 FaiYTOvAiyyPz+nsxKa3xYryDHno7eKSt+hGOcaurhxbdZaEFY/CegEc73tCt9xK
 e9qF8O/WkDLmixuErw3f5en4IfzGR7p3lJAwW/8WD8C6HS39h/eE7dVZNaWgtQnZ
 SgGjgZMTJqTcQ3aZmfuCZefxGFok8w6AIkdbnd1pdMBRjYu8aXgl2hQSB9ZADDE9
 R5d3rXi0PkSFLIvsNjVa5KXrZk/tB0Hpfmepq7CufBqjP/LG9TieRoXzLYUKFF74
 QRwjP+y7AJ+VDUTpY1NV1P+k+2raubU2bOnLF3zL5DtyoyieGPhyeMMvp0fRIxdg
 bSl5VHgPXHNM8mcnndMAuzvl7jEK
 -----END CERTIFICATE-----
--- a/contrib/certificates/reseed/ls_at_mail.i2p.crt
+++ b/contrib/certificates/reseed/ls_at_mail.i2p.crt
@ -0,0 +1,32 @@
 -----BEGIN CERTIFICATE-----
 MIIFdTCCA12gAwIBAgIEQ5vCxzANBgkqhkiG9w0BAQ0FADBrMQswCQYDVQQGEwJY
 WDELMAkGA1UECAwCWFgxCzAJBgNVBAcMAlhYMR4wHAYDVQQKDBVJMlAgQW5vbnlt
 b3VzIE5ldHdvcmsxDDAKBgNVBAsMA0kyUDEUMBIGA1UEAwwLbHNAbWFpbC5pMnAw
 HhcNMjMxMDE2MjAwNTA5WhcNMzMxMDEzMjAwNTA5WjBrMQswCQYDVQQGEwJYWDEL
 MAkGA1UECAwCWFgxCzAJBgNVBAcMAlhYMR4wHAYDVQQKDBVJMlAgQW5vbnltb3Vz
 IE5ldHdvcmsxDDAKBgNVBAsMA0kyUDEUMBIGA1UEAwwLbHNAbWFpbC5pMnAwggIi
 MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDPcbKRtf4PzrDa0iRit0XrwnmA
 2c1fJhkBipdPor7gMOAlkR82H1lkZSizR7kTZnr7vYqjDrOQr7bl5Dy3qo8/YCbZ
 jsnUCTIIgIJQUxUlR40RjaSXphqzUEiXKHR6b0RahhFisQ3hlbbgzSch5YgSLKws
 hOLi+eDSXw+HlwHlWFlT1XOKxSTJ/F3Bv40gxqZVC2pbxiPOeRZHQ6Ojw75lxTSF
 gww2WzgztiWt4X9BO1yepnVqhAVRPmTfGUMfKzq9jkMzZKeQFV4uZSP9nCqzEpYd
 WNDUfpTWiAQ9F+BwFXGusXXA3tGVwS7s6IEoiJFM5fsoJYfRoWGh3/1eirhBXW7U
 M6oubMSTADyrvfjLfJBMmMnc2hNblRlKr0ZKUjMfv8cnyT4kQxlXLAHHXY2P89TM
 TEVODkU48gnv6tC4t1JCb1/Da+3yVMjNX6rCzQfUwnLFrWthrwiI0NivAKFtiZjq
 w1/ZQcYke2YyeqcfXMn+NTUA22Sm2mJoMo7jUf+rbM9Pi27/DncJgRGj5qwY0D3S
 gc7829EjuZNPttGBmae1EmO7WQMB32cqdmItnV2FXpMhnn9h0u5H52kYqwn+mdtc
 dTJRcbfKG1RTr3UjFISaTwL8qigMIkVXIzcpnr/R/sSeEs8xCqfsJ6rb4dCyFx+M
 hqQcOCL5tumyd4W/LQIDAQABoyEwHzAdBgNVHQ4EFgQUgfaOG5HCnlW82wZ5BahL
 GRO06igwDQYJKoZIhvcNAQENBQADggIBAKdVpqS9qF7gGotgXaVA1iP5YNsWlTvG
 daGqeA/87//U21W6gpq82FhzsmsvUtXZfIeVIlDPI7WNDzS+A3K/KKrwM7dLgSie
 r9eMl3D8WYPU95QF4mAlRyl7PCCsYoVjyvfro0iq3/iudIA5476rjfLdTXRi5hAT
 qemPj0S+6sRjKEldRtGXrQATFlvLIWVYpgHijdDDx5M2hAz2y0mFxlDZTlA4BhL4
 DwtGlVKmbc2x5MvIQM4UhbQqkxYS4gXnzf5Qx9QIytHfTr/hmbrkhKR1GCO31BSk
 x9LhZxdI8LlwKSo6YgwXEB9E0M/tplaK9iZJFv4HPYLZrVJpb4IklMumyLMrgW5P
 fR0dgKn+R9lk0emJ1Cu+qyyzf1vsLycYBwaEztINn4VK+/HfDFpnVCvJOyNuDmj5
 KBLIoGdGoVfylmnc+e8zAXe+DY41fgniHMISOO78P8Bx9vTB+rhqnOUr9MzlUxPB
 sKGjbXy2YynEqiGb+9g344v/+ukTSDenqTPHVzJ5uOi0iedy+3ASzUNN6GJocovP
 167VOhwaETM0FwiKe0VdZRLLbbZ79CtJC0tmgcgPQPRa9Ldr6KN7u1J3D6lUp6zl
 byPom10ueKONRb36t7ai79l2SEUZRSMkx6AXIU0JJ1SMtQtav7b5LkpYJfdL7+vO
 dDx2/Za0VmdD
 -----END CERTIFICATE-----
--- a/contrib/certificates/reseed/null_at_i2pmail.org.crt
+++ b/contrib/certificates/reseed/null_at_i2pmail.org.crt
@ -0,0 +1,33 @@
 -----BEGIN CERTIFICATE-----
 MIIFyDCCA7CgAwIBAgIRAO8lBnTo+hlvglQwug2jHZkwDQYJKoZIhvcNAQELBQAw
 cDELMAkGA1UEBhMCWFgxCzAJBgNVBAcTAlhYMQswCQYDVQQJEwJYWDEeMBwGA1UE
 ChMVSTJQIEFub255bW91cyBOZXR3b3JrMQwwCgYDVQQLEwNJMlAxGTAXBgNVBAMM
 EG51bGxAaTJwbWFpbC5vcmcwHhcNMjMwOTIxMjIzMTM2WhcNMzMwOTIxMjIzMTM2
 WjBwMQswCQYDVQQGEwJYWDELMAkGA1UEBxMCWFgxCzAJBgNVBAkTAlhYMR4wHAYD
 VQQKExVJMlAgQW5vbnltb3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEZMBcGA1UE
 AwwQbnVsbEBpMnBtYWlsLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
 ggIBAMMpAvaHwzuZZ6qelRU4jcgpuAIZFH++F1Te4b1t02pRfnQ0Eeh04VC1JxO0
 XjUr1/iszEyvrI4+AdxaobDyRFPylkOLtfec4d2ciDc1cupj6y2vyYhMVN31rrvE
 ve7sKoTHJ5Dx+UPGOVZZsSsmK9TXIU23W2bo7k2VnjVBXdWZyNE4twfTYCosDnYA
 1HIEaIUFVv+COqw2pktxkMmfUAlnDLeVSfsAzEr37K+x0Xk5hO8m6GWQx0NRjjYp
 gyEcFhWAJjAYaF3gUVR9rVVky1OeFhZgxE/KzVrW7uc84ZCMKITEPwT0qqIpsTJp
 486YXzuPSc+ef78cKSQf5992l7imySJ24I/5H73HkovGAFGZdwvl6V6Ta5YqO7RR
 gVDOL1EIVUnMCqFBCE6RmyZqXBVrv4Cacdc6lZ4fj42SRtWZfe6rNCpJzTRtbOyW
 DBmYpK6q/jddfqI1sX0PXIn9U+Rod5Z4uz82PAjhamqyr5fpAnoQxKppBvQ3tNfn
 KQhmP73Hdpvl24pRyQLBIRUL86i7TPBBn7n3XZlQfXP7lp8+KJYLkL2/zCVDrwLX
 kC9hRIxCU9bZbXlkRE2R/PrK53LZecjk2KcgINA4ZlguNgze/Qj8BXelUF4izbpV
 bTSvniTM46AECvjDcICAOky9Ku4RnmUJxQVf3ahDEuso7/N7AgMBAAGjXTBbMA4G
 A1UdDwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDwYD
 VR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQbnVsbEBpMnBtYWlsLm9yZzANBgkqhkiG
 9w0BAQsFAAOCAgEAEUfYJTdDH7uCojnpF0Gs2tXxPJ22UhdqEsXfqR7KhhmmApss
 q5kiiPIYoy5T/4IM7NVyeeJAMYwQsdJjwZ4QyxLBb9EqMS2krREcPZNRfFzBr2Wj
 EBhJEYTnbIn4docwJWyXsJVG0CqFXPF1qGd0Sc2u87yj2xZNTnloWKAEQAO7DE39
 gWfDH6slM/3h3WD3Mjuk7JoYSYmBfvvm2hkBbC6lzD7XY7rdSmIUwJ050e9UrJaV
 La51dd5r4q8d1cHrVUwLiACAaXJ15AEqUDLHQcvKvyfhkabwRy+v0wsodSMgSMEH
 xA+kGhkIW7yV7o2exYOYypHCca3IA+pimMpEseNNrHSwbHOMfauiN7jiZLEPg6D6
 a8XwK7qmMYUq7j6QWuIqI81o29WZRf4LZ0GFoVce+e5VxkVKSItKcJoedIAp1ML8
 NhFwd9s/nqWidu/StscEEbGzz6ZuDXwshERXC0QR8HjHEPi4U8220juf4cxUahxK
 heEU91l7VksSZYRUN98h28vovGcukLcnVoLj5H/+Z4r/BgxMrOUJKetxf8fU7FjO
 j1U6XV36tGi+IOwYQb9D5fTVafC3hHkuUIjlOdUGYadse98ILhn9kaNtqkBtk/EU
 vK+McnrEv7tcKrbvYEop/KaUayhjFiL+wGWnpxt7gLhIiavnIeUyD7acltw=
 -----END CERTIFICATE-----
--- a/contrib/certificates/reseed/reheatedburger_at_protonmail.com.crt
+++ b/contrib/certificates/reseed/reheatedburger_at_protonmail.com.crt
@ -0,0 +1,34 @@
 -----BEGIN CERTIFICATE-----
 MIIF7zCCA9egAwIBAgIRANVB/+wEuXS0Ttoh5teJt90wDQYJKoZIhvcNAQELBQAw
 fTELMAkGA1UEBhMCWFgxCzAJBgNVBAcTAlhYMQswCQYDVQQJEwJYWDEeMBwGA1UE
 ChMVSTJQIEFub255bW91cyBOZXR3b3JrMQwwCgYDVQQLEwNJMlAxJjAkBgNVBAMM
 HXJlaGVhdGVkYnVyZ2VyQHByb3Rvbm1haWwuY29tMB4XDTIzMDkyMTE4MDAyOVoX
 DTMzMDkyMTE4MDAyOVowfTELMAkGA1UEBhMCWFgxCzAJBgNVBAcTAlhYMQswCQYD
 VQQJEwJYWDEeMBwGA1UEChMVSTJQIEFub255bW91cyBOZXR3b3JrMQwwCgYDVQQL
 EwNJMlAxJjAkBgNVBAMMHXJlaGVhdGVkYnVyZ2VyQHByb3Rvbm1haWwuY29tMIIC
 IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuNwmiIY3MLSBS5sL5PXRDVK6
 MoSNw4qx0o8nDHvVBxNtzgc0/qjYvsuUggY0tZbPpxhML6GHd4qo7Z3Ip1x0MxhI
 Ao5MJaflaEdm4+HeMy0IE3aU73KRUwp+nF3cUHZdlps+9mtYs4oncVEWkFQwGsgt
 4yrLtXf6PmPWfFH28ffeaev90e+hdhQpTvr54Ewx6NTaMQr8mkhXL2utvPpjnPM5
 UAhOeJCMgfhLzgS4rahG0O8CQMtH5gKZ+6zjoSRatnjj0j1mBO7+e1TL5O7dVS9k
 P83tmkIDDl4tXBzXr9aXQMJstbM2CEvinVcCsR74GjPcg4iB0Ift71Dx7oGKI06t
 3bSvll0GZm2mFhIba/4q6f4oAJ2aeq6ejt1Kcm8g5cxtwrRZnXv5JXHZqba3y8J5
 zWaRHzhc9tyEqRBRkc6c7xMdZQ31iJ6TlxUT8vAJ1N7OnX87oHrCjwyikpyOen4r
 Uvv1Ge054XPTeoHz+Jyt34t71ty1W13uPHpuvtPVR9MfgGrxd4Z9+LWvAjmMbFsZ
 lC3Ll+94nUk+O0puU6KisuCGP4hCtdEtebkIqT8zo8LicLAYUMjX7KwnS7681Cu1
 sY2mB2oZAytN9Zy42oOoNeY5x39kxfwuut/2E1kxKX75O0bwfIXr611abCKc3bbz
 euMrIsaB/2VFp9nAah8CAwEAAaNqMGgwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQW
 MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCYGA1UdDgQf
 BB1yZWhlYXRlZGJ1cmdlckBwcm90b25tYWlsLmNvbTANBgkqhkiG9w0BAQsFAAOC
 AgEATuHi2Yz52OK7e+sKVdHu2KrSLCGm98BG1UIMHFi3WRBTOFyp+lZ519bJ1rFj
 tmP9E1a+k/vlbc7FbV4PcV6HJYfGEv/ImtJsEnrzbhrQphC1zMFv7q6JCTUbAzl6
 ySlJ++mVxQ6AzPNH3TQgL1wPKuLh76/Y4053fg+NI3PmzzhkTUheVDkg0/a9ENSf
 xMnCa3fIm869735qHk67QlikFvAfWwc4zT1Ncwodh8G4+oX0GFzIl+OZaM1GTMuD
 UCcFKoqwtjyLCr22xNk8CfyiExPJXQG1HzEvDcxyoxQtnh9occR9PgqXySz26/NM
 XDyM+l4utLMGBcVY4x9fksRiaWEfxiygYOxY9zDl6clh6S10b3CLut4UMiS1RTtE
 Mjx2BZN3p0nxpT2leJdGxtBPGrvxuiCOEmTbOMLc3DQtppXO97B3dVMtJ5Ee8Y6p
 Tq/8eiHI6eQXat6dgFT5X16vzF7w7XO7fAxuqk4Kx1D1aTVyikdo+Fcdg44dWOjq
 NZu8VcCzZij/Dfjlce6t6h8D+wvDD8AkiivaDljpvbNDx/QQlQXFgH98TZA8Rnvr
 QcyNNATfz+1yQUiyO6Lrjaw64OJwXYX/llgnDC+qQpP6kqZabi2TsG0EVPukVvr9
 0HyAUu4lnXtTIDq2yPNenegCloqDL1ZQdaYd2XIItnfZdTY=
 -----END CERTIFICATE-----
--- a/contrib/debian/trusty/patches/01-upnp.patch
+++ b/contrib/debian/trusty/patches/01-upnp.patch
@ -2,13 +2,13 @@ Description: Enable UPnP usage in package
 Author: r4sas <r4sas@i2pmail.org>
 Reviewed-By: r4sas <r4sas@i2pmail.org>
-Last-Update: 2024-12-30
+Last-Update: 2022-03-23
 --- i2pd.orig/Makefile
 +++ i2pd/Makefile
-@@ -31,7 +31,7 @@ # import source files lists
+@@ -31,7 +31,7 @@ include filelist.mk
 include filelist.mk
 USE_AESNI       := $(or $(USE_AESNI),yes)
 USE_STATIC      := $(or $(USE_STATIC),no)
 -USE_UPNP        := $(or $(USE_UPNP),no)
 +USE_UPNP        := $(or $(USE_UPNP),yes)
--- a/contrib/debian/trusty/patches/02-service.patch
+++ b/contrib/debian/trusty/patches/02-service.patch
@ -2,7 +2,7 @@ Description: Disable LogsDirectory and LogsDirectoryMode options in service
 Author: r4sas <r4sas@i2pmail.org>
 Reviewed-By: r4sas <r4sas@i2pmail.org>
-Last-Update: 2024-07-19
+Last-Update: 2023-05-17
 --- a/contrib/i2pd.service
 +++ b/contrib/i2pd.service
@ -15,5 +15,5 @@ Last-Update: 2024-07-19
 +#LogsDirectory=i2pd
 +#LogsDirectoryMode=0700
 Type=forking
- ExecStart=/usr/bin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
+ ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
 ExecReload=/bin/sh -c "kill -HUP $MAINPID"
--- a/contrib/debian/xenial/patches/01-upnp.patch
+++ b/contrib/debian/xenial/patches/01-upnp.patch
@ -2,13 +2,13 @@ Description: Enable UPnP usage in package
 Author: r4sas <r4sas@i2pmail.org>
 Reviewed-By: r4sas <r4sas@i2pmail.org>
-Last-Update: 2024-12-30
+Last-Update: 2022-03-23
 --- i2pd.orig/Makefile
 +++ i2pd/Makefile
-@@ -31,7 +31,7 @@ # import source files lists
+@@ -31,7 +31,7 @@ include filelist.mk
 include filelist.mk
 USE_AESNI       := $(or $(USE_AESNI),yes)
 USE_STATIC      := $(or $(USE_STATIC),no)
 -USE_UPNP        := $(or $(USE_UPNP),no)
 +USE_UPNP        := $(or $(USE_UPNP),yes)
--- a/contrib/debian/xenial/patches/02-service.patch
+++ b/contrib/debian/xenial/patches/02-service.patch
@ -2,7 +2,7 @@ Description: Disable LogsDirectory and LogsDirectoryMode options in service
 Author: r4sas <r4sas@i2pmail.org>
 Reviewed-By: r4sas <r4sas@i2pmail.org>
-Last-Update: 2024-07-19
+Last-Update: 2023-05-17
 --- a/contrib/i2pd.service
 +++ b/contrib/i2pd.service
@ -15,5 +15,5 @@ Last-Update: 2024-07-19
 +#LogsDirectory=i2pd
 +#LogsDirectoryMode=0700
 Type=forking
- ExecStart=/usr/bin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
+ ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
 ExecReload=/bin/sh -c "kill -HUP $MAINPID"
--- a/contrib/i2pd.conf
+++ b/contrib/i2pd.conf
@ -243,7 +243,7 @@ verify = true
 ## Default: reg.i2p at "mainline" I2P Network
 # defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
 ## Optional subscriptions URLs, separated by comma
-# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt
+# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
 [limits]
 ## Maximum active transit sessions (default: 5000)
@ -277,3 +277,9 @@ verify = true
 ## Save full addresses on disk (default: true)
 # addressbook = true
 [cpuext]
 ## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
 # aesni = true
 ## Force usage of CPU instructions set, even if they not found (default: false)
 ## DO NOT TOUCH that option if you really don't know what are you doing!
 # force = false
--- a/contrib/i2pd.service
+++ b/contrib/i2pd.service
@ -1,8 +1,7 @@
 [Unit]
 Description=I2P Router written in C++
 Documentation=man:i2pd(1) https://i2pd.readthedocs.io/en/latest/
-Wants=network.target
+After=network.target
 After=network.target network-online.target
 [Service]
 User=i2pd
@ -12,7 +11,7 @@ RuntimeDirectoryMode=0700
 LogsDirectory=i2pd
 LogsDirectoryMode=0700
 Type=forking
-ExecStart=/usr/bin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
+ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
 ExecReload=/bin/sh -c "kill -HUP $MAINPID"
 PIDFile=/run/i2pd/i2pd.pid
 ### Uncomment, if auto restart needed
--- a/contrib/openrc/i2pd.openrc
+++ b/contrib/openrc/i2pd.openrc
@ -7,7 +7,7 @@ tunconf="/etc/i2pd/tunnels.conf"
 tundir="/etc/i2pd/tunnels.conf.d"
 name="i2pd"
-command="/usr/bin/i2pd"
+command="/usr/sbin/i2pd"
 command_args="--service --daemon --log=file --logfile=$logfile --conf=$mainconf --tunconf=$tunconf --tunnelsdir=$tundir --pidfile=$pidfile"
 description="i2p router written in C++"
 required_dirs="/var/lib/i2pd"
--- a/contrib/rpm/i2pd-git.spec
+++ b/contrib/rpm/i2pd-git.spec
@ -1,7 +1,7 @@
 %define git_hash %(git rev-parse HEAD | cut -c -7)
 Name:          i2pd-git
-Version:       2.56.0
+Version:       2.50.1
 Release:       git%{git_hash}%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd
@ -24,10 +24,6 @@ BuildRequires: openssl-devel
 BuildRequires: miniupnpc-devel
 BuildRequires: systemd-units
 %if 0%{?fedora} == 41
 BuildRequires: openssl-devel-engine
 %endif
 Requires:      logrotate
 Requires:      systemd
 Requires(pre): %{_sbindir}/useradd %{_sbindir}/groupadd
@ -97,7 +93,7 @@ pushd build
 %endif
 chrpath -d i2pd
-%{__install} -D -m 755 i2pd %{buildroot}%{_bindir}/i2pd
+%{__install} -D -m 755 i2pd %{buildroot}%{_sbindir}/i2pd
 %{__install} -d -m 755 %{buildroot}%{_datadir}/i2pd
 %{__install} -d -m 700 %{buildroot}%{_sharedstatedir}/i2pd
 %{__install} -d -m 700 %{buildroot}%{_localstatedir}/log/i2pd
@ -133,7 +129,7 @@ getent passwd i2pd >/dev/null || \
 %files
 %doc LICENSE README.md contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf contrib/tunnels.d
-%{_bindir}/i2pd
+%{_sbindir}/i2pd
 %config(noreplace) %{_sysconfdir}/i2pd/*.conf
 %config(noreplace) %{_sysconfdir}/i2pd/tunnels.conf.d/*.conf
 %config %{_sysconfdir}/i2pd/subscriptions.txt
@ -148,30 +144,6 @@ getent passwd i2pd >/dev/null || \
 %changelog
 * Tue Feb 11 2025 orignal <orignal@i2pmail.org> - 2.56.0
 - update to 2.56.0
 * Mon Dec 30 2024 orignal <orignal@i2pmail.org> - 2.55.0
 - update to 2.55.0
 * Sun Oct 6 2024 orignal <orignal@i2pmail.org> - 2.54.0
 - update to 2.54.0
 * Tue Jul 30 2024 orignal <orignal@i2pmail.org> - 2.53.1
 - update to 2.53.1
 * Fri Jul 19 2024 orignal <orignal@i2pmail.org> - 2.53.0
 - update to 2.53.0
 * Sun May 12 2024 orignal <orignal@i2pmail.org> - 2.52.0
 - update to 2.52.0
 * Sat Apr 06 2024 orignal <orignal@i2pmail.org> - 2.51.0
 - update to 2.51.0
 * Sat Jan 06 2024 orignal <orignal@i2pmail.org> - 2.50.2
 - update to 2.50.2
 * Sat Dec 23 2023 r4sas <r4sas@i2pmail.org> - 2.50.1
 - update to 2.50.1
--- a/contrib/rpm/i2pd.spec
+++ b/contrib/rpm/i2pd.spec
@ -1,5 +1,5 @@
 Name:          i2pd
-Version:       2.56.0
+Version:       2.50.1
 Release:       1%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd-git
@ -22,10 +22,6 @@ BuildRequires: openssl-devel
 BuildRequires: miniupnpc-devel
 BuildRequires: systemd-units
 %if 0%{?fedora} == 41
 BuildRequires: openssl-devel-engine
 %endif
 Requires:      logrotate
 Requires:      systemd
 Requires(pre): %{_sbindir}/useradd %{_sbindir}/groupadd
@ -95,7 +91,7 @@ pushd build
 %endif
 chrpath -d i2pd
-%{__install} -D -m 755 i2pd %{buildroot}%{_bindir}/i2pd
+%{__install} -D -m 755 i2pd %{buildroot}%{_sbindir}/i2pd
 %{__install} -d -m 755 %{buildroot}%{_datadir}/i2pd
 %{__install} -d -m 700 %{buildroot}%{_sharedstatedir}/i2pd
 %{__install} -d -m 700 %{buildroot}%{_localstatedir}/log/i2pd
@ -131,7 +127,7 @@ getent passwd i2pd >/dev/null || \
 %files
 %doc LICENSE README.md contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf contrib/tunnels.d
-%{_bindir}/i2pd
+%{_sbindir}/i2pd
 %config(noreplace) %{_sysconfdir}/i2pd/*.conf
 %config(noreplace) %{_sysconfdir}/i2pd/tunnels.conf.d/*.conf
 %config %{_sysconfdir}/i2pd/subscriptions.txt
@ -146,30 +142,6 @@ getent passwd i2pd >/dev/null || \
 %changelog
 * Tue Feb 11 2025 orignal <orignal@i2pmail.org> - 2.56.0
 - update to 2.56.0
 * Mon Dec 30 2024 orignal <orignal@i2pmail.org> - 2.55.0
 - update to 2.55.0
 * Sun Oct 6 2024 orignal <orignal@i2pmail.org> - 2.54.0
 - update to 2.54.0
 * Tue Jul 30 2024 orignal <orignal@i2pmail.org> - 2.53.1
 - update to 2.53.1
 * Fri Jul 19 2024 orignal <orignal@i2pmail.org> - 2.53.0
 - update to 2.53.0
 * Sun May 12 2024 orignal <orignal@i2pmail.org> - 2.52.0
 - update to 2.52.0
 * Sat Apr 06 2024 orignal <orignal@i2pmail.org> - 2.51.0
 - update to 2.51.0
 * Sat Jan 06 2024 orignal <orignal@i2pmail.org> - 2.50.2
 - update to 2.50.2
 * Sat Dec 23 2023 r4sas <r4sas@i2pmail.org> - 2.50.1
 - update to 2.50.1
--- a/contrib/tunnels.conf
+++ b/contrib/tunnels.conf
@ -5,7 +5,6 @@ port = 6668
 destination = irc.ilita.i2p
 destinationport = 6667
 keys = irc-keys.dat
 i2p.streaming.profile=2
 #[IRC-IRC2P]
 #type = client
--- a/contrib/upstart/i2pd.upstart
+++ b/contrib/upstart/i2pd.upstart
@ -8,4 +8,4 @@ env LOGFILE="/var/log/i2pd/i2pd.log"
 expect fork
-exec /usr/bin/i2pd --daemon --service --log=file --logfile=$LOGFILE
+exec /usr/sbin/i2pd --daemon --service --log=file --logfile=$LOGFILE
--- a/daemon/Daemon.cpp
+++ b/daemon/Daemon.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -149,19 +149,17 @@ namespace util
 		LogPrint(eLogDebug, "FS: Certificates directory: ", certsdir);
 		bool precomputation; i2p::config::GetOption("precomputation.elgamal", precomputation);
 		bool aesni; i2p::config::GetOption("cpuext.aesni", aesni);
 		bool forceCpuExt; i2p::config::GetOption("cpuext.force", forceCpuExt);
 		bool ssu; i2p::config::GetOption("ssu", ssu);
 		if (!ssu && i2p::config::IsDefault ("precomputation.elgamal"))
 			precomputation = false; // we don't elgamal table if no ssu, unless it's specified explicitly
-		i2p::crypto::InitCrypto (precomputation);
+		i2p::crypto::InitCrypto (precomputation, aesni, forceCpuExt);
 		i2p::transport::InitAddressFromIface (); // get address4/6 from interfaces
 		int netID; i2p::config::GetOption("netid", netID);
 		i2p::context.SetNetID (netID);
 		bool checkReserved; i2p::config::GetOption("reservedrange", checkReserved);
 		i2p::transport::transports.SetCheckReserved(checkReserved);
 		i2p::context.Init ();
 		i2p::transport::InitTransports ();
@ -177,7 +175,7 @@ namespace util
 		bool transit; i2p::config::GetOption("notransit", transit);
 		i2p::context.SetAcceptsTunnels (!transit);
-		uint32_t transitTunnels; i2p::config::GetOption("limits.transittunnels", transitTunnels);
+		uint16_t transitTunnels; i2p::config::GetOption("limits.transittunnels", transitTunnels);
 		if (isFloodfill && i2p::config::IsDefault ("limits.transittunnels"))
 			transitTunnels *= 2; // double default number of transit tunnels for floodfill
 		i2p::tunnel::tunnels.SetMaxNumTransitTunnels (transitTunnels);
@ -186,7 +184,7 @@ namespace util
 		std::string bandwidth; i2p::config::GetOption("bandwidth", bandwidth);
 		if (bandwidth.length () > 0)
 		{
-			if (bandwidth.length () == 1 && ((bandwidth[0] >= 'K' && bandwidth[0] <= 'P') || bandwidth[0] == 'X' ))
+			if (bandwidth[0] >= 'K' && bandwidth[0] <= 'X')
 			{
 				i2p::context.SetBandwidth (bandwidth[0]);
 				LogPrint(eLogInfo, "Daemon: Bandwidth set to ", i2p::context.GetBandwidthLimit (), "KBps");
@ -300,10 +298,12 @@ namespace util
 		bool ntcp2; i2p::config::GetOption("ntcp2.enabled", ntcp2);
 		bool ssu2; i2p::config::GetOption("ssu2.enabled", ssu2);
 		bool checkInReserved; i2p::config::GetOption("reservedrange", checkInReserved);
 		LogPrint(eLogInfo, "Daemon: Starting Transports");
 		if(!ssu2) LogPrint(eLogInfo, "Daemon: SSU2 disabled");
 		if(!ntcp2) LogPrint(eLogInfo, "Daemon: NTCP2 disabled");
 		i2p::transport::transports.SetCheckReserved(checkInReserved);
 		i2p::transport::transports.Start(ntcp2, ssu2);
 		if (i2p::transport::transports.IsBoundSSU2() || i2p::transport::transports.IsBoundNTCP2())
 			LogPrint(eLogInfo, "Daemon: Transports started");
--- a/daemon/HTTPServer.cpp
+++ b/daemon/HTTPServer.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -132,22 +132,25 @@ namespace http {
 	static void ShowTunnelDetails (std::stringstream& s, enum i2p::tunnel::TunnelState eState, bool explr, int bytes)
 	{
-		std::string state;
+		std::string state, stateText;
-		std::string_view stateText;
+		switch (eState) {
 		switch (eState) 
 		{
 			case i2p::tunnel::eTunnelStateBuildReplyReceived :
 			case i2p::tunnel::eTunnelStatePending     : state = "building";    break;
-			case i2p::tunnel::eTunnelStateBuildFailed : state = "failed"; stateText = "declined"; break;
+			case i2p::tunnel::eTunnelStateBuildFailed :
-			case i2p::tunnel::eTunnelStateTestFailed  : state = "failed"; stateText = "test failed";  break;
+			case i2p::tunnel::eTunnelStateTestFailed  :
 			case i2p::tunnel::eTunnelStateFailed      : state = "failed";      break;
 			case i2p::tunnel::eTunnelStateExpiring    : state = "expiring";    break;
 			case i2p::tunnel::eTunnelStateEstablished : state = "established"; break;
 			default: state = "unknown"; break;
 		}
 		if (stateText.empty ()) stateText = tr(state);
-		s << "<span class=\"tunnel " << state << "\"> " << stateText << ((explr) ? " (" + std::string(tr("exploratory")) + ")" : "") << "</span>, "; // TODO:
+		if      (state == "building")    stateText = tr("building");
 		else if (state == "failed")      stateText = tr("failed");
 		else if (state == "expiring")    stateText = tr("expiring");
 		else if (state == "established") stateText = tr("established");
 		else stateText = tr("unknown");
 		s << "<span class=\"tunnel " << state << "\"> " << stateText << ((explr) ? " (" + tr("exploratory") + ")" : "") << "</span>, ";
 		ShowTraffic(s, bytes);
 		s << "\r\n";
 	}
@ -214,7 +217,7 @@ namespace http {
 			"</html>\r\n";
 	}
-	static void ShowError(std::stringstream& s, std::string_view string)
+	static void ShowError(std::stringstream& s, const std::string& string)
 	{
 		s << "<b>" << tr("ERROR") << ":</b>&nbsp;" << string << "<br>\r\n";
 	}
@ -418,15 +421,6 @@ namespace http {
 		}
 	}
 	static void ShowHop(std::stringstream& s, const i2p::data::IdentityEx& ident)
 	{
 		auto identHash = ident.GetIdentHash();
 		auto router = i2p::data::netdb.FindRouter(identHash);
 		s << i2p::data::GetIdentHashAbbreviation(identHash);
 		if (router)
 			s << "<small style=\"color:gray\"> " << router->GetBandwidthCap() << "</small>";
 	}
 	static void ShowLeaseSetDestination (std::stringstream& s, std::shared_ptr<const i2p::client::LeaseSetDestination> dest, uint32_t token)
 	{
 		s << "<b>Base32:</b><br>\r\n<textarea readonly cols=\"80\" rows=\"1\">";
@ -492,9 +486,7 @@ namespace http {
 					it->VisitTunnelHops(
 						[&s](std::shared_ptr<const i2p::data::IdentityEx> hopIdent)
 						{
-							s << "&#8658; ";
+							s << "&#8658; " << i2p::data::GetIdentHashAbbreviation (hopIdent->GetIdentHash ()) << " ";
 							ShowHop(s, *hopIdent);
 							s << " ";
 						}
 					);
 				}
@ -515,9 +507,7 @@ namespace http {
 					it->VisitTunnelHops(
 						[&s](std::shared_ptr<const i2p::data::IdentityEx> hopIdent)
 						{
-							s << " ";
+							s << " " << i2p::data::GetIdentHashAbbreviation (hopIdent->GetIdentHash ()) << " &#8658;";
 							ShowHop(s, *hopIdent);
 							s << " &#8658;";
 						}
 					);
 				}
@ -702,7 +692,6 @@ namespace http {
 	{
 		s << "<b>" << tr("Tunnels") << ":</b><br>\r\n";
 		s << "<b>" << tr("Queue size") << ":</b> " << i2p::tunnel::tunnels.GetQueueSize () << "<br>\r\n<br>\r\n";
 		s << "<b>" << tr("TBM Queue size") << ":</b> " << i2p::tunnel::tunnels.GetTBMQueueSize () << "<br>\r\n<br>\r\n";
 		auto ExplPool = i2p::tunnel::tunnels.GetExploratoryPool ();
@ -714,9 +703,7 @@ namespace http {
 				it->VisitTunnelHops(
 					[&s](std::shared_ptr<const i2p::data::IdentityEx> hopIdent)
 					{
-						s << "&#8658; ";
+						s << "&#8658; " << i2p::data::GetIdentHashAbbreviation (hopIdent->GetIdentHash ()) << " ";
 						ShowHop(s, *hopIdent);
 						s << " ";
 					}
 				);
 			}
@ -737,9 +724,7 @@ namespace http {
 				it->VisitTunnelHops(
 					[&s](std::shared_ptr<const i2p::data::IdentityEx> hopIdent)
 					{
-						s << " ";
+						s << " " << i2p::data::GetIdentHashAbbreviation (hopIdent->GetIdentHash ()) << " &#8658;";
 						ShowHop(s, *hopIdent);
 						s << " &#8658;";
 					}
 				);
 			}
@ -791,7 +776,7 @@ namespace http {
 		s << "  <a class=\"button" << (loglevel == eLogInfo     ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=info&token=" << token << "\"> info </a> \r\n";
 		s << "  <a class=\"button" << (loglevel == eLogDebug    ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=debug&token=" << token << "\"> debug </a><br>\r\n<br>\r\n";
-		uint32_t maxTunnels = i2p::tunnel::tunnels.GetMaxNumTransitTunnels ();
+		uint16_t maxTunnels = i2p::tunnel::tunnels.GetMaxNumTransitTunnels ();
 		s << "<b>" << tr("Transit tunnels limit") << "</b><br>\r\n";
 		s << "<form method=\"get\" action=\"" << webroot << "\">\r\n";
 		s << "  <input type=\"hidden\" name=\"cmd\" value=\"" << HTTP_COMMAND_LIMITTRANSIT << "\">\r\n";
@ -827,7 +812,7 @@ namespace http {
 		if (i2p::tunnel::tunnels.CountTransitTunnels())
 		{
 			s << "<b>" << tr("Transit Tunnels") << ":</b><br>\r\n";
-			s << "<table><thead><th>&#8658;</th><th>ID</th><th>&#8658;</th><th>" << tr("Amount") << "</th><th>" << tr("Next") << "</th></thead><tbody class=\"tableitem\">";
+			s << "<table><thead><th>&#8658;</th><th>ID</th><th>&#8658;</th><th>" << tr("Amount") << "</th></thead><tbody class=\"tableitem\">";
 			for (const auto& it: i2p::tunnel::tunnels.GetTransitTunnels ())
 			{
 				if (std::dynamic_pointer_cast<i2p::tunnel::TransitTunnelGateway>(it))
@ -837,7 +822,7 @@ namespace http {
 				else
 					s << "<tr><td>&#8658;</td><td>" << it->GetTunnelID () << "</td><td>&#8658;</td><td>";
 				ShowTraffic(s, it->GetNumTransmittedBytes ());
-				s << "</td><td>" << it->GetNextPeerName () << "</td></tr>\r\n";
+				s << "</td></tr>\r\n";
 			}
 			s << "</tbody></table>\r\n";
 		}
@ -1263,7 +1248,7 @@ namespace http {
 			ShowLeasesSets(s);
 		else {
 			res.code = 400;
-			ShowError(s, std::string (tr("Unknown page")) + ": " + page); // TODO
+			ShowError(s, tr("Unknown page") + ": " + page);
 			return;
 		}
 	}
@ -1419,11 +1404,13 @@ namespace http {
 					{
 						auto signatureLen = dest->GetIdentity ()->GetSignatureLen ();
 						uint8_t * signature = new uint8_t[signatureLen];
 						char * sig = new char[signatureLen*2];
 						std::stringstream out;
 						out << name << "=" << dest->GetIdentity ()->ToBase64 ();
 						dest->Sign ((uint8_t *)out.str ().c_str (), out.str ().length (), signature);
-						auto sig = i2p::data::ByteStreamToBase64 (signature, signatureLen);
+						auto len = i2p::data::ByteStreamToBase64 (signature, signatureLen, sig, signatureLen*2);
 						sig[len] = 0;
 						out << "#!sig=" << sig;
 						s << "<b>" << tr("SUCCESS") << "</b>:<br>\r\n<form action=\"http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/add\" method=\"post\" rel=\"noreferrer\" target=\"_blank\">\r\n"
 						     "<textarea readonly name=\"record\" cols=\"80\" rows=\"10\">" << out.str () << "</textarea>\r\n<br>\r\n<br>\r\n"
@ -1432,6 +1419,7 @@ namespace http {
 						     "<input type=\"submit\" value=\"" << tr("Submit") << "\">\r\n"
 						     "</form>\r\n<br>\r\n";
 						delete[] signature;
 						delete[] sig;
 					}
 					else
 						s << "<b>" << tr("ERROR") << "</b>:&nbsp;" << tr("Domain can't end with .b32.i2p") << "\r\n<br>\r\n<br>\r\n";
@ -1460,7 +1448,7 @@ namespace http {
 		else
 		{
 			res.code = 400;
-			ShowError(s, std::string (tr("Unknown command")) + ": " + cmd); // TODO
+			ShowError(s, tr("Unknown command") + ": " + cmd);
 			return;
 		}
@ -1479,13 +1467,13 @@ namespace http {
 		reply.body = content;
 		m_SendBuffer = reply.to_string();
-		boost::asio::async_write (*m_Socket, boost::asio::buffer(m_SendBuffer), boost::asio::transfer_all (), 
+		boost::asio::async_write (*m_Socket, boost::asio::buffer(m_SendBuffer),
 			std::bind (&HTTPConnection::Terminate, shared_from_this (), std::placeholders::_1));
 	}
 	HTTPServer::HTTPServer (const std::string& address, int port):
-		m_IsRunning (false), m_Thread (nullptr), m_Work (m_Service.get_executor ()),
+		m_IsRunning (false), m_Thread (nullptr), m_Work (m_Service),
-		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint (boost::asio::ip::make_address(address), port)),
+		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint (boost::asio::ip::address::from_string(address), port)),
 		m_Hostname(address)
 	{
 	}
--- a/daemon/HTTPServer.h
+++ b/daemon/HTTPServer.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -25,7 +25,7 @@ namespace http
 	const size_t HTTP_CONNECTION_BUFFER_SIZE = 8192;
 	const int TOKEN_EXPIRATION_TIMEOUT = 30; // in seconds
 	const int COMMAND_REDIRECT_TIMEOUT = 5; // in seconds
-	const int TRANSIT_TUNNELS_LIMIT = 1000000;
+	const int TRANSIT_TUNNELS_LIMIT = 65535;
 	class HTTPConnection: public std::enable_shared_from_this<HTTPConnection>
 	{
@ -83,8 +83,8 @@ namespace http
 			bool m_IsRunning;
 			std::unique_ptr<std::thread> m_Thread;
-			boost::asio::io_context m_Service;
+			boost::asio::io_service m_Service;
-			boost::asio::executor_work_guard<boost::asio::io_context::executor_type> m_Work;
+			boost::asio::io_service::work m_Work;
 			boost::asio::ip::tcp::acceptor m_Acceptor;
 			std::string m_Hostname;
 	};
--- a/daemon/I2PControl.cpp
