vpn-tunnel reads IP from /etc/parahub/tunnel_ip instead of hardcoded
172.16.0.2. On first boot, calls heartbeat synchronously to get assignment.
Heartbeat parses tunnel_ip from response and restarts vpn-tunnel on change.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Guest WiFi interface (phy0-ap0) may not be up when init script runs at
boot. Move guest route addition to a background retry loop (up to 60s).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OpenWrt 25.x lacks the netifd grev6 protocol handler, so the UCI
vpn_tunnel interface never came up (NO_DEVICE). Now using a dedicated
init script (parahub-vpn-tunnel, START=96) that:
- Creates ip6gre tunnel with encaplimit none (critical: Yggdrasil
drops IPv6 packets with DSTOPT extension headers from encaplimit)
- Waits for Yggdrasil address before creating tunnel
- Adds guest subnet direct route to table 100 (fixes DNS/reply
routing — without it, router replies with source in guest subnet
get routed through GRE instead of back to the client)
- Reloads firewall so vpn_tunnel zone picks up gre6-vpn device
Also updated VPS mesh-gateway.sh with encaplimit none.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
