From 7e5784e626aeac00701c4a2b3023a91b82e9fb86 Mon Sep 17 00:00:00 2001
From: Felix Golatofski <git@xdfr.de>
Date: Mon, 16 Aug 2021 12:37:45 +0200
Subject: [PATCH 01/14] Updated: checkout action

---
 .github/workflows/lint.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 32d5ed05..3ee8adf3 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -8,7 +8,7 @@ jobs:
     name: Lua
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
       - name: Install Dependencies
         run: sudo apt-get install lua-check
       - name: Lint Lua

From c34e108d01447fb8a9feecffae97061e8d635e35 Mon Sep 17 00:00:00 2001
From: Annika Wickert <awlx@users.noreply.github.com>
Date: Mon, 18 Oct 2021 10:31:25 +0200
Subject: [PATCH 02/14] Update Makefile

---
 ffmuc-gluon-mesh-vpn-wireguard-vxlan/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/Makefile b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/Makefile
index 7b307ed6..386c9718 100644
--- a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/Makefile
+++ b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/Makefile
@@ -14,4 +14,4 @@ define Package/ffmuc-gluon-mesh-vpn-wireguard-vxlan
   DEPENDS:=+gluon-mesh-vpn-core +micrond +kmod-wireguard +wireguard-tools +ip-full
 endef
 
-$(eval $(call BuildPackageGluon,gluon-mesh-vpn-wireguard-vxlan))
+$(eval $(call BuildPackageGluon,ffmuc-gluon-mesh-vpn-wireguard-vxlan))

From 97b3ab335698d02019172b596bf292467889adf4 Mon Sep 17 00:00:00 2001
From: Felix Golatofski <git@xdfr.de>
Date: Mon, 16 Aug 2021 12:37:45 +0200
Subject: [PATCH 03/14] Updated: checkout action

ffka-gluon-web-usb-wan-hotplug: i18n/de.po: fix typo (#13)

ffmuc-gluon-mesh-vpn-wireguard-vxlan: add package (#6)

Co-authored-by: Annika Wickert <annika.wickert@exaring.de>
Co-authored-by: krombel <krombel@krombel.de>
Co-authored-by: Martin Weinelt <mweinelt@users.noreply.github.com>
Co-authored-by: lqb <lqb@users.noreply.github.com>
Co-authored-by: lqb <lqb@gmx.de>
Co-authored-by: Julian Labus <julian@labus-online.de>
Co-authored-by: Tristan Helmich <fadenb@users.noreply.github.com>
Co-authored-by: goligo <ich@malte.de>