+++ b/daemon/I2PControl.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -8,13 +8,16 @@
 #include <stdio.h>
 #include <sstream>
 #include <iomanip>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 // Use global placeholders from boost introduced when local_time.hpp is loaded
 #define BOOST_BIND_GLOBAL_PLACEHOLDERS
 #include <boost/date_time/local_time/local_time.hpp>
 #include <boost/date_time/posix_time/posix_time.hpp>
 #include <boost/property_tree/json_parser.hpp>
 #include <boost/lexical_cast.hpp>
 #include "FS.h"
 #include "Log.h"
@ -29,24 +32,11 @@ namespace i2p
 namespace client
 {
 	I2PControlService::I2PControlService (const std::string& address, int port):
-		m_IsRunning (false),	
+		m_IsRunning (false), m_Thread (nullptr),
 		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint(boost::asio::ip::address::from_string(address), port)),
 		m_SSLContext (boost::asio::ssl::context::sslv23),
 		m_ShutdownTimer (m_Service)
 	{
 		if (port)		
 			m_Acceptor = std::make_unique<boost::asio::ip::tcp::acceptor>(m_Service,
 				boost::asio::ip::tcp::endpoint(boost::asio::ip::make_address(address), port));
 		else
 #if defined(BOOST_ASIO_HAS_LOCAL_SOCKETS)
 		{		
 			std::remove (address.c_str ());	// just in case
 			m_LocalAcceptor = std::make_unique<boost::asio::local::stream_protocol::acceptor>(m_Service,
 				boost::asio::local::stream_protocol::endpoint(address));	
 		}	
 #else
 			LogPrint(eLogError, "I2PControl: Local sockets are not supported");
 #endif				
 		i2p::config::GetOption("i2pcontrol.password", m_Password);
 		// certificate / keys
@ -57,29 +47,15 @@ namespace client
 			i2pcp_crt = i2p::fs::DataDirPath(i2pcp_crt);
 		if (i2pcp_key.at(0) != '/')
 			i2pcp_key = i2p::fs::DataDirPath(i2pcp_key);
-		if (!i2p::fs::Exists (i2pcp_crt) || !i2p::fs::Exists (i2pcp_key)) 
+		if (!i2p::fs::Exists (i2pcp_crt) || !i2p::fs::Exists (i2pcp_key)) {
 		{
 			LogPrint (eLogInfo, "I2PControl: Creating new certificate for control connection");
 			CreateCertificate (i2pcp_crt.c_str(), i2pcp_key.c_str());
-		} 
+		} else {
 		else 
 			LogPrint(eLogDebug, "I2PControl: Using cert from ", i2pcp_crt);
 		m_SSLContext.set_options (boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | boost::asio::ssl::context::single_dh_use);
 		boost::system::error_code ec;
 		m_SSLContext.use_certificate_file (i2pcp_crt, boost::asio::ssl::context::pem, ec);
 		if (!ec)		
 			m_SSLContext.use_private_key_file (i2pcp_key, boost::asio::ssl::context::pem, ec);
 		if (ec)
 		{
 			LogPrint (eLogInfo, "I2PControl: Failed to load ceritifcate: ", ec.message (), ". Recreating");
 			CreateCertificate (i2pcp_crt.c_str(), i2pcp_key.c_str());
 			m_SSLContext.use_certificate_file (i2pcp_crt, boost::asio::ssl::context::pem, ec);
 			if (!ec)		
 				m_SSLContext.use_private_key_file (i2pcp_key, boost::asio::ssl::context::pem, ec);
 			if (ec) 
 				// give up
 				LogPrint (eLogError, "I2PControl: Can't load certificates");
 		}
 		m_SSLContext.set_options (boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | boost::asio::ssl::context::single_dh_use);
 		m_SSLContext.use_certificate_file (i2pcp_crt, boost::asio::ssl::context::pem);
 		m_SSLContext.use_private_key_file (i2pcp_key, boost::asio::ssl::context::pem);
 		// handlers
 		m_MethodHandlers["Authenticate"]       = &I2PControlService::AuthenticateHandler;
@ -110,7 +86,7 @@ namespace client
 		{
 			Accept ();
 			m_IsRunning = true;
-			m_Thread = std::make_unique<std::thread>(std::bind (&I2PControlService::Run, this));
+			m_Thread = new std::thread (std::bind (&I2PControlService::Run, this));
 		}
 	}
@ -119,19 +95,12 @@ namespace client
 		if (m_IsRunning)
 		{
 			m_IsRunning = false;
-			if (m_Acceptor) m_Acceptor->cancel ();
+			m_Acceptor.cancel ();
 #if defined(BOOST_ASIO_HAS_LOCAL_SOCKETS)
 			if (m_LocalAcceptor) 
 			{
 				auto path = m_LocalAcceptor->local_endpoint().path();
 				m_LocalAcceptor->cancel ();
 				std::remove (path.c_str ());
 			}	
 #endif			
 			m_Service.stop ();
 			if (m_Thread)
 			{
 				m_Thread->join ();
 				delete m_Thread;
 				m_Thread = nullptr;
 			}
 		}
@ -153,60 +122,40 @@ namespace client
 	void I2PControlService::Accept ()
 	{
-		if (m_Acceptor)
+		auto newSocket = std::make_shared<ssl_socket> (m_Service, m_SSLContext);
-		{	
+		m_Acceptor.async_accept (newSocket->lowest_layer(), std::bind (&I2PControlService::HandleAccept, this,
-			auto newSocket = std::make_shared<boost::asio::ssl::stream<boost::asio::ip::tcp::socket> > (m_Service, m_SSLContext);
+			std::placeholders::_1, newSocket));
 			m_Acceptor->async_accept (newSocket->lowest_layer(),
 				[this, newSocket](const boost::system::error_code& ecode)
 				{
 					HandleAccepted (ecode, newSocket);
 				});		
 		}	
 #if defined(BOOST_ASIO_HAS_LOCAL_SOCKETS)
 		else if (m_LocalAcceptor)
 		{
 			auto newSocket = std::make_shared<boost::asio::ssl::stream<boost::asio::local::stream_protocol::socket> > (m_Service, m_SSLContext);
 			m_LocalAcceptor->async_accept (newSocket->lowest_layer(),
 				[this, newSocket](const boost::system::error_code& ecode)
 				{
 					HandleAccepted (ecode, newSocket);
 				});		
 		}	
 #endif		
 	}
-	template<typename ssl_socket> 
+	void I2PControlService::HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket)
 	void I2PControlService::HandleAccepted (const boost::system::error_code& ecode,
 		std::shared_ptr<ssl_socket> newSocket)
 	{
 		if (ecode != boost::asio::error::operation_aborted)
 			Accept ();
-		if (ecode) 
+		if (ecode) {
 		{
 			LogPrint (eLogError, "I2PControl: Accept error: ", ecode.message ());
 			return;
 		}
-		LogPrint (eLogDebug, "I2PControl: New request from ", newSocket->lowest_layer ().remote_endpoint ());
+		LogPrint (eLogDebug, "I2PControl: New request from ", socket->lowest_layer ().remote_endpoint ());
-		Handshake (newSocket);
+		Handshake (socket);
 	}
 	template<typename ssl_socket>
 	void I2PControlService::Handshake (std::shared_ptr<ssl_socket> socket)
 	{
 		socket->async_handshake(boost::asio::ssl::stream_base::server,
-			[this, socket](const boost::system::error_code& ecode)
+		std::bind( &I2PControlService::HandleHandshake, this, std::placeholders::_1, socket));
-		    {
+	}
-				if (ecode) 
+
-				{
+	void I2PControlService::HandleHandshake (const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket)
-					LogPrint (eLogError, "I2PControl: Handshake error: ", ecode.message ());
+	{
-					return;
+		if (ecode) {
-				}
+			LogPrint (eLogError, "I2PControl: Handshake error: ", ecode.message ());
-				ReadRequest (socket);
+			return;
-			});			                        
+		}
 		//std::this_thread::sleep_for (std::chrono::milliseconds(5));
 		ReadRequest (socket);
 	}
 	template<typename ssl_socket>
 	void I2PControlService::ReadRequest (std::shared_ptr<ssl_socket> socket)
 	{
 		auto request = std::make_shared<I2PControlBuffer>();
@ -216,13 +165,10 @@ namespace client
 #else
 			boost::asio::buffer (request->data (), request->size ()),
 #endif
-		    [this, socket, request](const boost::system::error_code& ecode, size_t bytes_transferred)
+			std::bind(&I2PControlService::HandleRequestReceived, this,
-		    {
+			std::placeholders::_1, std::placeholders::_2, socket, request));
 				HandleRequestReceived (ecode, bytes_transferred, socket, request);
 			});
 	}
 	template<typename ssl_socket>
 	void I2PControlService::HandleRequestReceived (const boost::system::error_code& ecode,
 		size_t bytes_transferred, std::shared_ptr<ssl_socket> socket,
 		std::shared_ptr<I2PControlBuffer> buf)
@ -300,7 +246,6 @@ namespace client
 		}
 	}
 	template<typename ssl_socket>
 	void I2PControlService::SendResponse (std::shared_ptr<ssl_socket> socket,
 		std::shared_ptr<I2PControlBuffer> buf, std::ostringstream& response, bool isHtml)
 	{
@ -310,12 +255,12 @@ namespace client
 			std::ostringstream header;
 			header << "HTTP/1.1 200 OK\r\n";
 			header << "Connection: close\r\n";
-			header << "Content-Length: " << std::to_string(len) << "\r\n";
+			header << "Content-Length: " << boost::lexical_cast<std::string>(len) << "\r\n";
 			header << "Content-Type: application/json\r\n";
 			header << "Date: ";
-			std::time_t t = std::time (nullptr);
+			auto facet = new boost::local_time::local_time_facet ("%a, %d %b %Y %H:%M:%S GMT");
-    		std::tm tm = *std::gmtime (&t);
+			header.imbue(std::locale (header.getloc(), facet));
-			header << std::put_time(&tm, "%a, %d %b %Y %T GMT") << "\r\n";
+			header << boost::posix_time::second_clock::local_time() << "\r\n";
 			header << "\r\n";
 			offset = header.str ().size ();
 			memcpy (buf->data (), header.str ().c_str (), offset);
@ -323,11 +268,16 @@ namespace client
 		memcpy (buf->data () + offset, response.str ().c_str (), len);
 		boost::asio::async_write (*socket, boost::asio::buffer (buf->data (), offset + len),
 			boost::asio::transfer_all (),
-		    [socket, buf](const boost::system::error_code& ecode, std::size_t bytes_transferred)
+			std::bind(&I2PControlService::HandleResponseSent, this,
-		    {
+				std::placeholders::_1, std::placeholders::_2, socket, buf));
-				if (ecode)
+	}
-					LogPrint (eLogError, "I2PControl: Write error: ", ecode.message ());
+
-			});	
+	void I2PControlService::HandleResponseSent (const boost::system::error_code& ecode, std::size_t bytes_transferred,
 		std::shared_ptr<ssl_socket> socket, std::shared_ptr<I2PControlBuffer> buf)
 	{
 		if (ecode) {
 			LogPrint (eLogError, "I2PControl: Write error: ", ecode.message ());
 		}
 	}
 // handlers
@ -388,11 +338,10 @@ namespace client
 	{
 		for (auto it = params.begin (); it != params.end (); it++)
 		{
 			if (it != params.begin ()) results << ",";
 			LogPrint (eLogDebug, "I2PControl: RouterManager request: ", it->first);
 			auto it1 = m_RouterManagerHandlers.find (it->first);
-			if (it1 != m_RouterManagerHandlers.end ()) 
+			if (it1 != m_RouterManagerHandlers.end ()) {
 			{
 				if (it != params.begin ()) results << ",";
 				(this->*(it1->second))(results);
 			} else
 				LogPrint (eLogError, "I2PControl: RouterManager unknown request: ", it->first);
@ -455,7 +404,7 @@ namespace client
 			X509_NAME_add_entry_by_txt (name, "O",  MBSTRING_ASC, (unsigned char *)I2P_CONTROL_CERTIFICATE_ORGANIZATION, -1, -1, 0); // organization
 			X509_NAME_add_entry_by_txt (name, "CN", MBSTRING_ASC, (unsigned char *)I2P_CONTROL_CERTIFICATE_COMMON_NAME, -1, -1, 0); // common name
 			X509_set_issuer_name (x509, name); // set issuer to ourselves
-			X509_sign (x509, pkey, EVP_sha1 ()); // sign, last param must be NULL for EdDSA
+			X509_sign (x509, pkey, EVP_sha1 ()); // sign
 			// save cert
 			if ((f = fopen (crt_path, "wb")) != NULL) {
--- a/daemon/I2PControl.h
+++ b/daemon/I2PControl.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -35,6 +35,8 @@ namespace client
 	class I2PControlService: public I2PControlHandlers
 	{
 		typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> ssl_socket;
 		public:
 			I2PControlService (const std::string& address, int port);
@ -47,18 +49,16 @@ namespace client
 			void Run ();
 			void Accept ();
-			template<typename ssl_socket> 
+			void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket);
 			void HandleAccepted (const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> newSocket);
 			template<typename ssl_socket>
 			void Handshake (std::shared_ptr<ssl_socket> socket);
-			template<typename ssl_socket>
+			void HandleHandshake (const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket);
 			void ReadRequest (std::shared_ptr<ssl_socket> socket);
 			template<typename ssl_socket>
 			void HandleRequestReceived (const boost::system::error_code& ecode, size_t bytes_transferred,
 				std::shared_ptr<ssl_socket> socket, std::shared_ptr<I2PControlBuffer> buf);
 			template<typename ssl_socket>
 			void SendResponse (std::shared_ptr<ssl_socket> socket,
 				std::shared_ptr<I2PControlBuffer> buf, std::ostringstream& response, bool isHtml);
 			void HandleResponseSent (const boost::system::error_code& ecode, std::size_t bytes_transferred,
 				std::shared_ptr<ssl_socket> socket, std::shared_ptr<I2PControlBuffer> buf);
 			void CreateCertificate (const char *crt_path, const char *key_path);
@ -86,13 +86,10 @@ namespace client
 			std::string m_Password;
 			bool m_IsRunning;
-			std::unique_ptr<std::thread> m_Thread;
+			std::thread * m_Thread;
-			boost::asio::io_context m_Service;
+			boost::asio::io_service m_Service;
-			std::unique_ptr<boost::asio::ip::tcp::acceptor> m_Acceptor;
+			boost::asio::ip::tcp::acceptor m_Acceptor;
 #if defined(BOOST_ASIO_HAS_LOCAL_SOCKETS)
 			std::unique_ptr<boost::asio::local::stream_protocol::acceptor> m_LocalAcceptor;
 #endif		
 			boost::asio::ssl::context m_SSLContext;
 			boost::asio::deadline_timer m_ShutdownTimer;
 			std::set<std::string> m_Tokens;
--- a/daemon/UPnP.cpp
+++ b/daemon/UPnP.cpp
@ -1,15 +1,10 @@
 /*
 * Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
 * See full license text in LICENSE file at top of project tree
 */
 #ifdef USE_UPNP
 #include <string>
 #include <thread>
 #include <boost/thread/thread.hpp>
 #include <boost/asio.hpp>
 #include "Log.h"
 #include "RouterContext.h"
@ -52,7 +47,7 @@ namespace transport
 	{
 		m_IsRunning = true;
 		LogPrint(eLogInfo, "UPnP: Starting");
-		boost::asio::post (m_Service, std::bind (&UPnP::Discover, this));
+		m_Service.post (std::bind (&UPnP::Discover, this));
 		std::unique_lock<std::mutex> l(m_StartedMutex);
 		m_Thread.reset (new std::thread (std::bind (&UPnP::Run, this)));
 		m_Started.wait_for (l, std::chrono::seconds (5)); // 5 seconds maximum
@ -115,16 +110,10 @@ namespace transport
 			return;
 		}
 #if (MINIUPNPC_API_VERSION >= 18)
 		err = UPNP_GetValidIGD (m_Devlist, &m_upnpUrls, &m_upnpData, m_NetworkAddr, sizeof (m_NetworkAddr),
 					m_externalIPAddress, sizeof (m_externalIPAddress));
 #else
 		err = UPNP_GetValidIGD (m_Devlist, &m_upnpUrls, &m_upnpData, m_NetworkAddr, sizeof (m_NetworkAddr));
 #endif
 		m_upnpUrlsInitialized=err!=0;
 		if (err == UPNP_IGD_VALID_CONNECTED)
 		{
 #if (MINIUPNPC_API_VERSION < 18)
 			err = UPNP_GetExternalIPAddress (m_upnpUrls.controlURL, m_upnpData.first.servicetype, m_externalIPAddress);
 			if(err != UPNPCOMMAND_SUCCESS)
 			{
@ -132,7 +121,6 @@ namespace transport
 				return;
 			}
 			else
 #endif
 			{
 				LogPrint (eLogError, "UPnP: Found Internet Gateway Device ", m_upnpUrls.controlURL);
 				if (!m_externalIPAddress[0])
@ -150,7 +138,7 @@ namespace transport
 		// UPnP discovered
 		LogPrint (eLogDebug, "UPnP: ExternalIPAddress is ", m_externalIPAddress);
-		i2p::context.UpdateAddress (boost::asio::ip::make_address (m_externalIPAddress));
+		i2p::context.UpdateAddress (boost::asio::ip::address::from_string (m_externalIPAddress));
 		// port mapping
 		PortMapping ();
 	}
@ -178,11 +166,11 @@ namespace transport
 			if (address && !address->host.is_v6 () && address->port)
 				TryPortMapping (address);
 		}
-		m_Timer.expires_from_now (boost::posix_time::minutes(UPNP_PORT_FORWARDING_INTERVAL)); // every 20 minutes
+		m_Timer.expires_from_now (boost::posix_time::minutes(20)); // every 20 minutes
 		m_Timer.async_wait ([this](const boost::system::error_code& ecode)
 		{
 			if (ecode != boost::asio::error::operation_aborted)
-				PortMapping ();
+			PortMapping ();
 		});
 	}
--- a/daemon/UPnP.h
+++ b/daemon/UPnP.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2020, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -28,7 +28,6 @@ namespace i2p
 namespace transport
 {
 	const int UPNP_RESPONSE_TIMEOUT = 2000; // in milliseconds
 	const int UPNP_PORT_FORWARDING_INTERVAL = 20; // in minutes
 	enum
 	{
@ -67,7 +66,7 @@ namespace transport
 			std::unique_ptr<std::thread> m_Thread;
 			std::condition_variable m_Started;
 			std::mutex m_StartedMutex;
-			boost::asio::io_context m_Service;
+			boost::asio::io_service m_Service;
 			boost::asio::deadline_timer m_Timer;
 			bool m_upnpUrlsInitialized = false;
 			struct UPNPUrls m_upnpUrls;
--- a/daemon/UnixDaemon.cpp
+++ b/daemon/UnixDaemon.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2020, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -25,7 +25,6 @@
 #include "RouterContext.h"
 #include "ClientContext.h"
 #include "Transports.h"
 #include "util.h"
 void handle_signal(int sig)
 {
@ -163,21 +162,12 @@ namespace i2p
 #ifndef ANDROID
 				if (lockf(pidFH, F_TLOCK, 0) != 0)
 #else
 				struct flock fl;
 				fl.l_len = 0;
 				fl.l_type = F_WRLCK;
 				fl.l_whence = SEEK_SET;
 				fl.l_start = 0;
 				if (fcntl(pidFH, F_SETLK, &fl) != 0)
 #endif
 				{
 					LogPrint(eLogError, "Daemon: Could not lock pid file ", pidfile, ": ", strerror(errno));
 					std::cerr << "i2pd: Could not lock pid file " << pidfile << ": " << strerror(errno) << std::endl;
 					return false;
 				}
-
+#endif
 				char pid[10];
 				sprintf(pid, "%d\n", getpid());
 				ftruncate(pidFH, 0);
@ -221,7 +211,6 @@ namespace i2p
 		void DaemonLinux::run ()
 		{
 			i2p::util::SetThreadName ("i2pd-daemon");
 			while (running)
 			{
 				std::this_thread::sleep_for (std::chrono::seconds(1));
--- a/debian/NEWS
+++ b/debian/NEWS
@ -1,5 +0,0 @@
 i2pd (2.53.0-1) unstable; urgency=medium
  i2pd binary moved from /usr/sbin to /usr/bin. Please check your scripts if you used the old path.
 -- r4sas <r4sas@i2pmail.org>  Fri, 19 Jul 2024 16:00:00 +0000
--- a/debian/changelog
+++ b/debian/changelog
@ -1,52 +1,3 @@
 i2pd (2.56.0-1) unstable; urgency=medium
  * updated to version 2.56.0/0.9.65
 -- orignal <orignal@i2pmail.org>  Tue, 11 Feb 2025 16:00:00 +0000
 i2pd (2.55.0-1) unstable; urgency=medium
  * updated to version 2.55.0
 -- orignal <orignal@i2pmail.org>  Mon, 30 Dec 2024 16:00:00 +0000
 i2pd (2.54.0-1) unstable; urgency=medium
  * updated to version 2.54.0/0.9.64
 -- orignal <orignal@i2pmail.org>  Sun, 6 Oct 2024 16:00:00 +0000
 i2pd (2.53.1-1) unstable; urgency=medium
  * updated to version 2.53.1
 -- orignal <orignal@i2pmail.org>  Tue, 30 Jul 2024 16:00:00 +0000
 i2pd (2.53.0-1) unstable; urgency=medium
  * updated to version 2.53.0/0.9.63
  * binary moved from /usr/sbin to /usr/bin
 -- r4sas <r4sas@i2pmail.org>  Sat, 20 Jul 2024 15:10:00 +0000
 i2pd (2.52.0-1) unstable; urgency=medium
  * updated to version 2.52.0
 -- orignal <orignal@i2pmail.org>  Sun, 12 May 2024 16:00:00 +0000
 i2pd (2.51.0-1) unstable; urgency=medium
  * updated to version 2.51.0/0.9.62
 -- orignal <orignal@i2pmail.org>  Sat, 06 Apr 2024 16:00:00 +0000
 i2pd (2.50.2-1) unstable; urgency=medium
  * updated to version 2.50.2/0.9.61
 -- orignal <orignal@i2pmail.org>  Sat, 06 Jan 2024 16:00:00 +0000
 i2pd (2.50.1-1) unstable; urgency=medium
  * updated to version 2.50.1/0.9.61
--- a/debian/i2pd.init
+++ b/debian/i2pd.init
@ -13,7 +13,7 @@
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
 DESC=i2pd                 # Introduce a short description here
 NAME=i2pd                 # Introduce the short server's name here
-DAEMON=/usr/bin/$NAME    # Introduce the server's location here
+DAEMON=/usr/sbin/$NAME    # Introduce the server's location here
 DAEMON_OPTS=""            # Arguments to run the daemon with
 PIDFILE=/var/run/$NAME/$NAME.pid
 I2PCONF=/etc/$NAME/i2pd.conf
--- a/debian/i2pd.install
+++ b/debian/i2pd.install
@ -1,6 +1,6 @@
-i2pd usr/bin/
+i2pd usr/sbin/
 contrib/i2pd.conf etc/i2pd/
 contrib/tunnels.conf etc/i2pd/
 contrib/certificates/ usr/share/i2pd/
 contrib/tunnels.d/README etc/i2pd/tunnels.conf.d/
-contrib/apparmor/usr.bin.i2pd etc/apparmor.d
+contrib/apparmor/usr.sbin.i2pd etc/apparmor.d
--- a/debian/patches/01-upnp.patch
+++ b/debian/patches/01-upnp.patch
@ -2,13 +2,13 @@ Description: Enable UPnP usage in package
 Author: r4sas <r4sas@i2pmail.org>
 Reviewed-By: r4sas <r4sas@i2pmail.org>
-Last-Update: 2024-12-30
+Last-Update: 2022-03-23
 --- i2pd.orig/Makefile
 +++ i2pd/Makefile
-@@ -31,7 +31,7 @@ # import source files lists
+@@ -31,7 +31,7 @@ include filelist.mk
 include filelist.mk
 USE_AESNI       := $(or $(USE_AESNI),yes)
 USE_STATIC      := $(or $(USE_STATIC),no)
 -USE_UPNP        := $(or $(USE_UPNP),no)
 +USE_UPNP        := $(or $(USE_UPNP),yes)
--- a/i18n/Afrikaans.cpp
+++ b/i18n/Afrikaans.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2021-2025, The PurpleI2P Project
+* Copyright (c) 2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace afrikaans // language namespace
 		return n != 1 ? 1 : 0;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"failed", "Het misluk"},
 		{"unknown", "onbekend"},
--- a/i18n/Armenian.cpp
+++ b/i18n/Armenian.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2021-2025, The PurpleI2P Project
+* Copyright (c) 2021-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace armenian // language namespace
 		return n != 1 ? 1 : 0;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f ԿիԲ"},
 		{"%.2f MiB", "%.2f ՄիԲ"},
--- a/i18n/Chinese.cpp
+++ b/i18n/Chinese.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2025, The PurpleI2P Project
+* Copyright (c) 2022-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace chinese // language namespace
 		return 0;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f KiB"},
 		{"%.2f MiB", "%.2f MiB"},
@ -64,12 +64,11 @@ namespace chinese // language namespace
 		{"Full cone NAT", "全锥型NAT"},
 		{"No Descriptors", "无描述符"},
 		{"Uptime", "运行时间"},
-		{"Network status", "网络状态"},
+		{"Network status", "IPv4 网络状态"},
 		{"Network status v6", "IPv6 网络状态"},
 		{"Stopping in", "距停止还有："},
 		{"Family", "家族"},
 		{"Tunnel creation success rate", "隧道创建成功率"},
 		{"Total tunnel creation success rate", "当前隧道创建成功率"},
 		{"Received", "已接收"},
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "已发送"},
@ -96,7 +95,6 @@ namespace chinese // language namespace
 		{"Address", "地址"},
 		{"Type", "类型"},
 		{"EncType", "加密类型"},
 		{"Expire LeaseSet", "到期租约集"},
 		{"Inbound tunnels", "入站隧道"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "出站隧道"},
@ -153,8 +151,6 @@ namespace chinese // language namespace
 		{"StreamID can't be null", "StreamID 不能为空"},
 		{"Return to destination page", "返回目标页面"},
 		{"You will be redirected in %d seconds", "您将在%d秒内被重定向"},
 		{"LeaseSet expiration time updated", "租约集到期时间已更新"},
 		{"LeaseSet is not found or already expired", "租约集未找到或已过期"},
 		{"Transit tunnels count must not exceed %d", "中转隧道数量限制为 %d"},
 		{"Back to commands list", "返回命令列表"},
 		{"Register at reg.i2p", "在 reg.i2p 注册域名"},
--- a/i18n/Czech.cpp
+++ b/i18n/Czech.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2025, The PurpleI2P Project
+* Copyright (c) 2022-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,25 +29,25 @@ namespace czech // language namespace
 		return (n == 1) ? 0 : (n >= 2 && n <= 4) ? 1 : 2;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f KiB"},
 		{"%.2f MiB", "%.2f MiB"},
 		{"%.2f GiB", "%.2f GiB"},
 		{"building", "vytváří se"},
 		{"failed", "selhalo"},
-		{"expiring", "vyprší platnost"},
+		{"expiring", "končící"},
 		{"established", "vytvořeno"},
 		{"unknown", "neznámý"},
 		{"exploratory", "průzkumné"},
-		{"Purple I2P Webconsole", "Purple I2P webová konzole"},
+		{"Purple I2P Webconsole", "Purple I2P Webkonsole"},
-		{"<b>i2pd</b> webconsole", "<b>i2pd</b> webová konzole"},
+		{"<b>i2pd</b> webconsole", "<b>i2pd</b> webkonsole"},
 		{"Main page", "Hlavní stránka"},
 		{"Router commands", "Router příkazy"},
-		{"Local Destinations", "Místní cíle"},
+		{"Local Destinations", "Lokální destinace"},
-		{"LeaseSets", "Sety pronájmu"},
+		{"LeaseSets", "LeaseSety"},
 		{"Tunnels", "Tunely"},
-		{"Transit Tunnels", "Tranzitní tunely"},
+		{"Transit Tunnels", "Transitní tunely"},
 		{"Transports", "Transporty"},
 		{"I2P tunnels", "I2P tunely"},
 		{"SAM sessions", "SAM relace"},
@ -61,21 +61,18 @@ namespace czech // language namespace
 		{"Clock skew", "Časová nesrovnalost"},
 		{"Offline", "Offline"},
 		{"Symmetric NAT", "Symetrický NAT"},
 		{"Full cone NAT", "Full cone NAT"},
 		{"No Descriptors", "Žádné popisovače"},
 		{"Uptime", "Doba provozu"},
-		{"Network status", "Stav sítě"},
+		{"Network status", "Status sítě"},
-		{"Network status v6", "Stav sítě v6"},
+		{"Network status v6", "Status sítě v6"},
 		{"Stopping in", "Zastavuji za"},
 		{"Family", "Rodina"},
 		{"Tunnel creation success rate", "Úspěšnost vytváření tunelů"},
 		{"Total tunnel creation success rate", "Celková míra úspěšnosti vytváření tunelů"},
 		{"Received", "Přijato"},
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "Odesláno"},
 		{"Transit", "Tranzit"},
-		{"Data path", "Cesta k datovým souborům"},
+		{"Data path", "Cesta k data souborům"},
-		{"Hidden content. Press on text to see.", "Skrytý obsah. Pro zobrazení klikněte sem."},
+		{"Hidden content. Press on text to see.", "Skrytý kontent. Pro zobrazení, klikni na text."},
 		{"Router Ident", "Routerová Identita"},
 		{"Router Family", "Rodina routerů"},
 		{"Router Caps", "Omezení Routerů"},
@ -96,7 +93,6 @@ namespace czech // language namespace
 		{"Address", "Adresa"},
 		{"Type", "Typ"},
 		{"EncType", "EncType"},
 		{"Expire LeaseSet", "Zrušit platnost setu pronájmu"},
 		{"Inbound tunnels", "Příchozí tunely"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "Odchozí tunely"},
@ -107,24 +103,21 @@ namespace czech // language namespace
 		{"Amount", "Množství"},
 		{"Incoming Tags", "Příchozí štítky"},
 		{"Tags sessions", "Relace štítků"},
-		{"Status", "Stav"},
+		{"Status", "Status"},
-		{"Local Destination", "Místní cíl"},
+		{"Local Destination", "Lokální Destinace"},
 		{"Streams", "Toky"},
 		{"Close stream", "Uzavřít tok"},
 		{"Such destination is not found", "Takováto destinace nebyla nalezena"},
 		{"I2CP session not found", "I2CP relace nenalezena"},
 		{"I2CP is not enabled", "I2CP není zapnuto"},
 		{"Invalid", "Neplatný"},
 		{"Store type", "Druh uložení"},
 		{"Expires", "Vyprší"},
-		{"Non Expired Leases", "Pronájmy, kterým nevypršela platnost"},
+		{"Non Expired Leases", "Nevypršené Leasy"},
 		{"Gateway", "Brána"},
 		{"TunnelID", "ID tunelu"},
 		{"EndDate", "Datum ukončení"},
 		{"floodfill mode is disabled", "režim floodfill je vypnut"},
 		{"Queue size", "Velikost fronty"},
 		{"Run peer test", "Spustit peer test"},
 		{"Reload tunnels configuration", "Znovu načíst nastavení tunelů"},
 		{"Decline transit tunnels", "Odmítnout tranzitní tunely"},
 		{"Accept transit tunnels", "Přijmout tranzitní tunely"},
 		{"Cancel graceful shutdown", "Zrušit hladké vypnutí"},
@ -152,17 +145,14 @@ namespace czech // language namespace
 		{"Destination not found", "Destinace nenalezena"},
 		{"StreamID can't be null", "StreamID nemůže být null"},
 		{"Return to destination page", "Zpět na stránku destinací"},
-		{"You will be redirected in %d seconds", "Budete přesměrováni za %d sekund"},
+		{"Back to commands list", "Zpět na list příkazů"},
 		{"LeaseSet expiration time updated", "Aktualizován čas vypršení platnosti setu pronájmu"},
 		{"LeaseSet is not found or already expired", "Set pronájmu není k nalezení nebo již vypršela jeho platnost"},
 		{"Transit tunnels count must not exceed %d", "Počet tranzitních tunelů nesmí překročit %d"},
 		{"Back to commands list", "Zpět na seznam příkazů"},
 		{"Register at reg.i2p", "Zaregistrovat na reg.i2p"},
 		{"Description", "Popis"},
 		{"A bit information about service on domain", "Trochu informací o službě na doméně"},
 		{"Submit", "Odeslat"},
 		{"Domain can't end with .b32.i2p", "Doména nesmí končit na .b32.i2p"},
 		{"Domain must end with .i2p", "Doména musí končit s .i2p"},
 		{"Such destination is not found", "Takováto destinace nebyla nalezena"},
 		{"Unknown command", "Neznámý příkaz"},
 		{"Command accepted", "Příkaz přijat"},
 		{"Proxy error", "Chyba proxy serveru"},
@ -172,15 +162,6 @@ namespace czech // language namespace
 		{"You may try to find this host on jump services below", "Můžete se pokusit najít tohoto hostitele na startovacích službách níže"},
 		{"Invalid request", "Neplatný požadavek"},
 		{"Proxy unable to parse your request", "Proxy server nemohl zpracovat váš požadavek"},
 		{"Addresshelper is not supported", "Addresshelper není podporován"},
 		{"Host %s is <font color=red>already in router's addressbook</font>. <b>Be careful: source of this URL may be harmful!</b> Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Hostitel %s je <font color=red>již v adresáři routeru</font>. <b>Buďte opatrní: zdroj této URL může být škodlivý!</b> Klikněte zde pro aktualizaci záznamu: <a href=\"%s%s%s&update=true\">Pokračovat</a>."},
