docs/releases/index.rst

 Release Notes
 =============
 
+.. toctree::
+  :caption: Gluon 2023.1
+  :maxdepth: 2
+
+  v2023.1
+
 .. toctree::
   :caption: Gluon 2022.1
   :maxdepth: 2
 
+  v2022.1.4
+  v2022.1.3
+  v2022.1.2
+  v2022.1.1
   v2022.1
 
 .. toctree::

docs/releases/v2017.1.rst

@@ -88,6 +88,8 @@ New features
 * Add support for making nodes a DNS cache for clients
   (`#1000 <https://github.com/freifunk-gluon/gluon/pull/1000>`_)
 
+  See also: :doc:`../features/dns-cache`
+
 * Add L2TP via tunneldigger as an alternative VPN system
   (`#978 <https://github.com/freifunk-gluon/gluon/pull/978>`_)
 

docs/releases/v2018.1.2.rst

@@ -28,7 +28,7 @@ Bugfixes
   As the path to both config mode and status page were changed between versions
   users could be affected by a redirect to a no more valid URL. 
 
-* batman-adv has received two bugfixes, which were `backported <https://github.com/openwrt-routing/packages/commit/7bf62cc8b556b5046f9bbd37687376fe9ea175bb>`_ from v2018.4
+* batman-adv has received two bugfixes, which were `backported <https://github.com/openwrt/routing/commit/7bf62cc8b556b5046f9bbd37687376fe9ea175bb>`_ from v2018.4
 