Update Makefile
---
 .github/workflows/lint.yml                    |   2 +-
 ffka-gluon-web-usb-wan-hotplug/i18n/de.po     |   4 +-
 ffmuc-gluon-mesh-vpn-wireguard-vxlan/Makefile |  17 +++
 .../README.md                                 |  59 +++++++++
 .../files/etc/config/wireguard                |   0
 .../gluon-mesh-wireguard-vxlan/checkuplink    | 120 ++++++++++++++++++
 .../lib/gluon/mesh-vpn/provider/wireguard     |   0
 .../lib/micron.d/gluon-mesh-wireguard-vxlan   |   1 +
 .../lib/gluon/upgrade/400-mesh-vpn-wireguard  |  42 ++++++
 .../lua/gluon/mesh-vpn/provider/wireguard.lua |  36 ++++++
 10 files changed, 278 insertions(+), 3 deletions(-)
 create mode 100644 ffmuc-gluon-mesh-vpn-wireguard-vxlan/Makefile
 create mode 100644 ffmuc-gluon-mesh-vpn-wireguard-vxlan/README.md
 create mode 100644 ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/etc/config/wireguard
 create mode 100755 ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
 create mode 100644 ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/mesh-vpn/provider/wireguard
 create mode 100644 ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/usr/lib/micron.d/gluon-mesh-wireguard-vxlan
 create mode 100755 ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard
 create mode 100644 ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 32d5ed05..3ee8adf3 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -8,7 +8,7 @@ jobs:
     name: Lua
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
       - name: Install Dependencies
         run: sudo apt-get install lua-check
       - name: Lint Lua
diff --git a/ffka-gluon-web-usb-wan-hotplug/i18n/de.po b/ffka-gluon-web-usb-wan-hotplug/i18n/de.po
index c3fe568e..f05c3edd 100644
--- a/ffka-gluon-web-usb-wan-hotplug/i18n/de.po
+++ b/ffka-gluon-web-usb-wan-hotplug/i18n/de.po
@@ -19,6 +19,6 @@ msgstr "USB-WAN-Hotplug"
 msgid "ffka-gluon-web-usb-wan-hotplug:description"
 msgstr ""
 "Dein Knoten kann automatisch einen per USB angeschlossen Ethernet-Adapter als WAN benutzen. "
-"Das ist insbesondere Praktisch wenn als WAN der mobile Hotspot eines per USB verbundenen "
+"Das ist insbesondere praktisch wenn als WAN der mobile Hotspot eines per USB verbundenen "
 "Mobiltelefons verwendet werden soll. Für iOS wird automatisch die Trust-Frage ausgelöst, "
-"wenn diese positiv beantwortet wird stellt auch iOS ein Ethernet Gerät über USB zur verfügung."
+"wenn diese positiv beantwortet wird stellt auch iOS ein Ethernet Gerät über USB zur Verfügung."
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/Makefile b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/Makefile
new file mode 100644
index 00000000..386c9718
--- /dev/null
+++ b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/Makefile
@@ -0,0 +1,17 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ffmuc-gluon-mesh-vpn-wireguard-vxlan
+PKG_VERSION:=1
+PKG_RELEASE:=1
+
+PKG_MAINTAINER:=Annika Wickert <aw@awlnx.space>
+PKG_LICENSE:=GPL-2.0-or-later
+
+include $(TOPDIR)/../package/gluon.mk
+
+define Package/ffmuc-gluon-mesh-vpn-wireguard-vxlan
+  TITLE:=Support for connecting meshes via wireguard
+  DEPENDS:=+gluon-mesh-vpn-core +micrond +kmod-wireguard +wireguard-tools +ip-full
+endef
+
+$(eval $(call BuildPackageGluon,ffmuc-gluon-mesh-vpn-wireguard-vxlan))
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/README.md b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/README.md
new file mode 100644
index 00000000..a0a8fbd8
--- /dev/null
+++ b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/README.md
@@ -0,0 +1,59 @@
+# gluon-mesh-vpn-wireguard-vxlan
+
+You can use this package for connecting with wireguard to the Freifunk Munich network.
+
+You should use something like the following in the site.conf:
+
+	
+```
+ mesh_vpn = {
+	mtu = 1400,
+	wireguard = {
+		enabled = '1',
+		iface = 'mesh-vpn',
+		limit = '1', -- actually unused
+		broker = 'broker.ffmuc.net/api/v1/wg/key/exchange',
+		peers = {
+				{
+					publickey ='N9uF5Gg1B5AqWrE9IuvDgzmQePhqhb8Em/HrRpAdnlY=',
+					endpoint ='ffkwsn01.freifunk-koenigswinter.de:30020',
+					link_address = 'fe80::f000:22ff:fe12:01',
+				},
+				{
+					publickey ='liatbdT62FbPiDPHKBqXVzrEo6hc5oO5tmEKDMhMTlU=',
+					endpoint ='ffkwsn02.freifunk-koenigswinter.de:30020',
+					link_address = 'fe80::f000:22ff:fe12:02',
+				},
+				{
+					publickey ='xakSGG39D1v90j3Z9eVWzojh6nDbnsVUc/RByVdcKB0=',
+					endpoint ='ffkwsn03.freifunk-koenigswinter.de:30020',
+					link_address = 'fe80::f000:22ff:fe12:07',
+				},
+
+			},
+	},
+	
+```
+And you should include the package in the site.mk of course!
+
+### Dependencies
+
+This relies on [wgkex](https://github.com/freifunkMUC/wgkex) the FFMUC wireguard broker running on the configured broker address. The broker programms the gateway to accept the WireGuard key which is transmitted during connection.