 		{"Addresshelper forced update rejected", "Addresshelperem vynucená aktualizace zamítnuta"},
 		{"To add host <b>%s</b> in router's addressbook, click here: <a href=\"%s%s%s\">Continue</a>.", "Pro přidání hostitele <b>%s</b> do adresáře routeru, klikněte zde: <a href=\"%s%s%s\">Pokračovat</a>."},
 		{"Addresshelper request", "Požadavek Addresshelperu"},
 		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "Hostitel %s přidán do adresáře routeru od pomocníka. Klikněte zde pro pokračování: <a href=\"%s\">Pokračovat</a>."},
 		{"Addresshelper adding", "Addresshelper přidávání"},
 		{"Host %s is <font color=red>already in router's addressbook</font>. Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Hostitel %s je <font color=red>již v adresáři routeru</font>. Klikněte zde pro aktualizaci záznamu: <a href=\"%s%s%s&update=true\">Pokračovat</a>."},
 		{"Addresshelper update", "Addresshelper aktualizace"},
 		{"Invalid request URI", "Neplatný URI požadavek"},
 		{"Can't detect destination host from request", "Nelze zjistit cílového hostitele z požadavku"},
 		{"Outproxy failure", "Outproxy selhání"},
--- a/i18n/English.cpp
+++ b/i18n/English.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2021-2025, The PurpleI2P Project
+* Copyright (c) 2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -30,7 +30,7 @@ namespace english // language namespace
 		return n != 1 ? 1 : 0;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"", ""},
 	};
--- a/i18n/French.cpp
+++ b/i18n/French.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2025, The PurpleI2P Project
+* Copyright (c) 2022-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace french // language namespace
 		return n != 1 ? 1 : 0;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f Kio"},
 		{"%.2f MiB", "%.2f Mio"},
@ -58,7 +58,7 @@ namespace french // language namespace
 		{"Unknown", "Inconnu"},
 		{"Proxy", "Proxy"},
 		{"Mesh", "Maillé"},
-		{"Clock skew", "Décalage de l'horloge"},
+		{"Clock skew", "Horloge décalée"},
 		{"Offline", "Hors ligne"},
 		{"Symmetric NAT", "NAT symétrique"},
 		{"Full cone NAT", "NAT à cône complet"},
@ -68,8 +68,8 @@ namespace french // language namespace
 		{"Network status v6", "État du réseau v6"},
 		{"Stopping in", "Arrêt dans"},
 		{"Family", "Famille"},
-		{"Tunnel creation success rate", "Taux de création de tunnel réussie"},
+		{"Tunnel creation success rate", "Taux de succès de création de tunnels"},
-		{"Total tunnel creation success rate", "Taux total de création de tunnel réussie"},
+		{"Total tunnel creation success rate", "Taux de réussite de création de tunnel"},
 		{"Received", "Reçu"},
 		{"%.2f KiB/s", "%.2f Kio/s"},
 		{"Sent", "Envoyé"},
--- a/i18n/German.cpp
+++ b/i18n/German.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2025, The PurpleI2P Project
+* Copyright (c) 2022-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace german // language namespace
 		return n != 1 ? 1 : 0;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f KiB"},
 		{"%.2f MiB", "%.2f MiB"},
--- a/i18n/I18N.cpp
+++ b/i18n/I18N.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2021-2025, The PurpleI2P Project
+* Copyright (c) 2021-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -30,12 +30,12 @@ namespace i18n
 		}
 	}
-	std::string_view translate (std::string_view arg)
+	std::string translate (const std::string& arg)
 	{
 		return i2p::client::context.GetLanguage ()->GetString (arg);
 	}
-	std::string translate (const std::string& arg, const std::string& arg2, const int n)
+	std::string translate (const std::string& arg, const std::string& arg2, const int& n)
 	{
 		return i2p::client::context.GetLanguage ()->GetPlural (arg, arg2, n);
 	}
--- a/i18n/I18N.h
+++ b/i18n/I18N.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2021-2025, The PurpleI2P Project
+* Copyright (c) 2021-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -10,7 +10,6 @@
 #define __I18N_H__
 #include <string>
 #include <string_view>
 #include <map>
 #include <utility>
 #include <functional>
@ -19,13 +18,12 @@ namespace i2p
 {
 namespace i18n
 {
 	typedef std::map<std::string_view, std::string_view> LocaleStrings; 
 	class Locale
 	{
 		public:
 			Locale (
 				const std::string& language,
-				const LocaleStrings& strings,
+				const std::map<std::string, std::string>& strings,
 				const std::map<std::string, std::vector<std::string>>& plurals,
 				std::function<int(int)> formula
 			): m_Language (language), m_Strings (strings), m_Plurals (plurals), m_Formula (formula) { };
@ -36,7 +34,7 @@ namespace i18n
 				return m_Language;
 			}
-			std::string_view GetString (std::string_view arg) const
+			std::string GetString (const std::string& arg) const
 			{
 				const auto it = m_Strings.find(arg);
 				if (it == m_Strings.end())
@ -49,7 +47,7 @@ namespace i18n
 				}
 			}
-			std::string GetPlural (const std::string& arg, const std::string& arg2, int n) const
+			std::string GetPlural (const std::string& arg, const std::string& arg2, const int& n) const
 			{
 				const auto it = m_Plurals.find(arg2);
 				if (it == m_Plurals.end()) // not found, fallback to english
@ -65,14 +63,14 @@ namespace i18n
 		private:
 			const std::string m_Language;
-			const LocaleStrings m_Strings;
+			const std::map<std::string, std::string> m_Strings;
 			const std::map<std::string, std::vector<std::string>> m_Plurals;
 			std::function<int(int)> m_Formula;
 	};
 	void SetLanguage(const std::string &lang);
-	std::string_view translate (std::string_view arg);
+	std::string translate (const std::string& arg);
-	std::string translate (const std::string& arg, const std::string& arg2, int n);
+	std::string translate (const std::string& arg, const std::string& arg2, const int& n);
 } // i18n
 } // i2p
@ -81,7 +79,7 @@ namespace i18n
 * @param arg String with message
 */
 template<typename TValue>
-std::string_view tr (TValue&& arg)
+std::string tr (TValue&& arg)
 {
 	return i2p::i18n::translate(std::forward<TValue>(arg));
 }
@ -94,7 +92,7 @@ std::string_view tr (TValue&& arg)
 template<typename TValue, typename... TArgs>
 std::string tr (TValue&& arg, TArgs&&... args)
 {
-	std::string tr_str = std::string (i2p::i18n::translate(std::forward<TValue>(arg))); // TODO:
+	std::string tr_str = i2p::i18n::translate(std::forward<TValue>(arg));
 	size_t size = std::snprintf(NULL, 0, tr_str.c_str(), std::forward<TArgs>(args)...);
 	std::string str(size, 0);
@ -110,7 +108,7 @@ std::string tr (TValue&& arg, TArgs&&... args)
 * @param n Integer, used for selection of form
 */
 template<typename TValue, typename TValue2>
-std::string ntr (TValue&& arg, TValue2&& arg2, int n)
+std::string ntr (TValue&& arg, TValue2&& arg2, int& n)
 {
 	return i2p::i18n::translate(std::forward<TValue>(arg), std::forward<TValue2>(arg2), std::forward<int>(n));
 }
@ -123,7 +121,7 @@ std::string ntr (TValue&& arg, TValue2&& arg2, int n)
 * @param args Array of arguments for string formatting
 */
 template<typename TValue, typename TValue2, typename... TArgs>
-std::string ntr (TValue&& arg, TValue2&& arg2, int n, TArgs&&... args)
+std::string ntr (TValue&& arg, TValue2&& arg2, int& n, TArgs&&... args)
 {
 	std::string tr_str = i2p::i18n::translate(std::forward<TValue>(arg), std::forward<TValue2>(arg2), std::forward<int>(n));
--- a/i18n/Italian.cpp
+++ b/i18n/Italian.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2025, The PurpleI2P Project
+* Copyright (c) 2022-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace italian // language namespace
 		return n != 1 ? 1 : 0;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f KiB"},
 		{"%.2f MiB", "%.2f MiB"},
--- a/i18n/Polish.cpp
+++ b/i18n/Polish.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2023-2025, The PurpleI2P Project
+* Copyright (c) 2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,188 +29,24 @@ namespace polish // language namespace
 		return (n == 1 ? 0 : n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 10 || n % 100 >= 20) ? 1 : 2);
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f KiB"},
 		{"%.2f MiB", "%.2f MiB"},
 		{"%.2f GiB", "%.2f GiB"},
 		{"building", "Kompilowanie"},
 		{"failed", "nieudane"},
 		{"expiring", "wygasający"},
 		{"established", "ustanowiony"},
 		{"unknown", "nieznany"},
 		{"exploratory", "eksploracyjny"},
 		{"Purple I2P Webconsole", "Konsola webowa Purple I2P"},
 		{"<b>i2pd</b> webconsole", "<b>i2pd</b> konsola webowa"},
 		{"Main page", "Strona główna"},
 		{"Router commands", "Komendy routera"},
 		{"Local Destinations", "Lokalne miejsca docelowe"},
 		{"LeaseSets", "ZestawyNajmu"},
 		{"Tunnels", "Tunele"},
 		{"Transit Tunnels", "Tunele Tranzytu"},
 		{"Transports", "Transportery"},
 		{"I2P tunnels", "Tunele I2P"},
 		{"SAM sessions", "Sesje SAM"},
 		{"ERROR", "BŁĄD"},
 		{"OK", "Ok"},
 		{"Testing", "Testowanie"},
 		{"Firewalled", "Za zaporą sieciową"},
 		{"Unknown", "Nieznany"},
 		{"Proxy", "Proxy"},
 		{"Mesh", "Sieć"},
 		{"Clock skew", "Przesunięcie czasu"},
 		{"Offline", "Offline"},
 		{"Symmetric NAT", "Symetryczny NAT"},
 		{"Full cone NAT", "Pełny stożek NAT"},
 		{"No Descriptors", "Brak deskryptorów"},
 		{"Uptime", "Czas pracy"},
 		{"Network status", "Stan sieci"},
 		{"Network status v6", "Stan sieci v6"},
 		{"Stopping in", "Zatrzymywanie za"},
 		{"Family", "Rodzina"},
 		{"Tunnel creation success rate", "Wskaźnik sukcesu tworzenia tunelu"},
 		{"Total tunnel creation success rate", "Całkowity wskaźnik sukcesu tworzenia tunelu"},
 		{"Received", "Odebrano"},
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "Wysłane"},
 		{"Transit", "Tranzyt"},
 		{"Data path", "Ścieżka do danych"},
 		{"Hidden content. Press on text to see.", "Ukryta zawartość. Naciśnij tekst, aby zobaczyć."},
 		{"Router Ident", "Identyfikator routera"},
 		{"Router Family", "Rodzina routera"},
 		{"Router Caps", "Możliwości routera"},
 		{"Version", "Wersja"},
 		{"Our external address", "Nasz zewnętrzny adres"},
 		{"supported", "wspierane"},
 		{"Routers", "Routery"},
 		{"Floodfills", "Floodfille"},
 		{"Client Tunnels", "Tunele Klienta"},
 		{"Services", "Usługi"},
 		{"Enabled", "Aktywny"},
 		{"Disabled", "Wyłączony"},
 		{"Encrypted B33 address", "Zaszyfrowany adres B33"},
 		{"Address registration line", "Linia rejestracji adresu"},
 		{"Domain", "Domena"},
 		{"Generate", "Generuj"},
 		{"<b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.", "<b>Uwaga:</b> wynik string może być używany tylko do rejestracji domen 2LD (przykład.i2p). Do rejestracji subdomen należy użyć narzędzi i2pd."},
 		{"Address", "Adres"},
 		{"Type", "Typ"},
 		{"EncType", "TypEnkrypcji"},
 		{"Expire LeaseSet", "Wygaśnij LeaseSet"},
 		{"Inbound tunnels", "Tunele przychodzące"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "Tunele wychodzące"},
 		{"Tags", "Tagi"},
 		{"Incoming", "Przychodzące"},
 		{"Outgoing", "Wychodzące"},
 		{"Destination", "Miejsce docelowe"},
 		{"Amount", "Ilość"},
 		{"Incoming Tags", "Przychodzące tagi"},
 		{"Tags sessions", "Sesje tagów"},
 		{"Status", "Status"},
 		{"Local Destination", "Lokalne miejsce docelowe"},
 		{"Streams", "Strumienie"},
 		{"Close stream", "Zamknij strumień"},
 		{"Such destination is not found", "Nie znaleziono takiego miejsca docelowego"},
 		{"I2CP session not found", "Sesja I2CP nie została znaleziona"},
 		{"I2CP is not enabled", "I2CP nie jest włączone"},
 		{"Invalid", "Niepoprawny"},
 		{"Store type", "Rodzaj przechowywania"},
 		{"Expires", "Wygasa za"},
 		{"Non Expired Leases", "Leasingi niewygasłe"},
 		{"Gateway", "Brama"},
 		{"TunnelID", "IDTunelu"},
 		{"EndDate", "DataZakończenia"},
 		{"floodfill mode is disabled", "tryb floodfill jest wyłączony"},
 		{"Queue size", "Wielkość kolejki"},
 		{"Run peer test", "Wykonaj test peer"},
 		{"Reload tunnels configuration", "Załaduj ponownie konfigurację tuneli"},
 		{"Decline transit tunnels", "Odrzuć tunele tranzytowe"},
 		{"Accept transit tunnels", "Akceptuj tunele tranzytowe"},
 		{"Cancel graceful shutdown", "Anuluj łagodne wyłączenie"},
 		{"Start graceful shutdown", "Rozpocznij łagodne wyłączenie"},
 		{"Force shutdown", "Wymuś wyłączenie"},
 		{"Reload external CSS styles", "Odśwież zewnętrzne style CSS"},
 		{"<b>Note:</b> any action done here are not persistent and not changes your config files.", "<b>Uwaga:</b> każda akcja wykonana tutaj nie jest trwała i nie zmienia Twoich plików konfiguracyjnych."},
 		{"Logging level", "Poziom logowania"},
 		{"Transit tunnels limit", "Limit tuneli tranzytowych"},
 		{"Change", "Zmień"},
 		{"Change language", "Zmień język"},
 		{"no transit tunnels currently built", "brak obecnie zbudowanych tuneli tranzytowych"},
 		{"SAM disabled", "SAM wyłączony"},
 		{"no sessions currently running", "brak aktualnie uruchomionych sesji"},
 		{"SAM session not found", "Sesja SAM nie została znaleziona"},
 		{"SAM Session", "Sesja SAM"},
 		{"Server Tunnels", "Tunele Serwera"},
 		{"Client Forwards", "Przekierowania Klienta"},
 		{"Server Forwards", "Przekierowania Serwera"},
 		{"Unknown page", "Nieznana strona"},
 		{"Invalid token", "Nieprawidłowy token"},
 		{"SUCCESS", "SUKCES"},
 		{"Stream closed", "Strumień zamknięty"},
 		{"Stream not found or already was closed", "Strumień nie został znaleziony lub został już zamknięty"},
 		{"Destination not found", "Nie znaleziono punktu docelowego"},
 		{"StreamID can't be null", "StreamID nie może być null"},
 		{"Return to destination page", "Wróć do strony miejsca docelowego"},
 		{"You will be redirected in %d seconds", "Zostaniesz prekierowany za %d sekund"},
 		{"LeaseSet expiration time updated", "Zaktualizowano czas wygaśnięcia LeaseSet"},
 		{"LeaseSet is not found or already expired", "LeaseSet nie został znaleziony lub już wygasł"},
 		{"Transit tunnels count must not exceed %d", "Liczba tuneli tranzytowych nie może przekraczać %d"},
 		{"Back to commands list", "Powrót do listy poleceń"},
 		{"Register at reg.i2p", "Zarejestruj się na reg.i2p"},
 		{"Description", "Opis"},
 		{"A bit information about service on domain", "Trochę informacji o usłudze w domenie"},
 		{"Submit", "Zatwierdź"},
 		{"Domain can't end with .b32.i2p", "Domena nie może kończyć się na .b32.i2p"},
 		{"Domain must end with .i2p", "Domena musi kończyć się na .i2p"},
 		{"Unknown command", "Nieznana komenda"},
 		{"Command accepted", "Polecenie zaakceptowane"},
 		{"Proxy error", "Błąd serwera proxy"},
 		{"Proxy info", "Informacje o proxy"},
 		{"Proxy error: Host not found", "Błąd proxy: Nie znaleziono hosta"},
 		{"Remote host not found in router's addressbook", "Nie znaleziono zdalnego hosta w książce adresowej routera"},
 		{"You may try to find this host on jump services below", "Możesz znaleźć tego hosta na poniższych usługach skoku"},
 		{"Invalid request", "Nieprawidłowe żądanie"},
 		{"Proxy unable to parse your request", "Serwer proxy nie może przetworzyć Twojego żądania"},
 		{"Addresshelper is not supported", "Adresshelper nie jest obsługiwany"},
 		{"Host %s is <font color=red>already in router's addressbook</font>. <b>Be careful: source of this URL may be harmful!</b> Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Host %s <font color=red>jest już w książce adresowej routera</font>. <b>Uważaj: źródło tego adresu URL może być szkodliwe!</b> Kliknij tutaj, aby zaktualizować rekord: <a href=\"%s%s%s&update=true\">Kontynuuj</a>."},
 		{"Addresshelper forced update rejected", "Wymuszona aktualizacja Addreshelper odrzucona"},
 		{"To add host <b>%s</b> in router's addressbook, click here: <a href=\"%s%s%s\">Continue</a>.", "Aby dodać host <b>%s</b> w książce adresowej routera, kliknij tutaj: <a href=\"%s%s%s\">Kontynuuj</a>."},
 		{"Addresshelper request", "Prośba Addresshelper"},
 		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "Host %s dodany do książki adresowej routera od pomocnika. Kliknij tutaj, aby kontynuować: <a href=\"%s\">Kontynuuj</a>."},
 		{"Addresshelper adding", "Dodawanie Addresshelper"},
 		{"Host %s is <font color=red>already in router's addressbook</font>. Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Host %s jest <font color=red>już w książce adresowej routera</font>. Kliknij tutaj, aby zaktualizować rekord: <a href=\"%s%s%s&update=true\">Kontynuuj</a>."},
 		{"Addresshelper update", "Aktualizacja Adresshelper"},
 		{"Invalid request URI", "Nieprawidłowe URI żądania"},
 		{"Can't detect destination host from request", "Nie można wykryć hosta docelowego z żądania"},
 		{"Outproxy failure", "Błąd proxy wyjściowego"},
 		{"Bad outproxy settings", "Błędne ustawienia proxy wyjściowych"},
 		{"Host %s is not inside I2P network, but outproxy is not enabled", "Host %s nie jest wewnątrz sieci I2P, a proxy wyjściowe nie jest włączone"},
 		{"Unknown outproxy URL", "Nieznany adres URL proxy wyjściowego"},
 		{"Cannot resolve upstream proxy", "Nie można rozwiązać serwera proxy upstream"},
 		{"Hostname is too long", "Nazwa hosta jest zbyt długa"},
 		{"Cannot connect to upstream SOCKS proxy", "Nie można połączyć się z proxy SOCKS upstream"},
 		{"Cannot negotiate with SOCKS proxy", "Nie można negocjować z proxy SOCKS"},
 		{"CONNECT error", "Błąd POŁĄCZENIE"},
 		{"Failed to connect", "Nie udało się połączyć"},
 		{"SOCKS proxy error", "Błąd proxy SOCKS"},
 		{"Failed to send request to upstream", "Nie udało się wysłać żądania do upstream"},
 		{"No reply from SOCKS proxy", "Brak odpowiedzi od serwera proxy SOCKS"},
 		{"Cannot connect", "Nie można się połączyć"},
 		{"HTTP out proxy not implemented", "Serwer wyjściowy proxy HTTP nie został zaimplementowany"},
 		{"Cannot connect to upstream HTTP proxy", "Nie można połączyć się z proxy HTTP upstream"},
 		{"Host is down", "Host jest niedostępny"},
 		{"Can't create connection to requested host, it may be down. Please try again later.", "Nie można utworzyć połączenia z żądanym hostem, może być wyłączony. Spróbuj ponownie później."},
 		{"", ""},
 	};
 	static std::map<std::string, std::vector<std::string>> plurals
 	{
-		{"%d days", {"%d dzień", "%d dni", "%d dni", "%d dni"}},
+		{"", {"", "", ""}},
 		{"%d hours", {"%d godzina", "%d godziny", "%d godzin", "%d godzin"}},
 		{"%d minutes", {"%d minuta", "%d minuty", "%d minut", "%d minut"}},
 		{"%d seconds", {"%d sekunda", "%d sekundy", "%d sekund", "%d sekund"}},
 		{"", {"", "", "", ""}},
 	};
 	std::shared_ptr<const i2p::i18n::Locale> GetLocale()
--- a/i18n/Portuguese.cpp
+++ b/i18n/Portuguese.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2023-2025, The PurpleI2P Project
+* Copyright (c) 2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace portuguese // language namespace
 		return n != 1 ? 1 : 0;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f KiB"},
 		{"%.2f MiB", "%.2f MiB"},
@ -58,7 +58,7 @@ namespace portuguese // language namespace
 		{"Unknown", "Desconhecido"},
 		{"Proxy", "Proxy"},
 		{"Mesh", "Malha"},
-		{"Clock skew", "Desvio de Relógio"},
+		{"Clock skew", "Defasagem do Relógio"},
 		{"Offline", "Desligado"},
 		{"Symmetric NAT", "NAT Simétrico"},
 		{"Full cone NAT", "Full cone NAT"},
@ -74,7 +74,7 @@ namespace portuguese // language namespace
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "Enviado"},
 		{"Transit", "Trânsito"},
-		{"Data path", "Diretório de dados"},
+		{"Data path", "Diretório dos dados"},
 		{"Hidden content. Press on text to see.", "Conteúdo oculto. Clique no texto para revelar."},
 		{"Router Ident", "Identidade do Roteador"},
 		{"Router Family", "Família do Roteador"},
@ -106,9 +106,9 @@ namespace portuguese // language namespace
 		{"Destination", "Destinos"},
 		{"Amount", "Quantidade"},
 		{"Incoming Tags", "Etiquetas de Entrada"},
-		{"Tags sessions", "Sessões de Etiquetas"},
+		{"Tags sessions", "Sessões de etiquetas"},
 		{"Status", "Estado"},
-		{"Local Destination", "Destino Local"},
+		{"Local Destination", "Destinos Locais"},
 		{"Streams", "Fluxos"},
 		{"Close stream", "Fechar fluxo"},
 		{"Such destination is not found", "Tal destino não foi encontrado"},
@ -148,7 +148,7 @@ namespace portuguese // language namespace
 		{"Invalid token", "Token Inválido"},
 		{"SUCCESS", "SUCESSO"},
 		{"Stream closed", "Fluxo fechado"},
-		{"Stream not found or already was closed", "Fluxo não encontrado ou já fechado"},
+		{"Stream not found or already was closed", "Fluxo não encontrado ou já encerrado"},
 		{"Destination not found", "Destino não encontrado"},
 		{"StreamID can't be null", "StreamID não pode ser nulo"},
 		{"Return to destination page", "Retornar para à página de destino"},
@ -157,7 +157,7 @@ namespace portuguese // language namespace
 		{"LeaseSet is not found or already expired", "LeaseSet não foi encontrado ou já expirou"},
 		{"Transit tunnels count must not exceed %d", "A contagem de túneis de trânsito não deve exceder %d"},
 		{"Back to commands list", "Voltar para a lista de comandos"},
-		{"Register at reg.i2p", "Registrar em reg.i2p"},
+		{"Register at reg.i2p", "Registrar na reg.i2p"},
 		{"Description", "Descrição"},
 		{"A bit information about service on domain", "Algumas informações sobre o serviço no domínio"},
 		{"Submit", "Enviar"},
@ -169,22 +169,22 @@ namespace portuguese // language namespace
 		{"Proxy info", "Informações do proxy"},
 		{"Proxy error: Host not found", "Erro no proxy: Host não encontrado"},
 		{"Remote host not found in router's addressbook", "O host remoto não foi encontrado no livro de endereços do roteador"},
-		{"You may try to find this host on jump services below", "Você pode tentar encontrar este host nos serviços de jump abaixo"},
+		{"You may try to find this host on jump services below", "Você pode tentar encontrar este host nos jump services abaixo"},
 		{"Invalid request", "Requisição inválida"},
 		{"Proxy unable to parse your request", "O proxy foi incapaz de processar a sua requisição"},
 		{"Addresshelper is not supported", "O Auxiliar de Endereços não é suportado"},
 		{"Host %s is <font color=red>already in router's addressbook</font>. <b>Be careful: source of this URL may be harmful!</b> Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "O host %s já <font color=red>está no catálogo de endereços do roteador</font>. <b>Cuidado: a fonte desta URL pode ser perigosa!</b> Clique aqui para atualizar o registro: <a href=\"%s%s%s&update=true\">Continuar</a>."},
 		{"Addresshelper forced update rejected", "A atualização forçada do Auxiliar de Endereços foi rejeitada"},
 		{"To add host <b>%s</b> in router's addressbook, click here: <a href=\"%s%s%s\">Continue</a>.", "Para adicionar o host <b> %s </b> ao catálogo de endereços do roteador, clique aqui: <a href='%s%s%s'>Continuar </a>."},
-		{"Addresshelper request", "Requisição ao Auxiliar de Endereços"},
+		{"Addresshelper request", "Requisição do Auxiliar de Endereços"},
-		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "O host %s foi adicionado ao catálogo de endereços do roteador por um auxiliar. Clique aqui para prosseguir: <a href='%s'> Continuar </a>."},
+		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "O host %s foi adicionado ao catálogo de endereços do roteador por um auxiliar. Clique aqui para proceder: <a href='%s'> Continuar </a>."},
 		{"Addresshelper adding", "Auxiliar de Endereço adicionando"},
 		{"Host %s is <font color=red>already in router's addressbook</font>. Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "O host %s já <font color=red>está no catálogo de endereços do roteador </font>. Clique aqui para atualizar o registro: <a href=\"%s%s%s&update=true\">Continuar</a>."},
 		{"Addresshelper update", "Atualização do Auxiliar de Endereços"},
 		{"Invalid request URI", "A URI de requisição é inválida"},
 		{"Can't detect destination host from request", "Incapaz de detectar o host de destino da requisição"},
 		{"Outproxy failure", "Falha no outproxy"},
-		{"Bad outproxy settings", "Má configurações do outproxy"},
+		{"Bad outproxy settings", "Configurações ruins de outproxy"},
 		{"Host %s is not inside I2P network, but outproxy is not enabled", "O host %s não está dentro da rede I2P, mas o outproxy não está ativado"},
 		{"Unknown outproxy URL", "URL de outproxy desconhecida"},
 		{"Cannot resolve upstream proxy", "Não é possível resolver o proxy de entrada"},
--- a/i18n/Russian.cpp
+++ b/i18n/Russian.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2021-2025, The PurpleI2P Project
+* Copyright (c) 2021-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace russian // language namespace
 		return n % 10 == 1 && n % 100 != 11 ? 0 : n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 10 || n % 100 >= 20) ? 1 : 2;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f КиБ"},
 		{"%.2f MiB", "%.2f МиБ"},
--- a/i18n/Spanish.cpp
+++ b/i18n/Spanish.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2025, The PurpleI2P Project
+* Copyright (c) 2022-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace spanish // language namespace
 		return n != 1 ? 1 : 0;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f KiB"},
 		{"%.2f MiB", "%.2f MiB"},
--- a/i18n/Swedish.cpp
+++ b/i18n/Swedish.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2023-2025, The PurpleI2P Project
+* Copyright (c) 2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace swedish // language namespace
 		return n != 1 ? 1 : 0;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f KiB"},
 		{"%.2f MiB", "%.2f MiB"},
--- a/i18n/Turkish.cpp
+++ b/i18n/Turkish.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2023-2025, The PurpleI2P Project
+* Copyright (c) 2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace turkish // language namespace
 		return n != 1 ? 1 : 0;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f KiB"},
 		{"%.2f MiB", "%.2f MiB"},
--- a/i18n/Turkmen.cpp
+++ b/i18n/Turkmen.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2021-2025, The PurpleI2P Project
+* Copyright (c) 2021-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace turkmen // language namespace
 		return n != 1 ? 1 : 0;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f KiB"},
 		{"%.2f MiB", "%.2f MiB"},
--- a/i18n/Ukrainian.cpp
+++ b/i18n/Ukrainian.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2021-2025, The PurpleI2P Project
+* Copyright (c) 2021-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace ukrainian // language namespace
 		return n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f КіБ"},
 		{"%.2f MiB", "%.2f МіБ"},
--- a/i18n/Uzbek.cpp
+++ b/i18n/Uzbek.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2021-2025, The PurpleI2P Project
+* Copyright (c) 2021-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -29,7 +29,7 @@ namespace uzbek // language namespace
 		return n > 1 ? 1 : 0;
 	}
-	static const LocaleStrings strings
+	static std::map<std::string, std::string> strings
 	{
 		{"%.2f KiB", "%.2f KiB"},
 		{"%.2f MiB", "%.2f MiB"},
--- a/libi2pd/Base.cpp
+++ b/libi2pd/Base.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -15,7 +15,7 @@ namespace i2p
 {
 namespace data
 {
-	static constexpr char T32[32] =
+	static const char T32[32] =
 	{
 		'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h',
 		'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p',
@ -28,6 +28,11 @@ namespace data
 		return T32;
 	}
 	bool IsBase32 (char ch)
 	{
 		return (ch >= 'a' && ch <= 'z') || (ch >= '2' && ch <= '7');
 	}	
 	static void iT64Build(void);
 	/*
@ -38,7 +43,7 @@ namespace data
 	* Direct Substitution Table
 	*/
-	static constexpr char T64[64] =
+	static const char T64[64] =
 	{
 		'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
 		'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
@ -55,16 +60,23 @@ namespace data
 		return T64;
 	}
 	bool IsBase64 (char ch)
 	{
 		return (ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || (ch >= '0' && ch <= '9') || ch == '-' || ch == '~';
 	}	
 	/*
 	* Reverse Substitution Table (built in run time)
 	*/
 	static char iT64[256];
 	static int isFirstTime = 1;
 	/*
 	* Padding
 	*/
-	static constexpr char P64 = '=';
+
 	static char P64 = '=';
 	/*
 	*
@ -74,69 +86,78 @@ namespace data
 	* Converts binary encoded data to BASE64 format.