 Other changes
 ~~~~~~~~~~~~~

docs/releases/v2020.2.3.rst

@@ -7,7 +7,7 @@ Bugfixes
 - LEDs on the ASUS RT-AC51 are now fully functional.
 
 - Netgear EX6150v1 randomly booting into failsafe mode has been fixed.
-  This happened dependant on the state of the mode setting switch.
+  This happened dependent on the state of the mode setting switch.
 
 - Dnsmasq has been patched against multiple security issues in its DNS response validation.
   See the OpenWrt advisory at https://openwrt.org/advisory/2021-01-19-1

docs/releases/v2021.1.1.rst

@@ -30,7 +30,7 @@ ramips-mt76x8
 Bugfixes
 --------
 
-- Missing bandwith limit settings resulted in a respondd crash for v2021.1.
+- Missing bandwidth limit settings resulted in a respondd crash for v2021.1.
 
 - The Tunneldigger VPN provider was not registered with the Gluon VPN backend, resulting in broken Tunneldigger configurations.
 

docs/releases/v2022.1.1.rst

+Gluon 2022.1.1
+==============
+
+Important notes
+---------------
+
+This release mitigates multiple flaws in the Linux wireless stack fixing RCE and DoS vulnerabilities.
+
+
+Added hardware support
+----------------------
+
+ipq40xx-generic
+~~~~~~~~~~~~~~~
+
+- GL.iNet
+
+  - GL-AP1300
+
+mpc85xx-p1010
+~~~~~~~~~~~~~
+
+- TP-Link
+
+  - TL-WDR4900 (v1)
+
+ramips-mt7621
+~~~~~~~~~~~~~
+
+- ZyXEL
+
+  - NWA50AX
+
+rockchip-armv8
+~~~~~~~~~~~~~~
+
+- FriendlyElec
+
+  - NanoPi R4S (4GB LPDDR4)
+
+Bugfixes
+--------
+
+ * Multiple mitigations for (`critical vulnerabilities <https://seclists.org/oss-sec/2022/q4/20>`_) in the Linux kernel WLAN stack. This only concerns Gluon v2022.1, older Gluon versions are unaffected.
+
+   * CVE-2022-41674
+   * CVE-2022-42719
+   * CVE-2022-42720
+   * CVE-2022-42721
+   * CVE-2022-42722
+ * Fixes `security issues in WolfSSL <https://openwrt.org/releases/22.03/notes-22.03.1#security_fixes>`_. People who have installed additional, non-Gluon packages which rely on WolfSSL's TLS 1.3 implementation might be affected. Firmwares using either gluon-mesh-wireless-sae or gluon-wireless-encryption-wpa3 are unaffected by these issues, since only WPA-Enterprise relies on the affected TLS functionality.
+
+   * CVE-2022-38152
+   * CVE-2022-39173
+
+ * Fixes the update path for GL-AR300M and NanoStation Loco M2/M5 (XW) devices.
+
+Known issues
+------------
+
+* A workaround for Android devices not waking up to their MLD subscriptions was removed,
+  potentially breaking IPv6 connectivity for these devices after extended sleep periods.
+  (`#2672 <https://github.com/freifunk-gluon/gluon/issues/2672>`_)
+
+* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
+  (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
+
+* The integration of the BATMAN_V routing algorithm is incomplete.
+
+  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
+    metric.
+  - Throughput values are not correctly acquired for different interface types.
+    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    This affects virtual interface types like bridges and VXLAN.
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
+  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
+  (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

docs/releases/v2022.1.2.rst

+Gluon 2022.1.2
+==============
+
+Bugfixes
+--------
+
+ * Various build-errors which sporadically occur when building with a large thread-count have been fixed
+
+ * Android devices do not lose their IPv6 connectivity after extended idle-time
+
+ * The 802.11s mesh network is now using 802.11ax HE-modes when supported by hardware
+
+
+Known issues
+------------
+
+* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
+  (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
+
+* The integration of the BATMAN_V routing algorithm is incomplete.
+
+  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
+    metric.
+  - Throughput values are not correctly acquired for different interface types.
+    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    This affects virtual interface types like bridges and VXLAN.
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
+  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
+  (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

docs/releases/v2022.1.3.rst

+Gluon 2022.1.3
+==============
+
+Bugfixes
+--------
+
+* Ipq40xx Wave2 devices temporarily use non-ct firmware again to work around 802.11s unicast package loss in ath10k-ct
+  (`#2692 <https://github.com/freifunk-gluon/gluon/issues/2692>`_)
+
+* Modify kernel builds slightly to work around a boot hang on various devices based on the QCA9563 SoC - especially the Unifi AC-* devices
+  (`#2784 <https://github.com/freifunk-gluon/gluon/issues/2784>`_)
+
+* Work around an issue with wifi setup timing by waiting a bit while device initialisation is ongoing