+
+For the health-checks a webserver of some kind needs to listen to `HTTP GET` requests on the gateways.
+
+### How it works
+
+When `checkuplink` gets called (which happens every minute via cronjob), it checks if the gateway connection is still alive by calling `wget` and connecting to `wireguard.peer.peer_[number].link_address`. If this address replies we also start a `batctl ping` to the same address. If both checks succeed the connection just stays alive.
+
+If one of the checks above bails out with an error the reconnect cycle is started. Which means `checkuplink` registers itself with `wireguard.broker` by sending the WireGuard public_key over either http or https (depending on the device support). After the key was sent the script tries to randomely connect to one of the `wireguard.peer`. This script prefers to establish connections over IPv6 and falls back to IPv4 only if there is no IPv6 default route.
+
+### Interesting Links
+
+- [FFMUC: Half a year with WireGuard](https://www.slideshare.net/AnnikaWickert/ffmuc-half-a-year-with-wireguard)
+- [FFMUC: WireGuard Firmware (German)](https://ffmuc.net/freifunkmuc/2020/12/03/wireguard-firmware/)
+- [FFMUC: Statistics](https://stats.ffmuc.net)
+
+### Contact
+
+Feel free to ask questions in the [FFMUC chat](https://chat.ffmuc.net).
\ No newline at end of file
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/etc/config/wireguard b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/etc/config/wireguard
new file mode 100644
index 00000000..e69de29b
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
new file mode 100755
index 00000000..9d5a27f6
--- /dev/null
+++ b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
@@ -0,0 +1,120 @@
+#!/bin/sh
+
+if { set -C; 2>/dev/null >/var/lock/checkuplink.lock; }; then
+         trap "rm -f /var/lock/checkuplink.lock" EXIT
+else
+         echo "Lock file exists... exiting"
+         exit
+fi
+
+interface_linklocal() {
+	# We generate a predictable v6 address
+	local macaddr="$(echo $(uci get wireguard.mesh_vpn.privatekey | wg pubkey) |md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/')"
+	local oldIFS="$IFS"; IFS=':'; set -- $macaddr; IFS="$oldIFS"
+	echo "fe80::$1$2:$3ff:fe$4:$5$6"
+}
+
+clean_port() {
+	echo "$(echo $1 | sed -r 's/:[0-9]+$|\[|\]//g')"
+}
+
+check_address_family() {
+	local peer_publickey="$1"
+	local peer_endpoint="$2"
+	local gateway="$(clean_port $peer_endpoint)"
+	# Check if we have a default route for v6 if not fallback to v4
+	defgw=$(ip -6 route show table 1 | grep 'default via')
+	if [ "$?" -eq "0" ]; then
+		local ipv6="$(gluon-wan nslookup $gateway | grep 'Address [0-9]' | egrep -o '([a-f0-9:]+:+)+[a-f0-9]+')"
+		echo [$ipv6]$(echo $peer_endpoint | egrep -oe :[0-9]+$)
+	else
+		local ipv4="$(gluon-wan nslookup $gateway | grep 'Address [0-9]' | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")"
+		echo $ipv4$(echo $peer_endpoint | egrep -oe :[0-9]+$)
+	fi
+
+}
+
+# Do we already have a private-key? If not generate one
+temp=$(uci get wireguard.mesh_vpn.privatekey)
+if [ "$?" -ne "0" ]; then
+	uci set wireguard.mesh_vpn.privatekey=$(wg genkey)
+	uci commit wireguard
+fi
+
+# Is wireguard enabled?
+if [ "$(uci get wireguard.mesh_vpn.enabled)" == "true" ] || [ "$(uci get wireguard.mesh_vpn.enabled)" == "1" ]; then
+
+	#We assume we are not connected by default
+	CONNECTED=0
+
+	MESH_VPN_IFACE=$(uci get wireguard.mesh_vpn.iface)
+
+	# Check connectivity to supernode
+	wget http://[$(wg  | grep fe80 | awk '{split($3,A,"/")};{print A[1]}')%$MESH_VPN_IFACE]/  --timeout=5 -O/dev/null -q
+	if [ "$?" -eq "0" ]; then
+		GWMAC=$(batctl gwl | grep \* | awk '{print $2}')
+		batctl ping -c 5 $GWMAC &> /dev/null
+		if [ "$?" -eq "0" ]; then
+			CONNECTED=1
+		fi
+	fi
+
+	# If we don't have a connection we try to connect
+	if [ "$CONNECTED" -ne "1" ]; then
+		logger -t checkuplink "Reconnecting ..."
+		NTP_SERVER=$(uci get system.ntp.server)
+		gluon-wan /usr/sbin/ntpd -n -N -S /usr/sbin/ntpd-hotplug -p $NTP_SERVER -q
+
+		# Get the number of configured peers and randomly select one
+		NUMBER_OF_PEERS=$(uci -q show wireguard | egrep -ce peer_[0-9]+.endpoint)
+		PEER="$(awk -v min=1 -v max=$NUMBER_OF_PEERS 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')"
+		PEER_PUBLICKEY="$(uci get wireguard.peer_$PEER.publickey)"
+
+		logger -t checkuplink "Selected peer $PEER"
+
+		endpoint="$(check_address_family "$PEER_PUBLICKEY" "$(uci get wireguard.peer_$PEER.endpoint)")"
+
+		logger -t checkuplink "Connecting to $endpoint"
+
+		# Delete Interfaces
+		ip link set nomaster dev mesh-vpn &> /dev/null
+		ip link delete dev mesh-vpn &> /dev/null
+		ip link del $MESH_VPN_IFACE &> /dev/null
+		PUBLICKEY=$(uci get wireguard.mesh_vpn.privatekey | wg pubkey)
+		SEGMENT=$(uci get gluon.core.domain)
+
+		# Push public key to broker, test for https and use if supported