 	*
 	*/
-	std::string ByteStreamToBase64 (// base64 encoded string 
+
-		const uint8_t * InBuffer, 	// Input buffer, binary data 
+	size_t ByteStreamToBase64 (   /* Number of bytes in the encoded buffer */
-	    size_t InCount 				// Number of bytes in the input buffer 
+		const uint8_t * InBuffer, /* Input buffer, binary data */
 		size_t InCount,           /* Number of bytes in the input buffer */
 		char * OutBuffer,         /* output buffer */
 		size_t len                /* length of output buffer */
 	)
 	{
 		unsigned char * ps;
 		unsigned char * pd;
 		unsigned char   acc_1;
 		unsigned char   acc_2;
 		int             i;
 		int             n;
 		int             m;
 		size_t          outCount;
 		ps = (unsigned char *)InBuffer;
 		n = InCount / 3;
 		m = InCount % 3;
-		size_t outCount = m ? (4 * (n + 1)) : (4 * n);
+		if (!m)
 			outCount = 4 * n;
 		else
 			outCount = 4 * (n + 1);
-		std::string out;
+		if (outCount > len) return 0;
-		out.reserve (outCount);
+
 		pd = (unsigned char *)OutBuffer;
 		for ( i = 0; i < n; i++ )
 		{
 			acc_1 = *ps++;
 			acc_2 = (acc_1 << 4) & 0x30;
-			acc_1 >>= 2;                 // base64 digit #1 
+			acc_1 >>= 2;                 /* base64 digit #1 */
-			out.push_back (T64[acc_1]);
+			*pd++ = T64[acc_1];
 			acc_1 = *ps++;
-			acc_2 |= acc_1 >> 4;         // base64 digit #2
+			acc_2 |= acc_1 >> 4;         /* base64 digit #2 */
-			out.push_back (T64[acc_2]);
+			*pd++ = T64[acc_2];
 			acc_1 &= 0x0f;
 			acc_1 <<= 2;
 			acc_2 = *ps++;
-			acc_1 |= acc_2 >> 6;         // base64 digit #3
+			acc_1 |= acc_2 >> 6;         /* base64 digit #3 */
-			out.push_back (T64[acc_1]);
+			*pd++ = T64[acc_1];
-			acc_2 &= 0x3f;               // base64 digit #4
+			acc_2 &= 0x3f;               /* base64 digit #4 */
-			out.push_back (T64[acc_2]);
+			*pd++ = T64[acc_2];
 		}
 		if ( m == 1 )
 		{
 			acc_1 = *ps++;
-			acc_2 = (acc_1 << 4) & 0x3f; // base64 digit #2
+			acc_2 = (acc_1 << 4) & 0x3f; /* base64 digit #2 */
-			acc_1 >>= 2;                 // base64 digit #1
+			acc_1 >>= 2;                 /* base64 digit #1 */
-			out.push_back (T64[acc_1]);
+			*pd++ = T64[acc_1];
-			out.push_back (T64[acc_2]);
+			*pd++ = T64[acc_2];
-			out.push_back (P64);
+			*pd++ = P64;
-			out.push_back (P64);
+			*pd++ = P64;
 		}
 		else if ( m == 2 )
 		{
 			acc_1 = *ps++;
 			acc_2 = (acc_1 << 4) & 0x3f;
-			acc_1 >>= 2;                 // base64 digit #1
+			acc_1 >>= 2;                 /* base64 digit #1 */
-			out.push_back (T64[acc_1]);
+			*pd++ = T64[acc_1];
 			acc_1 = *ps++;
-			acc_2 |= acc_1 >> 4;         // base64 digit #2
+			acc_2 |= acc_1 >> 4;         /* base64 digit #2 */
-			out.push_back (T64[acc_2]);
+			*pd++ = T64[acc_2];
 			acc_1 &= 0x0f;
-			acc_1 <<= 2;                 // base64 digit #3
+			acc_1 <<= 2;                 /* base64 digit #3 */
-			out.push_back (T64[acc_1]);
+			*pd++ = T64[acc_1];
-			out.push_back (P64);
+			*pd++ = P64;
 		}
-		return out;
+		return outCount;
 	}
 	/*
@ -144,42 +165,55 @@ namespace data
 	* Base64ToByteStream
 	* ------------------
 	*
-	* Converts BASE64 encoded string to binary format. If input buffer is
+	* Converts BASE64 encoded data to binary format. If input buffer is
 	* not properly padded, buffer of negative length is returned
 	*
 	*/
-	size_t Base64ToByteStream (		// Number of output bytes 
+
-		std::string_view base64Str,	// BASE64 encoded string  
+	size_t Base64ToByteStream ( /* Number of output bytes */
-	    uint8_t * OutBuffer, 		// output buffer length 
+		const char * InBuffer,  /* BASE64 encoded buffer */
-	    size_t len					// length of output buffer 
+		size_t InCount,         /* Number of input bytes */
 		uint8_t * OutBuffer,    /* output buffer length */
 		size_t len              /* length of output buffer */
 	)
 	{
 		unsigned char * ps;
 		unsigned char * pd;
 		unsigned char   acc_1;
 		unsigned char   acc_2;
 		int             i;
 		int             n;
 		int             m;
 		size_t          outCount;
-		if (base64Str.empty () || base64Str[0] == P64) return 0;
+		if (isFirstTime)
-		auto d = std::div (base64Str.length (), 4);
+			iT64Build();
-		if (!d.rem)
+
-			outCount = 3 * d.quot;
+		n = InCount / 4;
 		m = InCount % 4;
 		if (InCount && !m)
 			outCount = 3 * n;
 		else
 			return 0;
-		if (isFirstTime) iT64Build();
+		if(*InBuffer == P64)
 			return 0;
-		auto pos = base64Str.find_last_not_of (P64);
+		ps = (unsigned char *)(InBuffer + InCount - 1);
-		if (pos == base64Str.npos) return 0;
+		while ( *ps-- == P64 )
-		outCount -= (base64Str.length () - pos - 1);
+			outCount--;
-		if (outCount > len) return 0;
+		ps = (unsigned char *)InBuffer;
 		if (outCount > len)
 			return 0;
 		auto ps = base64Str.begin ();
 		pd = OutBuffer;
 		auto endOfOutBuffer = OutBuffer + outCount;
-		for (int i = 0; i < d.quot; i++)
+		for ( i = 0; i < n; i++ )
 		{
-			acc_1 = iT64[int(*ps++)];
+			acc_1 = iT64[*ps++];
-			acc_2 = iT64[int(*ps++)];
+			acc_2 = iT64[*ps++];
 			acc_1 <<= 2;
 			acc_1 |= acc_2 >> 4;
 			*pd++ = acc_1;
@ -187,13 +221,13 @@ namespace data
 				break;
 			acc_2 <<= 4;
-			acc_1 = iT64[int(*ps++)];
+			acc_1 = iT64[*ps++];
 			acc_2 |= acc_1 >> 2;
 			*pd++ = acc_2;
 			if (pd >= endOfOutBuffer)
 				break;
-			acc_2 = iT64[int(*ps++)];
+			acc_2 = iT64[*ps++];
 			acc_2 |= acc_1 << 6;
 			*pd++ = acc_2;
 		}
@ -201,16 +235,31 @@ namespace data
 		return outCount;
 	}
-	std::string ToBase64Standard (std::string_view in)
+	size_t Base64EncodingBufferSize (const size_t input_size)
 	{
-		auto str = ByteStreamToBase64 ((const uint8_t *)in.data (), in.length ());
+		auto d = div (input_size, 3);
 		if (d.rem)
 			d.quot++;
 		return 4 * d.quot;
 	}
 	std::string ToBase64Standard (const std::string& in)
 	{
 		auto len = Base64EncodingBufferSize (in.length ());
 		char * str = new char[len + 1];
 		auto l = ByteStreamToBase64 ((const uint8_t *)in.c_str (), in.length (), str, len);
 		str[l] = 0;
 		// replace '-' by '+' and '~' by '/'
-		for (auto& ch: str)
+		for (size_t i = 0; i < l; i++)
-			if (ch == '-')
+			if (str[i] == '-')
-				ch = '+';
+				str[i] = '+';
-			else if (ch == '~')
+			else if (str[i] == '~')
-				ch = '/';
+				str[i] = '/';
-		return str;
+
 		std::string s(str);
 		delete[] str;
 		return s;
 	}
 	/*
@ -231,12 +280,13 @@ namespace data
 		iT64[(int)P64] = 0;
 	}
-	size_t Base32ToByteStream (std::string_view base32Str, uint8_t * outBuf, size_t outLen)
+	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen)
 	{
 		unsigned int tmp = 0, bits = 0;
 		size_t ret = 0;
-		for (auto ch: base32Str)
+		for (size_t i = 0; i < len; i++)
 		{
 			char ch = inBuf[i];
 			if (ch >= '2' && ch <= '7') // digit
 				ch = (ch - '2') + 26; // 26 means a-z
 			else if (ch >= 'a' && ch <= 'z')
@ -258,13 +308,11 @@ namespace data
 		return ret;
 	}
-	std::string ByteStreamToBase32 (const uint8_t * inBuf, size_t len)
+	size_t ByteStreamToBase32 (const uint8_t * inBuf, size_t len, char * outBuf, size_t outLen)
 	{
-		std::string out;
+		size_t ret = 0, pos = 1;
 		out.reserve ((len * 8 + 4) / 5);
 		size_t pos = 1;
 		unsigned int bits = 8, tmp = inBuf[0];
-		while (bits > 0 || pos < len)
+		while (ret < outLen && (bits > 0 || pos < len))
 		{
 			if (bits < 5)
 			{
@ -284,9 +332,10 @@ namespace data
 			bits -= 5;
 			int ind = (tmp >> bits) & 0x1F;
-			out.push_back ((ind < 26) ? (ind + 'a') : ((ind - 26) + '2'));
+			outBuf[ret] = (ind < 26) ? (ind + 'a') : ((ind - 26) + '2');
 			ret++;
 		}
-		return out;
+		return ret;
 	}
 }
 }
--- a/libi2pd/Base.h
+++ b/libi2pd/Base.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -11,41 +11,26 @@
 #include <inttypes.h>
 #include <string>
-#include <string_view>
+#include <iostream>
 #include <cstdlib>
 namespace i2p 
 {
 namespace data 
 {
 	std::string ByteStreamToBase64 (const uint8_t * InBuffer, size_t InCount);
 	size_t Base64ToByteStream (std::string_view base64Str, uint8_t * OutBuffer, size_t len);
 namespace i2p {
 namespace data {
 	size_t ByteStreamToBase64 (const uint8_t * InBuffer, size_t InCount, char * OutBuffer, size_t len);
 	size_t Base64ToByteStream (const char * InBuffer, size_t InCount, uint8_t * OutBuffer, size_t len );
 	const char * GetBase32SubstitutionTable ();
 	const char * GetBase64SubstitutionTable ();
-	constexpr bool IsBase64 (char ch)
+	bool IsBase64 (char ch);
 	{
 		return (ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || (ch >= '0' && ch <= '9') || ch == '-' || ch == '~';
 	}	
-	size_t Base32ToByteStream (std::string_view base32Str, uint8_t * outBuf, size_t outLen);
+	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen);
-	std::string ByteStreamToBase32 (const uint8_t * inBuf, size_t len);	
+	size_t ByteStreamToBase32 (const uint8_t * InBuf, size_t len, char * outBuf, size_t outLen);
-	constexpr bool IsBase32 (char ch)
+	bool IsBase32 (char ch);
 	{
 		return (ch >= 'a' && ch <= 'z') || (ch >= '2' && ch <= '7');
 	}	
 	/**
 	 * Compute the size for a buffer to contain encoded base64 given that the size of the input is input_size bytes
 	 */
-	inline size_t Base64EncodingBufferSize(size_t input_size)
+	size_t Base64EncodingBufferSize(const size_t input_size);
 	{
 		auto d = std::div (input_size, 3);
 		if (d.rem) d.quot++;
 		return 4 * d.quot;
 	}	
-	std::string ToBase64Standard (std::string_view in); // using standard table, for Proxy-Authorization
+	std::string ToBase64Standard (const std::string& in); // using standard table, for Proxy-Authorization
 } // data
 } // i2p
--- a/libi2pd/Blinding.cpp
+++ b/libi2pd/Blinding.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -152,11 +152,11 @@ namespace data
 			m_BlindedSigType = m_SigType;
 	}
-	BlindedPublicKey::BlindedPublicKey (std::string_view b33):
+	BlindedPublicKey::BlindedPublicKey (const std::string& b33):
 		m_SigType (0) // 0 means invalid, we can't blind DSA, set it later
 	{
 		uint8_t addr[40]; // TODO: define length from b33
-		size_t l = i2p::data::Base32ToByteStream (b33, addr, 40);
+		size_t l = i2p::data::Base32ToByteStream (b33.c_str (), b33.length (), addr, 40);
 		if (l < 32)
 		{
 			LogPrint (eLogError, "Blinding: Malformed b33 ", b33);
@ -198,7 +198,7 @@ namespace data
 	std::string BlindedPublicKey::ToB33 () const
 	{
 		if (m_PublicKey.size () > 32) return ""; // assume 25519
-		uint8_t addr[35];
+		uint8_t addr[35]; char str[60]; // TODO: define actual length
 		uint8_t flags = 0;
 		if (m_IsClientAuth) flags |= B33_PER_CLIENT_AUTH_FLAG;
 		addr[0] = flags; // flags
@ -208,7 +208,8 @@ namespace data
 		uint32_t checksum = crc32 (0, addr + 3, m_PublicKey.size ());
 		// checksum is Little Endian
 		addr[0] ^= checksum; addr[1] ^= (checksum >> 8); addr[2] ^= (checksum >> 16);
-		return ByteStreamToBase32 (addr, m_PublicKey.size () + 3);
+		auto l = ByteStreamToBase32 (addr, m_PublicKey.size () + 3, str, 60);
 		return std::string (str, str + l);
 	}
 	void BlindedPublicKey::GetCredential (uint8_t * credential) const
--- a/libi2pd/Blinding.h
+++ b/libi2pd/Blinding.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2020, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -11,7 +11,6 @@
 #include <inttypes.h>
 #include <string>
 #include <string_view>
 #include <vector>
 #include "Identity.h"
@ -24,7 +23,7 @@ namespace data
 		public:
 			BlindedPublicKey (std::shared_ptr<const IdentityEx> identity, bool clientAuth = false);
-			BlindedPublicKey (std::string_view b33); // from b33 without .b32.i2p
+			BlindedPublicKey (const std::string& b33); // from b33 without .b32.i2p
 			std::string ToB33 () const;
 			const uint8_t * GetPublicKey () const { return m_PublicKey.data (); };
--- a/libi2pd/CPU.cpp
+++ b/libi2pd/CPU.cpp
@ -0,0 +1,68 @@
 /*
 * Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
 * See full license text in LICENSE file at top of project tree
 */
 #include "CPU.h"
 #include "Log.h"
 #ifndef bit_AES
 	#define bit_AES (1 << 25)
 #endif
 #if defined(__GNUC__) && __GNUC__ < 6 && IS_X86
 	#include <cpuid.h>
 #endif
 #ifdef _MSC_VER
 	#include <intrin.h>
 #endif
 namespace i2p
 {
 namespace cpu
 {
 	bool aesni = false;
 	inline bool cpu_support_aes()
 	{
 #if IS_X86
 #if defined(__clang__)
 #	if (__clang_major__ >= 6)
 		__builtin_cpu_init();
 #	endif
 		return __builtin_cpu_supports("aes");
 #elif (defined(__GNUC__) && __GNUC__ >= 6)
 		__builtin_cpu_init();
 		return __builtin_cpu_supports("aes");
 #elif (defined(__GNUC__) && __GNUC__ < 6)
 		int cpu_info[4];
 		bool flag = false;
 		__cpuid(0, cpu_info[0], cpu_info[1], cpu_info[2], cpu_info[3]);
 		if (cpu_info[0] >= 0x00000001) {
 			__cpuid(0x00000001, cpu_info[0], cpu_info[1], cpu_info[2], cpu_info[3]);
 			flag = ((cpu_info[2] & bit_AES) != 0);
 		}
 		return flag;
 #elif defined(_MSC_VER)
 		int cpu_info[4];
 		__cpuid(cpu_info, 1);
 		return ((cpu_info[2] & bit_AES) != 0);
 #endif
 #endif
 		return false;
 	}
 	void Detect(bool AesSwitch, bool force)
 	{
 		if ((cpu_support_aes() && AesSwitch) || (AesSwitch && force)) {
 			aesni = true;
 		}
 		LogPrint(eLogInfo, "AESNI ", (aesni ? "enabled" : "disabled"));
 	}
 }
 }
--- a/libi2pd/CPU.h
+++ b/libi2pd/CPU.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -21,4 +21,20 @@
 #	define IS_X86_64 0
 #endif
 #if defined(__AES__) && !defined(_MSC_VER) && IS_X86
 #	define SUPPORTS_AES 1
 #else
 #	define SUPPORTS_AES 0
 #endif
 namespace i2p
 {
 namespace cpu
 {
 	extern bool aesni;
 	void Detect(bool AesSwitch, bool force);
 }
 }
 #endif
--- a/libi2pd/ChaCha20.cpp
+++ b/libi2pd/ChaCha20.cpp
@ -0,0 +1,137 @@
 /*
 * Copyright (c) 2013-2020, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
 * See full license text in LICENSE file at top of project tree
 *
 * Kovri go write your own code
 *
 */
 #include "I2PEndian.h"
 #include "ChaCha20.h"
 #if !OPENSSL_AEAD_CHACHA20_POLY1305
 namespace i2p
 {
 namespace crypto
 {
 namespace chacha
 {
 void u32t8le(uint32_t v, uint8_t * p)
 {
 	p[0] = v & 0xff;
 	p[1] = (v >> 8) & 0xff;
 	p[2] = (v >> 16) & 0xff;
 	p[3] = (v >> 24) & 0xff;
 }
 uint32_t u8t32le(const uint8_t * p)
 {
 	uint32_t value = p[3];
 	value = (value << 8) | p[2];
 	value = (value << 8) | p[1];
 	value = (value << 8) | p[0];
 	return value;
 }
 uint32_t rotl32(uint32_t x, int n)
 {
 	return x << n | (x >> (-n & 31));
 }
 void quarterround(uint32_t *x, int a, int b, int c, int d)
 {
 	x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a], 16);
 	x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c], 12);
 	x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a],  8);
 	x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c],  7);
 }
 void Chacha20Block::operator << (const Chacha20State & st)
 {
 	int i;
 	for (i = 0; i < 16; i++)
 		u32t8le(st.data[i], data + (i << 2));
 }
 void block (Chacha20State &input, int rounds)
 {
 	int i;
 	Chacha20State x;
 	x.Copy(input);
 	for (i = rounds; i > 0; i -= 2)
 	{
 		quarterround(x.data, 0, 4,  8, 12);
 		quarterround(x.data, 1, 5,  9, 13);
 		quarterround(x.data, 2, 6, 10, 14);
 		quarterround(x.data, 3, 7, 11, 15);
 		quarterround(x.data, 0, 5, 10, 15);
 		quarterround(x.data, 1, 6, 11, 12);
 		quarterround(x.data, 2, 7,  8, 13);
 		quarterround(x.data, 3, 4,  9, 14);
 	}
 	x += input;
 	input.block << x;
 }
 void Chacha20Init (Chacha20State& state, const uint8_t * nonce, const uint8_t * key, uint32_t counter)
 {
 	state.data[0] = 0x61707865;
 	state.data[1] = 0x3320646e;
 	state.data[2] = 0x79622d32;
 	state.data[3] = 0x6b206574;
 	for (size_t i = 0; i < 8; i++)
 		state.data[4 + i] = chacha::u8t32le(key + i * 4);
 	state.data[12] = htole32 (counter);
 	for (size_t i = 0; i < 3; i++)
 		state.data[13 + i] = chacha::u8t32le(nonce + i * 4);
 }
 void Chacha20SetCounter (Chacha20State& state, uint32_t counter)
 {
 	state.data[12] = htole32 (counter);
 	state.offset = 0;
 }
 void Chacha20Encrypt (Chacha20State& state, uint8_t * buf, size_t sz)
 {
 	if (state.offset > 0)
 	{
 		// previous block if any
 		auto s = chacha::blocksize - state.offset;
 		if (sz < s) s = sz;
 		for (size_t i = 0; i < s; i++)
 			buf[i] ^= state.block.data[state.offset + i];
 		buf += s;
 		sz -= s;
 		state.offset += s;
 		if (state.offset >= chacha::blocksize) state.offset = 0;
 	}
 	for (size_t i = 0; i < sz; i += chacha::blocksize)
 	{
 		chacha::block(state, chacha::rounds);
 		state.data[12]++;
 		for (size_t j = i; j < i + chacha::blocksize; j++)
 		{
 			if (j >= sz)
 			{
 				state.offset = j & 0x3F; // % 64
 				break;
 			}
 			buf[j] ^= state.block.data[j - i];
 		}
 	}
 }
 } // namespace chacha
 } // namespace crypto
 } // namespace i2p
 #endif
--- a/libi2pd/ChaCha20.h
+++ b/libi2pd/ChaCha20.h
@ -0,0 +1,72 @@
 /*
 * Copyright (c) 2013-2020, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
 * See full license text in LICENSE file at top of project tree
 *
 * Kovri go write your own code
 *
 */
 #ifndef LIBI2PD_CHACHA20_H
 #define LIBI2PD_CHACHA20_H
 #include <cstdint>
 #include <cstring>
 #include <inttypes.h>
 #include <string.h>
 #include "Crypto.h"
 #if !OPENSSL_AEAD_CHACHA20_POLY1305
 namespace i2p
 {
 namespace crypto
 {
 	const std::size_t CHACHA20_KEY_BYTES = 32;
 	const std::size_t CHACHA20_NOUNCE_BYTES = 12;
 namespace chacha
 {
 	constexpr std::size_t blocksize = 64;
 	constexpr int rounds = 20;
 	struct Chacha20State;
 	struct Chacha20Block
 	{
 		Chacha20Block () {};
 		Chacha20Block (Chacha20Block &&) = delete;
 		uint8_t data[blocksize];
 		void operator << (const Chacha20State & st);
 	};
 	struct Chacha20State
 	{
 		Chacha20State (): offset (0) {};
 		Chacha20State (Chacha20State &&) = delete;
 		Chacha20State & operator += (const Chacha20State & other)
 		{
 			for(int i = 0; i < 16; i++)
 				data[i] += other.data[i];
 			return *this;
 		}
 		void Copy(const Chacha20State & other)
 		{
 			memcpy(data, other.data, sizeof(uint32_t) * 16);
 		}
 		uint32_t data[16];
 		Chacha20Block block;
 		size_t offset;
 	};
 	void Chacha20Init (Chacha20State& state, const uint8_t * nonce, const uint8_t * key, uint32_t counter);
 	void Chacha20SetCounter (Chacha20State& state, uint32_t counter);
 	void Chacha20Encrypt (Chacha20State& state, uint8_t * buf, size_t sz); // encrypt buf in place
 } // namespace chacha
 } // namespace crypto
 } // namespace i2p
 #endif
 #endif
--- a/libi2pd/Config.cpp
+++ b/libi2pd/Config.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -77,7 +77,7 @@ namespace config {
 		limits.add_options()
 			("limits.coresize", value<uint32_t>()->default_value(0),          "Maximum size of corefile in Kb (0 - use system limit)")
 			("limits.openfiles", value<uint16_t>()->default_value(0),         "Maximum number of open files (0 - use system default)")
-			("limits.transittunnels", value<uint32_t>()->default_value(10000), "Maximum active transit tunnels (default:10000)")
+			("limits.transittunnels", value<uint16_t>()->default_value(5000), "Maximum active transit tunnels (default:5000)")
 			("limits.zombies", value<double>()->default_value(0),             "Minimum percentage of successfully created tunnels under which tunnel cleanup is paused (default [%]: 0.00)")
 			("limits.ntcpsoft", value<uint16_t>()->default_value(0),          "Ignored")
 			("limits.ntcphard", value<uint16_t>()->default_value(0),          "Ignored")
@ -117,14 +117,9 @@ namespace config {
 			("httpproxy.latency.max", value<std::string>()->default_value("0"),       "HTTP proxy max latency for tunnels")
 			("httpproxy.outproxy", value<std::string>()->default_value(""),           "HTTP proxy upstream out proxy url")
 			("httpproxy.addresshelper", value<bool>()->default_value(true),           "Enable or disable addresshelper")
 			("httpproxy.senduseragent", value<bool>()->default_value(false),          "Pass through user's User-Agent if enabled. Disabled by default")
 			("httpproxy.i2cp.leaseSetType", value<std::string>()->default_value("3"), "Local destination's LeaseSet type")
 			("httpproxy.i2cp.leaseSetEncType", value<std::string>()->default_value("0,4"), "Local destination's LeaseSet encryption type")
 			("httpproxy.i2cp.leaseSetPrivKey", value<std::string>()->default_value(""), "LeaseSet private key")
 			("httpproxy.i2p.streaming.maxOutboundSpeed", value<std::string>()->default_value("1730000000"), "Max outbound speed of HTTP proxy stream in bytes/sec")
 			("httpproxy.i2p.streaming.maxInboundSpeed", value<std::string>()->default_value("1730000000"), "Max inbound speed of HTTP proxy stream in bytes/sec")
 			("httpproxy.i2p.streaming.profile", value<std::string>()->default_value("1"), "HTTP Proxy bandwidth usage profile. 1 - bulk(high), 2- interactive(low)")
 		;
 		options_description socksproxy("SOCKS Proxy options");
@ -149,20 +144,6 @@ namespace config {
 			("socksproxy.i2cp.leaseSetType", value<std::string>()->default_value("3"), "Local destination's LeaseSet type")
 			("socksproxy.i2cp.leaseSetEncType", value<std::string>()->default_value("0,4"), "Local destination's LeaseSet encryption type")
 			("socksproxy.i2cp.leaseSetPrivKey", value<std::string>()->default_value(""), "LeaseSet private key")
 			("socksproxy.i2p.streaming.maxOutboundSpeed", value<std::string>()->default_value("1730000000"), "Max outbound speed of SOCKS proxy stream in bytes/sec")
 			("socksproxy.i2p.streaming.maxInboundSpeed", value<std::string>()->default_value("1730000000"), "Max inbound speed of SOCKS proxy stream in bytes/sec")
 			("socksproxy.i2p.streaming.profile", value<std::string>()->default_value("1"), "SOCKS Proxy bandwidth usage profile. 1 - bulk(high), 2- interactive(low)")
 		;
 		options_description shareddest("Shared local destination options");
 		shareddest.add_options()
 			("shareddest.inbound.length", value<std::string>()->default_value("3"),    "Shared local destination inbound tunnel length")
 			("shareddest.outbound.length", value<std::string>()->default_value("3"),   "Shared local destination outbound tunnel length")
 			("shareddest.inbound.quantity", value<std::string>()->default_value("3"),  "Shared local destination inbound tunnels quantity")
 			("shareddest.outbound.quantity", value<std::string>()->default_value("3"), "Shared local destination outbound tunnels quantity")
 			("shareddest.i2cp.leaseSetType", value<std::string>()->default_value("3"), "Shared local destination's LeaseSet type")
 			("shareddest.i2cp.leaseSetEncType", value<std::string>()->default_value("0,4"), "Shared local destination's LeaseSet encryption type")
 			("shareddest.i2p.streaming.profile", value<std::string>()->default_value("2"), "Shared local destination bandwidth usage profile. 1 - bulk(high), 2- interactive(low)")
 		;
 		options_description sam("SAM bridge options");
@ -187,8 +168,6 @@ namespace config {
 			("i2cp.address", value<std::string>()->default_value("127.0.0.1"), "I2CP listen address")
 			("i2cp.port", value<uint16_t>()->default_value(7654),              "I2CP listen port")
 			("i2cp.singlethread", value<bool>()->default_value(true),          "Destinations run in the I2CP server's thread")
 			("i2cp.inboundlimit", value<uint32_t>()->default_value(0),         "Client inbound limit in KBps to return in BandwidthLimitsMessage. Router's bandwidth by default")
 			("i2cp.outboundlimit", value<uint32_t>()->default_value(0),        "Client outbound limit in KBps to return in BandwidthLimitsMessage. Router's bandwidth by default")
 		;
 		options_description i2pcontrol("I2PControl options");
@ -226,7 +205,7 @@ namespace config {
 		reseed.add_options()
 			("reseed.verify", value<bool>()->default_value(false),        "Verify .su3 signature")
 			("reseed.threshold", value<uint16_t>()->default_value(25),    "Minimum number of known routers before requesting reseed")
-			("reseed.floodfill", value<std::string>()->default_value(""), "Ignored. Always empty")
+			("reseed.floodfill", value<std::string>()->default_value(""), "Path to router info of floodfill to reseed from")
 			("reseed.file", value<std::string>()->default_value(""),      "Path to local .su3 file or HTTPS URL to reseed from")
 			("reseed.zipfile", value<std::string>()->default_value(""),   "Path to local .zip file to reseed from")
 			("reseed.proxy", value<std::string>()->default_value(""),     "url for reseed proxy, supports http/socks")
@ -238,18 +217,21 @@ namespace config {
 				"https://reseed.onion.im/,"
 				"https://i2pseed.creativecowpat.net:8443/,"
 				"https://reseed.i2pgit.org/,"
-				"https://coconut.incognet.io/,"
+				"https://banana.incognet.io/,"
 				"https://reseed-pl.i2pd.xyz/,"
 				"https://www2.mk16.de/,"
 			    "https://i2p.ghativega.in/,"
 			    "https://i2p.novg.net/,"
-            	"https://reseed.stormycloud.org/"
+			    "https://reseed.is.prestium.org/,"
 				"https://reseed.us.prestium.org/"
 			),                                                            "Reseed URLs, separated by comma")
 			("reseed.yggurls", value<std::string>()->default_value(
 				"http://[324:71e:281a:9ed3::ace]:7070/,"
 				"http://[301:65b9:c7cd:9a36::1]:18801/,"
 				"http://[320:8936:ec1a:31f1::216]/,"
-				"http://[316:f9e0:f22e:a74f::216]/"
+				"http://[306:3834:97b9:a00a::1]/,"
 				"http://[316:f9e0:f22e:a74f::216]/,"
 			    "http://[300:eaff:7fab:181b::e621]:7170"
 			),                                                            "Reseed URLs through the Yggdrasil, separated by comma")
 		;
@ -326,11 +308,11 @@ namespace config {
 			("persist.addressbook", value<bool>()->default_value(true),    "Persist full addresses (default: true)")
 		;
-		options_description cpuext("CPU encryption extensions options. Deprecated");
+		options_description cpuext("CPU encryption extensions options");
 		cpuext.add_options()
-			("cpuext.aesni", bool_switch()->default_value(true),                     "Deprecated option")
+			("cpuext.aesni", bool_switch()->default_value(true),                     "Use auto detection for AESNI CPU extensions. If false, AESNI will be not used")
 			("cpuext.avx", bool_switch()->default_value(false),                      "Deprecated option")
-			("cpuext.force", bool_switch()->default_value(false),                    "Deprecated option")
+			("cpuext.force", bool_switch()->default_value(false),                    "Force usage of CPU extensions. Useful when cpuinfo is not available on virtual machines")
 		;
 		options_description meshnets("Meshnet transports options");
@ -352,7 +334,6 @@ namespace config {
 			.add(httpserver)
 			.add(httpproxy)
 			.add(socksproxy)
 			.add(shareddest)
 			.add(sam)
 			.add(bob)
 			.add(i2cp)
--- a/libi2pd/Crypto.cpp
+++ b/libi2pd/Crypto.cpp
--- a/libi2pd/Crypto.h
+++ b/libi2pd/Crypto.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -21,20 +21,32 @@
 #include <openssl/sha.h>
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #include <openssl/engine.h>
 #include <openssl/opensslv.h>
 #include "Base.h"
 #include "Tag.h"
 #include "CPU.h"
 // recognize openssl version and features
-#if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1
+#if (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050200fL)) // LibreSSL 3.5.2 and above
-#	define OPENSSL_HKDF 1
+#	define LEGACY_OPENSSL 0
-#	define OPENSSL_EDDSA 1
+#elif ((OPENSSL_VERSION_NUMBER < 0x010100000) || defined(LIBRESSL_VERSION_NUMBER)) // 1.0.2 and below or LibreSSL
-#	if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER != 0x030000000)) // 3.0.0, regression in SipHash, not implemented in LibreSSL
+#	define LEGACY_OPENSSL 1
-#		define OPENSSL_SIPHASH 1
+#	define X509_getm_notBefore X509_get_notBefore
 #	define X509_getm_notAfter X509_get_notAfter
 #else
 #	define LEGACY_OPENSSL 0
 #	if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1
 #		define OPENSSL_HKDF 1
 #		define OPENSSL_EDDSA 1
 #		define OPENSSL_X25519 1
 #		if (OPENSSL_VERSION_NUMBER != 0x030000000) // 3.0.0, regression in SipHash
 #			define OPENSSL_SIPHASH 1
 #		endif
 #	endif
-#	if (OPENSSL_VERSION_NUMBER >= 0x030500000) // 3.5.0
+#	if !defined OPENSSL_NO_CHACHA && !defined OPENSSL_NO_POLY1305 // some builds might not include them
-#		define OPENSSL_PQ 1
+#		define OPENSSL_AEAD_CHACHA20_POLY1305 1
 #	endif
 #endif
@ -45,11 +57,7 @@ namespace crypto
 	bool bn2buf (const BIGNUM * bn, uint8_t * buf, size_t len);
 	// DSA
 #if (OPENSSL_VERSION_NUMBER >= 0x030000000) // since 3.0.0
 	EVP_PKEY * CreateDSA (BIGNUM * pubKey = nullptr, BIGNUM * privKey = nullptr);
 #else
 	DSA * CreateDSA ();
 #endif	
 	// RSA
 	const BIGNUM * GetRSAE ();
@ -75,8 +83,13 @@ namespace crypto
 		private:
 			uint8_t m_PublicKey[32];
 #if OPENSSL_X25519
 			EVP_PKEY_CTX * m_Ctx;
 			EVP_PKEY * m_Pkey;
 #else
 			BN_CTX * m_Ctx;
 			uint8_t m_PrivateKey[32];
 #endif
 			bool m_IsElligatorIneligible = false; // true if definitely ineligible
 	};
@ -91,70 +104,142 @@ namespace crypto
 	void GenerateECIESKeyPair (const EC_GROUP * curve, BIGNUM *& priv, EC_POINT *& pub);
 	// AES
-	typedef i2p::data::Tag<32> AESKey;
+	struct ChipherBlock
 	class ECBEncryption
 	{
-		public:
+		uint8_t buf[16];
-			ECBEncryption ();
+		void operator^=(const ChipherBlock& other) // XOR
-			~ECBEncryption ();
+		{
-			
+			if (!(((size_t)buf | (size_t)other.buf) & 0x03)) // multiple of 4 ?
-			void SetKey (const uint8_t * key) { m_Key = key; };
+			{
-			void Encrypt(const uint8_t * in, uint8_t * out);
+				for (int i = 0; i < 4; i++)
-
+					reinterpret_cast<uint32_t *>(buf)[i] ^= reinterpret_cast<const uint32_t *>(other.buf)[i];
-		private:
+			}
-
+			else
-			AESKey m_Key;
+			{
-			EVP_CIPHER_CTX * m_Ctx;	
+				for (int i = 0; i < 16; i++)
 					buf[i] ^= other.buf[i];
 			}
 		}
 	};
-	class ECBDecryption
+	typedef i2p::data::Tag<32> AESKey;
 	template<size_t sz>
 	class AESAlignedBuffer // 16 bytes alignment
 	{
 		public:
-			ECBDecryption ();
+			AESAlignedBuffer ()
-			~ECBDecryption ();
+			{
 				m_Buf = m_UnalignedBuffer;
 				uint8_t rem = ((size_t)m_Buf) & 0x0f;
 				if (rem)
 					m_Buf += (16 - rem);
 			}
-			void SetKey (const uint8_t * key) { m_Key = key; };
+			operator uint8_t * () { return m_Buf; };
-			void Decrypt (const uint8_t * in, uint8_t * out);
+			operator const uint8_t * () const { return m_Buf; };
 			ChipherBlock * GetChipherBlock () { return (ChipherBlock *)m_Buf; };
 			const ChipherBlock * GetChipherBlock () const { return (const ChipherBlock *)m_Buf; };
 		private:
-			AESKey m_Key;
+			uint8_t m_UnalignedBuffer[sz + 15]; // up to 15 bytes alignment
-			EVP_CIPHER_CTX * m_Ctx;	
+			uint8_t * m_Buf;
 	};
 #if SUPPORTS_AES
 	class ECBCryptoAESNI
 	{
 		public:
 			uint8_t * GetKeySchedule () { return m_KeySchedule; };
 		protected:
 			void ExpandKey (const AESKey& key);
 		private:
 			AESAlignedBuffer<240> m_KeySchedule;	// 14 rounds for AES-256, 240 bytes
 	};
 #endif
 #if SUPPORTS_AES
 	class ECBEncryption: public ECBCryptoAESNI
 #else
 	class ECBEncryption
 #endif
 	{
 		public:
 		void SetKey (const AESKey& key);
 		void Encrypt(const ChipherBlock * in, ChipherBlock * out);
 	private:
 		AES_KEY m_Key;
 	};
 #if SUPPORTS_AES
 	class ECBDecryption: public ECBCryptoAESNI
 #else
 	class ECBDecryption
 #endif
 	{
 		public:
 			void SetKey (const AESKey& key);
 			void Decrypt (const ChipherBlock * in, ChipherBlock * out);
 		private:
 			AES_KEY m_Key;
 	};
 	class CBCEncryption
 	{
 		public:
-			CBCEncryption ();
+			CBCEncryption () { memset ((uint8_t *)m_LastBlock, 0, 16); };
 			~CBCEncryption ();
-			void SetKey (const uint8_t * key) { m_Key = key; }; // 32 bytes		
+			void SetKey (const AESKey& key) { m_ECBEncryption.SetKey (key); }; // 32 bytes
-			void Encrypt (const uint8_t * in, size_t len, const uint8_t * iv, uint8_t * out);
+			void SetIV (const uint8_t * iv) { memcpy ((uint8_t *)m_LastBlock, iv, 16); }; // 16 bytes
 			void GetIV (uint8_t * iv) const { memcpy (iv, (const uint8_t *)m_LastBlock, 16); };
 			void Encrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
 			void Encrypt (const uint8_t * in, std::size_t len, uint8_t * out);
 			void Encrypt (const uint8_t * in, uint8_t * out); // one block
 			ECBEncryption & ECB() { return m_ECBEncryption; }
 		private:
-			AESKey m_Key;
+			AESAlignedBuffer<16> m_LastBlock;
-			EVP_CIPHER_CTX * m_Ctx;	
+
 			ECBEncryption m_ECBEncryption;
 	};
 	class CBCDecryption
 	{
 		public:
-			CBCDecryption ();
+			CBCDecryption () { memset ((uint8_t *)m_IV, 0, 16); };
 			~CBCDecryption ();
-			void SetKey (const uint8_t * key) { m_Key = key; }; // 32 bytes
+			void SetKey (const AESKey& key) { m_ECBDecryption.SetKey (key); }; // 32 bytes
-			void Decrypt (const uint8_t * in, size_t len, const uint8_t * iv, uint8_t * out);
+			void SetIV (const uint8_t * iv) { memcpy ((uint8_t *)m_IV, iv, 16); }; // 16 bytes
 			void GetIV (uint8_t * iv) const { memcpy (iv, (const uint8_t *)m_IV, 16); };
 			void Decrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
 			void Decrypt (const uint8_t * in, std::size_t len, uint8_t * out);
 			void Decrypt (const uint8_t * in, uint8_t * out); // one block
 			ECBDecryption & ECB() { return m_ECBDecryption; }
 		private:
-			AESKey m_Key;
+			AESAlignedBuffer<16> m_IV;
-			EVP_CIPHER_CTX * m_Ctx;	
+			ECBDecryption m_ECBDecryption;
 	};
 	class TunnelEncryption // with double IV encryption
@ -194,58 +279,13 @@ namespace crypto
 	};
 // AEAD/ChaCha20/Poly1305
 	bool AEADChaCha20Poly1305 (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen, const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len, bool encrypt); // msgLen is len without tag
-	class AEADChaCha20Poly1305Encryptor
+	void AEADChaCha20Poly1305Encrypt (const std::vector<std::pair<uint8_t *, size_t> >& bufs, const uint8_t * key, const uint8_t * nonce, uint8_t * mac); // encrypt multiple buffers with zero ad
 	{
 		public:
 			AEADChaCha20Poly1305Encryptor ();
 			~AEADChaCha20Poly1305Encryptor ();
 			bool Encrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
 				const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len); // msgLen is len without tag
 			void Encrypt (const std::vector<std::pair<uint8_t *, size_t> >& bufs, const uint8_t * key, const uint8_t * nonce, uint8_t * mac); // encrypt multiple buffers with zero ad
 		private:
 			EVP_CIPHER_CTX * m_Ctx;	
 	};	
 	class AEADChaCha20Poly1305Decryptor
 	{
 		public:
 			AEADChaCha20Poly1305Decryptor ();
 			~AEADChaCha20Poly1305Decryptor ();
 			bool Decrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
 				const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len); // msgLen is len without tag
 		private:
 			EVP_CIPHER_CTX * m_Ctx;	
 	};	
 	bool AEADChaCha20Poly1305 (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
 		const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len, bool encrypt); // msgLen is len without tag
 // ChaCha20
 	void ChaCha20 (const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out);
 	class ChaCha20Context
 	{
 		public:
 			ChaCha20Context ();
 			~ChaCha20Context ();
 			void operator ()(const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out);
 		private:
 			EVP_CIPHER_CTX * m_Ctx;	
 	};
 // HKDF
 	void HKDF (const uint8_t * salt, const uint8_t * key, size_t keyLen, const std::string& info, uint8_t * out, size_t outLen = 64); // salt - 32, out - 32 or 64, info <= 32
@ -255,16 +295,10 @@ namespace crypto
 	struct NoiseSymmetricState
 	{
 		uint8_t m_H[32] /*h*/, m_CK[64] /*[ck, k]*/;
 		uint64_t m_N;
 		void Init (const uint8_t * ck, const uint8_t * hh, const uint8_t * pub);
 		void MixHash (const uint8_t * buf, size_t len);
 		void MixHash (const std::vector<std::pair<uint8_t *, size_t> >& bufs);
 		void MixKey (const uint8_t * sharedSecret);
 		bool Encrypt (const uint8_t * in, uint8_t * out, size_t len); // out length = len + 16
 		bool Decrypt (const uint8_t * in, uint8_t * out, size_t len); // len without 16 bytes tag
 	};
 	void InitNoiseNState (NoiseSymmetricState& state, const uint8_t * pub); // Noise_N (tunnels, router)
@ -273,9 +307,84 @@ namespace crypto
 	void InitNoiseIKState (NoiseSymmetricState& state, const uint8_t * pub); // Noise_IK (ratchets)
 // init and terminate
-	void InitCrypto (bool precomputation);
+	void InitCrypto (bool precomputation, bool aesni, bool force);
 	void TerminateCrypto ();
 }
 }
 // take care about openssl below 1.1.0
 #if LEGACY_OPENSSL
 // define getters and setters introduced in 1.1.0
 inline int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
 	{
 		if (d->p) BN_free (d->p);
 		if (d->q) BN_free (d->q);
 		if (d->g) BN_free (d->g);
 		d->p = p; d->q = q; d->g = g; return 1;
 	}
 inline int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
 	{
 		if (d->pub_key) BN_free (d->pub_key);
 		if (d->priv_key) BN_free (d->priv_key);
 		d->pub_key = pub_key; d->priv_key = priv_key; return 1;
 	}
 inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
 	{ *pub_key = d->pub_key; *priv_key = d->priv_key; }
 inline int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
 	{
 		if (sig->r) BN_free (sig->r);
 		if (sig->s) BN_free (sig->s);
 		sig->r = r; sig->s = s; return 1;
 	}
 inline void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
 	{ *pr = sig->r; *ps = sig->s; }
 inline int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
 	{