+  (`#2779 <https://github.com/freifunk-gluon/gluon/issues/2779>`_)
+
+
+Known issues
+------------
+
+* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
+  (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
+
+* The integration of the BATMAN_V routing algorithm is incomplete.
+
+  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
+    metric.
+  - Throughput values are not correctly acquired for different interface types.
+    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    This affects virtual interface types like bridges and VXLAN.
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
+  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
+  (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

docs/releases/v2022.1.4.rst

+Gluon 2022.1.4
+==============
+
+Added hardware support
+----------------------
+
+ath79-generic
+~~~~~~~~~~~~~
+
+- LibreRouter
+
+  - LibreRouter (v1)
+
+- Teltonika
+
+  - RUT230 (v1)
+
+
+ath79-nand
+~~~~~~~~~~
+
+- Aerohive
+
+  - HiveAP 121
+
+- NETGEAR
+
+  - WNDR4300 (v1)
+  
+
+lantiq-xrx200
+~~~~~~~~~~~~~
+
+- Arcadyan
+
+  - o2 Box 6431
+
+
+ramips-mt7621
+~~~~~~~~~~~~~
+
+- Cudy
+
+  - X6 (v1, v2)
+
+- D-Link
+
+  - DAP-X1860 (A1)
+
+- GL.iNet
+
+  - GL-MT1300
+  
+- Mercusys
+
+  - MR70X (v1)
+
+- Xiaomi
+
+  - Mi Router 3G
+  
+  
+ramips-mt76x8
+~~~~~~~~~~~~~
+
+- TP-Link
+
+  - RE200 (v3)
+  
+
+realtek-rtl838x
+~~~~~~~~~~~~~~~
+
+- D-Link
+
+  - DGS-1210-10P
+  
+
+ipq40xx-generic
+~~~~~~~~~~~~~~~
+
+- AVM
+
+  - FRITZBox 7520
+  
+  
+ipq40xx-mikrotik
+~~~~~~~~~~~~~~~~
+
+- Mikrotik
+
+  - hAP ac2
+
+
+Bugfixes
+--------
+
+* Enterasys WS-AP3705i now uses the correct image-name for use with the autoupdater
+  (`#2819 <https://github.com/freifunk-gluon/gluon/issues/2819>`_)
+
+* Reduce memory Usage for ath10k on ZyXEL WRE6606 devices
+  (`#2842 <https://github.com/freifunk-gluon/gluon/issues/2842>`_)
+
+* Replace the Workaround for failed boots on ath79 with a proper fix.
+  (`#2784 <https://github.com/freifunk-gluon/gluon/issues/2784#issuecomment-1452126501>`_)
+
+* AVM FRITZ!Box 7360 v2 flashed with the incorrect image for v1 will automatically update to the correct image.
+
+* Revert OOM inducing switch of ath79 Wave2 firmware back to -ct
+  (`#2879 <https://github.com/freifunk-gluon/gluon/pull/2879>`_)
+
+Known issues
+------------
+
+* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
+  (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
+
+* The integration of the BATMAN_V routing algorithm is incomplete.
+
+  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
+    metric.
+  - Throughput values are not correctly acquired for different interface types.
+    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    This affects virtual interface types like bridges and VXLAN.
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
+  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
+  (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
+

docs/releases/v2022.1.rst

@@ -391,7 +391,8 @@ Known issues
 ------------
 
 * A workaround for Android devices not waking up to their MLD subscriptions was removed,
-  potentially breaking IPv6 connectivity for these devices after extended sleep periods
+  potentially breaking IPv6 connectivity for these devices after extended sleep periods.
+  (`#2672 <https://github.com/freifunk-gluon/gluon/issues/2672>`_)
 
 * Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
   (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)

docs/releases/v2023.1.rst

+Gluon 2023.1
+============
+
+Important notes
+---------------
+
+Upgrades to v2023.1 and later releases are only supported from releases v2021.1 and later.
+This is due to migrations that have been removed to simplify maintenance.
+
+
+Added hardware support
+----------------------
+
+ath79-generic
+~~~~~~~~~~~~~
+
+- Extreme Networks
+
+  - WS-AP3805i
+
+ath79-nand
+~~~~~~~~~~
+
+- GL.iNet
+
+  - GL-XE300
+
+ramips-mt7621
+~~~~~~~~~~~~~
+
+- TP-Link
+
+  - EAP615-Wall
+
+- Wavlink
+
+  - WS-WN572HP3 4G
+
+ramips-mt76x8
+~~~~~~~~~~~~~
+
+- TP-Link
+
+  - TL-MR6400 (v5)
+
+
+Features
+--------
+
+DNS Caching
+~~~~~~~~~~~
+
+DNS caching using the dnsmasq resolver is reintroduced.
+
+See the :ref:`DNS caching documentation <dns-caching>` section for
+details on how to enable this feature.
+
+Cellular Modem Support
+~~~~~~~~~~~~~~~~~~~~~~
+
+Support for using cellular data connections as the primary uplink connection has been added
+to Gluon. This is supported for hardware that comes with a built-in cellular modem. The required user
+configuration for the APN and SIM-PIN can be performed in the Advanced Settings in Config Mode.
+
+To use this feature in config-mode, the ``web-cellular`` needs to be enabled in ``site.mk``.