+		wget -q https://[::1]
+		if [ $? -eq 1 ]; then
+			PROTO=http
+		else
+			PROTO=https
+		fi
+		gluon-wan wget -q  -O- --post-data='{"domain": "'"$SEGMENT"'","public_key": "'"$PUBLICKEY"'"}' $PROTO://$(uci get wireguard.broker)
+		
+		# Bring up the wireguard interface
+		ip link add dev $MESH_VPN_IFACE type wireguard
+		wg set $MESH_VPN_IFACE fwmark 1
+		uci get wireguard.mesh_vpn.privatekey | wg set $MESH_VPN_IFACE private-key /proc/self/fd/0
+		ip link set up dev $MESH_VPN_IFACE
+
+		# Add link-address and Peer
+		ip address add "$(interface_linklocal "$MESH_VPN_IFACE")"/64 dev $MESH_VPN_IFACE
+		if [ "$endpoint" == "" ]; then
+			endpoint=$(uci get wireguard.peer_$PEER.endpoint)
+		fi
+		gluon-wan wg set $MESH_VPN_IFACE peer $(uci get wireguard.peer_$PEER.publickey) persistent-keepalive 25 allowed-ips $(uci get wireguard.peer_$PEER.link_address)/128 endpoint $endpoint
+		
+		# We need to allow incoming vxlan traffic on mesh iface
+		sleep 10
+		ip6tables -I INPUT 1 -i $MESH_VPN_IFACE -m udp -p udp --dport 8472 -j ACCEPT
+		
+		# Bring up VXLAN
+		ip link add mesh-vpn type vxlan id "$(lua -e 'print(tonumber(require("gluon.util").domain_seed_bytes("gluon-mesh-vpn-vxlan", 3), 16))')" local $(interface_linklocal "$MESH_VPN_IFACE") remote $(uci get wireguard.peer_$PEER.link_address) dstport 8472 dev $MESH_VPN_IFACE
+		ip link set up dev mesh-vpn
+
+		sleep 5
+		# If we have a BATMAN_V env we need to correct the throughput value now
+		batctl hardif mesh-vpn throughput_override 1000mbit;
+	fi
+fi
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/mesh-vpn/provider/wireguard b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/mesh-vpn/provider/wireguard
new file mode 100644
index 00000000..e69de29b
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/usr/lib/micron.d/gluon-mesh-wireguard-vxlan b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/usr/lib/micron.d/gluon-mesh-wireguard-vxlan
new file mode 100644
index 00000000..4b99da40
--- /dev/null
+++ b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/usr/lib/micron.d/gluon-mesh-wireguard-vxlan
@@ -0,0 +1 @@
+* * * * * sleep $(awk 'BEGIN{srand();print int(rand()*40)}') && /lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard
new file mode 100755
index 00000000..df59034d
--- /dev/null
+++ b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard
@@ -0,0 +1,42 @@
+#!/usr/bin/lua
+
+local site = require 'gluon.site'
+local uci = require("simple-uci").cursor()
+
+local wg_enabled = uci:get_bool('wireguard', 'mesh_vpn', 'enabled') or false
+local privkey = uci:get("wireguard", "mesh_vpn", "privatekey") or ""
+
+-- Clean up previous configuration
+uci:delete_all('wireguard', 'peer', function(peer)
+	return peer.preserve ~= '1'
+end)
+-- Clean up previous configuration
+uci:delete_all('wireguard', 'wireguard', function(peer)
+	return peer.preserve ~= '1'
+end)
+
+local mesh_enabled = uci:get_bool('gluon', 'mesh_vpn', 'enabled') -- default
+	or uci:get_bool('fastd', 'mesh_vpn', 'enabled') --migration
+	or wg_enabled -- specific config
+
+uci:set('gluon', 'mesh_vpn', 'enabled', mesh_enabled)
+
+uci:section("wireguard", "wireguard", "mesh_vpn", {
+	iface = site.mesh_vpn.wireguard.iface(),
+	limit = site.mesh_vpn.wireguard.limit(),
+	broker = site.mesh_vpn.wireguard.broker(),
+	enabled = mesh_enabled,
+	privatekey = privkey,
+})
+
+for name, peer in pairs(site.mesh_vpn.wireguard.peers()) do
+	uci:section("wireguard", "peer", "peer_" .. name, {
+		enabled = true,
+		endpoint = peer.endpoint,
+		publickey = peer.publickey,
+		link_address = peer.link_address,
+	})
+end
+
+uci:save('wireguard')
+uci:save('gluon')
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
new file mode 100644
index 00000000..0c47d256
--- /dev/null
+++ b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
@@ -0,0 +1,36 @@
+local uci = require('simple-uci').cursor()
+
+local site = require 'gluon.site'
+local util = require 'gluon.util'
+local vpn_core = require 'gluon.mesh-vpn'
+
+local M = {}
+
+function M.public_key()
+        return util.trim(util.exec('/usr/bin/wg show wg_mesh_vpn public-key'))
+end
+
+function M.enable(val)
+        uci:set('wireguard', 'mesh_vpn', 'enabled', val)
+        uci:save('wireguard')
+end
+
+function M.active()
+        return site.mesh_vpn.wireguard() ~= nil
+end
+
+function M.set_limit(ingress_limit, egress_limit)
+        uci:delete('simple-tc', 'mesh_vpn')
+        if ingress_limit ~= nil and egress_limit ~= nil then
+                uci:section('simple-tc', 'interface', 'mesh_vpn', {
+                        ifname = vpn_core.get_interface(),
+                        enabled = true,
+                        limit_egress = egress_limit,
+                        limit_ingress = ingress_limit,
+                })
+        end
+
+        uci:save('simple-tc')
+end
+
+return M