 		if (sig->r) BN_free (sig->r);
 		if (sig->s) BN_free (sig->s);
 		sig->r = r; sig->s = s; return 1;
 	}
 inline void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
 	{ *pr = sig->r; *ps = sig->s; }
 inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
 	{
 		if (r->n) BN_free (r->n);
 		if (r->e) BN_free (r->e);
 		if (r->d) BN_free (r->d);
 		r->n = n; r->e = e; r->d = d; return 1;
 	}
 inline void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
 	{ *n = r->n; *e = r->e; *d = r->d; }
 inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
 	{
 		if (dh->p) BN_free (dh->p);
 		if (dh->q) BN_free (dh->q);
 		if (dh->g) BN_free (dh->g);
 		dh->p = p; dh->q = q; dh->g = g; return 1;
 	}
 inline int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
 	{
 		if (dh->pub_key) BN_free (dh->pub_key);
 		if (dh->priv_key) BN_free (dh->priv_key);
 		dh->pub_key = pub_key; dh->priv_key = priv_key; return 1;
 	}
 inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
 	{ *pub_key = dh->pub_key; *priv_key = dh->priv_key; }
 inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
 	{ return pkey->pkey.rsa; }
 inline EVP_MD_CTX *EVP_MD_CTX_new ()
 	{ return EVP_MD_CTX_create(); }
 inline void EVP_MD_CTX_free (EVP_MD_CTX *ctx)
 	{ EVP_MD_CTX_destroy (ctx); }
 // ssl
 #define TLS_method TLSv1_method
 #endif
 #endif
--- a/libi2pd/CryptoKey.cpp
+++ b/libi2pd/CryptoKey.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -181,21 +181,5 @@ namespace crypto
 		k.GetPrivateKey (priv);
 		memcpy (pub, k.GetPublicKey (), 32);
 	}
 	LocalEncryptionKey::LocalEncryptionKey (i2p::data::CryptoKeyType t): keyType(t) 
 	{ 
 		pub.resize (GetCryptoPublicKeyLen (keyType)); 
 		priv.resize (GetCryptoPrivateKeyLen (keyType));
 	}
 	void LocalEncryptionKey::GenerateKeys () 
 	{ 
 		i2p::data::PrivateKeys::GenerateCryptoKeyPair (keyType, priv.data (), pub.data ()); 
 	}
 	void LocalEncryptionKey::CreateDecryptor () 
 	{ 
 		decryptor = i2p::data::PrivateKeys::CreateDecryptor (keyType, priv.data ()); 
 	}
 }
 }
--- a/libi2pd/CryptoKey.h
+++ b/libi2pd/CryptoKey.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -11,7 +11,6 @@
 #include <inttypes.h>
 #include "Crypto.h"
 #include "Identity.h"
 namespace i2p
 {
@ -158,50 +157,7 @@ namespace crypto
 			X25519Keys m_StaticKeys;
 	};
-	void CreateECIESX25519AEADRatchetRandomKeys (uint8_t * priv, uint8_t * pub); // including hybrid
+	void CreateECIESX25519AEADRatchetRandomKeys (uint8_t * priv, uint8_t * pub);
 	constexpr size_t GetCryptoPrivateKeyLen (i2p::data::CryptoKeyType type)
 	{
 		switch (type)
 		{
 			case i2p::data::CRYPTO_KEY_TYPE_ELGAMAL: return 256;
 			case i2p::data::CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: return 32;
 			case i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD: return 32;
 			// ML-KEM hybrid
 			case i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD:
 			case i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM768_X25519_AEAD:
 			case i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM1024_X25519_AEAD:	
 				return 32;
 		};	
 		return 0;
 	}
 	constexpr size_t GetCryptoPublicKeyLen (i2p::data::CryptoKeyType type)
 	{
 		switch (type)
 		{
 			case i2p::data::CRYPTO_KEY_TYPE_ELGAMAL: return 256;
 			case i2p::data::CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC: return 32;
 			case i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD: return 32;
 			// ML-KEM hybrid
 			case i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD:
 			case i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM768_X25519_AEAD:
 			case i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM1024_X25519_AEAD:	
 				return 32;
 		};	
 		return 0;
 	}
 	struct LocalEncryptionKey
 	{
 		std::vector<uint8_t> pub, priv;
 		i2p::data::CryptoKeyType keyType;
 		std::shared_ptr<CryptoKeyDecryptor> decryptor;
 		LocalEncryptionKey (i2p::data::CryptoKeyType t);
 		void GenerateKeys ();
 		void CreateDecryptor (); 
 	};
 }
 }
--- a/libi2pd/Datagram.cpp
+++ b/libi2pd/Datagram.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -19,7 +19,7 @@ namespace i2p
 namespace datagram
 {
 	DatagramDestination::DatagramDestination (std::shared_ptr<i2p::client::ClientDestination> owner, bool gzip):
-		m_Owner (owner), m_DefaultReceiver (nullptr), m_DefaultRawReceiver (nullptr), m_Gzip (gzip)
+		m_Owner (owner), m_Receiver (nullptr), m_RawReceiver (nullptr), m_Gzip (gzip)
 	{
 		if (m_Gzip)
 			m_Deflator.reset (new i2p::data::GzipDeflator);
@ -104,7 +104,8 @@ namespace datagram
 		if (verified)
 		{
-			auto session = ObtainSession (identity.GetIdentHash());
+			auto h = identity.GetIdentHash();
 			auto session = ObtainSession(h);
 			session->Ack();
 			auto r = FindReceiver(toPort);
 			if(r)
@ -118,79 +119,19 @@ namespace datagram
 	void DatagramDestination::HandleRawDatagram (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len)
 	{
-		auto r = FindRawReceiver(toPort);
+		if (m_RawReceiver)
-
+			m_RawReceiver (fromPort, toPort, buf, len);
 		if (r)
 			r (fromPort, toPort, buf, len);
 		else
 			LogPrint (eLogWarning, "DatagramDestination: no receiver for raw datagram");
 	}
 	void DatagramDestination::SetReceiver (const Receiver& receiver, uint16_t port)
 	{
 		std::lock_guard<std::mutex> lock(m_ReceiversMutex);
 		m_ReceiversByPorts[port] = receiver;
 		if (!m_DefaultReceiver) {
 			m_DefaultReceiver = receiver;
 			m_DefaultReceiverPort = port;
 		}
 	}
 	void DatagramDestination::ResetReceiver (uint16_t port)
 	{
 		std::lock_guard<std::mutex> lock(m_ReceiversMutex);
 		m_ReceiversByPorts.erase (port);
 		if (m_DefaultReceiverPort == port) {
 			m_DefaultReceiver = nullptr;
 			m_DefaultReceiverPort = 0;
 		}
 	}
 	void DatagramDestination::SetRawReceiver (const RawReceiver& receiver, uint16_t port)
 	{
 		std::lock_guard<std::mutex> lock(m_RawReceiversMutex);
 		m_RawReceiversByPorts[port] = receiver;
 		if (!m_DefaultRawReceiver) {
 			m_DefaultRawReceiver = receiver;
 			m_DefaultRawReceiverPort = port;
 		}
 	}
 	void DatagramDestination::ResetRawReceiver (uint16_t port)
 	{
 		std::lock_guard<std::mutex> lock(m_RawReceiversMutex);
 		m_RawReceiversByPorts.erase (port);
 		if (m_DefaultRawReceiverPort == port) {
 			m_DefaultRawReceiver = nullptr;
 			m_DefaultRawReceiverPort = 0;
 		}
 	}
 	DatagramDestination::Receiver DatagramDestination::FindReceiver(uint16_t port)
 	{
 		std::lock_guard<std::mutex> lock(m_ReceiversMutex);
-		Receiver r = nullptr;
+		Receiver r = m_Receiver;
 		auto itr = m_ReceiversByPorts.find(port);
 		if (itr != m_ReceiversByPorts.end())
 			r = itr->second;
 		else {
 			r = m_DefaultReceiver;
 		}
 		return r;
 	}
 	DatagramDestination::RawReceiver DatagramDestination::FindRawReceiver(uint16_t port)
 	{
 		std::lock_guard<std::mutex> lock(m_RawReceiversMutex);
 		RawReceiver r = nullptr;
 		auto itr = m_RawReceiversByPorts.find(port);
 		if (itr != m_RawReceiversByPorts.end())
 			r = itr->second;
 		else {
 			r = m_DefaultRawReceiver;
 		}
 		return r;
 	}
@ -287,8 +228,8 @@ namespace datagram
 	DatagramSession::DatagramSession(std::shared_ptr<i2p::client::ClientDestination> localDestination,
 		const i2p::data::IdentHash & remoteIdent) :
-		m_LocalDestination(localDestination), m_RemoteIdent(remoteIdent),
+		m_LocalDestination(localDestination),
-		m_LastUse (0), m_LastFlush (0),
+		m_RemoteIdent(remoteIdent),
 		m_RequestingLS(false)
 	{
 	}
@ -309,12 +250,8 @@ namespace datagram
 		if (msg || m_SendQueue.empty ())
 			m_SendQueue.push_back(msg);
 		// flush queue right away if full
-		if (!msg || m_SendQueue.size() >= DATAGRAM_SEND_QUEUE_MAX_SIZE || 
+		if (!msg || m_SendQueue.size() >= DATAGRAM_SEND_QUEUE_MAX_SIZE)
 		    m_LastUse > m_LastFlush + DATAGRAM_MAX_FLUSH_INTERVAL)
 		{	
 			FlushSendQueue();
 			m_LastFlush =  m_LastUse;
 		}
 	}
 	DatagramSession::Info DatagramSession::GetSessionInfo() const
@ -347,7 +284,7 @@ namespace datagram
 		if(path)
 			path->updateTime = i2p::util::GetSecondsSinceEpoch ();
 		if (IsRatchets ())
-			SendMsg (nullptr); // send empty message in case if we don't have some data to send
+			SendMsg (nullptr); // send empty message in case if we have some data to send
 	}
 	std::shared_ptr<i2p::garlic::GarlicRoutingPath> DatagramSession::GetSharedRoutingPath ()
@ -380,19 +317,15 @@ namespace datagram
 			if (!found)
 			{
 				m_RoutingSession = m_LocalDestination->GetRoutingSession(m_RemoteLeaseSet, true);
-				if (m_RoutingSession)
+				if (!m_RoutingSession->GetOwner () || !m_RoutingSession->IsReadyToSend ())
-				{	
+					m_PendingRoutingSessions.push_back (m_RoutingSession);
 					m_RoutingSession->SetAckRequestInterval (DATAGRAM_SESSION_ACK_REQUEST_INTERVAL);
 					if (!m_RoutingSession->GetOwner () || !m_RoutingSession->IsReadyToSend ())
 						m_PendingRoutingSessions.push_back (m_RoutingSession);
 				}	
 			}
 		}
 		auto path = m_RoutingSession->GetSharedRoutingPath();
-		if (path && m_RoutingSession->IsRatchets () && m_RoutingSession->CleanupUnconfirmedTags ())
+		if (path && m_RoutingSession->IsRatchets () &&
 			m_LastUse > m_RoutingSession->GetLastActivityTimestamp ()*1000 + DATAGRAM_SESSION_PATH_TIMEOUT)
 		{
 			LogPrint (eLogDebug, "Datagram: path reset");
 			m_RoutingSession->SetSharedRoutingPath (nullptr);
 			path = nullptr;
 		}
@ -420,14 +353,7 @@ namespace datagram
 					auto sz = ls.size();
 					if (sz)
 					{
-						int idx = -1;
+						auto idx = rand() % sz;
 						if (m_LocalDestination)
 						{
 							auto pool = m_LocalDestination->GetTunnelPool ();
 							if (pool)
 								idx = pool->GetRng ()() % sz;
 						}
 						if (idx < 0) idx = rand () % sz;
 						path->remoteLease = ls[idx];
 					}
 					else
@ -453,14 +379,7 @@ namespace datagram
 				auto sz = ls.size();
 				if (sz)
 				{
-					int idx = -1;
+					auto idx = rand() % sz;
 					if (m_LocalDestination)
 					{
 						auto pool = m_LocalDestination->GetTunnelPool ();
 						if (pool)
 							idx = pool->GetRng ()() % sz;
 					}
 					if (idx < 0) idx = rand () % sz;
 					path->remoteLease = ls[idx];
 				}
 				else
--- a/libi2pd/Datagram.h
+++ b/libi2pd/Datagram.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -31,6 +31,8 @@ namespace datagram
 {
 	// milliseconds for max session idle time
 	const uint64_t DATAGRAM_SESSION_MAX_IDLE = 10 * 60 * 1000;
 	// milliseconds for how long we try sticking to a dead routing path before trying to switch
 	const uint64_t DATAGRAM_SESSION_PATH_TIMEOUT = 10 * 1000;
 	// milliseconds interval a routing path is used before switching
 	const uint64_t DATAGRAM_SESSION_PATH_SWITCH_INTERVAL = 20 * 60 * 1000;
 	// milliseconds before lease expire should we try switching leases
@ -41,8 +43,6 @@ namespace datagram
 	const uint64_t DATAGRAM_SESSION_PATH_MIN_LIFETIME = 5 * 1000;
 	// max 64 messages buffered in send queue for each datagram session
 	const size_t DATAGRAM_SEND_QUEUE_MAX_SIZE = 64;
 	const uint64_t DATAGRAM_MAX_FLUSH_INTERVAL = 5; // in milliseconds
 	const int DATAGRAM_SESSION_ACK_REQUEST_INTERVAL = 5500; // in milliseconds
 	class DatagramSession : public std::enable_shared_from_this<DatagramSession>
 	{
@ -98,7 +98,7 @@ namespace datagram
 			std::shared_ptr<i2p::garlic::GarlicRoutingSession> m_RoutingSession;
 			std::vector<std::shared_ptr<i2p::garlic::GarlicRoutingSession> > m_PendingRoutingSessions;
 			std::vector<std::shared_ptr<I2NPMessage> > m_SendQueue;
-			uint64_t m_LastUse, m_LastFlush; // milliseconds
+			uint64_t m_LastUse;
 			bool m_RequestingLS;
 	};
@ -126,12 +126,14 @@ namespace datagram
 			void HandleDataMessagePayload (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len, bool isRaw = false);
 			void SetReceiver (const Receiver& receiver) { m_Receiver = receiver; };
 			void ResetReceiver () { m_Receiver = nullptr; };
-			void SetReceiver (const Receiver& receiver, uint16_t port);
+			void SetReceiver (const Receiver& receiver, uint16_t port) { std::lock_guard<std::mutex> lock(m_ReceiversMutex); m_ReceiversByPorts[port] = receiver; };
-			void ResetReceiver (uint16_t port);
+			void ResetReceiver (uint16_t port) { std::lock_guard<std::mutex> lock(m_ReceiversMutex); m_ReceiversByPorts.erase (port); };
-			void SetRawReceiver (const RawReceiver& receiver, uint16_t port);
+			void SetRawReceiver (const RawReceiver& receiver) { m_RawReceiver = receiver; };
-			void ResetRawReceiver (uint16_t port);
+			void ResetRawReceiver () { m_RawReceiver = nullptr; };
 			std::shared_ptr<DatagramSession::Info> GetInfoForRemote(const i2p::data::IdentHash & remote);
@ -148,26 +150,20 @@ namespace datagram
 			void HandleDatagram (uint16_t fromPort, uint16_t toPort, uint8_t *const& buf, size_t len);
 			void HandleRawDatagram (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
 			/** find a receiver by port, if none by port is found try default receiever, otherwise returns nullptr */
 			Receiver FindReceiver(uint16_t port);
 			RawReceiver FindRawReceiver(uint16_t port);
 		private:
 			std::shared_ptr<i2p::client::ClientDestination> m_Owner;
-
+			Receiver m_Receiver; // default
 			RawReceiver m_RawReceiver; // default
 			bool m_Gzip; // gzip compression of data messages
 			std::mutex m_SessionsMutex;
 			std::map<i2p::data::IdentHash, DatagramSession_ptr > m_Sessions;
 			Receiver m_DefaultReceiver;
 			RawReceiver m_DefaultRawReceiver;
 			uint16_t m_DefaultReceiverPort;
 			uint16_t m_DefaultRawReceiverPort;
 			std::mutex m_ReceiversMutex;
-			std::mutex m_RawReceiversMutex;
+			std::map<uint16_t, Receiver> m_ReceiversByPorts;
 			std::unordered_map<uint16_t, Receiver> m_ReceiversByPorts;
 			std::unordered_map<uint16_t, RawReceiver> m_RawReceiversByPorts;
 			bool m_Gzip; // gzip compression of data messages
 			i2p::data::GzipInflator m_Inflator;
 			std::unique_ptr<i2p::data::GzipDeflator> m_Deflator;
 			std::vector<uint8_t> m_From, m_Signature;
--- a/libi2pd/Destination.cpp
+++ b/libi2pd/Destination.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -13,7 +13,6 @@
 #include <vector>
 #include <boost/algorithm/string.hpp>
 #include "Crypto.h"
 #include "ECIESX25519AEADRatchetSession.h"
 #include "Log.h"
 #include "FS.h"
 #include "Timestamp.h"
@ -24,7 +23,7 @@ namespace i2p
 {
 namespace client
 {
-	LeaseSetDestination::LeaseSetDestination (boost::asio::io_context& service,
+	LeaseSetDestination::LeaseSetDestination (boost::asio::io_service& service,
 		bool isPublic, const std::map<std::string, std::string> * params):
 		m_Service (service), m_IsPublic (isPublic), m_PublishReplyToken (0),
 		m_LastSubmissionTime (0), m_PublishConfirmationTimer (m_Service),
@ -38,7 +37,6 @@ namespace client
 		int inVar   = DEFAULT_INBOUND_TUNNELS_LENGTH_VARIANCE;
 		int outVar  = DEFAULT_OUTBOUND_TUNNELS_LENGTH_VARIANCE;
 		int numTags = DEFAULT_TAGS_TO_SEND;
 		bool isHighBandwidth = true;
 		std::shared_ptr<std::vector<i2p::data::IdentHash> > explicitPeers;
 		try
 		{
@ -94,7 +92,7 @@ namespace client
 				it = params->find (I2CP_PARAM_DONT_PUBLISH_LEASESET);
 				if (it != params->end ())
 				{
-					// override isPublic
+					// oveeride isPublic
 					m_IsPublic = (it->second != "true");
 				}
 				it = params->find (I2CP_PARAM_LEASESET_TYPE);
@ -123,9 +121,6 @@ namespace client
 						m_LeaseSetPrivKey.reset (nullptr);
 					}
 				}
 				it = params->find (I2CP_PARAM_STREAMING_PROFILE);
 				if (it != params->end ())
 					isHighBandwidth = std::stoi (it->second) != STREAMING_PROFILE_INTERACTIVE;
 			}
 		}
 		catch (std::exception & ex)
@ -133,7 +128,7 @@ namespace client
 			LogPrint(eLogError, "Destination: Unable to parse parameters for destination: ", ex.what());
 		}
 		SetNumTags (numTags);
-		m_Pool = i2p::tunnel::tunnels.CreateTunnelPool (inLen, outLen, inQty, outQty, inVar, outVar, isHighBandwidth);
+		m_Pool = i2p::tunnel::tunnels.CreateTunnelPool (inLen, outLen, inQty, outQty, inVar, outVar);
 		if (explicitPeers)
 			m_Pool->SetExplicitPeers (explicitPeers);
 		if(params)
@ -169,7 +164,7 @@ namespace client
 		LoadTags ();
 		m_Pool->SetLocalDestination (shared_from_this ());
 		m_Pool->SetActive (true);
-		m_CleanupTimer.expires_from_now (boost::posix_time::seconds (DESTINATION_CLEANUP_TIMEOUT));
+		m_CleanupTimer.expires_from_now (boost::posix_time::minutes (DESTINATION_CLEANUP_TIMEOUT));
 		m_CleanupTimer.async_wait (std::bind (&LeaseSetDestination::HandleCleanupTimer,
 			shared_from_this (), std::placeholders::_1));
 	}
@ -196,7 +191,7 @@ namespace client
 			m_IsPublic = itr->second != "true";
 		}
-		int inLen = 0, outLen = 0, inQuant = 0, outQuant = 0, numTags = 0, minLatency = 0, maxLatency = 0;
+		int inLen, outLen, inQuant, outQuant, numTags, minLatency, maxLatency;
 		std::map<std::string, int&> intOpts = {
 			{I2CP_PARAM_INBOUND_TUNNEL_LENGTH, inLen},
 			{I2CP_PARAM_OUTBOUND_TUNNEL_LENGTH, outLen},
@ -295,7 +290,7 @@ namespace client
 		if (m_IsPublic)
 		{
 			auto s = shared_from_this ();
-			boost::asio::post (m_Service, [s](void)
+			m_Service.post ([s](void)
 			{
 				s->m_PublishVerificationTimer.cancel ();
 				s->Publish ();
@ -323,7 +318,7 @@ namespace client
 		memcpy (data.k, key, 32);
 		memcpy (data.t, tag, 32);
 		auto s = shared_from_this ();
-		boost::asio::post (m_Service, [s,data](void)
+		m_Service.post ([s,data](void)
 			{
 				s->AddSessionKey (data.k, data.t);
 			});
@ -340,7 +335,7 @@ namespace client
 		memcpy (data.k, key, 32);
 		data.t = tag;
 		auto s = shared_from_this ();
-		boost::asio::post (m_Service, [s,data](void)
+		m_Service.post ([s,data](void)
 			{
 				s->AddECIESx25519Key (data.k, data.t);
 			});
@ -348,42 +343,23 @@ namespace client
 	void LeaseSetDestination::ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg)
 	{
-		if (!msg) return;
+		m_Service.post (std::bind (&LeaseSetDestination::HandleGarlicMessage, shared_from_this (), msg));
 		bool empty = false;
 		{
 			std::lock_guard<std::mutex> l(m_IncomingMsgsQueueMutex);
 			empty = m_IncomingMsgsQueue.empty ();
 			m_IncomingMsgsQueue.push_back (msg);
 		}
 		if (empty)
 			boost::asio::post (m_Service, [s = shared_from_this ()]() 
 			{ 
 				std::list<std::shared_ptr<I2NPMessage> > receivedMsgs;
 				{
 					std::lock_guard<std::mutex> l(s->m_IncomingMsgsQueueMutex);
 					s->m_IncomingMsgsQueue.swap (receivedMsgs);
 				}
 			    for (auto& it: receivedMsgs)
 			    	s->HandleGarlicMessage (it);               
 			});
 	}
 	void LeaseSetDestination::ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg)
 	{
 		uint32_t msgID = bufbe32toh (msg->GetPayload () + DELIVERY_STATUS_MSGID_OFFSET);
-		boost::asio::post (m_Service, std::bind (&LeaseSetDestination::HandleDeliveryStatusMessage, shared_from_this (), msgID));
+		m_Service.post (std::bind (&LeaseSetDestination::HandleDeliveryStatusMessage, shared_from_this (), msgID));
 	}
 	void LeaseSetDestination::HandleI2NPMessage (const uint8_t * buf, size_t len)
 	{
 		I2NPMessageType typeID = (I2NPMessageType)(buf[I2NP_HEADER_TYPEID_OFFSET]);
 		uint32_t msgID = bufbe32toh (buf + I2NP_HEADER_MSGID_OFFSET);
-		LeaseSetDestination::HandleCloveI2NPMessage (typeID, buf + I2NP_HEADER_SIZE, 
+		LeaseSetDestination::HandleCloveI2NPMessage (typeID, buf + I2NP_HEADER_SIZE, GetI2NPMessageLength(buf, len) - I2NP_HEADER_SIZE, msgID);
 			GetI2NPMessageLength(buf, len) - I2NP_HEADER_SIZE, msgID, nullptr);
 	}
-	bool LeaseSetDestination::HandleCloveI2NPMessage (I2NPMessageType typeID, const uint8_t * payload,
+	bool LeaseSetDestination::HandleCloveI2NPMessage (I2NPMessageType typeID, const uint8_t * payload, size_t len, uint32_t msgID)
 		size_t len, uint32_t msgID, i2p::garlic::ECIESX25519AEADRatchetSession * from)
 	{
 		switch (typeID)
 		{
@ -391,14 +367,11 @@ namespace client
 				HandleDataMessage (payload, len);
 			break;
 			case eI2NPDeliveryStatus:
 				// we assume tunnel tests non-encrypted
 				HandleDeliveryStatusMessage (bufbe32toh (payload + DELIVERY_STATUS_MSGID_OFFSET));
 			break;
 			case eI2NPTunnelTest:
 				if (m_Pool)
 					m_Pool->ProcessTunnelTest (bufbe32toh (payload + TUNNEL_TEST_MSGID_OFFSET), bufbe64toh (payload + TUNNEL_TEST_TIMESTAMP_OFFSET));
 			break;
 			case eI2NPDatabaseStore:
-				HandleDatabaseStoreMessage (payload, len, from);
+				HandleDatabaseStoreMessage (payload, len);
 			break;
 			case eI2NPDatabaseSearchReply:
 				HandleDatabaseSearchReplyMessage (payload, len);
@ -413,8 +386,7 @@ namespace client
 		return true;
 	}
-	void LeaseSetDestination::HandleDatabaseStoreMessage (const uint8_t * buf, size_t len,
+	void LeaseSetDestination::HandleDatabaseStoreMessage (const uint8_t * buf, size_t len)
 		i2p::garlic::ECIESX25519AEADRatchetSession * from)
 	{
 		if (len < DATABASE_STORE_HEADER_SIZE)
 		{
@ -435,7 +407,6 @@ namespace client
 		}
 		i2p::data::IdentHash key (buf + DATABASE_STORE_KEY_OFFSET);
 		std::shared_ptr<i2p::data::LeaseSet> leaseSet;
 		std::shared_ptr<LeaseSetRequest> request;
 		switch (buf[DATABASE_STORE_TYPE_OFFSET])
 		{
 			case i2p::data::NETDB_STORE_TYPE_LEASESET: // 1
@ -469,8 +440,7 @@ namespace client
 					if (buf[DATABASE_STORE_TYPE_OFFSET] == i2p::data::NETDB_STORE_TYPE_LEASESET)
 						leaseSet = std::make_shared<i2p::data::LeaseSet> (buf + offset, len - offset); // LeaseSet
 					else
-						leaseSet = std::make_shared<i2p::data::LeaseSet2> (buf[DATABASE_STORE_TYPE_OFFSET], 
+						leaseSet = std::make_shared<i2p::data::LeaseSet2> (buf[DATABASE_STORE_TYPE_OFFSET], buf + offset, len - offset, true, GetPreferredCryptoType () ); // LeaseSet2
 							buf + offset, len - offset, true, from ? from->GetRemoteStaticKeyType () : GetPreferredCryptoType () ); // LeaseSet2
 					if (leaseSet->IsValid () && leaseSet->GetIdentHash () == key && !leaseSet->IsExpired ())
 					{
 						if (leaseSet->GetIdentHash () != GetIdentHash ())
@ -492,60 +462,34 @@ namespace client
 			case i2p::data::NETDB_STORE_TYPE_ENCRYPTED_LEASESET2: // 5
 			{
 				auto it2 = m_LeaseSetRequests.find (key);
-				if (it2 != m_LeaseSetRequests.end ())
+				if (it2 != m_LeaseSetRequests.end () && it2->second->requestedBlindedKey)
 				{
-					request = it2->second;
+					auto ls2 = std::make_shared<i2p::data::LeaseSet2> (buf + offset, len - offset,
-					m_LeaseSetRequests.erase (it2);
+						it2->second->requestedBlindedKey, m_LeaseSetPrivKey ? ((const uint8_t *)*m_LeaseSetPrivKey) : nullptr , GetPreferredCryptoType ());
-					if (request->requestedBlindedKey)
+					if (ls2->IsValid () && !ls2->IsExpired ())
 					{
-						auto ls2 = std::make_shared<i2p::data::LeaseSet2> (buf + offset, len - offset,
+						leaseSet = ls2;
-							request->requestedBlindedKey, m_LeaseSetPrivKey ? ((const uint8_t *)*m_LeaseSetPrivKey) : nullptr, 
+						std::lock_guard<std::mutex> lock(m_RemoteLeaseSetsMutex);
-						    from ? from->GetRemoteStaticKeyType () : GetPreferredCryptoType ());
+						m_RemoteLeaseSets[ls2->GetIdentHash ()] = ls2; // ident is not key
-						if (ls2->IsValid () && !ls2->IsExpired ())
+						m_RemoteLeaseSets[key] = ls2; // also store as key for next lookup
 						{
 							leaseSet = ls2;
 							std::lock_guard<std::mutex> lock(m_RemoteLeaseSetsMutex);
 							m_RemoteLeaseSets[ls2->GetIdentHash ()] = ls2; // ident is not key
 							m_RemoteLeaseSets[key] = ls2; // also store as key for next lookup
 						}
 						else
 							LogPrint (eLogError, "Destination: New remote encrypted LeaseSet2 failed");
 					}
 					else
-					{
+						LogPrint (eLogError, "Destination: New remote encrypted LeaseSet2 failed");
 						// publishing verification doesn't have requestedBlindedKey
 						auto localLeaseSet = GetLeaseSetMt ();
 						if (localLeaseSet->GetStoreHash () == key)
 						{
 							auto ls = std::make_shared<i2p::data::LeaseSet2> (i2p::data::NETDB_STORE_TYPE_ENCRYPTED_LEASESET2,
 								localLeaseSet->GetBuffer (), localLeaseSet->GetBufferLen (), false);
 							leaseSet = ls;
 						}
 						else
 							LogPrint (eLogWarning, "Destination: Encrypted LeaseSet2 received for request without blinded key");
 					}
 				}
 				else
-					LogPrint (eLogWarning, "Destination: Couldn't find request for encrypted LeaseSet2");
+					LogPrint (eLogInfo, "Destination: Couldn't find request for encrypted LeaseSet2");
 				break;
 			}
 			default:
 				LogPrint (eLogError, "Destination: Unexpected client's DatabaseStore type ", buf[DATABASE_STORE_TYPE_OFFSET], ", dropped");
 		}
-		if (!request)
+		auto it1 = m_LeaseSetRequests.find (key);
 		if (it1 != m_LeaseSetRequests.end ())
 		{
-			auto it1 = m_LeaseSetRequests.find (key);
+			it1->second->requestTimeoutTimer.cancel ();
-			if (it1 != m_LeaseSetRequests.end ())
+			if (it1->second) it1->second->Complete (leaseSet);
-			{
+			m_LeaseSetRequests.erase (it1);
 				request = it1->second;
 				m_LeaseSetRequests.erase (it1);
 			}
 		}
 		if (request)
 		{
 			request->requestTimeoutTimer.cancel ();
 			request->Complete (leaseSet);
 		}
 	}
@ -558,43 +502,38 @@ namespace client
 		if (it != m_LeaseSetRequests.end ())
 		{
 			auto request = it->second;
-			for (int i = 0; i < num; i++)
+			bool found = false;
 			if (request->excluded.size () < MAX_NUM_FLOODFILLS_PER_REQUEST)
 			{
-				i2p::data::IdentHash peerHash (buf + 33 + i*32);
+				for (int i = 0; i < num; i++)
 				if (!request->excluded.count (peerHash) && !i2p::data::netdb.FindRouter (peerHash))
 				{
-					LogPrint (eLogInfo, "Destination: Found new floodfill, request it");
+					i2p::data::IdentHash peerHash (buf + 33 + i*32);
-					i2p::data::netdb.RequestDestination (peerHash, nullptr, false); // through exploratory
+					if (!request->excluded.count (peerHash) && !i2p::data::netdb.FindRouter (peerHash))
 					{
 						LogPrint (eLogInfo, "Destination: Found new floodfill, request it");
 						i2p::data::netdb.RequestDestination (peerHash, nullptr, false); // through exploratory
 					}
 				}
 				auto floodfill = i2p::data::netdb.GetClosestFloodfill (key, request->excluded);
 				if (floodfill)
 				{
 					LogPrint (eLogInfo, "Destination: Requesting ", key.ToBase64 (), " at ", floodfill->GetIdentHash ().ToBase64 ());
 					if (SendLeaseSetRequest (key, floodfill, request))
 						found = true;
 				}
 			}
-			SendNextLeaseSetRequest (key, request);
+			if (!found)
 			{
 				LogPrint (eLogInfo, "Destination: ", key.ToBase64 (), " was not found on ", MAX_NUM_FLOODFILLS_PER_REQUEST, " floodfills");
 				request->Complete (nullptr);
 				m_LeaseSetRequests.erase (key);
 			}
 		}
 		else
 			LogPrint (eLogWarning, "Destination: Request for ", key.ToBase64 (), " not found");
 	}
 	void LeaseSetDestination::SendNextLeaseSetRequest (const i2p::data::IdentHash& key,
 		std::shared_ptr<LeaseSetRequest> request)
 	{
 		bool found = false;
 		if (request->excluded.size () < MAX_NUM_FLOODFILLS_PER_REQUEST)
 		{
 			auto floodfill = i2p::data::netdb.GetClosestFloodfill (key, request->excluded);
 			if (floodfill)
 			{
 				LogPrint (eLogInfo, "Destination: Requesting ", key.ToBase64 (), " at ", floodfill->GetIdentHash ().ToBase64 ());
 				if (SendLeaseSetRequest (key, floodfill, request))
 					found = true;
 			}
 		}
 		if (!found)
 		{
 			LogPrint (eLogInfo, "Destination: ", key.ToBase64 (), " was not found on ", MAX_NUM_FLOODFILLS_PER_REQUEST, " floodfills");
 			request->Complete (nullptr);
 			m_LeaseSetRequests.erase (key);
 		}
 	}
 	void LeaseSetDestination::HandleDeliveryStatusMessage (uint32_t msgID)
 	{
 		if (msgID == m_PublishReplyToken)
@ -603,8 +542,7 @@ namespace client
 			m_ExcludedFloodfills.clear ();
 			m_PublishReplyToken = 0;
 			// schedule verification
-			m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT +
+			m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT));
 				(m_Pool ? m_Pool->GetRng ()() % PUBLISH_VERIFICATION_TIMEOUT_VARIANCE : 0)));
 			m_PublishVerificationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishVerificationTimer,
 			shared_from_this (), std::placeholders::_1));
 		}
@ -612,12 +550,9 @@ namespace client
 			i2p::garlic::GarlicDestination::HandleDeliveryStatusMessage (msgID);
 	}
-	void LeaseSetDestination::SetLeaseSetUpdated (bool post)
+	void LeaseSetDestination::SetLeaseSetUpdated ()
 	{
-		if (post)
+		UpdateLeaseSet ();
 			boost::asio::post (m_Service, [s = shared_from_this ()]() { s->UpdateLeaseSet (); });
 		else
 			UpdateLeaseSet ();
 	}
 	void LeaseSetDestination::Publish ()
@ -643,7 +578,12 @@ namespace client
 				shared_from_this (), std::placeholders::_1));
 			return;
 		}
-		auto floodfill = i2p::data::netdb.GetClosestFloodfill (leaseSet->GetStoreHash (), m_ExcludedFloodfills);
+		if (!m_Pool->GetInboundTunnels ().size () || !m_Pool->GetOutboundTunnels ().size ())
 		{
 			LogPrint (eLogError, "Destination: Can't publish LeaseSet. Destination is not ready");
 			return;
 		}
 		auto floodfill = i2p::data::netdb.GetClosestFloodfill (leaseSet->GetIdentHash (), m_ExcludedFloodfills);
 		if (!floodfill)
 		{
 			LogPrint (eLogError, "Destination: Can't publish LeaseSet, no more floodfills found");
@ -654,39 +594,26 @@ namespace client
 		auto inbound = m_Pool->GetNextInboundTunnel (nullptr, floodfill->GetCompatibleTransports (true));
 		if (!outbound || !inbound)
 		{
-			if (!m_Pool->GetInboundTunnels ().empty () && !m_Pool->GetOutboundTunnels ().empty ())
+			LogPrint (eLogInfo, "Destination: No compatible tunnels with ", floodfill->GetIdentHash ().ToBase64 (), ". Trying another floodfill");
 			m_ExcludedFloodfills.insert (floodfill->GetIdentHash ());
 			floodfill = i2p::data::netdb.GetClosestFloodfill (leaseSet->GetIdentHash (), m_ExcludedFloodfills);
 			if (floodfill)
 			{
-				LogPrint (eLogInfo, "Destination: No compatible tunnels with ", floodfill->GetIdentHash ().ToBase64 (), ". Trying another floodfill");
+				outbound = m_Pool->GetNextOutboundTunnel (nullptr, floodfill->GetCompatibleTransports (false));
-				m_ExcludedFloodfills.insert (floodfill->GetIdentHash ());
+				if (outbound)
 				floodfill = i2p::data::netdb.GetClosestFloodfill (leaseSet->GetStoreHash (), m_ExcludedFloodfills);
 				if (floodfill)
 				{
-					outbound = m_Pool->GetNextOutboundTunnel (nullptr, floodfill->GetCompatibleTransports (false));
+					inbound = m_Pool->GetNextInboundTunnel (nullptr, floodfill->GetCompatibleTransports (true));
-					if (outbound)
+					if (!inbound)
-					{
+						LogPrint (eLogError, "Destination: Can't publish LeaseSet. No inbound tunnels");
 						inbound = m_Pool->GetNextInboundTunnel (nullptr, floodfill->GetCompatibleTransports (true));
 						if (!inbound)
 							LogPrint (eLogError, "Destination: Can't publish LeaseSet. No inbound tunnels");
 					}
 					else
 						LogPrint (eLogError, "Destination: Can't publish LeaseSet. No outbound tunnels");
 				}
 				else
-					LogPrint (eLogError, "Destination: Can't publish LeaseSet, no more floodfills found");
+					LogPrint (eLogError, "Destination: Can't publish LeaseSet. No outbound tunnels");
 			}
 			else
-				LogPrint (eLogDebug, "Destination: No tunnels in pool");
+				LogPrint (eLogError, "Destination: Can't publish LeaseSet, no more floodfills found");
 			if (!floodfill || !outbound || !inbound)
 			{
 				// we can't publish now
 				m_ExcludedFloodfills.clear ();
 				m_PublishReplyToken = 1; // dummy non-zero value
 				// try again after a while
 				LogPrint (eLogInfo, "Destination: Can't publish LeasetSet because destination is not ready. Try publishing again after ", PUBLISH_CONFIRMATION_TIMEOUT, " milliseconds");
 				m_PublishConfirmationTimer.expires_from_now (boost::posix_time::milliseconds(PUBLISH_CONFIRMATION_TIMEOUT));
 				m_PublishConfirmationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishConfirmationTimer,
 					shared_from_this (), std::placeholders::_1));
 				return;
 			}
 		}
@ -694,16 +621,7 @@ namespace client
 		LogPrint (eLogDebug, "Destination: Publish LeaseSet of ", GetIdentHash ().ToBase32 ());
 		RAND_bytes ((uint8_t *)&m_PublishReplyToken, 4);
 		auto msg = WrapMessageForRouter (floodfill, i2p::CreateDatabaseStoreMsg (leaseSet, m_PublishReplyToken, inbound));
-		auto s = shared_from_this ();
+		m_PublishConfirmationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_CONFIRMATION_TIMEOUT));
 		msg->onDrop = [s]()
 			{
 				boost::asio::post (s->GetService (), [s]()
 					{
 						s->m_PublishConfirmationTimer.cancel ();
 						s->HandlePublishConfirmationTimer (boost::system::error_code());
 					});
 			};
 		m_PublishConfirmationTimer.expires_from_now (boost::posix_time::milliseconds(PUBLISH_CONFIRMATION_TIMEOUT));
 		m_PublishConfirmationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishConfirmationTimer,
 			shared_from_this (), std::placeholders::_1));
 		outbound->SendTunnelDataMsgTo (floodfill->GetIdentHash (), 0, msg);
@ -719,15 +637,15 @@ namespace client
 				m_PublishReplyToken = 0;
 				if (GetIdentity ()->GetCryptoKeyType () == i2p::data::CRYPTO_KEY_TYPE_ELGAMAL)
 				{
-					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " milliseconds or failed. will try again");
+					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " seconds, will try again");
 					Publish ();
 				}
 				else
 				{
-					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " milliseconds from Java floodfill for crypto type ", (int)GetIdentity ()->GetCryptoKeyType ());
+					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " seconds from Java floodfill for crypto type ", (int)GetIdentity ()->GetCryptoKeyType ());
 					// Java floodfill never sends confirmation back for unknown crypto type
 					// assume it successive and try to verify
-					m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT + PUBLISH_VERIFICATION_TIMEOUT_VARIANCE)); // always max
+					m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT));
 					m_PublishVerificationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishVerificationTimer,
 			shared_from_this (), std::placeholders::_1));
@ -782,10 +700,10 @@ namespace client
 		if (!m_Pool || !IsReady ())
 		{
 			if (requestComplete)
-				boost::asio::post (m_Service, [requestComplete](void){requestComplete (nullptr);});
+				m_Service.post ([requestComplete](void){requestComplete (nullptr);});
 			return false;
 		}
-		boost::asio::post (m_Service, std::bind (&LeaseSetDestination::RequestLeaseSet, shared_from_this (), dest, requestComplete, nullptr));
+		m_Service.post (std::bind (&LeaseSetDestination::RequestLeaseSet, shared_from_this (), dest, requestComplete, nullptr));
 		return true;
 	}
@ -794,7 +712,7 @@ namespace client
 		if (!dest || !m_Pool || !IsReady ())
 		{
 			if (requestComplete)
-				boost::asio::post (m_Service, [requestComplete](void){requestComplete (nullptr);});
+				m_Service.post ([requestComplete](void){requestComplete (nullptr);});
 			return false;
 		}
 		auto storeHash = dest->GetStoreHash ();
@ -802,17 +720,17 @@ namespace client
 		if (leaseSet)
 		{
 			if (requestComplete)
-				boost::asio::post (m_Service, [requestComplete, leaseSet](void){requestComplete (leaseSet);});
+				m_Service.post ([requestComplete, leaseSet](void){requestComplete (leaseSet);});
 			return true;
 		}
-		boost::asio::post (m_Service, std::bind (&LeaseSetDestination::RequestLeaseSet, shared_from_this (), storeHash, requestComplete, dest));
+		m_Service.post (std::bind (&LeaseSetDestination::RequestLeaseSet, shared_from_this (), storeHash, requestComplete, dest));
 		return true;
 	}
 	void LeaseSetDestination::CancelDestinationRequest (const i2p::data::IdentHash& dest, bool notify)
 	{
 		auto s = shared_from_this ();
-		boost::asio::post (m_Service, [dest, notify, s](void)
+		m_Service.post ([dest, notify, s](void)
 			{
 				auto it = s->m_LeaseSetRequests.find (dest);
 				if (it != s->m_LeaseSetRequests.end ())
@ -832,7 +750,7 @@ namespace client
 	void LeaseSetDestination::RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> requestedBlindedKey)
 	{
-		std::unordered_set<i2p::data::IdentHash> excluded;
+		std::set<i2p::data::IdentHash> excluded;
 		auto floodfill = i2p::data::netdb.GetClosestFloodfill (dest, excluded);
 		if (floodfill)
 		{
@ -840,7 +758,7 @@ namespace client
 			request->requestedBlindedKey = requestedBlindedKey; // for encrypted LeaseSet2
 			if (requestComplete)
 				request->requestComplete.push_back (requestComplete);
-			auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+			auto ts = i2p::util::GetSecondsSinceEpoch ();
 			auto ret = m_LeaseSetRequests.insert (std::pair<i2p::data::IdentHash, std::shared_ptr<LeaseSetRequest> >(dest,request));
 			if (ret.second) // inserted
 			{
@ -904,17 +822,8 @@ namespace client
 				AddECIESx25519Key (replyKey, replyTag);
 			else
 				AddSessionKey (replyKey, replyTag);
-
+			auto msg = WrapMessageForRouter (nextFloodfill, CreateLeaseSetDatabaseLookupMsg (dest,
-			auto msg = WrapMessageForRouter (nextFloodfill,
+				request->excluded, request->replyTunnel, replyKey, replyTag, isECIES));
 				CreateLeaseSetDatabaseLookupMsg (dest, request->excluded, request->replyTunnel, replyKey, replyTag, isECIES));
 			auto s = shared_from_this ();
 			msg->onDrop = [s, dest, request]()
 				{
 					boost::asio::post (s->GetService (), [s, dest, request]()
 						{
 							s->SendNextLeaseSetRequest (dest, request);
 						});
 				};
 			request->outboundTunnel->SendTunnelDataMsgs (
 				{
 					i2p::tunnel::TunnelMessageBlock
@ -923,7 +832,7 @@ namespace client
 						nextFloodfill->GetIdentHash (), 0, msg
 					}
 				});
-			request->requestTimeoutTimer.expires_from_now (boost::posix_time::milliseconds(LEASESET_REQUEST_TIMEOUT));
+			request->requestTimeoutTimer.expires_from_now (boost::posix_time::seconds(LEASESET_REQUEST_TIMEOUT));
 			request->requestTimeoutTimer.async_wait (std::bind (&LeaseSetDestination::HandleRequestTimoutTimer,
 				shared_from_this (), std::placeholders::_1, dest));
 		}
@ -940,7 +849,7 @@ namespace client
 			if (it != m_LeaseSetRequests.end ())
 			{
 				bool done = false;
-				uint64_t ts = i2p::util::GetMillisecondsSinceEpoch ();
+				uint64_t ts = i2p::util::GetSecondsSinceEpoch ();
 				if (ts < it->second->requestTime + MAX_LEASESET_REQUEST_TIMEOUT)
 				{
 					auto floodfill = i2p::data::netdb.GetClosestFloodfill (dest, it->second->excluded);
@ -977,8 +886,7 @@ namespace client
 			CleanupExpiredTags ();
 			CleanupRemoteLeaseSets ();
 			CleanupDestination ();
-			m_CleanupTimer.expires_from_now (boost::posix_time::seconds (DESTINATION_CLEANUP_TIMEOUT +
+			m_CleanupTimer.expires_from_now (boost::posix_time::minutes (DESTINATION_CLEANUP_TIMEOUT));
 				(m_Pool ? m_Pool->GetRng ()() % DESTINATION_CLEANUP_TIMEOUT_VARIANCE : 0)));
 			m_CleanupTimer.async_wait (std::bind (&LeaseSetDestination::HandleCleanupTimer,
 				shared_from_this (), std::placeholders::_1));
 		}
@ -992,7 +900,7 @@ namespace client
 		{
 			if (it->second->IsEmpty () || ts > it->second->GetExpirationTime ()) // leaseset expired
 			{
-				LogPrint (eLogDebug, "Destination: Remote LeaseSet ", it->second->GetIdentHash ().ToBase64 (), " expired");
+				LogPrint (eLogWarning, "Destination: Remote LeaseSet ", it->second->GetIdentHash ().ToBase64 (), " expired");
 				it = m_RemoteLeaseSets.erase (it);
 			}
 			else
@ -1000,15 +908,19 @@ namespace client
 		}
 	}
-	ClientDestination::ClientDestination (boost::asio::io_context& service, const i2p::data::PrivateKeys& keys,
+	i2p::data::CryptoKeyType LeaseSetDestination::GetPreferredCryptoType () const
 	{
 		if (SupportsEncryptionType (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD))
 			return i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD;
 		return i2p::data::CRYPTO_KEY_TYPE_ELGAMAL;
 	}
 	ClientDestination::ClientDestination (boost::asio::io_service& service, const i2p::data::PrivateKeys& keys,
 		bool isPublic, const std::map<std::string, std::string> * params):
 		LeaseSetDestination (service, isPublic, params),
-		m_Keys (keys), m_PreferredCryptoType (0), m_StreamingAckDelay (DEFAULT_INITIAL_ACK_DELAY),
+		m_Keys (keys), m_StreamingAckDelay (DEFAULT_INITIAL_ACK_DELAY),
 		m_StreamingOutboundSpeed (DEFAULT_MAX_OUTBOUND_SPEED),
 		m_StreamingInboundSpeed (DEFAULT_MAX_INBOUND_SPEED),
 		m_StreamingMaxConcurrentStreams (DEFAULT_MAX_CONCURRENT_STREAMS),
 		m_IsStreamingAnswerPings (DEFAULT_ANSWER_PINGS), m_LastPort (0),
-		m_DatagramDestination (nullptr), m_RefCounter (0), m_LastPublishedTimestamp (0),
+		m_DatagramDestination (nullptr), m_RefCounter (0),
 		m_ReadyChecker(service)
 	{
 		if (keys.IsOfflineSignature () && GetLeaseSetType () == i2p::data::NETDB_STORE_TYPE_LEASESET)
@ -1028,15 +940,7 @@ namespace client
 				{
 					try
 					{
-						i2p::data::CryptoKeyType cryptoType = std::stoi(it1);
+						encryptionKeyTypes.insert (std::stoi(it1));
 #if !OPENSSL_PQ
 						if (cryptoType <= i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD) // skip PQ keys if not supported
 #endif					
 						{
 							if (!m_PreferredCryptoType && cryptoType)
 								m_PreferredCryptoType = cryptoType; // first non-zero in the list
 							encryptionKeyTypes.insert (cryptoType);
 						}	
 					}
 					catch (std::exception& ex)
 					{
@ -1047,21 +951,29 @@ namespace client
 			}
 		}
 		// if no param or valid crypto type use from identity
 		bool isSingleKey = false;
 		if (encryptionKeyTypes.empty ())
-			encryptionKeyTypes.insert ( { GetIdentity ()->GetCryptoKeyType (),
+		{
-				i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD }); // usually 0,4
+			isSingleKey = true;
 			encryptionKeyTypes.insert (GetIdentity ()->GetCryptoKeyType ());
 		}
 		for (auto& it: encryptionKeyTypes)
 		{
-			auto encryptionKey = std::make_shared<i2p::crypto::LocalEncryptionKey> (it);
+			auto encryptionKey = new EncryptionKey (it);
 			if (IsPublic ())
-				PersistTemporaryKeys (encryptionKey);
+				PersistTemporaryKeys (encryptionKey, isSingleKey);
 			else
 				encryptionKey->GenerateKeys ();
 			encryptionKey->CreateDecryptor ();
-			if (it > i2p::data::CRYPTO_KEY_TYPE_ELGAMAL && GetLeaseSetType () == i2p::data::NETDB_STORE_TYPE_LEASESET)
+			if (it == i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)
-				SetLeaseSetType (i2p::data::NETDB_STORE_TYPE_STANDARD_LEASESET2); // Only DSA can use LeaseSet1
+			{
-			m_EncryptionKeys.emplace (it, encryptionKey);
+				m_ECIESx25519EncryptionKey.reset (encryptionKey);
 				if (GetLeaseSetType () == i2p::data::NETDB_STORE_TYPE_LEASESET)
 					SetLeaseSetType (i2p::data::NETDB_STORE_TYPE_STANDARD_LEASESET2); // Rathets must use LeaseSet2
 			}
 			else
 				m_StandardEncryptionKey.reset (encryptionKey);
 		}
 		if (IsPublic ())
@ -1075,14 +987,6 @@ namespace client
 				auto it = params->find (I2CP_PARAM_STREAMING_INITIAL_ACK_DELAY);
 				if (it != params->end ())
 					m_StreamingAckDelay = std::stoi(it->second);
 				it = params->find (I2CP_PARAM_STREAMING_MAX_OUTBOUND_SPEED);
 				if (it != params->end ())
 					m_StreamingOutboundSpeed = std::stoi(it->second);
 				it = params->find (I2CP_PARAM_STREAMING_MAX_INBOUND_SPEED);
 				if (it != params->end ())
 					m_StreamingInboundSpeed = std::stoi(it->second);
 				if (it != params->end ())
 					m_StreamingMaxConcurrentStreams = std::stoi(it->second);
 				it = params->find (I2CP_PARAM_STREAMING_ANSWER_PINGS);
 				if (it != params->end ())
 					m_IsStreamingAnswerPings = std::stoi (it->second); // 1 for true
@ -1133,6 +1037,7 @@ namespace client
 	void ClientDestination::Stop ()
 	{
 		LogPrint(eLogDebug, "Destination: Stopping destination ", GetIdentHash().ToBase32(), ".b32.i2p");
 		LeaseSetDestination::Stop ();
 		m_ReadyChecker.cancel();
 		LogPrint(eLogDebug, "Destination: -> Stopping Streaming Destination");
 		m_StreamingDestination->Stop ();
@ -1154,7 +1059,6 @@ namespace client
 			delete m_DatagramDestination;
 			m_DatagramDestination = nullptr;
 		}
 		LeaseSetDestination::Stop ();
 		LogPrint(eLogDebug, "Destination: -> Stopping done");
 	}
@ -1218,7 +1122,7 @@ namespace client
 		if (leaseSet)
 		{
 			auto stream = CreateStream (leaseSet, port);
-			boost::asio::post (GetService (), [streamRequestComplete, stream]()
+			GetService ().post ([streamRequestComplete, stream]()
 				{
 					streamRequestComplete(stream);
 				});
@ -1411,56 +1315,32 @@ namespace client
 		return ret;
 	}
-	void ClientDestination::PersistTemporaryKeys (std::shared_ptr<i2p::crypto::LocalEncryptionKey> keys)
+	void ClientDestination::PersistTemporaryKeys (EncryptionKey * keys, bool isSingleKey)
 	{
 		if (!keys) return;
 		std::string ident = GetIdentHash().ToBase32();
-		std::string path  = i2p::fs::DataDirPath("destinations", ident + "." + std::to_string (keys->keyType) + ".dat");
+		std::string path  = i2p::fs::DataDirPath("destinations",
 			isSingleKey ? (ident + ".dat") : (ident + "." + std::to_string (keys->keyType) + ".dat"));
 		std::ifstream f(path, std::ifstream::binary);
 		if (f) 
 		{
 			size_t len = 0;
 			if (keys->keyType == i2p::data::CRYPTO_KEY_TYPE_ELGAMAL)
 				len = 512;
 			else if (keys->keyType == i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)
 			{	
 				f.seekg (0, std::ios::end);
 				len = f.tellg();
 				f.seekg (0, std::ios::beg);
 			}
-			if (len == 512)
+		if (f) {
-			{    
+			f.read ((char *)keys->pub, 256);
-				char pub[256], priv[256];
+			f.read ((char *)keys->priv, 256);
-				f.read (pub, 256);
+			return;
 				memcpy (keys->pub.data(), pub, keys->pub.size());
 				f.read (priv, 256);
 				memcpy (keys->priv.data (), priv, keys->priv.size ());
 			}
 			else
 			{
 				f.read ((char *)keys->pub.data(), keys->pub.size());
 				f.read ((char *)keys->priv.data(), keys->priv.size());
 			}	
 			if (f) 
 				return;
 			else
 				LogPrint(eLogWarning, "Destination: Can't read keys from ", path);
 		}
-		LogPrint (eLogInfo, "Destination: Creating new temporary keys of type ", keys->keyType, " for address ", ident, ".b32.i2p");
+		LogPrint (eLogInfo, "Destination: Creating new temporary keys of type for address ", ident, ".b32.i2p");
-		memset (keys->priv.data (), 0, keys->priv.size ());
+		memset (keys->priv, 0, 256);
-		memset (keys->pub.data (), 0, keys->pub.size ());
+		memset (keys->pub, 0, 256);
 		keys->GenerateKeys ();
-		
+		// TODO:: persist crypto key type
 		std::ofstream f1 (path, std::ofstream::binary | std::ofstream::out);
-		if (f1) 
+		if (f1) {
-		{
+			f1.write ((char *)keys->pub, 256);
-			f1.write ((char *)keys->pub.data (), keys->pub.size ());
+			f1.write ((char *)keys->priv, 256);
-			f1.write ((char *)keys->priv.data (), keys->priv.size ());
+			return;
 		}
-		if (!f1)
+		LogPrint(eLogCritical, "Destinations: Can't save keys to ", path);
 			LogPrint(eLogError, "Destination: Can't save keys to ", path);
 	}
 	void ClientDestination::CreateNewLeaseSet (const std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> >& tunnels)
@ -1468,10 +1348,9 @@ namespace client
 		std::shared_ptr<i2p::data::LocalLeaseSet> leaseSet;
 		if (GetLeaseSetType () == i2p::data::NETDB_STORE_TYPE_LEASESET)
 		{
-			auto it = m_EncryptionKeys.find (i2p::data::CRYPTO_KEY_TYPE_ELGAMAL);
+			if (m_StandardEncryptionKey)
 			if (it != m_EncryptionKeys.end ())
 			{
-				leaseSet = std::make_shared<i2p::data::LocalLeaseSet> (GetIdentity (), it->second->pub.data (), tunnels);
+				leaseSet = std::make_shared<i2p::data::LocalLeaseSet> (GetIdentity (), m_StandardEncryptionKey->pub, tunnels);
 				// sign
 				Sign (leaseSet->GetBuffer (), leaseSet->GetBufferLen () - leaseSet->GetSignatureLen (), leaseSet->GetSignature ());
 			}
@ -1481,40 +1360,18 @@ namespace client
 		else
 		{
 			// standard LS2 (type 3) first
-			if (m_EncryptionKeys.empty ())
+			i2p::data::LocalLeaseSet2::KeySections keySections;
-			{
+			if (m_ECIESx25519EncryptionKey)
-				LogPrint (eLogError, "Destinations: No encryption keys");
+				keySections.push_back ({m_ECIESx25519EncryptionKey->keyType, 32, m_ECIESx25519EncryptionKey->pub} );
-				return;
+			if (m_StandardEncryptionKey)
-			}	
+				keySections.push_back ({m_StandardEncryptionKey->keyType, (uint16_t)m_StandardEncryptionKey->decryptor->GetPublicKeyLen (), m_StandardEncryptionKey->pub} );
 			i2p::data::LocalLeaseSet2::EncryptionKeys keySections;
 			std::shared_ptr<const i2p::crypto::LocalEncryptionKey> preferredSection;
 			if (m_EncryptionKeys.size () == 1)
 				preferredSection = m_EncryptionKeys.begin ()->second; // only key
 			else
 			{	
 				for (const auto& it: m_EncryptionKeys)
 					if (it.first == m_PreferredCryptoType)
 						preferredSection = it.second;
 					else
 						keySections.push_back (it.second);
 			}	
 			if (preferredSection) 
 				keySections.push_front (preferredSection); // make preferred first
 			auto publishedTimestamp = i2p::util::GetSecondsSinceEpoch ();
 			if (publishedTimestamp <= m_LastPublishedTimestamp)
 			{
 				LogPrint (eLogDebug, "Destination: LeaseSet update at the same second");
 				publishedTimestamp++; // force newer timestamp
 			}
 			bool isPublishedEncrypted = GetLeaseSetType () == i2p::data::NETDB_STORE_TYPE_ENCRYPTED_LEASESET2;
 			auto ls2 = std::make_shared<i2p::data::LocalLeaseSet2> (i2p::data::NETDB_STORE_TYPE_STANDARD_LEASESET2,
-				m_Keys, keySections, tunnels, IsPublic (), publishedTimestamp, isPublishedEncrypted);
+				m_Keys, keySections, tunnels, IsPublic (), isPublishedEncrypted);
 			if (isPublishedEncrypted) // encrypt if type 5
 				ls2 = std::make_shared<i2p::data::LocalEncryptedLeaseSet2> (ls2, m_Keys, GetAuthType (), m_AuthKeys);
 			leaseSet = ls2;
 			m_LastPublishedTimestamp = publishedTimestamp;
 		}
 		SetLeaseSet (leaseSet);
 	}
@ -1526,22 +1383,11 @@ namespace client
 	bool ClientDestination::Decrypt (const uint8_t * encrypted, uint8_t * data, i2p::data::CryptoKeyType preferredCrypto) const
 	{
-		std::shared_ptr<i2p::crypto::LocalEncryptionKey> encryptionKey;
+		if (preferredCrypto == i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)
-		if (!m_EncryptionKeys.empty ())
+			if (m_ECIESx25519EncryptionKey && m_ECIESx25519EncryptionKey->decryptor)
-		{
+				return m_ECIESx25519EncryptionKey->decryptor->Decrypt (encrypted, data);
-			if (m_EncryptionKeys.rbegin ()->first == preferredCrypto)
+		if (m_StandardEncryptionKey && m_StandardEncryptionKey->decryptor)
-				encryptionKey = m_EncryptionKeys.rbegin ()->second;
+			return m_StandardEncryptionKey->decryptor->Decrypt (encrypted, data);
 			else
 			{
 				auto it = m_EncryptionKeys.find (preferredCrypto);
 				if (it != m_EncryptionKeys.end ())
 					encryptionKey = it->second;
 			}	
 			if (!encryptionKey)
 				encryptionKey = m_EncryptionKeys.rbegin ()->second;
 		}	
 		if (encryptionKey)
 			return encryptionKey->decryptor->Decrypt (encrypted, data);
 		else
 			LogPrint (eLogError, "Destinations: Decryptor is not set");
 		return false;
@ -1549,26 +1395,14 @@ namespace client
 	bool ClientDestination::SupportsEncryptionType (i2p::data::CryptoKeyType keyType) const
 	{
-#if __cplusplus >= 202002L // C++20
+		return keyType == i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD ? (bool)m_ECIESx25519EncryptionKey : (bool)m_StandardEncryptionKey;
 		return m_EncryptionKeys.contains (keyType);
 #else		
 		return m_EncryptionKeys.count (keyType) > 0;
 #endif		
 	}
 	i2p::data::CryptoKeyType ClientDestination::GetRatchetsHighestCryptoType () const
 	{
 		if (m_EncryptionKeys.empty ()) return 0;
 		auto cryptoType = m_EncryptionKeys.rbegin ()->first; 
 		return cryptoType >= i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD ? cryptoType : 0;
 	}
 	const uint8_t * ClientDestination::GetEncryptionPublicKey (i2p::data::CryptoKeyType keyType) const
 	{
-		auto it = m_EncryptionKeys.find (keyType);
+		if (keyType == i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)
-		if (it != m_EncryptionKeys.end ())
+			return m_ECIESx25519EncryptionKey ? m_ECIESx25519EncryptionKey->pub : nullptr;
-			return it->second->pub.data ();
+		return m_StandardEncryptionKey ? m_StandardEncryptionKey->pub : nullptr;
 		return nullptr;
 	}
 	void ClientDestination::ReadAuthKey (const std::string& group, const std::map<std::string, std::string> * params)
@ -1602,8 +1436,6 @@ namespace client
 		RunnableService ("Destination"),
 		ClientDestination (GetIOService (), keys, isPublic, params)
 	{
 		if (!GetNickname ().empty ())
 			RunnableService::SetName (GetNickname ());
 	}
 	RunnableClientDestination::~RunnableClientDestination ()
--- a/libi2pd/Destination.h
+++ b/libi2pd/Destination.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -15,14 +15,13 @@
 #include <memory>
 #include <map>
 #include <unordered_map>
-#include <unordered_set>
+#include <set>
 #include <string>
 #include <functional>
 #include <boost/asio.hpp>
 #include "Identity.h"
 #include "TunnelPool.h"
 #include "Crypto.h"
 #include "CryptoKey.h"
 #include "LeaseSet.h"
 #include "Garlic.h"
 #include "NetDb.hpp"
@ -37,15 +36,13 @@ namespace client
 	const uint8_t PROTOCOL_TYPE_STREAMING = 6;
 	const uint8_t PROTOCOL_TYPE_DATAGRAM = 17;
 	const uint8_t PROTOCOL_TYPE_RAW = 18;
-	const int PUBLISH_CONFIRMATION_TIMEOUT = 1800; // in milliseconds
+	const int PUBLISH_CONFIRMATION_TIMEOUT = 5; // in seconds
-	const int PUBLISH_VERIFICATION_TIMEOUT = 5; // in seconds after successful publish
+	const int PUBLISH_VERIFICATION_TIMEOUT = 10; // in seconds after successful publish
 	const int PUBLISH_VERIFICATION_TIMEOUT_VARIANCE = 3; // in seconds
 	const int PUBLISH_MIN_INTERVAL = 20; // in seconds
 	const int PUBLISH_REGULAR_VERIFICATION_INTERNAL = 100; // in seconds periodically
-	const int LEASESET_REQUEST_TIMEOUT = 1600; // in milliseconds
+	const int LEASESET_REQUEST_TIMEOUT = 5; // in seconds
-	const int MAX_LEASESET_REQUEST_TIMEOUT = 12000; // in milliseconds
+	const int MAX_LEASESET_REQUEST_TIMEOUT = 40; // in seconds
-	const int DESTINATION_CLEANUP_TIMEOUT = 44; // in seconds
+	const int DESTINATION_CLEANUP_TIMEOUT = 3; // in minutes
 	const int DESTINATION_CLEANUP_TIMEOUT_VARIANCE = 30; // in seconds
 	const unsigned int MAX_NUM_FLOODFILLS_PER_REQUEST = 7;
 	// I2CP
@ -87,18 +84,8 @@ namespace client
 	// streaming
 	const char I2CP_PARAM_STREAMING_INITIAL_ACK_DELAY[] = "i2p.streaming.initialAckDelay";
 	const int DEFAULT_INITIAL_ACK_DELAY = 200; // milliseconds
 	const char I2CP_PARAM_STREAMING_MAX_OUTBOUND_SPEED[] = "i2p.streaming.maxOutboundSpeed"; // bytes/sec
 	const int DEFAULT_MAX_OUTBOUND_SPEED = 1730000000; // no more than 1.73 Gbytes/s
 	const char I2CP_PARAM_STREAMING_MAX_INBOUND_SPEED[] = "i2p.streaming.maxInboundSpeed"; // bytes/sec
 	const int DEFAULT_MAX_INBOUND_SPEED = 1730000000; // no more than 1.73 Gbytes/s
 	const char I2CP_PARAM_STREAMING_ANSWER_PINGS[] = "i2p.streaming.answerPings";
 	const int DEFAULT_ANSWER_PINGS = true;
 	const char I2CP_PARAM_STREAMING_PROFILE[] = "i2p.streaming.profile";
 	const int STREAMING_PROFILE_BULK = 1; // high bandwidth
 	const int STREAMING_PROFILE_INTERACTIVE = 2; // low bandwidth
 	const int DEFAULT_STREAMING_PROFILE = STREAMING_PROFILE_BULK;
 	const char I2CP_PARAM_STREAMING_MAX_CONCURRENT_STREAMS[] = "i2p.streaming.maxConcurrentStreams";
 	const int DEFAULT_MAX_CONCURRENT_STREAMS = 2048;
 	typedef std::function<void (std::shared_ptr<i2p::stream::Stream> stream)> StreamRequestComplete;
@ -109,8 +96,8 @@ namespace client
 		// leaseSet = nullptr means not found
 		struct LeaseSetRequest
 		{
-			LeaseSetRequest (boost::asio::io_context& service): requestTime (0), requestTimeoutTimer (service) {};
+			LeaseSetRequest (boost::asio::io_service& service): requestTime (0), requestTimeoutTimer (service) {};
-			std::unordered_set<i2p::data::IdentHash> excluded;
+			std::set<i2p::data::IdentHash> excluded;
 			uint64_t requestTime;
 			boost::asio::deadline_timer requestTimeoutTimer;
 			std::list<RequestComplete> requestComplete;
@ -127,10 +114,10 @@ namespace client
 		public:
-			LeaseSetDestination (boost::asio::io_context& service, bool isPublic, const std::map<std::string, std::string> * params = nullptr);
+			LeaseSetDestination (boost::asio::io_service& service, bool isPublic, const std::map<std::string, std::string> * params = nullptr);
 			~LeaseSetDestination ();
 			const std::string& GetNickname () const { return m_Nickname; };
-			auto& GetService () { return m_Service; };
+			boost::asio::io_service& GetService () { return m_Service; };
 			virtual void Start ();
 			virtual void Stop ();
@ -147,15 +134,15 @@ namespace client
 			void CancelDestinationRequestWithEncryptedLeaseSet (std::shared_ptr<const i2p::data::BlindedPublicKey> dest, bool notify = true);
 			// implements GarlicDestination
-			std::shared_ptr<const i2p::data::LocalLeaseSet> GetLeaseSet () override;
+			std::shared_ptr<const i2p::data::LocalLeaseSet> GetLeaseSet ();
-			std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () const override { return m_Pool; }
+			std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () const { return m_Pool; }
 			// override GarlicDestination
-			bool SubmitSessionKey (const uint8_t * key, const uint8_t * tag) override;
+			bool SubmitSessionKey (const uint8_t * key, const uint8_t * tag);
-			void SubmitECIESx25519Key (const uint8_t * key, uint64_t tag) override;
+			void SubmitECIESx25519Key (const uint8_t * key, uint64_t tag);
-			void ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg) override;
+			void ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg);
-			void ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg) override;
+			void ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);
-			void SetLeaseSetUpdated (bool post) override;
+			void SetLeaseSetUpdated ();
 			bool IsPublic () const { return m_IsPublic; };
 			void SetPublic (bool pub) { m_IsPublic = pub; };
@ -163,16 +150,14 @@ namespace client
 		protected:
 			// implements GarlicDestination
-			void HandleI2NPMessage (const uint8_t * buf, size_t len) override;
+			void HandleI2NPMessage (const uint8_t * buf, size_t len);
-			bool HandleCloveI2NPMessage (I2NPMessageType typeID, const uint8_t * payload, 
+			bool HandleCloveI2NPMessage (I2NPMessageType typeID, const uint8_t * payload, size_t len, uint32_t msgID);
 				size_t len, uint32_t msgID, i2p::garlic::ECIESX25519AEADRatchetSession * from) override;
 			void SetLeaseSet (std::shared_ptr<const i2p::data::LocalLeaseSet> newLeaseSet);
 			int GetLeaseSetType () const { return m_LeaseSetType; };
 			void SetLeaseSetType (int leaseSetType) { m_LeaseSetType = leaseSetType; };
 			int GetAuthType () const { return m_AuthType; };
 			virtual void CleanupDestination () {}; // additional clean up in derived classes
 			virtual i2p::data::CryptoKeyType GetPreferredCryptoType () const = 0;
 			// I2CP
 			virtual void HandleDataMessage (const uint8_t * buf, size_t len) = 0;
 			virtual void CreateNewLeaseSet (const std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> >& tunnels) = 0;
@ -185,34 +170,31 @@ namespace client
 			void HandlePublishConfirmationTimer (const boost::system::error_code& ecode);
 			void HandlePublishVerificationTimer (const boost::system::error_code& ecode);
 			void HandlePublishDelayTimer (const boost::system::error_code& ecode);
-			void HandleDatabaseStoreMessage (const uint8_t * buf, size_t len, i2p::garlic::ECIESX25519AEADRatchetSession * from);
+			void HandleDatabaseStoreMessage (const uint8_t * buf, size_t len);
 			void HandleDatabaseSearchReplyMessage (const uint8_t * buf, size_t len);
 			void HandleDeliveryStatusMessage (uint32_t msgID);
 			void RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> requestedBlindedKey = nullptr);
 			bool SendLeaseSetRequest (const i2p::data::IdentHash& dest, std::shared_ptr<const i2p::data::RouterInfo> nextFloodfill, std::shared_ptr<LeaseSetRequest> request);
 			void SendNextLeaseSetRequest (const i2p::data::IdentHash& key, std::shared_ptr<LeaseSetRequest> request);
 			void HandleRequestTimoutTimer (const boost::system::error_code& ecode, const i2p::data::IdentHash& dest);
 			void HandleCleanupTimer (const boost::system::error_code& ecode);
 			void CleanupRemoteLeaseSets ();
 			i2p::data::CryptoKeyType GetPreferredCryptoType () const;
 		private:
-			boost::asio::io_context& m_Service;
+			boost::asio::io_service& m_Service;
 			mutable std::mutex m_RemoteLeaseSetsMutex;
 			std::unordered_map<i2p::data::IdentHash, std::shared_ptr<i2p::data::LeaseSet> > m_RemoteLeaseSets;
 			std::unordered_map<i2p::data::IdentHash, std::shared_ptr<LeaseSetRequest> > m_LeaseSetRequests;
 			std::list<std::shared_ptr<I2NPMessage> > m_IncomingMsgsQueue;
 			mutable std::mutex m_IncomingMsgsQueueMutex;
 			std::shared_ptr<i2p::tunnel::TunnelPool> m_Pool;
 			std::mutex m_LeaseSetMutex;
 			std::shared_ptr<const i2p::data::LocalLeaseSet> m_LeaseSet;
 			bool m_IsPublic;
 			uint32_t m_PublishReplyToken;
 			uint64_t m_LastSubmissionTime; // in seconds
-			std::unordered_set<i2p::data::IdentHash> m_ExcludedFloodfills; // for publishing
+			std::set<i2p::data::IdentHash> m_ExcludedFloodfills; // for publishing
 			boost::asio::deadline_timer m_PublishConfirmationTimer, m_PublishVerificationTimer,
 				m_PublishDelayTimer, m_CleanupTimer;
@ -231,14 +213,25 @@ namespace client
 	class ClientDestination: public LeaseSetDestination
 	{
 		struct EncryptionKey
 		{
 			uint8_t pub[256], priv[256];
 			i2p::data::CryptoKeyType keyType;
 			std::shared_ptr<i2p::crypto::CryptoKeyDecryptor> decryptor;
 			EncryptionKey (i2p::data::CryptoKeyType t):keyType(t) { memset (pub, 0, 256); memset (priv, 0, 256);	};
 			void GenerateKeys () { i2p::data::PrivateKeys::GenerateCryptoKeyPair (keyType, priv, pub); };
 			void CreateDecryptor () { decryptor = i2p::data::PrivateKeys::CreateDecryptor (keyType, priv); };
 		};
 		public:
-			ClientDestination (boost::asio::io_context& service, const i2p::data::PrivateKeys& keys,
+			ClientDestination (boost::asio::io_service& service, const i2p::data::PrivateKeys& keys,
 				bool isPublic, const std::map<std::string, std::string> * params = nullptr);
 			~ClientDestination ();
-			void Start () override;
+			void Start ();
-			void Stop () override;
+			void Stop ();
 			const i2p::data::PrivateKeys& GetPrivateKeys () const { return m_Keys; };
 			void Sign (const uint8_t * buf, int len, uint8_t * signature) const { m_Keys.Sign (buf, len, signature); };
@ -265,9 +258,6 @@ namespace client
 			bool IsAcceptingStreams () const;
 			void AcceptOnce (const i2p::stream::StreamingDestination::Acceptor& acceptor);
 			int GetStreamingAckDelay () const { return m_StreamingAckDelay; }
 			int GetStreamingOutboundSpeed () const { return m_StreamingOutboundSpeed; }
 			int GetStreamingInboundSpeed () const { return m_StreamingInboundSpeed; }
 			int GetStreamingMaxConcurrentStreams () const { return m_StreamingMaxConcurrentStreams; }
 			bool IsStreamingAnswerPings () const { return m_IsStreamingAnswerPings; }
 			// datagram
@ -275,28 +265,24 @@ namespace client
 			i2p::datagram::DatagramDestination * CreateDatagramDestination (bool gzip = true);
 			// implements LocalDestination
-			bool Decrypt (const uint8_t * encrypted, uint8_t * data, i2p::data::CryptoKeyType preferredCrypto) const override;
+			bool Decrypt (const uint8_t * encrypted, uint8_t * data, i2p::data::CryptoKeyType preferredCrypto) const;
-			std::shared_ptr<const i2p::data::IdentityEx> GetIdentity () const override { return m_Keys.GetPublic (); };
+			std::shared_ptr<const i2p::data::IdentityEx> GetIdentity () const { return m_Keys.GetPublic (); };
-			bool SupportsEncryptionType (i2p::data::CryptoKeyType keyType) const override;
+			bool SupportsEncryptionType (i2p::data::CryptoKeyType keyType) const;
-			const uint8_t * GetEncryptionPublicKey (i2p::data::CryptoKeyType keyType) const override;
+			const uint8_t * GetEncryptionPublicKey (i2p::data::CryptoKeyType keyType) const;
 		protected:
-			// GarlicDestionation
+			void CleanupDestination ();
 			i2p::data::CryptoKeyType GetRatchetsHighestCryptoType () const override;
 			// LeaseSetDestination
 			void CleanupDestination () override;
 			i2p::data::CryptoKeyType GetPreferredCryptoType () const override { return m_PreferredCryptoType; }
 			// I2CP
-			void HandleDataMessage (const uint8_t * buf, size_t len) override;
+			void HandleDataMessage (const uint8_t * buf, size_t len);
-			void CreateNewLeaseSet (const std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> >& tunnels) override;
+			void CreateNewLeaseSet (const std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> >& tunnels);
 		private:
 			std::shared_ptr<ClientDestination> GetSharedFromThis () {
 				return std::static_pointer_cast<ClientDestination>(shared_from_this ());
 			}
-			void PersistTemporaryKeys (std::shared_ptr<i2p::crypto::LocalEncryptionKey> keys);
+			void PersistTemporaryKeys (EncryptionKey * keys, bool isSingleKey);
 			void ReadAuthKey (const std::string& group, const std::map<std::string, std::string> * params);
 			template<typename Dest>
@ -305,17 +291,16 @@ namespace client
 		private:
 			i2p::data::PrivateKeys m_Keys;
-			std::map<i2p::data::CryptoKeyType, std::shared_ptr<i2p::crypto::LocalEncryptionKey> > m_EncryptionKeys; // last is most preferable
+			std::unique_ptr<EncryptionKey> m_StandardEncryptionKey;
-			i2p::data::CryptoKeyType m_PreferredCryptoType;
+			std::unique_ptr<EncryptionKey> m_ECIESx25519EncryptionKey;
-			int m_StreamingAckDelay,m_StreamingOutboundSpeed, m_StreamingInboundSpeed, m_StreamingMaxConcurrentStreams;
+			int m_StreamingAckDelay;
 			bool m_IsStreamingAnswerPings;
 			std::shared_ptr<i2p::stream::StreamingDestination> m_StreamingDestination; // default
 			std::map<uint16_t, std::shared_ptr<i2p::stream::StreamingDestination> > m_StreamingDestinationsByPorts;
 			std::shared_ptr<i2p::stream::StreamingDestination> m_LastStreamingDestination; uint16_t m_LastPort; // for server tunnels
 			i2p::datagram::DatagramDestination * m_DatagramDestination;
 			int m_RefCounter; // how many clients(tunnels) use this destination
 			uint64_t m_LastPublishedTimestamp;
 			boost::asio::deadline_timer m_ReadyChecker;
--- a/libi2pd/ECIESX25519AEADRatchetSession.cpp
+++ b/libi2pd/ECIESX25519AEADRatchetSession.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -11,7 +11,6 @@
 #include "Log.h"
 #include "util.h"
 #include "Crypto.h"
 #include "PostQuantum.h"
 #include "Elligator.h"
 #include "Tag.h"
 #include "I2PEndian.h"
@ -95,17 +94,6 @@ namespace garlic
 		m_ItermediateSymmKeys.erase (index);
 	}
 	ReceiveRatchetTagSet::ReceiveRatchetTagSet (std::shared_ptr<ECIESX25519AEADRatchetSession> session, bool isNS):
 		m_Session (session), m_IsNS (isNS) 
 	{
 	}
 	ReceiveRatchetTagSet::~ReceiveRatchetTagSet ()
 	{
 		if (m_IsNS && m_Session)
 			m_Session->CleanupReceiveNSRKeys ();
 	}	
 	void ReceiveRatchetTagSet::Expire ()
 	{
 		if (!m_ExpirationTimestamp)
@ -129,12 +117,6 @@ namespace garlic
 		return session->HandleNextMessage (buf, len, shared_from_this (), index);
 	}
 	bool ReceiveRatchetTagSet::IsSessionTerminated () const 
 	{ 
 		return !m_Session || m_Session->IsTerminated (); 
 	}
 	SymmetricKeyTagSet::SymmetricKeyTagSet (GarlicDestination * destination, const uint8_t * key):
 		ReceiveRatchetTagSet (nullptr), m_Destination (destination)
 	{
@ -174,12 +156,12 @@ namespace garlic
 			return false;
 		}
 		if (m_Destination)
-			m_Destination->HandleECIESx25519GarlicClove (buf + offset, size, nullptr);
+			m_Destination->HandleECIESx25519GarlicClove (buf + offset, size);
 		return true;
 	}
 	ECIESX25519AEADRatchetSession::ECIESX25519AEADRatchetSession (GarlicDestination * owner, bool attachLeaseSetNS):
-		GarlicRoutingSession (owner, true), m_RemoteStaticKeyType (0)
+		GarlicRoutingSession (owner, true)
 	{
 		if (!attachLeaseSetNS) SetLeaseSetUpdateStatus (eLeaseSetUpToDate);
 		RAND_bytes (m_PaddingSizes, 32); m_NextPaddingSize = 0;
@ -241,42 +223,12 @@ namespace garlic
 		tagsetNsr->NextSessionTagRatchet ();
 	}
 	bool ECIESX25519AEADRatchetSession::MessageConfirmed (uint32_t msgID)
 	{
 		auto ret = GarlicRoutingSession::MessageConfirmed (msgID); // LeaseSet
 		if (m_AckRequestMsgID && m_AckRequestMsgID == msgID)
 		{
 			m_AckRequestMsgID = 0;
 			m_AckRequestNumAttempts = 0;
 			ret = true;
 		}	
 		return ret;
 	}	
 	bool ECIESX25519AEADRatchetSession::CleanupUnconfirmedTags ()
 	{
 		if (m_AckRequestMsgID && m_AckRequestNumAttempts > ECIESX25519_ACK_REQUEST_MAX_NUM_ATTEMPTS)
 		{
 			m_AckRequestMsgID = 0;
 			m_AckRequestNumAttempts = 0;
 			return true;	
 		}
 		return false;
 	}	
 	void ECIESX25519AEADRatchetSession::CleanupReceiveNSRKeys ()
 	{
 		m_EphemeralKeys = nullptr;
 #if OPENSSL_PQ
 		m_PQKeys = nullptr;
 #endif	
 	}	
 	bool ECIESX25519AEADRatchetSession::HandleNewIncomingSession (const uint8_t * buf, size_t len)
 	{
 		if (!GetOwner ()) return false;
 		// we are Bob
 		// KDF1
 		i2p::crypto::InitNoiseIKState (GetNoiseState (), GetOwner ()->GetEncryptionPublicKey (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)); // bpk
 		if (!i2p::crypto::GetElligator ()->Decode (buf, m_Aepk))
 		{
@ -284,61 +236,20 @@ namespace garlic
 			return false;
 		}
 		buf += 32; len -= 32;
 		MixHash (m_Aepk, 32); // h = SHA256(h || aepk)
 		uint8_t sharedSecret[32];
-		bool decrypted = false;
+		if (!GetOwner ()->Decrypt (m_Aepk, sharedSecret, i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)) // x25519(bsk, aepk)
 		auto cryptoType = GetOwner ()->GetRatchetsHighestCryptoType ();
 #if OPENSSL_PQ
 		if (cryptoType > i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD) // we support post quantum
 		{
-			i2p::crypto::InitNoiseIKStateMLKEM (GetNoiseState (), cryptoType, GetOwner ()->GetEncryptionPublicKey (cryptoType)); // bpk
+			LogPrint (eLogWarning, "Garlic: Incorrect Alice ephemeral key");
-			MixHash (m_Aepk, 32); // h = SHA256(h || aepk)
+			return false;
 			if (GetOwner ()->Decrypt (m_Aepk, sharedSecret, cryptoType)) // x25519(bsk, aepk)
 			{
 				MixKey (sharedSecret);
 				auto keyLen = i2p::crypto::GetMLKEMPublicKeyLen (cryptoType);
 				std::vector<uint8_t> encapsKey(keyLen);
 				if (Decrypt (buf, encapsKey.data (), keyLen))
 				{
 					decrypted = true; // encaps section has right hash 
 					MixHash (buf, keyLen + 16);
 					buf += keyLen + 16;
 					len -= keyLen + 16;
 					m_PQKeys = i2p::crypto::CreateMLKEMKeys (cryptoType);
 					m_PQKeys->SetPublicKey (encapsKey.data ());
 				}
 			}	
 		}	
 #endif
 		if (!decrypted)
 		{	
 			if (cryptoType == i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD ||
 			    GetOwner ()->SupportsEncryptionType (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD))
 			{
 				cryptoType = i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD;
 				i2p::crypto::InitNoiseIKState (GetNoiseState (), GetOwner ()->GetEncryptionPublicKey (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)); // bpk
 				MixHash (m_Aepk, 32); // h = SHA256(h || aepk)
 				if (!GetOwner ()->Decrypt (m_Aepk, sharedSecret, i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)) // x25519(bsk, aepk)
 				{
 					LogPrint (eLogWarning, "Garlic: Incorrect Alice ephemeral key");
 					return false;
 				}
 				MixKey (sharedSecret);	
 			}	
 			else
 			{
 				LogPrint (eLogWarning, "Garlic: No supported encryption type");
 				return false;
 			}	
 		}
 		MixKey (sharedSecret);
 		// decrypt flags/static
-		uint8_t fs[32];
+		uint8_t nonce[12], fs[32];
-		if (!Decrypt (buf, fs, 32))
+		CreateNonce (0, nonce);
 		if (!i2p::crypto::AEADChaCha20Poly1305 (buf, 32, m_H, 32, m_CK + 32, nonce, fs, 32, false)) // decrypt
 		{
 			LogPrint (eLogWarning, "Garlic: Flags/static section AEAD verification failed ");
 			return false;
@ -351,18 +262,20 @@ namespace garlic
 		if (isStatic)
 		{
 			// static key, fs is apk
-			SetRemoteStaticKey (cryptoType, fs); 
+			memcpy (m_RemoteStaticKey, fs, 32);
-			if (!GetOwner ()->Decrypt (fs, sharedSecret, m_RemoteStaticKeyType)) // x25519(bsk, apk)
+			if (!GetOwner ()->Decrypt (fs, sharedSecret, i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)) // x25519(bsk, apk)
 			{
 				LogPrint (eLogWarning, "Garlic: Incorrect Alice static key");
 				return false;
 			}
 			MixKey (sharedSecret);
 		}
 		else // all zeros flags
 			CreateNonce (1, nonce);
 		// decrypt payload
 		std::vector<uint8_t> payload (len - 16); // we must save original ciphertext
-		if (!Decrypt (buf, payload.data (), len - 16))
+		if (!i2p::crypto::AEADChaCha20Poly1305 (buf, len - 16, m_H, 32, m_CK + 32, nonce, payload.data (), len - 16, false)) // decrypt
 		{
 			LogPrint (eLogWarning, "Garlic: Payload section AEAD verification failed");
 			return false;
@ -398,7 +311,7 @@ namespace garlic
 			{
 				case eECIESx25519BlkGalicClove:
 					if (GetOwner ())
-						GetOwner ()->HandleECIESx25519GarlicClove (buf + offset, size, this);
+						GetOwner ()->HandleECIESx25519GarlicClove (buf + offset, size);
 				break;
 				case eECIESx25519BlkNextKey:
 					LogPrint (eLogDebug, "Garlic: Next key");
@ -414,9 +327,8 @@ namespace garlic
 					auto offset1 = offset;
 					for (auto i = 0; i < numAcks; i++)
 					{
-						uint32_t tagsetid = bufbe16toh (buf + offset1); offset1 += 2; // tagsetid
+						offset1 += 2; // tagsetid
-						uint16_t n = bufbe16toh (buf + offset1); offset1 += 2; // N
+						MessageConfirmed (bufbe16toh (buf + offset1)); offset1 += 2; // N
 						MessageConfirmed ((tagsetid << 16) + n); // msgid = (tagsetid << 16) + N
 					}
 					break;
 				}
@ -479,6 +391,7 @@ namespace garlic
 		{
 			uint16_t keyID = bufbe16toh (buf); buf += 2; // keyID
 			bool newKey = flag & ECIESX25519_NEXT_KEY_REQUEST_REVERSE_KEY_FLAG;
 			m_SendReverseKey = true;
 			if (!m_NextReceiveRatchet)
 				m_NextReceiveRatchet.reset (new DHRatchet ());
 			else
@ -490,14 +403,15 @@ namespace garlic
 				}
 				m_NextReceiveRatchet->keyID = keyID;
 			}
 			int tagsetID = 2*keyID;
 			if (newKey)
 			{
 				m_NextReceiveRatchet->key = i2p::transport::transports.GetNextX25519KeysPair ();
 				m_NextReceiveRatchet->newKey = true;
 				tagsetID++;
 			}
 			else
 				m_NextReceiveRatchet->newKey = false;
 			auto tagsetID = m_NextReceiveRatchet->GetReceiveTagSetID ();
 			if (flag & ECIESX25519_NEXT_KEY_KEY_PRESENT_FLAG)
 				memcpy (m_NextReceiveRatchet->remote, buf, 32);
@ -511,9 +425,7 @@ namespace garlic
 			GenerateMoreReceiveTags (newTagset, (GetOwner () && GetOwner ()->GetNumRatchetInboundTags () > 0) ?
