fix(vpn): Wait for WiFi interface before adding guest route to table 100

Guest WiFi interface (phy0-ap0) may not be up when init script runs at
boot. Move guest route addition to a background retry loop (up to 60s).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

files/etc/init.d/parahub-vpn-tunnel

@@ -42,20 +42,28 @@ start() {
     # Default route through GRE (table 100 — used by guest policy routing)
     ip route add default via "$GRE_GATEWAY" table 100
 
-    # Guest subnet direct route in table 100
+    # Guest subnet direct route in table 100 (background — WiFi may not be up yet)
     # Without this, router's own replies (source IP in guest subnet) go through
     # GRE instead of back to the guest client (ip rule matches source-based)
     local guest_subnet
     guest_subnet=$(awk -F= '/GUEST_SUBNET/{print $2}' /etc/parahub/keys 2>/dev/null)
     if [ -n "$guest_subnet" ]; then
-        local guest_dev
+        # WiFi interfaces take time to come up at boot — retry in background
+        (
+            local guest_dev="" ga=0
+            while [ $ga -lt 30 ]; do
                 guest_dev=$(ip route | grep "^${guest_subnet} " | awk '{print $3}')
+                [ -n "$guest_dev" ] && break
+                ga=$((ga + 1))
+                sleep 2
+            done
             if [ -n "$guest_dev" ]; then
-            ip route add "$guest_subnet" dev "$guest_dev" table 100
+                ip route add "$guest_subnet" dev "$guest_dev" table 100 2>/dev/null
                 logger -t parahub-vpn "Guest route: $guest_subnet via $guest_dev in table 100"
             else
-            logger -t parahub-vpn "Warning: guest device not found for $guest_subnet"
+                logger -t parahub-vpn "Warning: guest device not found for $guest_subnet after 60s"
             fi
+        ) &
     fi
 
     # Reload firewall so vpn_tunnel zone picks up gre6-vpn device