From d748ad2b77dae8e6f37b2091cb5ce2121982c6a8 Mon Sep 17 00:00:00 2001
From: awlx <aw@awlnx.space>
Date: Thu, 21 Oct 2021 09:10:24 +0200
Subject: [PATCH 04/14] Wonder how that worked

---
 .../files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
index 9d5a27f6..537107f8 100755
--- a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
+++ b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
@@ -90,7 +90,7 @@ if [ "$(uci get wireguard.mesh_vpn.enabled)" == "true" ] || [ "$(uci get wiregua
 		else
 			PROTO=https
 		fi
-		gluon-wan wget -q  -O- --post-data='{"domain": "'"$SEGMENT"'","public_key": "'"$PUBLICKEY"'"}' $PROTO://$(uci get wireguard.broker)
+		gluon-wan wget -q  -O- --post-data='{"domain": "'"$SEGMENT"'","public_key": "'"$PUBLICKEY"'"}' $PROTO://$(uci get wireguard.mesh_vpn.broker)
 		
 		# Bring up the wireguard interface
 		ip link add dev $MESH_VPN_IFACE type wireguard

From 92f356e7eee92cb1ca326db4aed7983e6b91e568 Mon Sep 17 00:00:00 2001
From: goligo <ich@malte.de>
Date: Thu, 21 Oct 2021 23:28:01 +0200
Subject: [PATCH 05/14] Remove reverse synchronization of
 gluon.mesh_vpn.enabled

---
 .../luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard             | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard
index df59034d..ffd471c9 100755
--- a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard
+++ b/ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard
@@ -19,8 +19,6 @@ local mesh_enabled = uci:get_bool('gluon', 'mesh_vpn', 'enabled') -- default
 	or uci:get_bool('fastd', 'mesh_vpn', 'enabled') --migration
 	or wg_enabled -- specific config
 
-uci:set('gluon', 'mesh_vpn', 'enabled', mesh_enabled)
-
 uci:section("wireguard", "wireguard", "mesh_vpn", {
 	iface = site.mesh_vpn.wireguard.iface(),
 	limit = site.mesh_vpn.wireguard.limit(),

From d0bdc818a8d810118348391a6e41e6c4593265fe Mon Sep 17 00:00:00 2001
From: Malte Wedel <ich@malte.de>
Date: Sun, 17 Oct 2021 00:26:29 +0200
Subject: [PATCH 06/14] Renamed ffmuc-gluon-mesh-vpn-wireguard-vxlan to
 ffmuc-mesh-vpn-wireguard-vxlan

---
 .../Makefile                                                | 6 +++---
 .../README.md                                               | 4 ++--
 .../files/etc/config/wireguard                              | 0
 .../files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink  | 0
 .../files/lib/gluon/mesh-vpn/provider/wireguard             | 0
 .../files/usr/lib/micron.d/gluon-mesh-wireguard-vxlan       | 0
 .../luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard         | 0
 .../usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua       | 0
 8 files changed, 5 insertions(+), 5 deletions(-)
 rename {ffmuc-gluon-mesh-vpn-wireguard-vxlan => ffmuc-mesh-vpn-wireguard-vxlan}/Makefile (65%)
 rename {ffmuc-gluon-mesh-vpn-wireguard-vxlan => ffmuc-mesh-vpn-wireguard-vxlan}/README.md (98%)
 rename {ffmuc-gluon-mesh-vpn-wireguard-vxlan => ffmuc-mesh-vpn-wireguard-vxlan}/files/etc/config/wireguard (100%)
 rename {ffmuc-gluon-mesh-vpn-wireguard-vxlan => ffmuc-mesh-vpn-wireguard-vxlan}/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink (100%)
 rename {ffmuc-gluon-mesh-vpn-wireguard-vxlan => ffmuc-mesh-vpn-wireguard-vxlan}/files/lib/gluon/mesh-vpn/provider/wireguard (100%)
 rename {ffmuc-gluon-mesh-vpn-wireguard-vxlan => ffmuc-mesh-vpn-wireguard-vxlan}/files/usr/lib/micron.d/gluon-mesh-wireguard-vxlan (100%)
 rename {ffmuc-gluon-mesh-vpn-wireguard-vxlan => ffmuc-mesh-vpn-wireguard-vxlan}/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard (100%)
 rename {ffmuc-gluon-mesh-vpn-wireguard-vxlan => ffmuc-mesh-vpn-wireguard-vxlan}/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua (100%)

diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/Makefile b/ffmuc-mesh-vpn-wireguard-vxlan/Makefile
similarity index 65%
rename from ffmuc-gluon-mesh-vpn-wireguard-vxlan/Makefile
rename to ffmuc-mesh-vpn-wireguard-vxlan/Makefile
index 386c9718..eb94d7d0 100644
--- a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/Makefile
+++ b/ffmuc-mesh-vpn-wireguard-vxlan/Makefile
@@ -1,6 +1,6 @@
 include $(TOPDIR)/rules.mk
 
-PKG_NAME:=ffmuc-gluon-mesh-vpn-wireguard-vxlan
+PKG_NAME:=ffmuc-mesh-vpn-wireguard-vxlan
 PKG_VERSION:=1
 PKG_RELEASE:=1
 
@@ -9,9 +9,9 @@ PKG_LICENSE:=GPL-2.0-or-later
 
 include $(TOPDIR)/../package/gluon.mk
 
-define Package/ffmuc-gluon-mesh-vpn-wireguard-vxlan
+define Package/ffmuc-mesh-vpn-wireguard-vxlan
   TITLE:=Support for connecting meshes via wireguard
   DEPENDS:=+gluon-mesh-vpn-core +micrond +kmod-wireguard +wireguard-tools +ip-full
 endef
 
-$(eval $(call BuildPackageGluon,ffmuc-gluon-mesh-vpn-wireguard-vxlan))
+$(eval $(call BuildPackageGluon,ffmuc-mesh-vpn-wireguard-vxlan))
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/README.md b/ffmuc-mesh-vpn-wireguard-vxlan/README.md
similarity index 98%
rename from ffmuc-gluon-mesh-vpn-wireguard-vxlan/README.md
rename to ffmuc-mesh-vpn-wireguard-vxlan/README.md
index a0a8fbd8..07625b1e 100644
--- a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/README.md
+++ b/ffmuc-mesh-vpn-wireguard-vxlan/README.md
@@ -1,4 +1,4 @@
-# gluon-mesh-vpn-wireguard-vxlan
+# ffmuc-mesh-vpn-wireguard-vxlan
 
 You can use this package for connecting with wireguard to the Freifunk Munich network.
 
@@ -56,4 +56,4 @@ If one of the checks above bails out with an error the reconnect cycle is starte
 
 ### Contact
 
-Feel free to ask questions in the [FFMUC chat](https://chat.ffmuc.net).
\ No newline at end of file
+Feel free to ask questions in the [FFMUC chat](https://chat.ffmuc.net).
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/etc/config/wireguard b/ffmuc-mesh-vpn-wireguard-vxlan/files/etc/config/wireguard
similarity index 100%
rename from ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/etc/config/wireguard
rename to ffmuc-mesh-vpn-wireguard-vxlan/files/etc/config/wireguard
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
similarity index 100%
rename from ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
rename to ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/mesh-vpn/provider/wireguard b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/mesh-vpn/provider/wireguard
similarity index 100%
rename from ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/lib/gluon/mesh-vpn/provider/wireguard
rename to ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/mesh-vpn/provider/wireguard
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/usr/lib/micron.d/gluon-mesh-wireguard-vxlan b/ffmuc-mesh-vpn-wireguard-vxlan/files/usr/lib/micron.d/gluon-mesh-wireguard-vxlan
similarity index 100%
rename from ffmuc-gluon-mesh-vpn-wireguard-vxlan/files/usr/lib/micron.d/gluon-mesh-wireguard-vxlan
rename to ffmuc-mesh-vpn-wireguard-vxlan/files/usr/lib/micron.d/gluon-mesh-wireguard-vxlan
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard b/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard
similarity index 100%
rename from ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard
rename to ffmuc-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard
diff --git a/ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua b/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
similarity index 100%
rename from ffmuc-gluon-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
rename to ffmuc-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua

From 876a8d8f9805281e95815b7d2d5a4d997a393dc6 Mon Sep 17 00:00:00 2001
From: goligo <ich@malte.de>
Date: Fri, 4 Feb 2022 12:13:51 +0100
Subject: [PATCH 07/14] Only add ip6tables rule, if not set already

For each reconnection checkuplink was adding an additional entry to the INPUT chain in ip6tables. In case a node does not have WAN connection, but accidentally enabled mesh over VPN, this adding 1440 rules per day or about 40k rules within a month.
---
 .../files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink  | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
index 537107f8..5d9d37b2 100755
--- a/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
+++ b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
@@ -107,7 +107,11 @@ if [ "$(uci get wireguard.mesh_vpn.enabled)" == "true" ] || [ "$(uci get wiregua
 		
 		# We need to allow incoming vxlan traffic on mesh iface
 		sleep 10
-		ip6tables -I INPUT 1 -i $MESH_VPN_IFACE -m udp -p udp --dport 8472 -j ACCEPT
+                RULE="-i $MESH_VPN_IFACE -m udp -p udp --dport 8472 -j ACCEPT"
+                ip6tables -C INPUT $RULE                                                                                
+                if [ $? -ne 0 ]; then                                  
+                        ip6tables -I INPUT 1 $RULE
+                fi                                                                                                             
 		
 		# Bring up VXLAN
 		ip link add mesh-vpn type vxlan id "$(lua -e 'print(tonumber(require("gluon.util").domain_seed_bytes("gluon-mesh-vpn-vxlan", 3), 16))')" local $(interface_linklocal "$MESH_VPN_IFACE") remote $(uci get wireguard.peer_$PEER.link_address) dstport 8472 dev $MESH_VPN_IFACE

From 29d058c17b6968273c3fabe95291cec7397987e9 Mon Sep 17 00:00:00 2001
From: goligo <ich@malte.de>
Date: Mon, 12 Sep 2022 11:46:58 +0200
Subject: [PATCH 08/14] Adapted checkuplink for changes nslookup output in
 OpenWrt 22.03

In OpenWrt 22.03 the output of nslookup as a colon after "Address", so it was not matched correctly by our regular expression.
---
 .../files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
index 5d9d37b2..7190bd0a 100755
--- a/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
+++ b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
@@ -25,10 +25,10 @@ check_address_family() {
 	# Check if we have a default route for v6 if not fallback to v4
 	defgw=$(ip -6 route show table 1 | grep 'default via')
 	if [ "$?" -eq "0" ]; then
-		local ipv6="$(gluon-wan nslookup $gateway | grep 'Address [0-9]' | egrep -o '([a-f0-9:]+:+)+[a-f0-9]+')"
+		local ipv6="$(gluon-wan nslookup $gateway | grep 'Address:\? [0-9]' | egrep -o '([a-f0-9:]+:+)+[a-f0-9]+')"
 		echo [$ipv6]$(echo $peer_endpoint | egrep -oe :[0-9]+$)
 	else
-		local ipv4="$(gluon-wan nslookup $gateway | grep 'Address [0-9]' | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")"
+		local ipv4="$(gluon-wan nslookup $gateway | grep 'Address:\? [0-9]' | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")"
 		echo $ipv4$(echo $peer_endpoint | egrep -oe :[0-9]+$)
 	fi
 

From fd5f1c7e2345260db72105c16c6db8d57ce7b222 Mon Sep 17 00:00:00 2001
From: goligo <ich@malte.de>
Date: Mon, 12 Sep 2022 13:47:59 +0200
Subject: [PATCH 09/14] Add mesh-vpn to BATMAN, as Gluon does not do it anymore

Gluon v2022.1 has been refactored in a way, that a mesh-vpn interface is no longer in the network configuration and no longer added to BATMAN automatically, so we now add it explicitly in our script.
---
 .../files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink     | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
index 7190bd0a..6e4e2b4d 100755
--- a/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
+++ b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
@@ -116,6 +116,9 @@ if [ "$(uci get wireguard.mesh_vpn.enabled)" == "true" ] || [ "$(uci get wiregua
 		# Bring up VXLAN
 		ip link add mesh-vpn type vxlan id "$(lua -e 'print(tonumber(require("gluon.util").domain_seed_bytes("gluon-mesh-vpn-vxlan", 3), 16))')" local $(interface_linklocal "$MESH_VPN_IFACE") remote $(uci get wireguard.peer_$PEER.link_address) dstport 8472 dev $MESH_VPN_IFACE
 		ip link set up dev mesh-vpn
+		
+		# Add VXLAN inteface to BATMAN
+		batctl if add mesh-vpn
 
 		sleep 5
 		# If we have a BATMAN_V env we need to correct the throughput value now

From 7fe757a121eb19af61bd133054db15c6f8a43e65 Mon Sep 17 00:00:00 2001
From: Grische <github@grische.xyz>
Date: Fri, 16 Sep 2022 13:46:00 +0200
Subject: [PATCH 10/14] Revert "Add mesh-vpn to BATMAN, as Gluon does not do it
 anymore"

This reverts commit fd5f1c7e2345260db72105c16c6db8d57ce7b222.
---
 .../files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink     | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
index 6e4e2b4d..7190bd0a 100755
--- a/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
+++ b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
@@ -116,9 +116,6 @@ if [ "$(uci get wireguard.mesh_vpn.enabled)" == "true" ] || [ "$(uci get wiregua
 		# Bring up VXLAN
 		ip link add mesh-vpn type vxlan id "$(lua -e 'print(tonumber(require("gluon.util").domain_seed_bytes("gluon-mesh-vpn-vxlan", 3), 16))')" local $(interface_linklocal "$MESH_VPN_IFACE") remote $(uci get wireguard.peer_$PEER.link_address) dstport 8472 dev $MESH_VPN_IFACE
 		ip link set up dev mesh-vpn
-		
-		# Add VXLAN inteface to BATMAN
-		batctl if add mesh-vpn
 
 		sleep 5
 		# If we have a BATMAN_V env we need to correct the throughput value now

From 77f94dc533cfd9550ba08e1a9e442618b5daa280 Mon Sep 17 00:00:00 2001
From: Grische <github@grische.xyz>
Date: Sat, 17 Sep 2022 20:44:23 +0200
Subject: [PATCH 11/14] Add mtu() to wireguard provider API

Required by recent upstream changes:
https://github.com/freifunk-gluon/gluon/commit/7c81897b4ccc2213972c0409a59b07f1fda87a0f
---
 .../luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua b/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
index 0c47d256..ee4ab590 100644
--- a/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
+++ b/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
@@ -33,4 +33,8 @@ function M.set_limit(ingress_limit, egress_limit)
         uci:save('simple-tc')
 end
 
+function M.mtu()
+        return site.mesh_vpn.wireguard.mtu()
+end
+
 return M

From 18ccfa82212eedbcda5c119f893d85bdfe0ec084 Mon Sep 17 00:00:00 2001
From: Grische <github@grische.xyz>
Date: Sat, 17 Sep 2022 20:48:29 +0200
Subject: [PATCH 12/14] Add compatibility variable for enabling mesh vpn

---
 .../luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard              | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard b/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard
index ffd471c9..8f1adfc6 100755
--- a/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard
+++ b/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/lib/gluon/upgrade/400-mesh-vpn-wireguard
@@ -17,6 +17,7 @@ end)
 
 local mesh_enabled = uci:get_bool('gluon', 'mesh_vpn', 'enabled') -- default
 	or uci:get_bool('fastd', 'mesh_vpn', 'enabled') --migration
+	or not uci:get_bool('network', 'wg_mesh', 'disabled') --compatiblity with upstream
 	or wg_enabled -- specific config
 
 uci:section("wireguard", "wireguard", "mesh_vpn", {

From ca884df552fec5473c02f0a49162ac2449971b54 Mon Sep 17 00:00:00 2001
From: Grische <github@grische.xyz>
Date: Sat, 17 Sep 2022 20:48:57 +0200
Subject: [PATCH 13/14] Add wireguard_pubkey.sh to be more compatible

Required as part of gluon-mesh-vpn-core:
https://github.com/freifunk-gluon/gluon/blob/v2022.1/package/gluon-mesh-vpn-core/files/lib/netifd/proto/gluon_wireguard.sh#L32
---
 .../files/lib/gluon/mesh-vpn/wireguard_pubkey.sh          | 3 +++
 .../usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua     | 8 +++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/mesh-vpn/wireguard_pubkey.sh

diff --git a/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/mesh-vpn/wireguard_pubkey.sh b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/mesh-vpn/wireguard_pubkey.sh
new file mode 100644
index 00000000..8c3d57ca
--- /dev/null
+++ b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/mesh-vpn/wireguard_pubkey.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+/usr/bin/wg show wg_mesh_vpn public-key
diff --git a/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua b/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
index ee4ab590..d54f651f 100644
--- a/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
+++ b/ffmuc-mesh-vpn-wireguard-vxlan/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
@@ -7,7 +7,13 @@ local vpn_core = require 'gluon.mesh-vpn'
 local M = {}
 
 function M.public_key()
-        return util.trim(util.exec('/usr/bin/wg show wg_mesh_vpn public-key'))
+        local key = util.trim(util.exec("/lib/gluon/mesh-vpn/wireguard_pubkey.sh"))
+
+        if key == '' then
+                key = nil
+        end
+
+        return key
 end
 
 function M.enable(val)

From 36b86142d5949a3d34850643c048dce4d0e49057 Mon Sep 17 00:00:00 2001
From: Annika Wickert <awlx@github.com>
Date: Sun, 9 Oct 2022 19:52:26 +0200
Subject: [PATCH 14/14] Fix broken grep

This fixes the broken grep to find the batctl gw
---
 .../files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
index 7190bd0a..79331777 100755
--- a/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
+++ b/ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink
@@ -52,7 +52,7 @@ if [ "$(uci get wireguard.mesh_vpn.enabled)" == "true" ] || [ "$(uci get wiregua
 	# Check connectivity to supernode
 	wget http://[$(wg  | grep fe80 | awk '{split($3,A,"/")};{print A[1]}')%$MESH_VPN_IFACE]/  --timeout=5 -O/dev/null -q
 	if [ "$?" -eq "0" ]; then
-		GWMAC=$(batctl gwl | grep \* | awk '{print $2}')
+		GWMAC=$(batctl gwl | awk '/[*]/{print $2}')
 		batctl ping -c 5 $GWMAC &> /dev/null
 		if [ "$?" -eq "0" ]; then
 			CONNECTED=1