+
+Interface Role UI
+~~~~~~~~~~~~~~~~~
+
+Interface Roles can now be assigned from the Network page of the Advanced Settings
+in Config Mode. This configuration is preserved on Gluon upgrades.
+
+WireGuard Key Translation
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This release adds a new mechanism for seamlessly translating existing fastd private keys on the nodes into
+equivalent WireGuard keys. The corresponding public keys can be translated **separately** on the servers.
+This mitigates the need to re-exchange public keys for communities when migrating to WireGuard-based VPN.
+
+See the :ref:`gluon-mesh-vpn-key-translate <gluon-mesh-vpn-key-translate>` section for details.
+
+
+Bugfixes
+--------
+
+- Custom channel lists using a radios ``channels`` UCI option are now preserved on upgrade
+  in case ``gluon.wireless.preserve_channels`` is set.
+- Custom HT modes for radios are now preserved when ``gluon.wireless.preserve_channels``
+  is set.
+- Broken mesh links between MediaTek 11ax and Qualcomm 11ac hardware are worked around. (`#2905 <https://github.com/freifunk-gluon/gluon/pull/2905>`_)
+- Fixed a bug in the MediaTek MT7621 NAND driver that caused devices to end in a bootlooping state
+  after the initial installation.
+
+
+Minor changes
+-------------
+
+- Images built for the ``x86`` targets are now natively bootable on
+  EFI systems without CSM or BIOS support modes.
+
+
+Known issues
+------------
+
+* The integration of the BATMAN_V routing algorithm is incomplete.
+
+  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
+    metric.
+  - Throughput values are not correctly acquired for different interface types.
+    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    This affects virtual interface types like bridges and VXLAN.
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
+  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
+  (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

docs/requirements.txt

-sphinx-rtd-theme==1.0.0
+sphinx-rtd-theme==1.2.2

docs/site-example/i18n/de.po

@@ -58,10 +58,10 @@ msgid "gluon-config-mode:novpn"
 msgstr ""
 "<p><strong>Du hast ausgewählt die Internetverbindung (Mesh-VPN) nicht zu "
 "nutzen</strong>. Dein Knoten kann also nur dann eine Verbindung zum "
-"Freifunk-Netz aufbauen, wenn andere Freifunk-Knoten in WLAN-Reichweite sind."
+"Freifunk-Netz aufbauen, wenn andere Freifunk-Knoten in WLAN-Reichweite sind.</p>"
 "<p>Bitte schicke uns eine E-Mail mit dem Namen deines Knotens "
 "(<em><%= pcdata(hostname) %></em>) und ein paar Informationen an <a href="
-"\"mailto:freifunk-keys@lists.in-kiel.de?"
+"\"mailto:kontakt@alpha-centauri.freifunk.net?"
 "subject=<%= urlencode('Anmeldung: ' .. hostname) %>&amp;"
 "body=<%= urlencode('# ' .. hostname .. '\n# ' .. sysconfig.primary_mac .. '\n# kein mesh-VPN') %>"
 "<%= urlencode('\n\nIch habe zur Kenntnis genommen, dass der im ') %>"

docs/site-example/i18n/en.po

@@ -55,9 +55,9 @@ msgstr ""
 "<p>You have selected <strong>not</strong> to use the mesh VPN. "
 "Your node will only be able to connect to the Freifunk network if other nodes "
 "in reach already have a connection.</p>"
-"Please send an e-mail with the name of your node "
+"<p>Please send an e-mail with the name of your node "
 "(<em><%=pcdata(hostname)%></em>) and some additional information to "
-"<a href=\"mailto:keys@alpha-centauri.freifunk.net?subject="
+"<a href=\"mailto:kontakt@alpha-centauri.freifunk.net?subject="
 "<%= urlencode('Registration: ' .. hostname) %>&amp;body="
 "<%= urlencode('# ' .. hostname .. '\n# ' .. sysconfig.primary_mac .. '\nkey ') %>"
 "%22<%= pubkey %>%22;"
@@ -65,7 +65,7 @@ msgstr ""
 "<%= urlencode('node is publicly available on the Internet and can be ') %>"
 "<%= urlencode('used by any services (e.g. the meshviewer map).') %>"
 "<%= urlencode('\n\nThanks, \n\n') %>"
-"\">keys@alpha-centauri.freifunk.net</a>. Of course, your e-mail address will "
+"\">kontakt@alpha-centauri.freifunk.net</a>. Of course, your e-mail address will "
 "be treated confidentially and will not be passed on.</p>"
 "<p>Your node <em><%= pcdata(hostname) %></em> is currently rebooting and will "
 "try to connect to other nearby Freifunk nodes after that.</p>"

docs/site-example/modules

@@ -12,7 +12,6 @@
 #		the git repository from where to clone the package feed
 #PACKAGES_MY_OWN_PACKAGES_REPO=https://github.com/.../my-own-packages.git
 
-
 ##	PACKAGES_$feedname_COMMIT
 #		the version/commit of the git repository to clone
 #PACKAGES_MY_OWN_PACKAGES_COMMIT=123456789aabcda1a69b04278e4d38f2a3f57e49

docs/site-example/site.conf

--- This is an example site configuration for Gluon v2022.1
+-- This is an example site configuration for Gluon v2023.1
 --
