From 29070e95efd12e7281a6bcab739b491797284a70 Mon Sep 17 00:00:00 2001
From: Parahub AI <admin@parahub.io>
Date: Mon, 9 Feb 2026 17:21:38 +0000
Subject: [PATCH] fix(vpn): Wait for WiFi interface before adding guest route
 to table 100

Guest WiFi interface (phy0-ap0) may not be up when init script runs at
boot. Move guest route addition to a background retry loop (up to 60s).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 files/etc/init.d/parahub-vpn-tunnel | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/files/etc/init.d/parahub-vpn-tunnel b/files/etc/init.d/parahub-vpn-tunnel
index a3eeaa5..7c075e0 100755
--- a/files/etc/init.d/parahub-vpn-tunnel
+++ b/files/etc/init.d/parahub-vpn-tunnel
@@ -42,20 +42,28 @@ start() {
     # Default route through GRE (table 100 — used by guest policy routing)
     ip route add default via "$GRE_GATEWAY" table 100
 
-    # Guest subnet direct route in table 100
+    # Guest subnet direct route in table 100 (background — WiFi may not be up yet)
     # Without this, router's own replies (source IP in guest subnet) go through
     # GRE instead of back to the guest client (ip rule matches source-based)
     local guest_subnet
     guest_subnet=$(awk -F= '/GUEST_SUBNET/{print $2}' /etc/parahub/keys 2>/dev/null)
     if [ -n "$guest_subnet" ]; then
-        local guest_dev
-        guest_dev=$(ip route | grep "^${guest_subnet} " | awk '{print $3}')
-        if [ -n "$guest_dev" ]; then
-            ip route add "$guest_subnet" dev "$guest_dev" table 100
-            logger -t parahub-vpn "Guest route: $guest_subnet via $guest_dev in table 100"
-        else
-            logger -t parahub-vpn "Warning: guest device not found for $guest_subnet"
-        fi
+        # WiFi interfaces take time to come up at boot — retry in background
+        (
+            local guest_dev="" ga=0
+            while [ $ga -lt 30 ]; do
+                guest_dev=$(ip route | grep "^${guest_subnet} " | awk '{print $3}')
+                [ -n "$guest_dev" ] && break
+                ga=$((ga + 1))
+                sleep 2
+            done
+            if [ -n "$guest_dev" ]; then
+                ip route add "$guest_subnet" dev "$guest_dev" table 100 2>/dev/null
+                logger -t parahub-vpn "Guest route: $guest_subnet via $guest_dev in table 100"
+            else
+                logger -t parahub-vpn "Warning: guest device not found for $guest_subnet after 60s"
+            fi
+        ) &
     fi
 
     # Reload firewall so vpn_tunnel zone picks up gre6-vpn device