 				GetOwner ()->GetNumRatchetInboundTags () : ECIESX25519_MAX_NUM_GENERATED_TAGS);
 			receiveTagset->Expire ();
 			LogPrint (eLogDebug, "Garlic: Next receive tagset ", tagsetID, " created");
 			m_SendReverseKey = true;
 		}
 	}
@ -550,16 +462,7 @@ namespace garlic
 		offset += 32;
 		// KDF1
-#if OPENSSL_PQ		
+		i2p::crypto::InitNoiseIKState (GetNoiseState (), m_RemoteStaticKey); // bpk
 		if (m_RemoteStaticKeyType >= i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)
 		{
 			i2p::crypto::InitNoiseIKStateMLKEM (GetNoiseState (), m_RemoteStaticKeyType, m_RemoteStaticKey); // bpk
 			m_PQKeys = i2p::crypto::CreateMLKEMKeys (m_RemoteStaticKeyType);
 			m_PQKeys->GenerateKeys ();
 		}	
 		else	
 #endif			
 			i2p::crypto::InitNoiseIKState (GetNoiseState (), m_RemoteStaticKey); // bpk
 		MixHash (m_EphemeralKeys->GetPublicKey (), 32); // h = SHA256(h || aepk)
 		uint8_t sharedSecret[32];
 		if (!m_EphemeralKeys->Agree (m_RemoteStaticKey, sharedSecret)) // x25519(aesk, bpk)
@ -568,32 +471,18 @@ namespace garlic
 			return false;
 		}
 		MixKey (sharedSecret);
 #if OPENSSL_PQ
 		if (m_RemoteStaticKeyType >= i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)
 		{
 			auto keyLen = i2p::crypto::GetMLKEMPublicKeyLen (m_RemoteStaticKeyType);
 			std::vector<uint8_t> encapsKey(keyLen);
 			m_PQKeys->GetPublicKey (encapsKey.data ());
 			// encrypt encapsKey 
 			if (!Encrypt (encapsKey.data (), out + offset, keyLen))
 			{
 				LogPrint (eLogWarning, "Garlic: ML-KEM encap_key section AEAD encryption failed ");
 				return false;
 			}
 			MixHash (out + offset, keyLen + 16); // h = SHA256(h || ciphertext)
 			offset += keyLen + 16;
 		}	
 #endif		
 		// encrypt flags/static key section
 		uint8_t nonce[12];
 		CreateNonce (0, nonce);
 		const uint8_t * fs;
 		if (isStatic)
-			fs = GetOwner ()->GetEncryptionPublicKey (m_RemoteStaticKeyType);
+			fs = GetOwner ()->GetEncryptionPublicKey (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD);
 		else
 		{
 			memset (out + offset, 0, 32); // all zeros flags section
 			fs = out + offset;
 		}
-		if (!Encrypt (fs, out + offset, 32)) 
+		if (!i2p::crypto::AEADChaCha20Poly1305 (fs, 32, m_H, 32, m_CK + 32, nonce, out + offset, 48, true)) // encrypt
 		{
 			LogPrint (eLogWarning, "Garlic: Flags/static section AEAD encryption failed ");
 			return false;
@ -604,11 +493,13 @@ namespace garlic
 		// KDF2
 		if (isStatic)
 		{
-			GetOwner ()->Decrypt (m_RemoteStaticKey, sharedSecret, m_RemoteStaticKeyType); // x25519 (ask, bpk)
+			GetOwner ()->Decrypt (m_RemoteStaticKey, sharedSecret, i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD); // x25519 (ask, bpk)
 			MixKey (sharedSecret);
 		}
 		else
 			CreateNonce (1, nonce);
 		// encrypt payload
-		if (!Encrypt (payload, out + offset, len))
+		if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len, m_H, 32, m_CK + 32, nonce, out + offset, len + 16, true)) // encrypt
 		{
 			LogPrint (eLogWarning, "Garlic: Payload section AEAD encryption failed");
 			return false;
@ -657,33 +548,16 @@ namespace garlic
 			return false;
 		}
 		MixKey (sharedSecret);
 #if OPENSSL_PQ
 		if (m_PQKeys)
 		{
 			size_t cipherTextLen = i2p::crypto::GetMLKEMCipherTextLen (m_RemoteStaticKeyType);
 			std::vector<uint8_t> kemCiphertext(cipherTextLen);
 			m_PQKeys->Encaps (kemCiphertext.data (), sharedSecret);
 			if (!Encrypt (kemCiphertext.data (), out + offset, cipherTextLen))
 			{
 				LogPrint (eLogWarning, "Garlic: NSR ML-KEM ciphertext section AEAD encryption failed");
 				return false;
 			}
 			m_NSREncodedPQKey = std::make_unique<std::vector<uint8_t> > (cipherTextLen + 16);
 			memcpy (m_NSREncodedPQKey->data (), out + offset, cipherTextLen + 16);
 			MixHash (out + offset, cipherTextLen + 16);
 			MixKey (sharedSecret);
 			offset += cipherTextLen + 16;
 		}	
 #endif		
 		if (!m_EphemeralKeys->Agree (m_RemoteStaticKey, sharedSecret)) // sharedSecret = x25519(besk, apk)
 		{
 			LogPrint (eLogWarning, "Garlic: Incorrect Alice static key");
 			return false;
 		}
 		MixKey (sharedSecret);
 		uint8_t nonce[12];
 		CreateNonce (0, nonce);
 		// calculate hash for zero length
-		if (!Encrypt (sharedSecret /* can be anything */, out + offset, 0)) // encrypt, ciphertext = ENCRYPT(k, n, ZEROLEN, ad)
+		if (!i2p::crypto::AEADChaCha20Poly1305 (nonce /* can be anything */, 0, m_H, 32, m_CK + 32, nonce, out + offset, 16, true)) // encrypt, ciphertext = ENCRYPT(k, n, ZEROLEN, ad)
 		{
 			LogPrint (eLogWarning, "Garlic: Reply key section AEAD encryption failed");
 			return false;
@ -704,7 +578,6 @@ namespace garlic
 			GetOwner ()->GetNumRatchetInboundTags () : ECIESX25519_MIN_NUM_GENERATED_TAGS);
 		i2p::crypto::HKDF (keydata + 32, nullptr, 0, "AttachPayloadKDF", m_NSRKey, 32); // k = HKDF(k_ba, ZEROLEN, "AttachPayloadKDF", 32)
 		// encrypt payload
 		uint8_t nonce[12]; memset (nonce, 0, 12); // seqn = 0
 		if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len, m_H, 32, m_NSRKey, nonce, out + offset, len + 16, true)) // encrypt
 		{
 			LogPrint (eLogWarning, "Garlic: NSR payload section AEAD encryption failed");
@ -726,34 +599,16 @@ namespace garlic
 		memcpy (m_H, m_NSRH, 32);
 		MixHash ((const uint8_t *)&tag, 8); // h = SHA256(h || tag)
 		MixHash (m_EphemeralKeys->GetPublicKey (), 32); // h = SHA256(h || bepk)
-		m_N = 0;
+		uint8_t nonce[12];
-		size_t offset = 40;
+		CreateNonce (0, nonce);
-#if OPENSSL_PQ		
+		if (!i2p::crypto::AEADChaCha20Poly1305 (nonce /* can be anything */, 0, m_H, 32, m_CK + 32, nonce, out + 40, 16, true)) // encrypt, ciphertext = ENCRYPT(k, n, ZEROLEN, ad)
 		if (m_PQKeys)
 		{	
 			if (m_NSREncodedPQKey)
 			{	
 				size_t cipherTextLen = i2p::crypto::GetMLKEMCipherTextLen (m_RemoteStaticKeyType);
 				memcpy (out + offset, m_NSREncodedPQKey->data (), cipherTextLen + 16);
 				MixHash (out + offset, cipherTextLen + 16);
 				offset += cipherTextLen + 16;
 			}
 			else
 			{
 				LogPrint (eLogWarning, "Garlic: No stored ML-KEM keys");
 				return false;
 			}
 		}
 #endif
 		if (!Encrypt (m_NSRH /* can be anything */, out + offset, 0)) // encrypt, ciphertext = ENCRYPT(k, n, ZEROLEN, ad)
 		{
 			LogPrint (eLogWarning, "Garlic: Reply key section AEAD encryption failed");
 			return false;
 		}
-		MixHash (out + offset, 16); // h = SHA256(h || ciphertext)
+		MixHash (out + 40, 16); // h = SHA256(h || ciphertext)
 		// encrypt payload
-		uint8_t nonce[12]; memset (nonce, 0, 12);
+		if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len, m_H, 32, m_NSRKey, nonce, out + 56, len + 16, true)) // encrypt
 		if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len, m_H, 32, m_NSRKey, nonce, out + offset + 16, len + 16, true)) // encrypt
 		{
 			LogPrint (eLogWarning, "Garlic: Next NSR payload section AEAD encryption failed");
 			return false;
@ -785,30 +640,13 @@ namespace garlic
 			return false;
 		}
 		MixKey (sharedSecret);
-#if OPENSSL_PQ
+		GetOwner ()->Decrypt (bepk, sharedSecret, i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD); // x25519 (ask, bepk)
 		if (m_RemoteStaticKeyType >= i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)
 		{
 			// decrypt kem_ciphertext section
 			size_t cipherTextLen = i2p::crypto::GetMLKEMCipherTextLen (m_RemoteStaticKeyType);
 			std::vector<uint8_t> kemCiphertext(cipherTextLen);
 			if (!Decrypt (buf, kemCiphertext.data (), cipherTextLen))
 			{
 				LogPrint (eLogWarning, "Garlic: Reply ML-KEM ciphertext section AEAD decryption failed");
 				return false;
 			}
 			MixHash (buf, cipherTextLen + 16);
 			buf += cipherTextLen + 16;
 			len -= cipherTextLen + 16;
 			// decaps
 			m_PQKeys->Decaps (kemCiphertext.data (), sharedSecret);
 			MixKey (sharedSecret);
 		}
 #endif	
 		GetOwner ()->Decrypt (bepk, sharedSecret, m_RemoteStaticKeyType); // x25519 (ask, bepk)
 		MixKey (sharedSecret);
 		uint8_t nonce[12];
 		CreateNonce (0, nonce);
 		// calculate hash for zero length
-		if (!Decrypt (buf, sharedSecret/* can be anything */, 0)) // decrypt, DECRYPT(k, n, ZEROLEN, ad) verification only
+		if (!i2p::crypto::AEADChaCha20Poly1305 (buf, 0, m_H, 32, m_CK + 32, nonce, sharedSecret/* can be anything */, 0, false)) // decrypt, DECRYPT(k, n, ZEROLEN, ad) verification only
 		{
 			LogPrint (eLogWarning, "Garlic: Reply key section AEAD decryption failed");
 			return false;
@ -833,7 +671,6 @@ namespace garlic
 		}
 		i2p::crypto::HKDF (keydata + 32, nullptr, 0, "AttachPayloadKDF", keydata, 32); // k = HKDF(k_ba, ZEROLEN, "AttachPayloadKDF", 32)
 		// decrypt payload
 		uint8_t nonce[12]; memset (nonce, 0, 12); // seqn = 0
 		if (!i2p::crypto::AEADChaCha20Poly1305 (buf, len - 16, m_H, 32, keydata, nonce, buf, len - 16, false)) // decrypt
 		{
 			LogPrint (eLogWarning, "Garlic: Payload section AEAD decryption failed");
@ -843,8 +680,7 @@ namespace garlic
 		if (m_State == eSessionStateNewSessionSent)
 		{
 			m_State = eSessionStateEstablished;
-			// don't delete m_EpehemralKey and m_PQKeys because delayd NSR's migth come
+			//m_EphemeralKeys = nullptr; // TODO: delete after a while
 			// done in CleanupReceiveNSRKeys called from NSR tagset destructor		
 			m_SessionCreatedTimestamp = i2p::util::GetSecondsSinceEpoch ();
 			GetOwner ()->AddECIESx25519Session (m_RemoteStaticKey, shared_from_this ());
 		}
@ -859,8 +695,6 @@ namespace garlic
 	bool ECIESX25519AEADRatchetSession::NewExistingSessionMessage (const uint8_t * payload, size_t len, uint8_t * out, size_t outLen)
 	{
 		auto owner = GetOwner ();
 		if (!owner) return false;
 		uint8_t nonce[12];
 		auto index = m_SendTagset->GetNextIndex ();
 		CreateNonce (index, nonce); // tag's index
@ -868,7 +702,8 @@ namespace garlic
 		if (!tag)
 		{
 			LogPrint (eLogError, "Garlic: Can't create new ECIES-X25519-AEAD-Ratchet tag for send tagset");
-			owner->RemoveECIESx25519Session (m_RemoteStaticKey);
+			if (GetOwner ())
 				GetOwner ()->RemoveECIESx25519Session (m_RemoteStaticKey);
 			return false;
 		}
 		memcpy (out, &tag, 8);
@ -876,7 +711,7 @@ namespace garlic
 		// ciphertext = ENCRYPT(k, n, payload, ad)
 		uint8_t key[32];
 		m_SendTagset->GetSymmKey (index, key);
-		if (!owner->AEADChaCha20Poly1305Encrypt (payload, len, out, 8, key, nonce, out + 8, outLen - 8))
+		if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len, out, 8, key, nonce, out + 8, outLen - 8, true)) // encrypt
 		{
 			LogPrint (eLogWarning, "Garlic: Payload section AEAD encryption failed");
 			return false;
@ -895,35 +730,33 @@ namespace garlic
 		uint8_t * payload = buf + 8;
 		uint8_t key[32];
 		receiveTagset->GetSymmKey (index, key);
-		auto owner = GetOwner ();
+		if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len - 16, buf, 8, key, nonce, payload, len - 16, false)) // decrypt
 		if (!owner) return true; // drop message
 		if (!owner->AEADChaCha20Poly1305Decrypt (payload, len - 16, buf, 8, key, nonce, payload, len - 16))
 		{
 			LogPrint (eLogWarning, "Garlic: Payload section AEAD decryption failed");
 			return false;
 		}
 		HandlePayload (payload, len - 16, receiveTagset, index);
-		
+		if (GetOwner ())
 		int moreTags = 0;
 		if (owner->GetNumRatchetInboundTags () > 0) // override in settings?
 		{
-			if (receiveTagset->GetNextIndex () - index < owner->GetNumRatchetInboundTags ()/2)
+			int moreTags = 0;
-				moreTags = owner->GetNumRatchetInboundTags ();
+			if (GetOwner ()->GetNumRatchetInboundTags () > 0) // override in settings?
-			index -= owner->GetNumRatchetInboundTags (); // trim behind
+			{
 				if (receiveTagset->GetNextIndex () - index < GetOwner ()->GetNumRatchetInboundTags ()/2)
 					moreTags = GetOwner ()->GetNumRatchetInboundTags ();
 				index -= GetOwner ()->GetNumRatchetInboundTags (); // trim behind
 			}
 			else
 			{
 				moreTags = ECIESX25519_MIN_NUM_GENERATED_TAGS + (index >> 2); // N/4
 				if (moreTags > ECIESX25519_MAX_NUM_GENERATED_TAGS) moreTags = ECIESX25519_MAX_NUM_GENERATED_TAGS;
 				moreTags -= (receiveTagset->GetNextIndex () - index);
 				index -= ECIESX25519_MAX_NUM_GENERATED_TAGS; // trim behind
 			}
 			if (moreTags > 0)
 				GenerateMoreReceiveTags (receiveTagset, moreTags);
 			if (index > 0)
 				receiveTagset->SetTrimBehind (index);
 		}
 		else
 		{
 			moreTags = (receiveTagset->GetTagSetID () > 0) ? ECIESX25519_MAX_NUM_GENERATED_TAGS : // for non first tagset
 				(ECIESX25519_MIN_NUM_GENERATED_TAGS + (index >> 1)); // N/2
 			if (moreTags > ECIESX25519_MAX_NUM_GENERATED_TAGS) moreTags = ECIESX25519_MAX_NUM_GENERATED_TAGS;
 			moreTags -= (receiveTagset->GetNextIndex () - index);
 			index -= ECIESX25519_MAX_NUM_GENERATED_TAGS; // trim behind
 		}
 		if (moreTags > 0)
 			GenerateMoreReceiveTags (receiveTagset, moreTags);
 		if (index > 0)
 			receiveTagset->SetTrimBehind (index);
 		return true;
 	}
@ -937,14 +770,10 @@ namespace garlic
 				m_State = eSessionStateEstablished;
 				m_NSRSendTagset = nullptr;
 				m_EphemeralKeys = nullptr;
-#if OPENSSL_PQ
+#if (__cplusplus >= 201703L) // C++ 17 or higher
 				m_PQKeys = nullptr;
 				m_NSREncodedPQKey = nullptr;
 #endif				
 				[[fallthrough]];
 #endif
 			case eSessionStateEstablished:
 				if (m_SendReverseKey && receiveTagset->GetTagSetID () == m_NextReceiveRatchet->GetReceiveTagSetID ())
 					m_SendReverseKey = false; // tag received on new tagset	
 				if (receiveTagset->IsNS ())
 				{
 					// our of sequence NSR
@ -971,12 +800,7 @@ namespace garlic
 		if (!payload) return nullptr;
 		size_t len = CreatePayload (msg, m_State != eSessionStateEstablished, payload);
 		if (!len) return nullptr;
 #if OPENSSL_PQ
 		auto m = NewI2NPMessage (len + (m_State == eSessionStateEstablished ? 28 :
 			i2p::crypto::GetMLKEMPublicKeyLen (m_RemoteStaticKeyType) + 116));
 #else		
 		auto m = NewI2NPMessage (len + 100); // 96 + 4
 #endif		
 		m->Align (12); // in order to get buf aligned to 16 (12 + 4)
 		uint8_t * buf = m->GetPayload () + 4; // 4 bytes for length
@ -991,28 +815,16 @@ namespace garlic
 				if (!NewOutgoingSessionMessage (payload, len, buf, m->maxLen))
 					return nullptr;
 				len += 96;
 #if OPENSSL_PQ
 				if (m_RemoteStaticKeyType >= i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)
 					len += i2p::crypto::GetMLKEMPublicKeyLen (m_RemoteStaticKeyType) + 16;
 #endif				
 			break;
 			case eSessionStateNewSessionReceived:
 				if (!NewSessionReplyMessage (payload, len, buf, m->maxLen))
 					return nullptr;
 				len += 72;
 #if OPENSSL_PQ
 				if (m_RemoteStaticKeyType >= i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)
 					len += i2p::crypto::GetMLKEMCipherTextLen (m_RemoteStaticKeyType) + 16;
 #endif				
 			break;
 			case eSessionStateNewSessionReplySent:
 				if (!NextNewSessionReplyMessage (payload, len, buf, m->maxLen))
 					return nullptr;
 				len += 72;
 #if OPENSSL_PQ
 				if (m_RemoteStaticKeyType >= i2p::data::CRYPTO_KEY_TYPE_ECIES_MLKEM512_X25519_AEAD)
 					len += i2p::crypto::GetMLKEMCipherTextLen (m_RemoteStaticKeyType) + 16;
 #endif				
 			break;
 			case eSessionStateOneTime:
 				if (!NewOutgoingSessionMessage (payload, len, buf, m->maxLen, false))
@ -1039,14 +851,13 @@ namespace garlic
 	{
 		uint64_t ts = i2p::util::GetMillisecondsSinceEpoch ();
 		size_t payloadLen = 0;
 		bool sendAckRequest = false;
 		if (first) payloadLen += 7;// datatime
 		if (msg)
 		{
 			payloadLen += msg->GetPayloadLength () + 13;
 			if (m_Destination) payloadLen += 32;
 		}
-		if (GetLeaseSetUpdateStatus () == eLeaseSetSubmitted && ts > GetLeaseSetSubmissionTime () + LEASESET_CONFIRMATION_TIMEOUT)
+		if (GetLeaseSetUpdateStatus () == eLeaseSetSubmitted && ts > GetLeaseSetSubmissionTime () + LEASET_CONFIRMATION_TIMEOUT)
 		{
 			// resubmit non-confirmed LeaseSet
 			SetLeaseSetUpdateStatus (eLeaseSetUpdated);
@ -1058,28 +869,13 @@ namespace garlic
 			payloadLen += leaseSet->GetBufferLen () + DATABASE_STORE_HEADER_SIZE + 13;
 			if (!first)
 			{
-				// ack request for LeaseSet
+				// ack request
 				m_AckRequestMsgID = m_SendTagset->GetMsgID ();
 				sendAckRequest = true;
 				// update LeaseSet status
 				SetLeaseSetUpdateStatus (eLeaseSetSubmitted);
-				SetLeaseSetUpdateMsgID (m_AckRequestMsgID);
+				SetLeaseSetUpdateMsgID (m_SendTagset->GetNextIndex ());
 				SetLeaseSetSubmissionTime (ts);
 				payloadLen += 4;
 			}
 		}
 		if (!sendAckRequest && !first &&
 		    ((!m_AckRequestMsgID && ts > m_LastAckRequestSendTime + m_AckRequestInterval) || // regular request
 		     (m_AckRequestMsgID && ts > m_LastAckRequestSendTime + LEASESET_CONFIRMATION_TIMEOUT))) // previous request failed. try again
 		{	
 			// not LeaseSet
 			m_AckRequestMsgID = m_SendTagset->GetMsgID ();
 			if (m_AckRequestMsgID)
 			{	
 				m_AckRequestNumAttempts++;
 				sendAckRequest = true;
 			}	
 		}	
 		if (sendAckRequest) payloadLen += 4;
 		if (m_AckRequests.size () > 0)
 			payloadLen += m_AckRequests.size ()*4 + 3;
 		if (m_SendReverseKey)
@ -1131,14 +927,15 @@ namespace garlic
 			}
 			// LeaseSet
 			if (leaseSet)
 				offset += CreateLeaseSetClove (leaseSet, ts, payload + offset, payloadLen - offset);
 			// ack request
 			if (sendAckRequest)
 			{
-				payload[offset] = eECIESx25519BlkAckRequest; offset++;
+				offset += CreateLeaseSetClove (leaseSet, ts, payload + offset, payloadLen - offset);
-				htobe16buf (payload + offset, 1); offset += 2;
+				if (!first)
-				payload[offset] = 0; offset++; // flags
+				{
-				m_LastAckRequestSendTime = ts;
+					// ack request
 					payload[offset] = eECIESx25519BlkAckRequest; offset++;
 					htobe16buf (payload + offset, 1); offset += 2;
 					payload[offset] = 0; offset++; // flags
 				}
 			}
 			// msg
 			if (msg)
@ -1174,6 +971,7 @@ namespace garlic
 					memcpy (payload + offset, m_NextReceiveRatchet->key->GetPublicKey (), 32);
 					offset += 32; // public key
 				}
 				m_SendReverseKey = false;
 			}
 			if (m_SendForwardKey)
 			{
@ -1269,8 +1067,6 @@ namespace garlic
 	bool ECIESX25519AEADRatchetSession::CheckExpired (uint64_t ts)
 	{
 		CleanupUnconfirmedLeaseSet (ts);
 		if (!m_Destination && ts > m_LastActivityTimestamp + ECIESX25519_SESSION_CREATE_TIMEOUT) return true; // m_LastActivityTimestamp is NS receive time 
 		if (m_State != eSessionStateEstablished && m_SessionCreatedTimestamp && ts > m_SessionCreatedTimestamp + ECIESX25519_SESSION_ESTABLISH_TIMEOUT) return true; 
 		return ts > m_LastActivityTimestamp + ECIESX25519_RECEIVE_EXPIRATION_TIMEOUT && // seconds
 			ts*1000 > m_LastSentTimestamp + ECIESX25519_SEND_EXPIRATION_TIMEOUT*1000; // milliseconds
 	}
@ -1352,7 +1148,7 @@ namespace garlic
 		return len;
 	}
-	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<I2NPMessage> msg, const uint8_t * key, uint64_t tag)
+	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag)
 	{
 		auto m = NewI2NPMessage ((msg ? msg->GetPayloadLength () : 0) + 128);
 		m->Align (12); // in order to get buf aligned to 16 (12 + 4)
@ -1372,16 +1168,10 @@ namespace garlic
 		htobe32buf (m->GetPayload (), offset);
 		m->len += offset + 4;
 		m->FillI2NPMessageHeader (eI2NPGarlic);
 		if (msg->onDrop)
 		{
 			// move onDrop to the wrapping I2NP messages
 			m->onDrop = msg->onDrop;
 			msg->onDrop = nullptr;
 		}
 		return m;
 	}
-	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<I2NPMessage> msg, const uint8_t * routerPublicKey)
+	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<const I2NPMessage> msg, const uint8_t * routerPublicKey)
 	{
 		// Noise_N, we are Alice, routerPublicKey is Bob's
 		i2p::crypto::NoiseSymmetricState noiseState;
@ -1415,12 +1205,6 @@ namespace garlic
 		htobe32buf (m->GetPayload (), offset);
 		m->len += offset + 4;
 		m->FillI2NPMessageHeader (eI2NPGarlic);
 		if (msg->onDrop)
 		{
 			// move onDrop to the wrapping I2NP messages
 			m->onDrop = msg->onDrop;
 			msg->onDrop = nullptr;
 		}	
 		return m;
 	}
 }
--- a/libi2pd/ECIESX25519AEADRatchetSession.h
+++ b/libi2pd/ECIESX25519AEADRatchetSession.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -14,12 +14,10 @@
 #include <functional>
 #include <memory>
 #include <vector>
 #include <array>
 #include <list>
 #include <unordered_map>
 #include "Identity.h"
 #include "Crypto.h"
 #include "PostQuantum.h"
 #include "Garlic.h"
 #include "Tag.h"
@ -32,14 +30,10 @@ namespace garlic
 	const int ECIESX25519_SEND_INACTIVITY_TIMEOUT = 5000; // number of milliseconds we can send empty(pyaload only) packet after
 	const int ECIESX25519_SEND_EXPIRATION_TIMEOUT = 480; // in seconds
 	const int ECIESX25519_RECEIVE_EXPIRATION_TIMEOUT = 600; // in seconds
-	const int ECIESX25519_SESSION_CREATE_TIMEOUT = 3; // in seconds, NSR must be send after NS received
+	const int ECIESX25519_PREVIOUS_TAGSET_EXPIRATION_TIMEOUT = 180; // 180
 	const int ECIESX25519_SESSION_ESTABLISH_TIMEOUT = 15; // in seconds 
 	const int ECIESX25519_PREVIOUS_TAGSET_EXPIRATION_TIMEOUT = 180; // in seconds
 	const int ECIESX25519_DEFAULT_ACK_REQUEST_INTERVAL = 33000; // in milliseconds
 	const int ECIESX25519_ACK_REQUEST_MAX_NUM_ATTEMPTS = 3;
 	const int ECIESX25519_TAGSET_MAX_NUM_TAGS = 8192; // number of tags we request new tagset after
 	const int ECIESX25519_MIN_NUM_GENERATED_TAGS = 24;
-	const int ECIESX25519_MAX_NUM_GENERATED_TAGS = 800;
+	const int ECIESX25519_MAX_NUM_GENERATED_TAGS = 320;
 	const int ECIESX25519_NSR_NUM_GENERATED_TAGS = 12;
 	const size_t ECIESX25519_OPTIMAL_PAYLOAD_SIZE = 1912; // 1912 = 1956 /* to fit 2 tunnel messages */
@ -63,8 +57,6 @@ namespace garlic
 			int GetTagSetID () const { return m_TagSetID; };
 			void SetTagSetID (int tagsetID) { m_TagSetID = tagsetID; };
 			uint32_t GetMsgID () const { return (m_TagSetID << 16) + m_NextIndex; }; // (tagsetid << 16) + N
 		private:
 			i2p::data::Tag<64> m_SessionTagKeyData;
@ -81,8 +73,8 @@ namespace garlic
 	{
 		public:
-			ReceiveRatchetTagSet (std::shared_ptr<ECIESX25519AEADRatchetSession> session, bool isNS = false);
+			ReceiveRatchetTagSet (std::shared_ptr<ECIESX25519AEADRatchetSession> session, bool isNS = false):
-			~ReceiveRatchetTagSet () override;
+				m_Session (session), m_IsNS (isNS) {};
 			bool IsNS () const { return m_IsNS; };
 			std::shared_ptr<ECIESX25519AEADRatchetSession> GetSession () { return m_Session; };
@ -94,7 +86,6 @@ namespace garlic
 			virtual bool IsIndexExpired (int index) const;
 			virtual bool HandleNextMessage (uint8_t * buf, size_t len, int index);
 			virtual bool IsSessionTerminated () const;
 		private:
@ -110,9 +101,8 @@ namespace garlic
 			SymmetricKeyTagSet (GarlicDestination * destination, const uint8_t * key);
-			bool IsIndexExpired (int index) const override { return false; };
+			bool IsIndexExpired (int index) const { return false; };
-			bool HandleNextMessage (uint8_t * buf, size_t len, int index) override;
+			bool HandleNextMessage (uint8_t * buf, size_t len, int index);
 			bool IsSessionTerminated () const override { return false; }
 		private:
@ -157,7 +147,6 @@ namespace garlic
 			std::shared_ptr<i2p::crypto::X25519Keys> key;
 			uint8_t remote[32]; // last remote public key
 			bool newKey = true;
 			int GetReceiveTagSetID () const { return newKey ? (2*keyID + 1) : 2*keyID; }
 		};
 		public:
@ -166,32 +155,26 @@ namespace garlic
 			~ECIESX25519AEADRatchetSession ();
 			bool HandleNextMessage (uint8_t * buf, size_t len, std::shared_ptr<ReceiveRatchetTagSet> receiveTagset, int index = 0);
-			std::shared_ptr<I2NPMessage> WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg) override;
+			std::shared_ptr<I2NPMessage> WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg);
 			std::shared_ptr<I2NPMessage> WrapOneTimeMessage (std::shared_ptr<const I2NPMessage> msg);
 			const uint8_t * GetRemoteStaticKey () const { return m_RemoteStaticKey; }
-			i2p::data::CryptoKeyType GetRemoteStaticKeyType () const { return m_RemoteStaticKeyType; }
+			void SetRemoteStaticKey (const uint8_t * key) { memcpy (m_RemoteStaticKey, key, 32); }
-			void SetRemoteStaticKey (i2p::data::CryptoKeyType keyType, const uint8_t * key) 
+
 			{ 
 				m_RemoteStaticKeyType = keyType;
 				memcpy (m_RemoteStaticKey, key, 32); 
 			}
 			void Terminate () { m_IsTerminated = true; }
-			void SetDestination (const i2p::data::IdentHash& dest)
+			void SetDestination (const i2p::data::IdentHash& dest) // TODO:
 			{
 				if (!m_Destination) m_Destination.reset (new i2p::data::IdentHash (dest));
 			}
 			bool CheckExpired (uint64_t ts); // true is expired
 			bool CanBeRestarted (uint64_t ts) const { return ts > m_SessionCreatedTimestamp + ECIESX25519_RESTART_TIMEOUT; }
 			bool IsInactive (uint64_t ts) const { return ts > m_LastActivityTimestamp + ECIESX25519_INACTIVITY_TIMEOUT && CanBeRestarted (ts); }
 			void CleanupReceiveNSRKeys (); // called from ReceiveRatchetTagSet at Alice's side
-			bool IsRatchets () const override { return true; };
+			bool IsRatchets () const { return true; };
-			bool IsReadyToSend () const override { return m_State != eSessionStateNewSessionSent; };
+			bool IsReadyToSend () const { return m_State != eSessionStateNewSessionSent; };
-			bool IsTerminated () const override { return m_IsTerminated; }
+			bool IsTerminated () const { return m_IsTerminated; }
-			uint64_t GetLastActivityTimestamp () const override { return m_LastActivityTimestamp; };
+			uint64_t GetLastActivityTimestamp () const { return m_LastActivityTimestamp; };
 			void SetAckRequestInterval (int interval) override { m_AckRequestInterval = interval; };
 			bool CleanupUnconfirmedTags () override; // return true if unaswered Ack requests, called from I2CP
 		protected:
@ -199,7 +182,6 @@ namespace garlic
 			void SetNoiseState (const i2p::crypto::NoiseSymmetricState& state) { GetNoiseState () = state; };
 			void CreateNonce (uint64_t seqn, uint8_t * nonce);
 			void HandlePayload (const uint8_t * buf, size_t len, const std::shared_ptr<ReceiveRatchetTagSet>& receiveTagset, int index);
 			bool MessageConfirmed (uint32_t msgID) override;
 		private:
@ -225,30 +207,20 @@ namespace garlic
 		private:
 			i2p::data::CryptoKeyType m_RemoteStaticKeyType;
 			uint8_t m_RemoteStaticKey[32];
 			uint8_t m_Aepk[32]; // Alice's ephemeral keys, for incoming only
 			uint8_t m_NSREncodedKey[32], m_NSRH[32], m_NSRKey[32]; // new session reply, for incoming only
 			std::shared_ptr<i2p::crypto::X25519Keys> m_EphemeralKeys;
 #if OPENSSL_PQ	
 			std::unique_ptr<i2p::crypto::MLKEMKeys> m_PQKeys;
 			std::unique_ptr<std::vector<uint8_t> > m_NSREncodedPQKey;
 #endif			
 			SessionState m_State = eSessionStateNew;
 			uint64_t m_SessionCreatedTimestamp = 0, m_LastActivityTimestamp = 0, // incoming (in seconds)
 				m_LastSentTimestamp = 0; // in milliseconds
 			std::shared_ptr<RatchetTagSet> m_SendTagset, m_NSRSendTagset;
-			std::unique_ptr<i2p::data::IdentHash> m_Destination;// must be set for NS if outgoing and NSR if incoming
+			std::unique_ptr<i2p::data::IdentHash> m_Destination;// TODO: might not need it
-			std::list<std::pair<uint16_t, int> > m_AckRequests; // incoming (tagsetid, index)
+			std::list<std::pair<uint16_t, int> > m_AckRequests; // (tagsetid, index)
 			bool m_SendReverseKey = false, m_SendForwardKey = false, m_IsTerminated = false;
 			std::unique_ptr<DHRatchet> m_NextReceiveRatchet, m_NextSendRatchet;
 			uint8_t m_PaddingSizes[32], m_NextPaddingSize;
 			uint64_t m_LastAckRequestSendTime = 0; // milliseconds
 			uint32_t m_AckRequestMsgID = 0; 
 			int m_AckRequestNumAttempts = 0;
 			int m_AckRequestInterval = ECIESX25519_DEFAULT_ACK_REQUEST_INTERVAL; // milliseconds
 		public:
 			// for HTTP only
@ -273,8 +245,8 @@ namespace garlic
 			i2p::crypto::NoiseSymmetricState m_CurrentNoiseState;
 	};
-	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<I2NPMessage> msg, const uint8_t * key, uint64_t tag);
+	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag);
-	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<I2NPMessage> msg, const uint8_t * routerPublicKey);
+	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<const I2NPMessage> msg, const uint8_t * routerPublicKey);
 }
 }
--- a/libi2pd/Ed25519.cpp
+++ b/libi2pd/Ed25519.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -457,6 +457,86 @@ namespace crypto
 		}
 	}
 #if !OPENSSL_X25519
 	BIGNUM * Ed25519::ScalarMul (const BIGNUM * u, const BIGNUM * k, BN_CTX * ctx) const
 	{
 		BN_CTX_start (ctx);
 		auto x1 = BN_CTX_get (ctx); BN_copy (x1, u);
 		auto x2 = BN_CTX_get (ctx); BN_one (x2);
 		auto z2 = BN_CTX_get (ctx); BN_zero (z2);
 		auto x3 = BN_CTX_get (ctx); BN_copy (x3, u);
 		auto z3 = BN_CTX_get (ctx); BN_one (z3);
 		auto c121666 = BN_CTX_get (ctx); BN_set_word (c121666, 121666);
 		auto tmp0 = BN_CTX_get (ctx); auto tmp1 = BN_CTX_get (ctx);
 		unsigned int swap = 0;
 		auto bits = BN_num_bits (k);
 		while(bits)
 		{
 			--bits;
 			auto k_t = BN_is_bit_set(k, bits) ? 1 : 0;
 			swap ^= k_t;
 			if (swap)
 			{
 				std::swap (x2, x3);
 				std::swap (z2, z3);
 			}
 			swap = k_t;
 			BN_mod_sub(tmp0, x3, z3, q, ctx);
 			BN_mod_sub(tmp1, x2, z2, q, ctx);
 			BN_mod_add(x2, x2, z2, q, ctx);
 			BN_mod_add(z2, x3, z3, q, ctx);
 			BN_mod_mul(z3, tmp0, x2, q, ctx);
 			BN_mod_mul(z2, z2, tmp1, q, ctx);
 			BN_mod_sqr(tmp0, tmp1, q, ctx);
 			BN_mod_sqr(tmp1, x2, q, ctx);
 			BN_mod_add(x3, z3, z2, q, ctx);
 			BN_mod_sub(z2, z3, z2, q, ctx);
 			BN_mod_mul(x2, tmp1, tmp0, q, ctx);
 			BN_mod_sub(tmp1, tmp1, tmp0, q, ctx);
 			BN_mod_sqr(z2, z2, q, ctx);
 			BN_mod_mul(z3, tmp1, c121666, q, ctx);
 			BN_mod_sqr(x3, x3, q, ctx);
 			BN_mod_add(tmp0, tmp0, z3, q, ctx);
 			BN_mod_mul(z3, x1, z2, q, ctx);
 			BN_mod_mul(z2, tmp1, tmp0, q, ctx);
 		}
 		if (swap)
 		{
 			std::swap (x2, x3);
 			std::swap (z2, z3);
 		}
 		BN_mod_inverse (z2, z2, q, ctx);
 		BIGNUM * res = BN_new (); // not from ctx
 		BN_mod_mul(res, x2, z2, q, ctx);
 		BN_CTX_end (ctx);
 		return res;
 	}
 	void Ed25519::ScalarMul (const uint8_t * p, const uint8_t * e, uint8_t * buf, BN_CTX * ctx) const
 	{
 		BIGNUM * p1 = DecodeBN<32> (p);
 		uint8_t k[32];
 		memcpy (k, e, 32);
 		k[0] &= 248; k[31] &= 127; k[31] |= 64;
 		BIGNUM * n = DecodeBN<32> (k);
 		BIGNUM * q1 = ScalarMul (p1, n, ctx);
 		EncodeBN (q1, buf, 32);
 		BN_free (p1); BN_free (n); BN_free (q1);
 	}
 	void Ed25519::ScalarMulB (const uint8_t * e, uint8_t * buf, BN_CTX * ctx) const
 	{
 		BIGNUM *p1 = BN_new (); BN_set_word (p1, 9);
 		uint8_t k[32];
 		memcpy (k, e, 32);
 		k[0] &= 248; k[31] &= 127; k[31] |= 64;
 		BIGNUM * n = DecodeBN<32> (k);
 		BIGNUM * q1 = ScalarMul (p1, n, ctx);
 		EncodeBN (q1, buf, 32);
 		BN_free (p1); BN_free (n); BN_free (q1);
 	}
 #endif
 	void Ed25519::BlindPublicKey (const uint8_t * pub, const uint8_t * seed, uint8_t * blinded)
 	{
 		BN_CTX * ctx = BN_CTX_new ();
--- a/libi2pd/Ed25519.h
+++ b/libi2pd/Ed25519.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2020, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -84,7 +84,10 @@ namespace crypto
 			EDDSAPoint GeneratePublicKey (const uint8_t * expandedPrivateKey, BN_CTX * ctx) const;
 			EDDSAPoint DecodePublicKey (const uint8_t * buf, BN_CTX * ctx) const;
 			void EncodePublicKey (const EDDSAPoint& publicKey, uint8_t * buf, BN_CTX * ctx) const;
-
+#if !OPENSSL_X25519
 			void ScalarMul (const uint8_t * p, const uint8_t * e, uint8_t * buf, BN_CTX * ctx) const; // p is point, e is number for x25519
 			void ScalarMulB (const uint8_t * e, uint8_t * buf, BN_CTX * ctx) const;
 #endif
 			void BlindPublicKey (const uint8_t * pub, const uint8_t * seed, uint8_t * blinded); // for encrypted LeaseSet2, pub - 32, seed - 64, blinded - 32
 			void BlindPrivateKey (const uint8_t * priv, const uint8_t * seed, uint8_t * blindedPriv, uint8_t * blindedPub); // for encrypted LeaseSet2, pub - 32, seed - 64, blinded - 32
@ -112,6 +115,11 @@ namespace crypto
 			BIGNUM * DecodeBN (const uint8_t * buf) const;
 			void EncodeBN (const BIGNUM * bn, uint8_t * buf, size_t len) const;
 #if !OPENSSL_X25519
 			// for x25519
 			BIGNUM * ScalarMul (const BIGNUM * p, const BIGNUM * e, BN_CTX * ctx) const;
 #endif
 		private:
 			BIGNUM * q, * l, * d, * I;
--- a/libi2pd/FS.cpp
+++ b/libi2pd/FS.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -7,17 +7,7 @@
 */
 #include <algorithm>
-
+#include <boost/filesystem.hpp>
 #if defined(MAC_OSX)
 #if !STD_FILESYSTEM
 #include <boost/system/system_error.hpp>
 #endif
 #include <TargetConditionals.h>
 #endif
 #if defined(__HAIKU__)
 #include <FindDirectory.h>
 #endif
 #ifdef _WIN32
 #include <shlobj.h>
@ -30,14 +20,6 @@
 #include "Log.h"
 #include "Garlic.h"
 #if STD_FILESYSTEM
 #include <filesystem>
 namespace fs_lib = std::filesystem;
 #else
 #include <boost/filesystem.hpp>
 namespace fs_lib = boost::filesystem;
 #endif
 namespace i2p {
 namespace fs {
 	std::string appName = "i2pd";
@ -67,17 +49,11 @@ namespace fs {
 	const std::string GetUTF8DataDir () {
 #ifdef _WIN32
-		int size = MultiByteToWideChar(CP_ACP, 0,
+		boost::filesystem::wpath path (dataDir);
-			dataDir.c_str(), dataDir.size(), nullptr, 0);
+		auto loc = boost::filesystem::path::imbue(std::locale( std::locale(), new std::codecvt_utf8_utf16<wchar_t>() ) ); // convert path to UTF-8
-		std::wstring utf16Str(size, L'\0');
+		auto dataDirUTF8 = path.string();
-		MultiByteToWideChar(CP_ACP, 0,
+		boost::filesystem::path::imbue(loc); // Return locale settings back
-			dataDir.c_str(), dataDir.size(), &utf16Str[0], size);
+		return dataDirUTF8;
 		int utf8Size = WideCharToMultiByte(CP_UTF8, 0,
 			utf16Str.c_str(), utf16Str.size(), nullptr, 0, nullptr, nullptr);
 		std::string utf8Str(utf8Size, '\0');
 		WideCharToMultiByte(CP_UTF8, 0,
 			utf16Str.c_str(), utf16Str.size(), &utf8Str[0], utf8Size, nullptr, nullptr);
 		return utf8Str;
 #else
 		return dataDir; // linux, osx, android uses UTF-8 by default
 #endif
@ -106,11 +82,7 @@ namespace fs {
 			}
 			else
 			{
-#if ((BOOST_VERSION >= 108500) || STD_FILESYSTEM)
+				dataDir = boost::filesystem::wpath(commonAppData).string() + "\\" + appName;
 				dataDir = fs_lib::path(commonAppData).string() + "\\" + appName;
 #else
 				dataDir = fs_lib::wpath(commonAppData).string() + "\\" + appName;
 #endif
 			}
 #else
 			dataDir = "/var/lib/" + appName;
@ -135,14 +107,10 @@ namespace fs {
 		}
 		else
 		{
-#if ((BOOST_VERSION >= 108500) || STD_FILESYSTEM)
+			auto execPath = boost::filesystem::wpath(localAppData).parent_path();
 			auto execPath = fs_lib::path(localAppData).parent_path();
 #else
 			auto execPath = fs_lib::wpath(localAppData).parent_path();
 #endif
 			// if config file exists in .exe's folder use it
-			if(fs_lib::exists(execPath/"i2pd.conf")) // TODO: magic string
+			if(boost::filesystem::exists(execPath/"i2pd.conf")) // TODO: magic string
 			{
 				dataDir = execPath.string ();
 			} else // otherwise %appdata%
@ -158,11 +126,7 @@ namespace fs {
 				}
 				else
 				{
-#if ((BOOST_VERSION >= 108500) || STD_FILESYSTEM)
+					dataDir = boost::filesystem::wpath(localAppData).string() + "\\" + appName;
 					dataDir = fs_lib::path(localAppData).string() + "\\" + appName;
 #else
 					dataDir = fs_lib::wpath(localAppData).string() + "\\" + appName;
 #endif
 				}
 			}
 		}
@ -173,17 +137,18 @@ namespace fs {
 		dataDir += "/Library/Application Support/" + appName;
 		return;
 #elif defined(__HAIKU__)
-		char home[PATH_MAX]; // /boot/home/config/settings
+		char *home = getenv("HOME");
-		if (find_directory(B_USER_SETTINGS_DIRECTORY, -1, false, home, PATH_MAX) == B_OK)	
+		if (home != NULL && strlen(home) > 0) {
-			dataDir = std::string(home) + "/" + appName;
+			dataDir = std::string(home) + "/config/settings/" + appName;
-		else
+		} else {
 			dataDir = "/tmp/" + appName;
 		}
 		return;
 #else /* other unix */
 #if defined(ANDROID)
 		const char * ext = getenv("EXTERNAL_STORAGE");
 		if (!ext) ext = "/sdcard";
-		if (fs_lib::exists(ext))
+		if (boost::filesystem::exists(ext))
 		{
 			dataDir = std::string (ext) + "/" + appName;
 			return;
@ -216,16 +181,16 @@ namespace fs {
 	}
 	bool Init() {
-		if (!fs_lib::exists(dataDir))
+		if (!boost::filesystem::exists(dataDir))
-			fs_lib::create_directory(dataDir);
+			boost::filesystem::create_directory(dataDir);
 		std::string destinations = DataDirPath("destinations");
-		if (!fs_lib::exists(destinations))
+		if (!boost::filesystem::exists(destinations))
-			fs_lib::create_directory(destinations);
+			boost::filesystem::create_directory(destinations);
 		std::string tags = DataDirPath("tags");
-		if (!fs_lib::exists(tags))
+		if (!boost::filesystem::exists(tags))
-			fs_lib::create_directory(tags);
+			boost::filesystem::create_directory(tags);
 		else
 			i2p::garlic::CleanUpTagsFiles ();
@ -233,13 +198,13 @@ namespace fs {
 	}
 	bool ReadDir(const std::string & path, std::vector<std::string> & files) {
-		if (!fs_lib::exists(path))
+		if (!boost::filesystem::exists(path))
 			return false;
-		fs_lib::directory_iterator it(path);
+		boost::filesystem::directory_iterator it(path);
-		fs_lib::directory_iterator end;
+		boost::filesystem::directory_iterator end;
 		for ( ; it != end; it++) {
-			if (!fs_lib::is_regular_file(it->status()))
+			if (!boost::filesystem::is_regular_file(it->status()))
 				continue;
 			files.push_back(it->path().string());
 		}
@ -248,42 +213,29 @@ namespace fs {
 	}
 	bool Exists(const std::string & path) {
-		return fs_lib::exists(path);
+		return boost::filesystem::exists(path);
 	}
 	uint32_t GetLastUpdateTime (const std::string & path)
 	{
-		if (!fs_lib::exists(path))
+		if (!boost::filesystem::exists(path))
 			return 0;
 #if STD_FILESYSTEM
 		std::error_code ec;
 		auto t = std::filesystem::last_write_time (path, ec);
 		if (ec) return 0;
 /*#if __cplusplus >= 202002L // C++ 20 or higher
 		const auto sctp = std::chrono::clock_cast<std::chrono::system_clock>(t);
 #else	*/	// TODO: wait until implemented
 		const auto sctp = std::chrono::time_point_cast<std::chrono::system_clock::duration>(
 		    t - decltype(t)::clock::now() + std::chrono::system_clock::now());
 /*#endif */
 		return std::chrono::system_clock::to_time_t(sctp);
 #else
 		boost::system::error_code ec;
 		auto t = boost::filesystem::last_write_time (path, ec);
 		return ec ? 0 : t;
 #endif
 	}
 	bool Remove(const std::string & path) {
-		if (!fs_lib::exists(path))
+		if (!boost::filesystem::exists(path))
 			return false;
-		return fs_lib::remove(path);
+		return boost::filesystem::remove(path);
 	}
 	bool CreateDirectory (const std::string& path)
 	{
-		if (fs_lib::exists(path) && fs_lib::is_directory (fs_lib::status (path)))
+		if (boost::filesystem::exists(path) && boost::filesystem::is_directory (boost::filesystem::status (path)))
 			return true;
-		return fs_lib::create_directory(path);
+		return boost::filesystem::create_directory(path);
 	}
 	void HashedStorage::SetPlace(const std::string &path) {
@ -291,30 +243,16 @@ namespace fs {
 	}
 	bool HashedStorage::Init(const char * chars, size_t count) {
-		if (!fs_lib::exists(root)) {
+		if (!boost::filesystem::exists(root)) {
-			fs_lib::create_directories(root);
+			boost::filesystem::create_directories(root);
 		}
 		for (size_t i = 0; i < count; i++) {
 			auto p = root + i2p::fs::dirSep + prefix1 + chars[i];
-			if (fs_lib::exists(p))
+			if (boost::filesystem::exists(p))
 				continue;
-#if TARGET_OS_SIMULATOR
+			if (boost::filesystem::create_directory(p))
 			// ios simulator fs says it is case sensitive, but it is not
 			boost::system::error_code ec;
 			if (fs_lib::create_directory(p, ec))
 				continue;
 			switch (ec.value()) {
 				case boost::system::errc::file_exists:
 				case boost::system::errc::success:
 					continue;
 				default:
 					throw boost::system::system_error( ec, __func__ );
 			}
 #else
 			if (fs_lib::create_directory(p))
 				continue; /* ^ throws exception on failure */
 #endif
 			return false;
 		}
 		return true;
@ -335,9 +273,9 @@ namespace fs {
 	void HashedStorage::Remove(const std::string & ident) {
 		std::string path = Path(ident);
-		if (!fs_lib::exists(path))
+		if (!boost::filesystem::exists(path))
 			return;
-		fs_lib::remove(path);
+		boost::filesystem::remove(path);
 	}
 	void HashedStorage::Traverse(std::vector<std::string> & files) {
@ -348,12 +286,12 @@ namespace fs {
 	void HashedStorage::Iterate(FilenameVisitor v)
 	{
-		fs_lib::path p(root);
+		boost::filesystem::path p(root);
-		fs_lib::recursive_directory_iterator it(p);
+		boost::filesystem::recursive_directory_iterator it(p);
-		fs_lib::recursive_directory_iterator end;
+		boost::filesystem::recursive_directory_iterator end;
 		for ( ; it != end; it++) {
-			if (!fs_lib::is_regular_file( it->status() ))
+			if (!boost::filesystem::is_regular_file( it->status() ))
 				continue;
 			const std::string & t = it->path().string();
 			v(t);
--- a/libi2pd/FS.h
+++ b/libi2pd/FS.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2020, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -15,16 +15,6 @@
 #include <sstream>
 #include <functional>
 #ifndef STD_FILESYSTEM
 #	if (_WIN32 && __GNUG__) // MinGW GCC somehow incorrectly converts paths
 #		define STD_FILESYSTEM 0
 #	elif (!TARGET_OS_SIMULATOR && __has_include(<filesystem>)) // supports std::filesystem
 #		define STD_FILESYSTEM 1
 #	else
 #		define STD_FILESYSTEM 0
 #	endif
 #endif
 namespace i2p {
 namespace fs {
 	extern std::string dirSep;
--- a/libi2pd/Family.cpp
+++ b/libi2pd/Family.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -7,6 +7,7 @@
 */
 #include <string.h>
 #include <openssl/evp.h>
 #include <openssl/ssl.h>
 #include "Crypto.h"
 #include "FS.h"
@ -24,8 +25,6 @@ namespace data
 	Families::~Families ()
 	{
 		for (auto it : m_SigningKeys)
 			if (it.second.first) EVP_PKEY_free (it.second.first);
 	}
 	void Families::LoadCertificate (const std::string& filename)
@ -48,16 +47,48 @@ namespace data
 					cn += 3;
 					char * family = strstr (cn, ".family");
 					if (family) family[0] = 0;
 					auto pkey = X509_get_pubkey (cert);
 					if (pkey)
 					{	
 						if (!m_SigningKeys.emplace (cn, std::make_pair(pkey, (int)m_SigningKeys.size () + 1)).second)
 						{
 							EVP_PKEY_free (pkey);
 							LogPrint (eLogError, "Family: Duplicated family name ", cn);
 						}	
 					}	
 				}
 				auto pkey = X509_get_pubkey (cert);
 				int keyType = EVP_PKEY_base_id (pkey);
 				switch (keyType)
 				{
 					case EVP_PKEY_DSA:
 						// TODO:
 					break;
 					case EVP_PKEY_EC:
 					{
 						EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey);
 						if (ecKey)
 						{
 							auto group = EC_KEY_get0_group (ecKey);
 							if (group)
 							{
 								int curve = EC_GROUP_get_curve_name (group);
 								if (curve == NID_X9_62_prime256v1)
 								{
 									uint8_t signingKey[64];
 									BIGNUM * x = BN_new(), * y = BN_new();
 									EC_POINT_get_affine_coordinates_GFp (group,
 										EC_KEY_get0_public_key (ecKey), x, y, NULL);
 									i2p::crypto::bn2buf (x, signingKey, 32);
 									i2p::crypto::bn2buf (y, signingKey + 32, 32);
 									BN_free (x); BN_free (y);
 									verifier = std::make_shared<i2p::crypto::ECDSAP256Verifier>();
 									verifier->SetPublicKey (signingKey);
 								}
 								else
 									LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");
 							}
 							EC_KEY_free (ecKey);
 						}
 						break;
 					}
 					default:
 						LogPrint (eLogWarning, "Family: Certificate key type ", keyType, " is not supported");
 				}
 				EVP_PKEY_free (pkey);
 				if (verifier && cn)
 					m_SigningKeys.emplace (cn, std::make_pair(verifier, (int)m_SigningKeys.size () + 1));
 			}
 			SSL_free (ssl);
 		}
@ -90,31 +121,23 @@ namespace data
 	}
 	bool Families::VerifyFamily (const std::string& family, const IdentHash& ident,
-		std::string_view signature, const char * key) const
+		const char * signature, const char * key) const
 	{
 		uint8_t buf[100], signatureBuf[64];
-		size_t len = family.length ();
+		size_t len = family.length (), signatureLen = strlen (signature);
 		if (len + 32 > 100)
 		{
 			LogPrint (eLogError, "Family: ", family, " is too long");
 			return false;
 		}
 		memcpy (buf, family.c_str (), len);
 		memcpy (buf + len, (const uint8_t *)ident, 32);
 		len += 32;
 		Base64ToByteStream (signature, signatureLen, signatureBuf, 64);
 		auto it = m_SigningKeys.find (family);
-		if (it != m_SigningKeys.end () && it->second.first)
+		if (it != m_SigningKeys.end ())
-		{	
+			return it->second.first->Verify (buf, len, signatureBuf);
 			memcpy (buf, family.c_str (), len);
 			memcpy (buf + len, (const uint8_t *)ident, 32);
 			len += 32;
 			auto signatureBufLen = Base64ToByteStream (signature, signatureBuf, 64);
 			if (signatureBufLen)
 			{
 				EVP_MD_CTX * ctx = EVP_MD_CTX_create ();
 				EVP_DigestVerifyInit (ctx, NULL, NULL, NULL, it->second.first);
 				auto ret = EVP_DigestVerify (ctx, signatureBuf, signatureBufLen, buf, len);
 				EVP_MD_CTX_destroy (ctx);
 				return ret;
 			}	
 		}	
 		// TODO: process key
 		return true;
 	}
@ -154,7 +177,12 @@ namespace data
 						memcpy (buf + len, (const uint8_t *)ident, 32);
 						len += 32;
 						signer.Sign (buf, len, signature);
-						sig = ByteStreamToBase64 (signature, 64);
+						len = Base64EncodingBufferSize (64);
 						char * b64 = new char[len+1];
 						len = ByteStreamToBase64 (signature, 64, b64, len);
 						b64[len] = 0;
 						sig = b64;
 						delete[] b64;
 					}
 					else
 						LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");
--- a/libi2pd/Family.h
+++ b/libi2pd/Family.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -11,9 +11,8 @@
 #include <map>
 #include <string>
 #include <string_view>
 #include <memory>
-#include <openssl/evp.h>
+#include "Signature.h"
 #include "Identity.h"
 namespace i2p
@ -29,7 +28,7 @@ namespace data
 			~Families ();
 			void LoadCertificates ();
 			bool VerifyFamily (const std::string& family, const IdentHash& ident,
-				std::string_view signature, const char * key = nullptr) const;
+				const char * signature, const char * key = nullptr) const;
 			FamilyID GetFamilyID (const std::string& family) const;
 		private:
@ -38,7 +37,7 @@ namespace data
 		private:
-			std::map<std::string, std::pair<EVP_PKEY *, FamilyID> > m_SigningKeys; // family -> (verification pkey, id)
+			std::map<std::string, std::pair<std::shared_ptr<i2p::crypto::Verifier>, FamilyID> > m_SigningKeys; // family -> (verifier, id)
 	};
 	std::string CreateFamilySignature (const std::string& family, const IdentHash& ident);
--- a/libi2pd/Garlic.cpp
+++ b/libi2pd/Garlic.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2025, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -45,17 +45,22 @@ namespace garlic
 	{
 		if (!m_SharedRoutingPath) return nullptr;
 		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
-		if (!m_SharedRoutingPath->outboundTunnel->IsEstablished () ||
+		if (m_SharedRoutingPath->numTimesUsed >= ROUTING_PATH_MAX_NUM_TIMES_USED ||
 			!m_SharedRoutingPath->outboundTunnel->IsEstablished () ||
 			ts*1000LL > m_SharedRoutingPath->remoteLease->endDate ||
 			ts > m_SharedRoutingPath->updateTime + ROUTING_PATH_EXPIRATION_TIMEOUT)
 				m_SharedRoutingPath = nullptr;
 		if (m_SharedRoutingPath) m_SharedRoutingPath->numTimesUsed++;
 		return m_SharedRoutingPath;
 	}
 	void GarlicRoutingSession::SetSharedRoutingPath (std::shared_ptr<GarlicRoutingPath> path)
 	{
 		if (path && path->outboundTunnel && path->remoteLease)
 		{
 			path->updateTime = i2p::util::GetSecondsSinceEpoch ();
 			path->numTimesUsed = 0;
 		}
 		else
 			path = nullptr;
 		m_SharedRoutingPath = path;
@ -75,7 +80,7 @@ namespace garlic
 	void GarlicRoutingSession::CleanupUnconfirmedLeaseSet (uint64_t ts)
 	{
-		if (m_LeaseSetUpdateMsgID && ts*1000LL > m_LeaseSetSubmissionTime + LEASESET_CONFIRMATION_TIMEOUT)
+		if (m_LeaseSetUpdateMsgID && ts*1000LL > m_LeaseSetSubmissionTime + LEASET_CONFIRMATION_TIMEOUT)
 		{
 			if (GetOwner ())
 				GetOwner ()->RemoveDeliveryStatusSession (m_LeaseSetUpdateMsgID);
@ -160,7 +165,7 @@ namespace garlic
 			uint8_t iv[32]; // IV is first 16 bytes
 			SHA256(elGamal.preIV, 32, iv);
 			m_Destination->Encrypt ((uint8_t *)&elGamal, buf);
-			m_IV = iv;
+			m_Encryption.SetIV (iv);
 			buf += 514;
 			len += 514;
 		}
@ -170,7 +175,7 @@ namespace garlic
 			memcpy (buf, tag, 32);
 			uint8_t iv[32]; // IV is first 16 bytes
 			SHA256(tag, 32, iv);
-			m_IV = iv;
+			m_Encryption.SetIV (iv);
 			buf += 32;
 			len += 32;
 		}
@ -210,7 +215,7 @@ namespace garlic
 		size_t rem = blockSize % 16;
 		if (rem)
 			blockSize += (16-rem); //padding
-		m_Encryption.Encrypt(buf, blockSize, m_IV, buf);
+		m_Encryption.Encrypt(buf, blockSize, buf);
 		return blockSize;
 	}
@ -227,7 +232,7 @@ namespace garlic
 		if (GetOwner ())
 		{
 			// resubmit non-confirmed LeaseSet
-			if (GetLeaseSetUpdateStatus () == eLeaseSetSubmitted && ts > GetLeaseSetSubmissionTime () + LEASESET_CONFIRMATION_TIMEOUT)
+			if (GetLeaseSetUpdateStatus () == eLeaseSetSubmitted && ts > GetLeaseSetSubmissionTime () + LEASET_CONFIRMATION_TIMEOUT)
 			{
 				SetLeaseSetUpdateStatus (eLeaseSetUpdated);
 				SetSharedRoutingPath (nullptr); // invalidate path since leaseset was not confirmed
@ -426,8 +431,7 @@ namespace garlic
 	}
 	GarlicDestination::GarlicDestination (): m_NumTags (32), // 32 tags by default
-		m_PayloadBuffer (nullptr), m_LastIncomingSessionTimestamp (0), 
+		m_PayloadBuffer (nullptr), m_NumRatchetInboundTags (0) // 0 means standard
 		m_NumRatchetInboundTags (0) // 0 means standard
 	{
 	}
@ -498,8 +502,7 @@ namespace garlic
 		buf += 4; // length
 		bool found = false;
-		bool supportsRatchets = SupportsRatchets ();
+		if (SupportsEncryptionType (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD))
 		if (supportsRatchets)
 			// try ECIESx25519 tag
 			found = HandleECIESx25519TagMessage (buf, length);
 		if (!found)
@ -515,7 +518,8 @@ namespace garlic
 				{
 					uint8_t iv[32]; // IV is first 16 bytes
 					SHA256(buf, 32, iv);
-					decryption->Decrypt (buf + 32, length - 32, iv, buf + 32);
+					decryption->SetIV (iv);
 					decryption->Decrypt (buf + 32, length - 32, buf + 32);
 					HandleAESBlock (buf + 32, length - 32, decryption, msg->from);
 					found = true;
 				}
@ -533,23 +537,43 @@ namespace garlic
 					auto decryption = std::make_shared<AESDecryption>(elGamal.sessionKey);
 					uint8_t iv[32]; // IV is first 16 bytes
 					SHA256(elGamal.preIV, 32, iv);
-					decryption->Decrypt(buf + 514, length - 514, iv, buf + 514);
+					decryption->SetIV (iv);
 					decryption->Decrypt(buf + 514, length - 514, buf + 514);
 					HandleAESBlock (buf + 514, length - 514, decryption, msg->from);
 				}
-				else if (supportsRatchets)
+				else if (SupportsEncryptionType (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD))
 				{
 					// otherwise ECIESx25519
-					auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+					auto session = std::make_shared<ECIESX25519AEADRatchetSession> (this, false); // incoming
-					if (ts > m_LastIncomingSessionTimestamp + INCOMING_SESSIONS_MINIMAL_INTERVAL) 
+					if (!session->HandleNextMessage (buf, length, nullptr, 0))
 					{
-						auto session = std::make_shared<ECIESX25519AEADRatchetSession> (this, false); // incoming
+						// try to generate more tags for last tagset
-						if (session->HandleNextMessage (buf, length, nullptr, 0))
+						if (m_LastTagset && (m_LastTagset->GetNextIndex () - m_LastTagset->GetTrimBehind () < 3*ECIESX25519_MAX_NUM_GENERATED_TAGS))
-							m_LastIncomingSessionTimestamp = ts;
+						{
-						else
+							uint64_t missingTag; memcpy (&missingTag, buf, 8);
 							auto maxTags = std::max (m_NumRatchetInboundTags, ECIESX25519_MAX_NUM_GENERATED_TAGS);
 							LogPrint (eLogWarning, "Garlic: Trying to generate more ECIES-X25519-AEAD-Ratchet tags");
 							for (int i = 0; i < maxTags; i++)
 							{
 								auto nextTag = AddECIESx25519SessionNextTag (m_LastTagset);
 								if (!nextTag)
 								{
 									LogPrint (eLogError, "Garlic: Can't create new ECIES-X25519-AEAD-Ratchet tag for last tagset");
 									break;
 								}
 								if (nextTag == missingTag)
 								{
 									LogPrint (eLogDebug, "Garlic: Missing ECIES-X25519-AEAD-Ratchet tag was generated");
 									if (m_LastTagset->HandleNextMessage (buf, length, m_ECIESx25519Tags[nextTag].index))
 										found = true;
 									break;
 								}
 							}
 							if (!found) m_LastTagset = nullptr;
 						}
 						if (!found)
 							LogPrint (eLogError, "Garlic: Can't handle ECIES-X25519-AEAD-Ratchet message");
 					}
 					else
 						LogPrint (eLogWarning, "Garlic: Incoming sessions come too often");
 				}
 				else
 					LogPrint (eLogError, "Garlic: Failed to decrypt message");
@ -564,7 +588,9 @@ namespace garlic
 		auto it = m_ECIESx25519Tags.find (tag);
 		if (it != m_ECIESx25519Tags.end ())
 		{
-			if (!it->second.tagset || !it->second.tagset->HandleNextMessage (buf, len, it->second.index))
+			if (it->second.tagset && it->second.tagset->HandleNextMessage (buf, len, it->second.index))
 				m_LastTagset = it->second.tagset;
 			else
 				LogPrint (eLogError, "Garlic: Can't handle ECIES-X25519-AEAD-Ratchet message");
 			m_ECIESx25519Tags.erase (it);
 			return true;
@ -745,38 +771,32 @@ namespace garlic
 	}
 	std::shared_ptr<GarlicRoutingSession> GarlicDestination::GetRoutingSession (
-		std::shared_ptr<const i2p::data::RoutingDestination> destination, bool attachLeaseSet,
+		std::shared_ptr<const i2p::data::RoutingDestination> destination, bool attachLeaseSet)
 	    bool requestNewIfNotFound)
 	{
-		if (destination->GetEncryptionType () >= i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)
+		if (destination->GetEncryptionType () == i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD &&
 			SupportsEncryptionType (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD))
 		{
-			if (SupportsEncryptionType (destination->GetEncryptionType ()))
+			ECIESX25519AEADRatchetSessionPtr session;
 			uint8_t staticKey[32];
 			destination->Encrypt (nullptr, staticKey); // we are supposed to get static key
 			auto it = m_ECIESx25519Sessions.find (staticKey);
 			if (it != m_ECIESx25519Sessions.end ())
 			{
-				ECIESX25519AEADRatchetSessionPtr session;
+				session = it->second;
-				uint8_t staticKey[32];
+				if (session->IsInactive (i2p::util::GetSecondsSinceEpoch ()))
 				destination->Encrypt (nullptr, staticKey); // we are supposed to get static key
 				auto it = m_ECIESx25519Sessions.find (staticKey);
 				if (it != m_ECIESx25519Sessions.end ())
 				{
-					session = it->second;
+					LogPrint (eLogDebug, "Garlic: Session restarted");
-					if (session->IsInactive (i2p::util::GetSecondsSinceEpoch ()))
+					session = nullptr;
 					{
 						LogPrint (eLogDebug, "Garlic: Session restarted");
 						requestNewIfNotFound = true; // it's not a new session
 						session = nullptr;
 					}
 				}
 				if (!session && requestNewIfNotFound)
 				{
 					session = std::make_shared<ECIESX25519AEADRatchetSession> (this, true);
 					session->SetRemoteStaticKey (destination->GetEncryptionType (), staticKey);
 				}
 				if (session && destination->IsDestination ())
 					session->SetDestination (destination->GetIdentHash ()); // NS or NSR
 				return session;
 			}
-			else
+			if (!session)
-				LogPrint (eLogError, "Garlic: Non-supported encryption type ", destination->GetEncryptionType ());
+			{
 				session = std::make_shared<ECIESX25519AEADRatchetSession> (this, true);
 				session->SetRemoteStaticKey (staticKey);
 			}
 			if (destination->IsDestination ())
 				session->SetDestination (destination->GetIdentHash ()); // TODO: remove
 			return session;
 		}
 		else
 		{
@ -867,7 +887,8 @@ namespace garlic
 			}
 			else
 			{
-				if (it->second.tagset->IsSessionTerminated ())
+				auto session = it->second.tagset->GetSession ();
 				if (!session || session->IsTerminated())
 				{
 					it = m_ECIESx25519Tags.erase (it);
 					numExpiredTags++;
@ -878,6 +899,8 @@ namespace garlic
 		}
 		if (numExpiredTags > 0)
 			LogPrint (eLogDebug, "Garlic: ", numExpiredTags, " ECIESx25519 tags expired for ", GetIdentHash().ToBase64 ());
 		if (m_LastTagset && m_LastTagset->IsExpired (ts))
 			m_LastTagset = nullptr;
 	}
 	void GarlicDestination::RemoveDeliveryStatusSession (uint32_t msgID)
@ -911,7 +934,7 @@ namespace garlic
 		}
 	}
-	void GarlicDestination::SetLeaseSetUpdated (bool post)
+	void GarlicDestination::SetLeaseSetUpdated ()
 	{
 		{
 			std::unique_lock<std::mutex> l(m_SessionsMutex);
@ -1004,8 +1027,7 @@ namespace garlic
 				i2p::fs::Remove (it);
 	}
-	void GarlicDestination::HandleECIESx25519GarlicClove (const uint8_t * buf, size_t len,
+	void GarlicDestination::HandleECIESx25519GarlicClove (const uint8_t * buf, size_t len)
 		ECIESX25519AEADRatchetSession * from)
 	{
 		const uint8_t * buf1 = buf;
 		uint8_t flag = buf[0]; buf++; // flag
@ -1015,7 +1037,9 @@ namespace garlic
 			case eGarlicDeliveryTypeDestination:
 				LogPrint (eLogDebug, "Garlic: Type destination");
 				buf += 32; // TODO: check destination
 #if (__cplusplus >= 201703L) // C++ 17 or higher
 				[[fallthrough]];
 #endif
 				// no break here
 			case eGarlicDeliveryTypeLocal:
 			{
@ -1025,7 +1049,7 @@ namespace garlic
 				buf += 4; // expiration
 				ptrdiff_t offset = buf - buf1;
 				if (offset <= (int)len)
-					HandleCloveI2NPMessage (typeID, buf, len - offset, msgID, from);
+					HandleCloveI2NPMessage (typeID, buf, len - offset, msgID);
 				else
 					LogPrint (eLogError, "Garlic: Clove is too long");
 				break;
@ -1109,17 +1133,5 @@ namespace garlic
 			m_PayloadBuffer = new uint8_t[I2NP_MAX_MESSAGE_SIZE];
 		return m_PayloadBuffer;
 	}
 	bool GarlicDestination::AEADChaCha20Poly1305Encrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
 		const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len)
 	{
 		return m_Encryptor.Encrypt (msg, msgLen, ad, adLen, key, nonce, buf, len);
 	}
 	bool GarlicDestination::AEADChaCha20Poly1305Decrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
 		const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len)
 	{
 		return m_Decryptor.Decrypt (msg, msgLen, ad, adLen, key, nonce, buf, len);
 	}	
 }
 }
--- a/Show more
+++ b/Show more
`@ -1,4 +1,4 @@`
	`Copyright (c) 2013-2025, The PurpleI2P Project`	`Copyright (c) 2013-2023, The PurpleI2P Project`

	`All rights reserved.`	`All rights reserved.`
`@ -8,4 +8,4 @@ env LOGFILE="/var/log/i2pd/i2pd.log"`

	`expect fork`	`expect fork`

	`exec /usr/bin/i2pd --daemon --service --log=file --logfile=$LOGFILE`	`exec /usr/sbin/i2pd --daemon --service --log=file --logfile=$LOGFILE`