 -- Take a look at the documentation located at
 -- https://gluon.readthedocs.io/ for details.

docs/user/getting_started.rst

@@ -8,7 +8,7 @@ Gluon's releases are managed using `Git tags`_. If you are just getting
 started with Gluon we recommend to use the latest stable release of Gluon.
 
 Take a look at the `list of gluon releases`_ and notice the latest release,
-e.g. *v2022.1*. Always get Gluon using git and don't try to download it
+e.g. *v2023.1*. Always get Gluon using git and don't try to download it
 as a Zip archive as the archive will be missing version information.
 
 Please keep in mind that there is no "default Gluon" build; a site configuration
@@ -25,18 +25,20 @@ An example configuration can be found in the Gluon repository at *docs/site-exam
 Dependencies
 ------------
 To build Gluon, several packages need to be installed on the system. On a
-freshly installed Debian Stretch system the following packages are required:
+freshly installed Debian Bullseye system the following packages are required:
 
 * `git` (to get Gluon and other dependencies)
-* `subversion`
 * `python3`
 * `build-essential`
+* `ecdsautils` (to sign firmware, see `contrib/sign.sh`)
 * `gawk`
 * `unzip`
 * `libncurses-dev` (actually `libncurses5-dev`)
 * `libz-dev` (actually `zlib1g-dev`)
 * `libssl-dev`
+* `libelf-dev` (to build x86-64)
 * `wget`
+* `rsync`
 * `time` (built-in `time` doesn't work)
 * `qemu-utils`
 
@@ -50,7 +52,7 @@ Building the images
 -------------------
 
 To build Gluon, first check out the repository. Replace *RELEASE* with the
-version you'd like to checkout, e.g. *v2022.1*.
+version you'd like to checkout, e.g. *v2023.1*.
 
 ::
 

docs/user/mtu.rst

@@ -15,7 +15,7 @@ Consider these key values:
   - and configure `MSS clamping`_ accordingly,
   - and announce your link MTU via Router Advertisements and DHCP
 
-  .. _MSS clamping: https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html
+  .. _MSS clamping: https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html
 
 - Encapsulation: Account for the overhead created by the configured mesh protocol
   encapsulating the payload, which is up to 32 Byte (14 Byte Ethernet + 18 Byte
@@ -35,6 +35,8 @@ minimum payload MTU required. This is the lowest recommended value, since going
 lower would cause unnecessary fragmentation for clients which respect the announced
 link MTU.
 
+.. editorconfig-checker-disable
+
 Example: Our network currently uses batman-adv v15, it therefore requires up
 to 32 Bytes of encapsulation overhead on top of the minimal link MTU required for
 transporting IPv6.::
@@ -72,6 +74,7 @@ Tunneling.::
 
        MTU_HIGH = 1436 Byte - 20 Byte - 8 Byte - 24 Byte - 14 Byte = 1370 Byte
 
+.. editorconfig-checker-enable
 
 Tables for Different VPN Providers
 ----------------------------------
@@ -159,7 +162,7 @@ Maximum MTU
 
 Calculation of different derived MTUs based on a maximum WAN MTU of 1436.
 
-Sugestions:
+Suggestions:
 
 - This configuration can be used for fastd and Tunneldigger.
 

docs/user/site.rst

@@ -49,10 +49,13 @@ node_prefix6
 
     node_prefix6 = 'fdca::ffee:babe:2::/64'
 
-node_client_prefix6
-  The ipv6 prefix from which the client-specific IP-address is calculated that
-  is assigned to each node by l3roamd to allow efficient communication when 
-  roaming. This is exclusively useful when running a routing mesh protocol
+node_client_prefix6 \: optional, deprecated
+  DEPRECATED: Don't specify it anymore, this prefix will then
+  automatically be generated from the domain_seed.
+
+  An IPv6 prefix internally used by the l3roamd protocol, used to allow
+  an efficient handover via unicast when a client roamed.
+  This is exclusively useful when running a routing mesh protocol
   like babel. e.g. ::
 
     node_client_prefix6 = 'fdca::ffee:babe:3::/64'
@@ -445,13 +448,8 @@ interfaces \: optional
   The ``client`` role requires exclusive control over an interface. When
   the ``client`` role is assigned to an interface at the same time as other
   roles (like ``'client', 'mesh'`` in the above example), the other roles take
-  precedence (enabling ``mesh``, but not ``client`` in the example).
-
-  Such a default configuration still fulfills a purpose (and is in fact the
-  recommended way to enable "Mesh-on-LAN" by default): The "LAN interface
-  meshing" checkbox in the advanced network settings will only add or remove
-  the ``mesh`` role, so the ``client`` role must already be in the configuration
-  to make the LAN port a regular client interface when the checkbox is disabled.
+  precedence (enabling ``mesh``, but not ``client`` in the example). In that
+  case, the ``client`` role is removed from the config of the interface.
 
   All interface settings are optional. If unset, the following defaults are
   used: