diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 00000000..bbcbbe7d
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
diff --git a/BACKERS.md b/BACKERS.md
index 2422a86a..2c5721bf 100644
--- a/BACKERS.md
+++ b/BACKERS.md
@@ -15,23 +15,25 @@ You can [become a sponsor](https://github.com/sponsors/RaspAP) using your indivi
 > ℹ️  **Important**: If you're sponsoring [RaspAP](https://github.com/RaspAP/sponsors) through a GitHub organization, please send a short email to [sponsors@raspap.com](mailto:sponsors@raspap.com) with the name of your organization and the account that should be added as a collaborator.
 
 ### Exclusive features
-When backers were asked which feature they'd most like to see added to RaspAP, the ability to manage multiple OpenVPN client configurations topped the list of requests. We think this is a great idea, so we're adding this as the first feature exclusive to insiders. 
+The following features are currently available exclusively to sponsors. A tangible side benefit of sponsorship is that Insiders are able to help steer future development of RaspAP. This is done through Insiders' access to discussions, feature requests, issues and pull requests in the private GitHub repository.
 
-✅ [Multiple OpenVPN client configs](https://docs.raspap.com/openvpn/#multiple-client-configs)  
-✅ [OpenVPN certificate authentication](https://docs.raspap.com/openvpn/#certificate-authentication)  
-✅ OpenVPN service logging  
-✅ Night mode toggle  
-✅ Restrict network to static clients  
-✅ [WireGuard support](https://docs.raspap.com/wireguard/)  
-✅ [Set AP transmit power](https://docs.raspap.com/ap-basics/#transmit-power)  
+ ✅ [Network device management](https://docs.raspap.com/net-devices/)    
+ ✅ [Firewall settings](https://docs.raspap.com/firewall/)  
+ ✅ [WPA3-Personal AP security](https://docs.raspap.com/ap-basics/#wpa3-personal)  
+ ✅ [802.11w Protected Management Frames](https://docs.raspap.com/ap-basics/#80211w)  
+ ✅ [Printable Wi-Fi signs](https://docs.raspap.com/ap-basics/#printable-signs)  
+ ⚙️ Traffic shaping (in progress)   
+ 
+Look for the list above to grow as we add more exclusive features. Be sure to visit this page from time to time to learn about what's new, check the [Insiders docs page](https://docs.raspap.com/insiders/) and follow [@RaspAP on Twitter](https://twitter.com/rasp_ap) to stay updated.
 
-Look for the list above to grow as we add more exclusive features. 
-
-### Funding targets
+## Funding targets
 Below is a list of funding targets. When a funding target is reached, the features that are tied to it are merged back into RaspAP and released to the public for general availability.
 
-#### $500 
-The first **Insiders Edition** includes the exclusive features listed above.
+### $1000 
+The second **Insiders Edition** includes the features listed above.
+
+### $500 
+The [first Insiders Edition goal](https://docs.raspap.com/insiders/#500-1st-insiders-edition) was reached in December 2021. Thank you sponsors!
 
 ### Frequently asked questions
 
@@ -73,4 +75,3 @@ Yes. Whether you're an individual or a company, you may use RaspAP Insiders prec
 
 * Please **don't distribute the source code** of Insiders. You may freely use it for public, private or commercial projects, fork it, mirror it, do whatever you want with it, but please don't release the source code, as it would counteract the sponsorware strategy.
 * If you cancel your subscription, you're removed as a collaborator and will miss out on future updates of Insiders. However, you may *use the latest version* that's available to you as long as you like. Just remember that [GitHub deletes private forks](https://docs.github.com/en/github/setting-up-and-managing-your-github-user-account/removing-a-collaborator-from-a-personal-repository).
-
diff --git a/README.md b/README.md
index d83c4b5b..1142af30 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/xeKD93p.png)
-[![Release 2.6.7](https://img.shields.io/badge/release-v2.6.7-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Join Insiders](https://img.shields.io/static/v1?label=Join%20Insiders&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.8.4](https://img.shields.io/badge/release-v2.8.4-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Join Insiders](https://img.shields.io/static/v1?label=Join%20Insiders&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 RaspAP is feature-rich wireless router software that _just works_ on many popular [Debian-based devices](#supported-operating-systems), including the Raspberry Pi. Our popular [Quick installer](#quick-installer) creates a known-good default configuration for all current Raspberry Pis with onboard wireless. A fully responsive, mobile-ready interface gives you control over the relevant services and networking options. Advanced DHCP settings, WireGuard and OpenVPN support, [SSL certificates](https://docs.raspap.com/ssl-quick/), security audits, [captive portal integration](https://docs.raspap.com/captive/), themes and [multilingual options](https://docs.raspap.com/translations/) are included.
 
@@ -122,9 +122,9 @@ RaspAP was originally made for Raspbian, but now also installs on the following
 
 | Distribution | Release  | Architecture | Support |
 |---|:---:|:---:|:---:|
-| Raspberry Pi OS | (32-bit) Lite Buster | ARM | Official |
-| Armbian | Buster | [ARM](https://docs.armbian.com/#supported-socs) | Official |
-| Debian  |  Buster | ARM / x86_64  | Beta |
+| Raspberry Pi OS | (32-bit) Lite Bullseye | ARM | Official |
+| Armbian | Bullseye | [ARM](https://docs.armbian.com/#supported-socs) | Official |
+| Debian  |  Bullseye | ARM / x86_64  | Beta |
 | Ubuntu  |  18.04 LTS / 19.10 | ARM / x86_64  | Beta |
 
 ![](https://i.imgur.com/luiyYNw.png)
diff --git a/ajax/bandwidth/get_bandwidth.php b/ajax/bandwidth/get_bandwidth.php
index db9ebfe8..04c1fc03 100644
--- a/ajax/bandwidth/get_bandwidth.php
+++ b/ajax/bandwidth/get_bandwidth.php
@@ -42,10 +42,10 @@ $jsonobj = json_decode($jsonstdoutvnstat[0], true);
 $timeunits = filter_input(INPUT_GET, 'tu');
 if ($timeunits === 'm') {
     // months
-    $jsonData = $jsonobj['interfaces'][0]['traffic']['months'];
+    $jsonData = $jsonobj['interfaces'][0]['traffic']['month'];
 } else {
     // default: days
-    $jsonData = $jsonobj['interfaces'][0]['traffic']['days'];
+    $jsonData = $jsonobj['interfaces'][0]['traffic']['day'];
 }
 
 $datasizeunits = filter_input(INPUT_GET, 'dsu');
diff --git a/ajax/bandwidth/get_bandwidth_hourly.php b/ajax/bandwidth/get_bandwidth_hourly.php
index bc1c48b5..a8e0f5cc 100644
--- a/ajax/bandwidth/get_bandwidth_hourly.php
+++ b/ajax/bandwidth/get_bandwidth_hourly.php
@@ -34,19 +34,16 @@ if (filter_input(INPUT_GET, 'tu') == 'h') {
     23     => array('date' => '23:00', 'rx' => 0, 'tx' => 0)
     );
 
-
-
-
     exec(sprintf('vnstat -i %s --json h', escapeshellarg($interface)), $jsonstdoutvnstat, $exitcodedaily);
     if ($exitcodedaily !== 0) {
         exit('vnstat error');
     }
 
     $jsonobj = json_decode($jsonstdoutvnstat[0], true)['interfaces'][0];
-    $jsonData = $jsonobj['traffic']['hours'];
+    $jsonData = $jsonobj['traffic']['hour'];
     for ($i = count($jsonData) - 1; $i >= 0; --$i) {
-        $data_template[$jsonData[$i]['id']]['rx'] = round($jsonData[$i]['rx'] / 1024, 0);
-        $data_template[$jsonData[$i]['id']]['tx'] = round($jsonData[$i]['tx'] / 1024, 0);
+        $data_template[$jsonData[$i]['time']['hour']]['rx'] = round($jsonData[$i]['rx'] / 1024, 0);
+        $data_template[$jsonData[$i]['time']['hour']]['tx'] = round($jsonData[$i]['tx'] / 1024, 0);
     }
 
     $data = array();
diff --git a/ajax/networking/get_netcfg.php b/ajax/networking/get_netcfg.php
index 78c0013e..aa207e1e 100644
--- a/ajax/networking/get_netcfg.php
+++ b/ajax/networking/get_netcfg.php
@@ -52,7 +52,7 @@ if (isset($interface)) {
     $dhcpdata['StaticRouters'] = $static_routers[1];
     $dhcpdata['StaticDNS'] = $static_dns[1];
     $dhcpdata['FallbackEnabled'] = empty($fallback) ? false: true;
-    $dhcpdata['DefaultRoute'] = empty($gateway) || $gateway[0] == "gateway";
+    $dhcpdata['DefaultRoute'] = $gateway[0] == "gateway";
 
     echo json_encode($dhcpdata);
 }
diff --git a/ajax/networking/get_wgcfg.php b/ajax/networking/get_wgcfg.php
new file mode 100644
index 00000000..6a9d771d
--- /dev/null
+++ b/ajax/networking/get_wgcfg.php
@@ -0,0 +1,9 @@
+<?php
+
+require '../../includes/csrf.php';
+require_once '../../includes/config.php';
+
+// fetch wg client.conf
+exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $return);
+echo implode(PHP_EOL,$return);
+
diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
new file mode 100644
index 00000000..840d59f0
--- /dev/null
+++ b/ajax/networking/get_wgkey.php
@@ -0,0 +1,22 @@
+<?php
+
+require '../../includes/csrf.php';
+require_once '../../includes/config.php';
+
+$entity = $_POST['entity'];
+
+if (isset($entity)) {
+   
+    // generate public/private key pairs for entity
+    $pubkey = RASPI_WIREGUARD_PATH.$entity.'-public.key';
+    $privkey = RASPI_WIREGUARD_PATH.$entity.'-private.key';
+    $pubkey_tmp = '/tmp/'.$entity.'-public.key';
+    $privkey_tmp = '/tmp/'.$entity.'-private.key';
+     
+    exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
+    $wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
+    exec("sudo mv $privkey_tmp $privkey", $return);
+    exec("sudo mv $pubkey_tmp $pubkey", $return);
+
+    echo json_encode($wgdata);
+}
diff --git a/ajax/networking/save_net_dev_config.php b/ajax/networking/save_net_dev_config.php
new file mode 100644
index 00000000..a95baa50
--- /dev/null
+++ b/ajax/networking/save_net_dev_config.php
@@ -0,0 +1,93 @@
+<?php
+/*
+ Save settings of network devices (type, name, PW, APN ...)
+  
+ Called by js saveNetDeviceSettings (App/js/custom.js)
+*/
+
+
+require '../../includes/csrf.php';
+
+require_once '../../includes/config.php';
+require_once '../../includes/functions.php';
+
+if (isset($_POST['interface'])) {
+    $int = $_POST['interface'];
+    $cfg = [];
+    $file = $RASPI_MOBILEDATA_CONFIG;
+    $cfgfile="/etc/wvdial.conf";
+    if ( $int == "mobiledata") {
+        $cfg['pin'] = $_POST["pin-mobile"];
+        $cfg['apn'] = $_POST["apn-mobile"];
+        $cfg['apn_user'] = $_POST["apn-user-mobile"];
+        $cfg['apn_pw'] = $_POST["apn-pw-mobile"];
+        $cfg['router_user'] = $cfg['apn_user'] ;
+        $cfg['router_pw'] = $cfg['apn_pw'] ;
+        if (file_exists($cfgfile)) {
+            if($cfg["pin"] !== "") exec('sudo /bin/sed -i  "s/CPIN=\".*\"/CPIN=\"'.$cfg["pin"].'\"/gi" '.$cfgfile);
+            if($cfg["apn"] !== "") exec('sudo /bin/sed -i "s/\"IP\"\,\".*\"/\"IP\"\,\"'.$cfg["apn"].'\"/gi" '.$cfgfile);
+            if($cfg["apn_user"] !== "") exec('sudo /bin/sed -i "s/^username = .*$/Username = '.$cfg["apn_user"].'/gi" '.$cfgfile);
+            if($cfg["apn_pw"] !== "") exec('sudo /bin/sed -i "s/^password = .*$/Password = '.$cfg["apn_pw"].'/gi" '.$cfgfile);
+        }
+		if (write_php_ini($cfg, RASPI_MOBILEDATA_CONFIG)) {
+			$jsonData = ['return'=>0,'output'=>['Successfully saved mobile data settings']];
+		} else {
+			$jsonData = ['return'=>1,'output'=>['Error saving mobile data settings']];
+		}
+    } else if ( preg_match("/netdevices/",$int)) {
+        if(!isset($_POST['opts']) ) {
+            $jsonData = ['return'=>0,'output'=>['No valid data to add/delete udev rule ']];
+            echo json_encode($jsonData);
+            return;
+        } else {
+            $opts=explode(" ",$_POST['opts'] );
+            $dev=$opts[0];
+            $vid=$_POST["int-vid-".$dev];
+            $pid=$_POST["int-pid-".$dev];
+            $mac=$_POST["int-mac-".$dev];
+            $name=trim($_POST["int-name-".$dev]);
+			// limit device name to letters and numbers. Total length max 20
+            $name=preg_replace("/[^a-z0-9]/", "", strtolower($name));
+            $name=substr($name, 0, min(strlen($name),20));
+            $type=$_POST["int-type-".$dev];
+            $newtype=$_POST["int-new-type-".$dev];
+            $udevfile=$_SESSION["udevrules"]["udev_rules_file"]; // default file /etc/udev/rules.d/80-net-devices.rules";
+
+            // find the rule prototype and prefix
+            $rule = "";
+            foreach($_SESSION["udevrules"]["network_devices"] as $devt) {
+                if($devt["type"]==$newtype) {
+                    $rulenew = $devt["udev_rule"];
+                    $prefix = $devt["name_prefix"];
+                }
+            }
+
+            // check for an existing rule and delete lines with same MAC or same VID/PID
+            if (!empty($vid) && !empty($pid)) {
+                $rule = '^.*ATTRS{idVendor}==\"' . $vid . '\".*ATTRS{idProduct}==\"' . $pid . '\".*$';
+                exec('sudo sed -i "/'.$rule.'/Id" '.$udevfile);  // clear all entries with this VID/PID
+                $rule = '^.*ATTRS{idProduct}==\"' . $pid . '\".*ATTRS{idVendor}==\"' . $vid . '\".*$';
+                exec('sudo sed -i "/'.$rule.'/Id" '.$udevfile);  // clear all entries with this VID/PID
+            }
+            if (!empty($mac)) {
+                exec('sudo sed -i "/^.*'.$mac.'.*$/d" '.$udevfile);  // clear all entries with same MAC
+            }
+            // create new entry
+            if ( ($type != $newtype) || !empty($name) ) { // new device type or new name
+                if (empty($name)) $name = $prefix."%n";
+                if (!empty($mac)) $rule = preg_replace("/\\\$MAC\\\$/i", $mac, $rulenew);
+                if (!empty($vid)) $rule = preg_replace("/\\\$IDVENDOR\\\$/i", $vid, $rule);
+                if (!empty($pid)) $rule = preg_replace("/\\\$IDPRODUCT\\\$/i", $pid, $rule);
+                if (!empty($name)) $rule = preg_replace("/\\\$DEVNAME\\\$/i",$name,$rule);
+                if (!empty($rule)) exec('echo \''.$rule.'\' | sudo /usr/bin/tee -a '.$udevfile);
+            }
+            $jsonData = ['return'=>0,'output'=>['Settings changed for device '.$dev. '<br>Changes will only be in effect after reconnecting the device'  ] ];
+        }
+    } else {
+        $jsonData = ['return'=>1,'output'=>['Unknown network configuration']];
+    }
+} else {
+    $jsonData = ['return'=>2,'output'=>'Unable to detect interface'];
+}
+
+echo json_encode($jsonData);
diff --git a/ajax/networking/wifi_stations.php b/ajax/networking/wifi_stations.php
index aca5bc89..ecc9c098 100644
--- a/ajax/networking/wifi_stations.php
+++ b/ajax/networking/wifi_stations.php
@@ -14,6 +14,7 @@ knownWifiStations($networks);
 nearbyWifiStations($networks, !isset($_REQUEST["refresh"]));
 connectedWifiStations($networks);
 sortNetworksByRSSI($networks);
+foreach ($networks as $ssid => $network) $networks[$ssid]["ssidutf8"] = ssid2utf8( $ssid ); 
 
 $connected = array_filter($networks, function($n) { return $n['connected']; } );
 $known     = array_filter($networks, function($n) { return !$n['connected'] && $n['configured']; } );
diff --git a/ajax/openvpn/activate_ovpncfg.php b/ajax/openvpn/activate_ovpncfg.php
new file mode 100644
index 00000000..235f01eb
--- /dev/null
+++ b/ajax/openvpn/activate_ovpncfg.php
@@ -0,0 +1,26 @@
+<?php
+
+require_once '../../includes/config.php';
+require_once '../../includes/functions.php';
+
+if (isset($_POST['cfg_id'])) {
+    $ovpncfg_id = $_POST['cfg_id'];
+    $ovpncfg_client = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_client.conf';
+    $ovpncfg_login = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_login.conf';
+
+    // remove existing client config +login and symbolically link the selected one
+    system("sudo rm ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+    system("sudo ln -s $ovpncfg_client ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+    system("sudo rm ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
+    system("sudo ln -s $ovpncfg_login ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
+
+    // restart service
+    exec("sudo /bin/systemctl stop openvpn-client@client", $return);
+    sleep(1);
+    exec("sudo /bin/systemctl enable openvpn-client@client", $return);
+    sleep(1);
+    exec("sudo /bin/systemctl start openvpn-client@client", $return);
+
+    echo json_encode($return);
+}
+
diff --git a/ajax/openvpn/del_ovpncfg.php b/ajax/openvpn/del_ovpncfg.php
new file mode 100644
index 00000000..77adacff
--- /dev/null
+++ b/ajax/openvpn/del_ovpncfg.php
@@ -0,0 +1,13 @@
+<?php
+
+require_once '../../includes/config.php';
+require_once '../../includes/functions.php';
+
+if (isset($_POST['cfg_id'])) {
+    $ovpncfg_id = $_POST['cfg_id'];
+    $ovpncfg_files = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/'.$ovpncfg_id.'_*.conf';
+    exec("sudo rm $ovpncfg_files", $return);
+    $jsonData = ['return'=>$return];
+    echo json_encode($jsonData);
+}
+
diff --git a/app/css/hackernews.css b/app/css/hackernews.css
index 9b3abcf4..53ec065f 100644
--- a/app/css/hackernews.css
+++ b/app/css/hackernews.css
@@ -79,6 +79,9 @@ h5.card-title {
   font-family: Verdana, Geneva, sans-serif;
 }
 
+.sidebar-light hr.sidebar-divider {
+  padding-top: 0.5rem;
+}
 
 ul.nav-tabs, .nav-tabs .nav-link {
   background-color: #f6f6ef;
@@ -163,6 +166,7 @@ ul.nav-tabs, .nav-tabs .nav-link {
 .info-item-xs {
   font-size: 0.7rem;
   margin-left: 0.3rem;
+  line-height: 1.5em;
 }
 
 .info-item-wifi {
@@ -200,6 +204,10 @@ ul.nav-tabs, .nav-tabs .nav-link {
   }
 }
 
+.fas.fa-circle {
+    font-size: 0.5rem;
+}
+
 .logoutput {
   width:100%;
   height:300px;
diff --git a/app/img/wg-qr-code.php b/app/img/wg-qr-code.php
new file mode 100644
index 00000000..7a66e6fc
--- /dev/null
+++ b/app/img/wg-qr-code.php
@@ -0,0 +1,28 @@
+<?php
+
+require_once '../../includes/config.php';
+require_once '../../includes/defaults.php';
+require_once '../../includes/functions.php';
+
+// prevent direct file access
+if (!isset($_SERVER['HTTP_REFERER'])) {
+    header('HTTP/1.0 403 Forbidden');
+    exit;
+}
+
+exec("sudo cat " .RASPI_WIREGUARD_PATH.'client.conf', $return);
+$peer_conf = implode(PHP_EOL,$return);
+$peer_conf.= PHP_EOL;
+$command = "qrencode -t svg -m 0 -o - " . mb_escapeshellarg($peer_conf);
+$svg = shell_exec($command);
+$etag = hash('sha256', $peer_conf);
+$content_length = strlen($svg);
+$last_modified = date("Y-m-d H:i:s");
+
+header("Content-Type: image/svg+xml");
+header("Content-Length: $content_length");
+header("Last-Modified: $last_modified");
+header("ETag: \"$etag\"");
+header("X-QR-Code-Content: $peer_conf");
+echo shell_exec($command);
+
diff --git a/app/img/wifi-qr-code.php b/app/img/wifi-qr-code.php
index c87d0c16..acecfe85 100644
--- a/app/img/wifi-qr-code.php
+++ b/app/img/wifi-qr-code.php
@@ -10,11 +10,6 @@ if (!isset($_SERVER['HTTP_REFERER'])) {
     exit;
 }
 
-function qr_encode($str)
-{
-    return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
-}
-
 $hostapd = parse_ini_file(RASPI_HOSTAPD_CONFIG, false, INI_SCANNER_RAW);
 
 // assume wpa encryption and get the passphrase
@@ -52,7 +47,8 @@ $content_length = strlen($svg);
 header("Content-Type: image/svg+xml");
 header("Content-Length: $content_length");
 header("Last-Modified: $last_modified");
+header("Content-Disposition: attachment; filename=\"qr.svg\"");
 header("ETag: \"$etag\"");
 header("X-QR-Code-Content: $data");
-echo shell_exec($command);
+echo $svg;
 
diff --git a/app/js/custom.js b/app/js/custom.js
index 6d295804..d6ed0576 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -1,6 +1,5 @@
 function msgShow(retcode,msg) {
-    if(retcode == 0) {
-        var alertType = 'success';
+    if(retcode == 0) { var alertType = 'success';
     } else if(retcode == 2 || retcode == 1) {
         var alertType = 'danger';
     }
@@ -123,6 +122,11 @@ $(document).on("click", "#gen_wpa_passphrase", function(e) {
     $('#txtwpapassphrase').val(genPassword(63));
 });
 
+// Enable Bootstrap tooltips
+$(function () {
+  $('[data-toggle="tooltip"]').tooltip()
+})
+
 function genPassword(pwdLen) {
     var pwdChars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
     var rndPass = Array(pwdLen).fill(pwdChars).map(function(x) { return x[Math.floor(Math.random() * x.length)] }).join('');
@@ -252,6 +256,69 @@ $('#hostapdModal').on('shown.bs.modal', function (e) {
 $('#configureClientModal').on('shown.bs.modal', function (e) {
 });
 
+$('#ovpn-confirm-delete').on('click', '.btn-delete', function (e) {
+    var cfg_id = $(this).data('recordId');
+    $.post('ajax/openvpn/del_ovpncfg.php',{'cfg_id':cfg_id},function(data){
+        jsonData = JSON.parse(data);
+        $("#ovpn-confirm-delete").modal('hide');
+        var row = $(document.getElementById("openvpn-client-row-" + cfg_id));
+        row.fadeOut( "slow", function() {
+            row.remove();
+        });
+    });
+});
+
+$('#ovpn-confirm-delete').on('show.bs.modal', function (e) {
+    var data = $(e.relatedTarget).data();
+    $('.btn-delete', this).data('recordId', data.recordId);
+});
+
+$('#ovpn-confirm-activate').on('click', '.btn-activate', function (e) {
+    var cfg_id = $(this).data('record-id');
+    $.post('ajax/openvpn/activate_ovpncfg.php',{'cfg_id':cfg_id},function(data){
+        jsonData = JSON.parse(data);
+        $("#ovpn-confirm-activate").modal('hide');
+        setTimeout(function(){
+            window.location.reload();
+        },300);
+    });
+});
+
+$('#ovpn-confirm-activate').on('shown.bs.modal', function (e) {
+    var data = $(e.relatedTarget).data();
+    $('.btn-activate', this).data('recordId', data.recordId);
+});
+
+$('#ovpn-userpw,#ovpn-certs').on('click', function (e) {
+    if (this.id == 'ovpn-userpw') {
+        $('#PanelCerts').hide();
+        $('#PanelUserPW').show();
+    } else if (this.id == 'ovpn-certs') {
+        $('#PanelUserPW').hide();
+        $('#PanelCerts').show();
+    }
+});
+
+$(document).ready(function(){
+  $("#PanelManual").hide();
+});
+
+$('#wg-upload,#wg-manual').on('click', function (e) {
+    if (this.id == 'wg-upload') {
+        $('#PanelManual').hide();
+        $('#PanelUpload').show();
+    } else if (this.id == 'wg-manual') {
+        $('#PanelUpload').hide();
+        $('#PanelManual').show();
+    }
+});
+
+// Add the following code if you want the name of the file appear on select
+$(".custom-file-input").on("change", function() {
+  var fileName = $(this).val().split("\\").pop();
+  $(this).siblings(".custom-file-label").addClass("selected").html(fileName);
+});
+
 /*
 Sets the wirelss channel select options based on hw_mode and country_code.
 
@@ -320,6 +387,55 @@ function updateBlocklist() {
 function clearBlocklistStatus() {
     $('#cbxblocklist-status').removeClass('check-updated').addClass('check-hidden');
 }
+
+// Handler for the wireguard generate key button
+$('.wg-keygen').click(function(){
+    var entity_pub = $(this).parent('div').prev('input[type="text"]');
+    var entity_priv = $(this).parent('div').next('input[type="hidden"]');
+    var updated = entity_pub.attr('name')+"-pubkey-status";
+    $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
+        var jsonData = JSON.parse(data);
+        entity_pub.val(jsonData.pubkey);
+        $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
+    })
+})
+
+// Handler for wireguard client.conf download
+$('.wg-client-dl').click(function(){
+    var req = new XMLHttpRequest();
+    var url = 'ajax/networking/get_wgcfg.php';
+    req.open('get', url, true);
+    req.responseType = 'blob';
+    req.setRequestHeader('Content-type', 'text/plain; charset=UTF-8');
+    req.onreadystatechange = function (event) {
+        if(req.readyState == 4 && req.status == 200) {
+            var blob = req.response;
+            var link=document.createElement('a');
+            link.href=window.URL.createObjectURL(blob);
+            link.download = 'client.conf';
+            link.click();
+        }
+    }
+    req.send();
+})
+
+// Event listener for Bootstrap's form validation
+window.addEventListener('load', function() {
+    // Fetch all the forms we want to apply custom Bootstrap validation styles to
+    var forms = document.getElementsByClassName('needs-validation');
+    // Loop over them and prevent submission
+    var validation = Array.prototype.filter.call(forms, function(form) {
+        form.addEventListener('submit', function(event) {
+          //console.log(event.submitter);
+          if (form.checkValidity() === false) {
+            event.preventDefault();
+            event.stopPropagation();
+          }
+          form.classList.add('was-validated');
+        }, false);
+    });
+}, false);
+
 // Static Array method
 Array.range = (start, end) => Array.from({length: (end - start)}, (v, k) => k + start);
 
@@ -369,6 +485,17 @@ function set_theme(theme) {
     setCookie('theme',theme,90);
 }
 
+$(function() {
+    $('#night-mode').change(function() {
+        var state = $(this).is(':checked');
+        if (state == true && getCookie('theme') != 'lightsout.css') {
+            set_theme('lightsout.css');
+        } else {
+            set_theme('custom.php');
+        }
+   });
+});
+
 function setCookie(cname, cvalue, exdays) {
     var d = new Date();
     d.setTime(d.getTime() + (exdays*24*60*60*1000));
diff --git a/app/lib/system.php b/app/lib/system.php
index 3b09fb84..ee21ad84 100644
--- a/app/lib/system.php
+++ b/app/lib/system.php
@@ -42,7 +42,7 @@ class Sysinfo
 
     public function usedMemory()
     {
-        $used = shell_exec("free -m | awk '/Mem:/ { total=$2 ; used=$3 } END { print used/total*100}'");
+        $used = shell_exec("free -m | awk 'NR==2{ total=$2 ; used=$3 } END { print used/total*100}'");
         return floor($used);
     }
 
diff --git a/app/lib/uploader.php b/app/lib/uploader.php
new file mode 100644
index 00000000..e15e451c
--- /dev/null
+++ b/app/lib/uploader.php
@@ -0,0 +1,505 @@
+<?php
+
+/**
+ * Simple PHP upload class
+ *
+ * Adapted from aivis/PHP-file-upload-class
+ *
+ * @description File upload class for RaspAP
+ * @author      Bill Zimmerman <billzimmerman@gmail.com>
+ * @author      Aivis Silins
+ * @link        https://github.com/aivis/PHP-file-upload-class
+ * @license     https://github.com/raspap/raspap-webgui/blob/master/LICENSE
+ */
+
+namespace RaspAP\Uploader;
+
+class Upload
+{
+
+    /**
+     * Default directory persmissions (destination)
+     */
+    protected $default_permissions = 0750;
+
+    /**
+     * File post array
+     *
+     * @var array
+     */
+    protected $file_post = array();
+
+    /**
+     * Destination directory
+     *
+     * @var string
+     */
+    protected $destination;
+
+    /**
+     * Fileinfo
+     *
+     * @var object
+     */
+    protected $finfo;
+
+    /**
+     * Data about file
+     *
+     * @var array
+     */
+    public $file = array();
+
+    /**
+     * Max. file size
+     *
+     * @var int
+     */
+    protected $max_file_size;
+
+    /**
+     * Allowed mime types
+     *
+     * @var array
+     */
+    protected $mimes = array();
+
+    /**
+     * Temp path
+     *
+     * @var string
+     */
+    protected $tmp_name;
+
+    /**
+     * Validation errors
+     *
+     * @var array
+     */
+    protected $validation_errors = array();
+
+    /**
+     * Filename (new)
+     *
+     * @var string
+     */
+    protected $filename;
+
+    /**
+     * Internal callbacks (filesize check, mime, etc)
+     *
+     * @var array
+     */
+    private $callbacks = array();
+
+    /**
+     * Root dir
+     *
+     * @var string
+     */
+    protected $root;
+
+    /**
+     * Return upload object
+     *
+     * $destination    = 'path/to/file/destination/';
+     *
+     * @param  string $destination
+     * @param  string $root
+     * @return Upload
+     */
+    public static function factory($destination, $root = false)
+    {
+        return new Upload($destination, $root);
+    }
+
+    /**
+     *  Define root constant and set & create destination path
+     *
+     * @param string $destination
+     * @param string $root
+     */
+    public function __construct($destination, $root = false)
+    {
+        if ($root) {
+            $this->root = $root;
+        } else {
+            $this->root = $_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR;
+        }
+
+        // set & create destination path
+        if (!$this->set_destination($destination)) {
+            throw new Exception('Upload: Unable to create destination. '.$this->root . $this->destination);
+        }
+        //create finfo object
+        $this->finfo = new \finfo();
+    }
+
+    /**
+     * Set target filename
+     *
+     * @param string $filename
+     */
+    public function set_filename($filename)
+    {
+        $this->filename = $filename;
+    }
+
+    /**
+     * Check & Save file
+     *
+     * Return data about current upload
+     *
+     * @return array
+     */
+    public function upload($filename = false)
+    {
+        if($filename ) {
+            $this->set_filename($filename);
+        }
+
+        $this->set_filename($filename);
+        
+        if ($this->check()) {
+            $this->save();
+        }
+
+        // return state data
+        return $this->get_state();
+    }
+
+    /**
+     * Save file on server
+     * Return state data
+     *
+     * @return array
+     */
+    public function save()
+    {
+        $this->save_file();
+        return $this->get_state();
+    }
+
+    /**
+     * Validate file (execute callbacks)
+     * Returns TRUE if validation successful
+     *
+     * @return bool
+     */
+    public function check()
+    {
+        //execute callbacks (check filesize, mime, also external callbacks
+        $this->validate();
+
+        //add error messages
+        $this->file['errors'] = $this->get_errors();
+
+        //change file validation status
+        $this->file['status'] = empty($this->validation_errors);
+
+        return $this->file['status'];
+    }
+
+    /**
+     * Get current state data
+     *
+     * @return array
+     */
+    public function get_state()
+    {
+        return $this->file;
+    }
+
+    /**
+     * Save file on server
+     */
+    protected function save_file()
+    {
+        //create & set new filename
+        if(empty($this->filename)) {
+            $this->create_new_filename();
+        }
+
+        //set filename
+        $this->file['filename'] = $this->filename;
+
+        //set full path
+        $this->file['full_path'] = $this->root . $this->destination . $this->filename;
+            $this->file['path'] = $this->destination . $this->filename;
+
+        $status = move_uploaded_file($this->tmp_name, $this->file['full_path']);
+
+        //checks whether upload successful
+        if (!$status) {
+            throw new Exception('Upload: Failed to upload file.');
+        }
+
+        //done
+        $this->file['status'] = true;
+    }
+
+    /**
+     * Set data about file
+     */
+    protected function set_file_data()
+    {
+        $file_size = $this->get_file_size();
+        $this->file = array(
+        'status'            => false,
+        'destination'       => $this->destination,
+        'size_in_bytes'     => $file_size,
+        'size_in_mb'        => $this->bytes_to_mb($file_size),
+        'mime'              => $this->get_file_mime(),
+        'filename'          => $this->file_post['name'],
+        'tmp_name'          => $this->file_post['tmp_name'],
+        'post_data'         => $this->file_post,
+        );
+    }
+
+    /**
+     * Set validation error
+     *
+     * @param string $message
+     */
+    public function set_error($message)
+    {
+        $this->validation_errors[] = $message;
+    }
+
+    /**
+     * Return validation errors
+     *
+     * @return array
+     */
+    public function get_errors()
+    {
+        return $this->validation_errors;
+    }
+
+    /**
+     * Set external callback methods
+     *
+     * @param object $instance_of_callback_object
+     * @param array  $callback_methods
+     */
+    public function callbacks($instance_of_callback_object, $callback_methods)
+    {
+        if (empty($instance_of_callback_object)) {
+            throw new Exception('Upload: $instance_of_callback_object cannot be empty.');
+
+        }
+
+        if (!is_array($callback_methods)) {
+            throw new Exception('Upload: $callback_methods data type need to be array.');
+        }
+
+        $this->external_callback_object = $instance_of_callback_object;
+        $this->external_callback_methods = $callback_methods;
+    }
+
+    /**
+     * Execute callbacks
+     */
+    protected function validate()
+    {
+        //get curent errors
+        $errors = $this->get_errors();
+
+        if (empty($errors)) {
+
+            //set data about current file
+            $this->set_file_data();
+
+            //execute internal callbacks
+            $this->execute_callbacks($this->callbacks, $this);
+
+            //execute external callbacks
+            $this->execute_callbacks($this->external_callback_methods, $this->external_callback_object);
+        }
+    }
+
+    /**
+     * Execute callbacks
+     */
+    protected function execute_callbacks($callbacks, $object)
+    {
+        foreach($callbacks as $method) {
+            $object->$method($this);
+
+        }
+    }
+
+    /**
+     * File mime type validation callback
+     *
+     * @param object $object
+     */
+    protected function check_mime_type($object)
+    {
+        if (!empty($object->mimes)) {
+            if (!in_array($object->file['mime'], $object->mimes)) {
+                $object->set_error('MIME type not allowed.');
+            }
+        }
+    }
+
+    /**
+     * Set allowed mime types
+     *
+     * @param array $mimes
+     */
+    public function set_allowed_mime_types($mimes)
+    {
+        $this->mimes        = $mimes;
+        //if mime types is set -> set callback
+        $this->callbacks[]    = 'check_mime_type';
+    }
+
+    /**
+     * File size validation callback
+     *
+     * @param object $object
+     */
+    protected function check_file_size($object)
+    {
+        if (!empty($object->max_file_size)) {
+            $file_size_in_mb = $this->bytes_to_mb($object->file['size_in_bytes']);
+            if ($object->max_file_size <= $file_size_in_mb) {
+                $object->set_error('File exceeds maximum allowed size.');
+            }
+        }
+    }
+
+    /**
+     * Set max file size
+     *
+     * @param int $size
+     */
+    public function set_max_file_size($size)
+    {
+        $this->max_file_size = $size;
+        
+        //if max file size is set -> set callback
+        $this->callbacks[] = 'check_file_size';
+    }
+
+    /**
+     * Set File array to object
+     *
+     * @param array $file
+     */
+    public function file($file)
+    {
+        $this->set_file_array($file);
+    }
+
+    /**
+     * Set file array
+     *
+     * @param array $file
+     */
+    protected function set_file_array($file)
+    {
+        //checks whether file array is valid
+        if (!$this->check_file_array($file)) {
+            //file not selected or some bigger problems (broken files array)
+            $this->set_error('Please select file.');
+        }
+
+        //set file data
+        $this->file_post = $file;
+
+        //set tmp path
+        $this->tmp_name  = $file['tmp_name'];
+    }
+
+    /**
+     * Checks whether Files post array is valid
+     *
+     * @return bool
+     */
+    protected function check_file_array($file)
+    {
+        return isset($file['error'])
+        && !empty($file['name'])
+        && !empty($file['type'])
+        && !empty($file['tmp_name'])
+        && !empty($file['size']);
+    }
+
+    /**
+     * Get file mime type
+     *
+     * @return string
+     */
+    protected function get_file_mime()
+    {
+        return $this->finfo->file($this->tmp_name, FILEINFO_MIME_TYPE);
+    }
+
+    /**
+     * Get file size
+     *
+     * @return int
+     */
+    protected function get_file_size()
+    {
+        return filesize($this->tmp_name);
+    }
+
+    /**
+     * Set destination path (return TRUE on success)
+     *
+     * @param  string $destination
+     * @return bool
+     */
+    protected function set_destination($destination)
+    {
+        $this->destination = $destination . DIRECTORY_SEPARATOR;
+        return $this->destination_exist() ? true : $this->create_destination();
+    }
+
+    /**
+     * Checks whether destination folder exists
+     *
+     * @return bool
+     */
+    protected function destination_exist()
+    {
+        return is_writable($this->root . $this->destination);
+    }
+
+    /**
+     * Create path to destination
+     *
+     * @param  string $dir
+     * @return bool
+     */
+    protected function create_destination()
+    {
+        return mkdir($this->root . $this->destination, $this->default_permissions, true);
+    }
+
+    /**
+     * Set unique filename
+     *
+     * @return string
+     */
+    protected function create_new_filename()
+    {
+        $filename = sha1(mt_rand(1, 9999) . $this->destination . uniqid()) . time();
+        $this->set_filename($filename);
+    }
+
+    /**
+     * Convert bytes to MB
+     *
+     * @param  int $bytes
+     * @return int
+     */
+    protected function bytes_to_mb($bytes)
+    {
+        return round(($bytes / 1048576), 2);
+    }
+}
+
diff --git a/config/090_raspap.conf b/config/090_raspap.conf
index da01c751..f44d1a89 100644
--- a/config/090_raspap.conf
+++ b/config/090_raspap.conf
@@ -1,4 +1,4 @@
 # RaspAP default config
-log-facility=/tmp/dnsmasq.log
+log-facility=/var/log/dnsmasq.log
 conf-dir=/etc/dnsmasq.d
 
diff --git a/config/client_config/70-mobile-data-sticks.rules b/config/client_config/70-mobile-data-sticks.rules
new file mode 100644
index 00000000..5ba62000
--- /dev/null
+++ b/config/client_config/70-mobile-data-sticks.rules
@@ -0,0 +1,4 @@
+# mobile data modem - ttyUSB0 device appears 
+SUBSYSTEM=="tty", KERNEL=="ttyUSB0", TAG+="systemd", ENV{SYSTEMD_WANTS}="start start_ppp0_device.service"
+
+
diff --git a/config/client_config/80-raspap-net-devices.rules b/config/client_config/80-raspap-net-devices.rules
new file mode 100644
index 00000000..ddec8203
--- /dev/null
+++ b/config/client_config/80-raspap-net-devices.rules
@@ -0,0 +1,3 @@
+SUBSYSTEM=="net", ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="14db", NAME="hilink%n",  TAG+="systemd", ENV{SYSTEMD_WANTS}="start start_huawei_hilink@hilink%n.service"
+
+
diff --git a/config/client_config/huawei_hilink_api.sh b/config/client_config/huawei_hilink_api.sh
new file mode 100644
index 00000000..6dc439f4
--- /dev/null
+++ b/config/client_config/huawei_hilink_api.sh
@@ -0,0 +1,505 @@
+#!/bin/bash
+#
+# Huawei Hilink API
+# =================
+# - communication with Hilink devices via HTTP
+# - send a standard http request with a xml formatted string to the device (default IP 192.169.8.1)
+# - Howto:
+#   o "source" this script in your own script from the command line
+#   o if hilink_host ip/name differs, set "hilink_host=192.168.178.1" before calling any function
+#   o if the device is locked by a password, set hilink_user="admin"; hilink_password"1234secret"
+#     _login is called automatically
+#     only password type 4 is supported
+#   o if the SIM is requiring a PIN, set "hilink_pin=1234"
+#   o connect device to network: _switchMobileData ON  ( or 1 )
+#   o disconnect device: _switchMobileData OFF  ( or 0 )
+#   o get informations about the device: _getDeviceInformation and _getStatus and _getNetProvider
+#     all functions return XML formatted data in $response.
+#   o _getAllInformations: returns all available informations as key/value pairs (outputs text) 
+#   o Check if device is connected: "if _isConnected; then .... fi"
+#   o $response can be parsed by calling _valueFromResponse 
+#     e.g "_valueFromResponse msisdn" to get the phone number after a call to _getDeviceInformation
+#
+#
+# Usage of functions 
+#     - call the function with parameters (if required)
+#     - return code: 0 - success; 1 - failed
+#     - $status: status information (OK, ERROR)
+#     - $response: xml response to be parsed for the required information
+#
+#
+# required software: curl, base64, sha256sum, sed
+#
+# ToDo: improve error handling
+#
+# zbchristian 2021
+#
+
+# Initialization procedure
+# ========================
+#
+# hilink_host=192.168.8.1       # ip address of device
+# hilink_user="admin"           # user name if locked (default admin)
+# hilink_password="1234Secret"  # password if locked 
+# hilink_pin="1234"             # PIN of SIM
+# _initHilinkAPI                # initialize the API
+#
+# Termination
+# ===========
+# cleanup the API before quitting the shell 
+# _closeHilinkAPI  (optional: add parameter "save" to save the session/token data for subsequent calls. Valid for a few minutes.)
+#
+# BE AWARE, THAT THE API USES SOME GLOBAL VARIABLES : hilink_host, user, password, pin, response, status
+# USE THESE ONLY TO COMMUNICATE WITH THE API.
+# DO NOT USE THE VARIABLE PRE_FIX "hilink_" FOR YOUR OWN VARIABLES
+#
+
+hilink_host_default="192.168.8.1"
+hilink_save_file="/tmp/hilink_api_saved.dat"
+hilink_save_age=60
+hilink_header_file="/tmp/hilink_login_hdr.txt"
+
+# initialize
+function _initHilinkAPI() {
+    local age
+    if [ -z "$hilink_host" ]; then hilink_host=$hilink_host_default; fi
+    if ! _hostReachable; then return 1; fi
+    if [ -f $hilink_save_file ]; then # found file with saved data
+        _getSavedData
+        age=$(( $(date +%s) - $(stat $hilink_save_file  -c %Y) ))
+        if [[ $age -gt $hilink_save_age ]]; then 
+            rm -f $hilink_save_file
+            _logout
+            _sessToken
+        fi
+    fi
+    if [ -z "$hilink_sessID" ] || [ -z "$hilink_token" ]; then _sessToken; fi
+    _login
+    return $?
+}
+
+function _getSavedData() {
+    local dat
+    if [ -f $hilink_save_file ]; then  # restore saved session data
+        dat=$(cat $hilink_save_file)
+        hilink_sessID=$(echo "$dat" | sed -nr 's/sessionid: ([a-z0-9]*)/\1/ip')
+        hilink_token=$(echo "$dat" | sed -nr 's/token: ([a-z0-9]*)/\1/ip')
+        hilink_tokenlist=( $(echo "$dat" | sed -nr 's/tokenlist: ([a-z0-9 ]*)/\1/ip') )
+    fi
+}
+
+# Cleanup
+# parameter: "save" - will store sessionid and tokens in file
+function _closeHilinkAPI() {
+    local opt
+    if [ -z "$hilink_host" ]; then hilink_host=$hilink_host_default; fi
+    if ! _hostReachable; then return 1; fi
+    rm -f $hilink_save_file
+    [ ! -z "$1" ] && opt="${1,,}"
+    if [ ! -z "$opt" ] && [ "$opt" = "save" ]; then
+        echo "sessionid: $hilink_sessID" > $hilink_save_file
+        echo "token: $hilink_token" >> $hilink_save_file
+        echo "tokenlist: ${hilink_tokenlist[@]}" >> $hilink_save_file
+    fi
+    _logout
+    hilink_tokenlist=""
+    hilink_sessID=""
+    hilink_token=""
+    return 0
+}
+
+# get status (connection status, DNS, )
+# parameter: none
+function _getStatus() {
+    if _login; then
+        if _sendRequest "api/monitoring/status"; then
+            if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+function _isConnected() {
+    local conn
+    conn=$(_getStatus "connectionstatus")
+    status="NO"
+    if [ ! -z "$conn" ] && [ $conn -eq 901 ]; then
+        status="YES"
+        return 0
+    fi
+    return 1
+}
+
+# get device information (device name, imei, imsi, msisdn-phone number, MAC, WAN IP ...)
+# parameter: name of parameter to return
+function _getDeviceInformation() {
+    if _login; then 
+        if _sendRequest "api/device/information"; then
+            if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+# get net provider information 
+# parameter: name of parameter to return 
+function _getNetProvider() {
+    if _login; then 
+        if _sendRequest "api/net/current-plmn"; then
+            if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+# get signal level
+# parameter: name of parameter to return
+function _getSignal() {
+    if _login; then
+        if _sendRequest "api/device/signal"; then
+            if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+function _getAllInformations() {
+    if _getDeviceInformation; then _keyValuePairs; fi
+    if _getSignal; then _keyValuePairs; fi
+    if _getNetProvider; then _keyValuePairs; fi
+}
+
+# get status of mobile data connection
+# parameter: none
+function _getMobileDataStatus() {
+    if _login; then
+        if _sendRequest "api/dialup/mobile-dataswitch"; then
+                status=$(_valueFromResponse "dataswitch")
+                if [ $? -eq 0  ] && [ ! -z "$status" ]; then echo "$status"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+
+# PIN of SIM can be passed either as $hilink_pin, or as parameter
+# parameter: PIN number of SIM card
+function _enableSIM() {
+#SimState:
+#255 - no SIM,
+#256 - error CPIN, 
+#257 - ready,
+#258 - PIN disabled,
+#259 - check PIN,
+#260 - PIN required,
+#261 - PUK required
+    local simstate
+    if [ ! -z "$1" ]; then hilink_pin="$1"; fi
+    if ! _login; then return 1; fi
+    if _sendRequest "api/pin/status"; then
+        simstate=$(echo $response | sed  -rn 's/.*<simstate>([0-9]*)<\/simstate>.*/\1/pi')
+        if [[ $simstate -eq 257  ]]; then status="SIM ready"; return 0; fi
+        if [[ $simstate -eq 260  ]]; then 
+            status="PIN required"
+            if [ ! -z "$hilink_pin" ]; then _setPIN "$hilink_pin"; fi
+        return $?
+    fi
+        if [[ $simstate -eq 255  ]]; then status="NO SIM"; return 1; fi
+    fi
+    return 1
+}
+
+# obtain session and verification token - stored in vars $hilink_sessID and $token 
+# parameter: none
+function _sessToken() {
+    hilink_tokenlist=""
+    hilink_token=""
+    hilink_sessID=""
+    response=$(curl -s http://$hilink_host/api/webserver/SesTokInfo -m 5 2> /dev/null)
+    if [ -z "$response" ]; then echo "No access to device at $hilink_host"; return 1; fi
+    status=$(echo "$response" | sed  -nr 's/.*<code>([0-9]*)<\/code>.*/\1/ip')
+    if [ -z "$status" ]; then
+        hilink_token=$(echo $response | sed  -r 's/.*<TokInfo>(.*)<\/TokInfo>.*/\1/')
+        hilink_sessID=$(echo $response | sed  -r 's/.*<SesInfo>(.*)<\/SesInfo>.*/\1/')
+        if [ ! -z "$hilink_sessID" ] &&  [ ! -z "$hilink_token" ]; then 
+            hilink_sessID="SessionID=$hilink_sessID"
+            return 0
+        fi
+    fi
+    return 1
+}
+
+# unlock device (if locked) with user name and password
+# requires stored hilink_user="admin"; hilink_password"1234secret";hilink_host=$hilink_host_default 
+# parameter: none
+function _login() {
+    local ret encpw pwtype pwtype3 hashedpw pwtype4 
+    if _loginState; then return 0; fi    # login not required, or already done
+    _sessToken
+    # get password type
+    if ! _sendRequest "api/user/state-login"; then return 1; fi
+    pwtype=$(echo "$response" | sed  -rn 's/.*<password_type>([0-9])<\/password_type>.*/\1/pi')
+    if [ -z "$pwtype" ];then pwtype=4; fi   # fallback is type 4
+    ret=1
+    if [[ ! -z "$hilink_user" ]] && [[ ! -z "$hilink_password" ]]; then
+        # password encoding
+        # type 3 : base64(pw) encoded
+        # type 4 : base64(sha256sum(user + base64(sha256sum(pw)) + token))
+        pwtype3=$(echo -n "$hilink_password" | base64 --wrap=0)
+        hashedpw=$(echo -n "$hilink_password" | sha256sum -b | sed -nr 's/^([0-9a-z]*).*$/\1/ip' )
+        hashedpw=$(echo -n "$hashedpw" | base64 --wrap=0)
+        pwtype4=$(echo -n "$hilink_user$hashedpw$hilink_token" | sha256sum -b | sed -nr 's/^([0-9a-z]*).*$/\1/ip' )
+        encpw=$(echo -n "$pwtype4" | base64 --wrap=0)
+        if [ $pwtype -ne 4 ]; then encpw=$pwtype3; fi
+        hilink_xmldata="<?xml version='1.0' encoding='UTF-8'?><request><Username>$hilink_user</Username><Password>$encpw</Password><password_type>$pwtype</password_type></request>"
+        hilink_xtraopts="--dump-header $hilink_header_file"
+        rm -f $hilink_header_file
+        _sendRequest "api/user/login"
+        if [ ! -z "$status" ] && [ "$status" = "OK" ]; then 
+            # store the list of 30 tokens. Each token is valid for a single request
+            hilink_tokenlist=( $(cat $hilink_header_file | sed -rn 's/^__RequestVerificationToken:\s*([0-9a-z#]*).*$/\1/pi' | sed 's/#/ /g') )
+            _getToken
+            hilink_sessID=$(cat $hilink_header_file  | grep -ioP 'SessionID=([a-z0-9]*)')
+            if [ ! -z "$hilink_sessID" ] &&  [ ! -z "$hilink_token" ]; then ret=0; fi
+        fi
+        rm -f $hilink_header_file
+    fi
+    return $ret
+}
+
+# logout of hilink device
+# parameter: none
+function _logout() {
+    if _loginState; then 
+        hilink_xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><Logout>1</Logout></request>"
+        if _sendRequest "api/user/logout"; then 
+            hilink_tokenlist=""
+            hilink_sessID=""
+            hilink_token=""
+            hilink_login_enabled=""
+        fi
+        return $?
+    fi
+    return 1
+}
+
+# parameter: none
+function _loginState() {
+    local state
+    status="OK"
+    if [ -z "$hilink_login_enabled" ]; then _checkLoginEnabled; fi
+    if [ $hilink_login_enabled -eq 1 ]; then return 0; fi # login is disabled
+    _sendRequest "api/user/state-login"
+    state=`echo "$response" | sed  -rn 's/.*<state>(.*)<\/state>.*/\1/pi'`
+    if [ ! -z "$state" ] && [ $state -eq 0 ]; then       # already logged in
+        return 0
+    fi
+    return 1
+}
+
+function _checkLoginEnabled() {
+    local state
+    if _sendRequest "api/user/hilink_login"; then
+        hilink_login_enabled=0
+        state=$(echo $response | sed  -rn 's/.*<hilink_login>(.*)<\/hilink_login>.*/\1/pi')
+        if [ ! -z "$state" ] && [ $state -eq 0 ]; then       # no login enabled
+            hilink_login_enabled=1
+        fi
+    else
+        hilink_login_enabled=""
+    fi
+}
+
+# switch mobile data on/off  1/0
+# if SIM is locked, $hilink_pin has to be set
+# parameter: state - ON/OFF or 1/0
+function _switchMobileData() {
+    local mode
+    if [ -z "$1" ]; then return 1; fi
+    _login
+    mode="${1,,}"
+    [ "$mode" = "on" ] && mode=1
+    [ "$mode" = "off" ] && mode=0
+    if [[ $mode -ge 0 ]]; then
+        if _enableSIM "$hilink_pin"; then
+            hilink_xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><dataswitch>$mode</dataswitch></request>"
+            _sendRequest "api/dialup/mobile-dataswitch"
+            return $?
+        fi
+    fi
+    return 1
+}
+
+# parameter: PIN of SIM card
+function _setPIN() {
+    local pin
+    if [ -z "$1" ]; then return 1; fi
+    pin="$1"
+    hilink_xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><OperateType>0</OperateType><CurrentPin>$pin</CurrentPin><NewPin></NewPin><PukCode></PukCode></request>"
+    _sendRequest "api/pin/operate"
+    return $?
+}
+
+# Send request to host at http://$hilink_host/$apiurl
+# data in $hilink_xmldata and options in $hilink_xtraopts
+# parameter: apiurl (e.g. "api/user/login")
+function _sendRequest() {
+    local ret apiurl
+    status="ERROR"
+    if [ -z "$1" ]; then return 1; fi 
+    apiurl="$1"
+    ret=1
+    if [ -z "$hilink_sessID" ] || [ -z "$hilink_token" ]; then _sessToken; fi 
+    if [ -z "$hilink_xmldata" ];then
+        response=$(curl -s http://$hilink_host/$apiurl -m 10 \
+                     -H "Cookie: $hilink_sessID")
+    else 
+        response=$(curl -s -X POST http://$hilink_host/$apiurl -m 10 \
+                    -H "Content-Type: text/xml"  \
+                    -H "Cookie: $hilink_sessID" \
+                    -H "__RequestVerificationToken: $hilink_token" \
+                    -d "$hilink_xmldata" $hilink_xtraopts 2> /dev/null)
+        _getToken
+    fi
+    if [ ! -z "$response" ];then 
+        response=$(echo $response | tr -d '\012\015') # delete newline chars 
+        status=$(echo "$response" | sed  -nr 's/.*<code>([0-9]*)<\/code>.*/\1/ip') # check for error code
+        if [ -z "$status" ]; then
+            status="OK"
+            response=$(echo "$response" | sed  -nr 's/.*<response>(.*)<\/response>.*/\1/ip')
+            [ -z "$response" ] && response="none"
+            ret=0
+        else
+            status="ERROR $status"
+        fi
+    else
+        status="ERROR"
+    fi
+    if [[ "$status" =~ ERROR ]]; then _handleError; fi
+    hilink_xtraopts=""
+    hilink_xmldata=""
+    return $ret
+}
+
+# handle the list of tokens available after login
+# parameter: none
+function _getToken() {
+    if [ ! -z "$hilink_tokenlist" ] && [ ${#hilink_tokenlist[@]} -gt 0 ]; then
+        hilink_token=${hilink_tokenlist[0]}       # get first token in list
+        hilink_tokenlist=("${hilink_tokenlist[@]:1}") # remove used token from list
+        if [ ${#hilink_tokenlist[@]} -eq 0 ]; then
+            _logout     # use the last token to logout
+        fi
+    else
+        _sessToken      # old token has been used - need new session
+    fi
+}
+
+# Analyse $status for error code
+# return error text in $status
+function _handleError() {
+    local ret txt
+    txt=$(_getErrorText)
+    if [ -z "$code" ]; then return 1; fi
+    ret=0
+    case "$code" in
+        101|108003|108007)
+            ret=1
+            status="$txt"
+            ;;
+        108001|108002|108006)
+            ret=1
+            status="$txt"
+            ;;
+        125001|125002|125003)
+            _sessToken
+            ret=0
+            ;;
+        *)
+            ;;
+    esac
+    return "$ret"
+}
+
+declare -A hilink_err_api
+hilink_err_api[101]="Unable to get session ID/token"
+hilink_err_api[108001]="Invalid username/password"
+hilink_err_api[108002]=${hilink_err_api[108001]}
+hilink_err_api[108006]=${hilink_err_api[108001]}
+hilink_err_api[108003]="User already logged in - need to wait a bit"
+hilink_err_api[108007]="Too many login attempts - need to wait a bit"
+hilink_err_api[125001]="Invalid session/request token"
+hilink_err_api[125002]=${hilink_err_api[125001]}
+hilink_err_api[125003]=${hilink_err_api[125001]}
+
+# check error and return error text
+# status passsed in $status, or $1
+function _getErrorText() {
+    local err code errortext
+    err="$status"
+    code="0"
+    if [ ! -z "$1" ]; then err="$1"; fi
+    if [ -z "$err" ]; then return 1; fi
+    errortext="$err"
+    if [[  "$err" =~ ERROR\ *([0-9]*) ]] && [ ! -z "${BASH_REMATCH[1]}" ]; then
+        code=${BASH_REMATCH[1]}
+        if [ ! -z "$code" ] && [ ! -z "${hilink_err_api[$code]}" ]; then 
+            errortext="${hilink_err_api[$code]}"
+        fi
+    fi
+    echo $errortext
+    return 0
+}
+
+function _hostReachable() {
+    local avail
+    avail=$( timeout 0.5 ping -c 1 $hilink_host | sed -rn 's/.*time=.*/1/p' )
+    if [ -z "$avail" ]; then status="ERROR: Not reachable"; return 1; fi
+    status="OK"
+    return 0;
+}
+
+# helper function to parse $response (xml format) for a value 
+# call another function first!
+# parameter: tag-name
+function _valueFromResponse() {
+    local par value
+    if [ -z "$response" ] || [ -z "$1" ]; then return 1; fi
+    par="$1"
+    value=$(echo $response | sed  -rn 's/.*<'$par'>(.*)<\/'$par'>.*/\1/pi')
+    if [ -z "$value" ]; then return 1; fi   
+    echo "$value"
+    return 0
+}
+
+# list all keys of the current xml response
+function _keysFromResponse() {
+    if [ -z "$response" ]; then return 1; fi
+    echo $response | grep -oiP "(?<=<)[a-z_-]*(?=>)"
+    return 0
+}
+
+# return all key=value pairs of the current xml response
+function _keyValuePairs() {
+    if [ -z "$response" ]; then return 1; fi
+    echo $response | sed -n 's/<\([^>]*\)>\(.*\)<\/\1>[^<]*/\1=\"\2\"\n/gpi'
+    return 0
+}
+
+hilink_token=""
+hilink_tokenlist=""
+hilink_sessID=""
+hilink_xmldata=""
+hilink_xtraopts=""
+hilink_host=$hilink_host_default
+hilink_user="admin"
+hilink_password=""
+hilink_pin=""
+response=""
+status=""
+ 
\ No newline at end of file
diff --git a/config/client_config/info_huawei.sh b/config/client_config/info_huawei.sh
new file mode 100644
index 00000000..fe6c27a1
--- /dev/null
+++ b/config/client_config/info_huawei.sh
@@ -0,0 +1,109 @@
+#!/bin/bash
+# get info about device and signal of Huawei mobile USB devices
+# parm:
+# $1 : requested information (manufacturer, device, imei, imsi, telnumber, ipaddress, mode, signal, operator)
+# $2 : (optional) type - hilink or modem (default: hilink)
+# $3 : (optional) for hilink: ip address of the device (default: 192.168.8.1)
+#                 for modem: tty interface for communication (default: /dev/ttypUSB2)
+# $4 : more options can be added for Hilink devices ('-u user -P password -p pin'). These are passed to the corresponding script 
+#
+# requires: bc
+# calls the scripts info_huawei_hilink.sh and info_huawei_modem.sh (same path as this script)
+#
+# zbchristian 2020
+#
+path=$(dirname "$0")
+opt="device"
+if [ ! -z "$1" ]; then opt=${1,,}; fi
+type="hilink"
+if [ ! -z "$2" ]; then type=${2,,}; fi
+
+parms=""
+if [ "$type" = "hilink" ]; then
+  connect="-h 192.168.8.1"
+  if [ ! -z "$3" ]; then connect="-h $3"; fi
+  if [ ! -z "$4" ]; then parms="$4"; fi
+  script="$path/info_huawei_hilink.sh"
+else
+  connect="/dev/ttyUSB2"
+  if [ ! -z "$3" ]; then connect=$3; fi
+  script="$path/info_huawei_modem.sh"
+fi
+res=$($script $opt $connect $parms)
+
+# some results require special treatment
+case $opt in
+
+#  manufacturer)
+#    if [ "$res" = "none" ]; then res="Huawei"; fi
+#    ;;
+
+#  device)
+#    if [ ! "$res" = "none" ]; then res="Huawei $res"; 
+#    else res="Huawei"; fi
+#    ;;
+
+  mode)
+    if [ ! "$res" = "none" ]; then
+      if [ "$type" = "hilink" ]; then
+        if [ "$res" = "LTE" ]; then res="4G"
+        elif [ "$res" = "WCDMA" ]; then  res="3G";
+        else res="2G"; fi
+      else
+        if [ $res -eq 7 ]; then res="4G"
+        elif [ $res -lt 7 ] && [ $res -gt 2 ] ; then  res="3G";
+        else res="2G"; fi
+      fi
+    fi
+    ;;
+
+  signal)
+  # return signal strength/quality in %
+    if [ "$type" = "hilink" ]; then
+     # signal request tries to get RSRQ value
+     # try to get RSRQ (4G), EC/IO (3G) or RSSI (2G) value
+     if [ "$res" = "none" ]; then res=$($script "ecio"); fi
+     if [ ! "$res" = "none" ]; then 
+       # for rsrq and ecio assume: -3dB (100%) downto -20dB (0%)
+       qual=${res//dB/}
+       if [[ ! "$qual" =~ [-0-9\.]* ]]; then qual=-100; fi
+       qual=$(bc <<< "scale=0;res=$qual-0.5;res/1") # just round to next integer 
+       if [ $qual -le -20 ]; then qual=0; 
+       elif [ $qual -ge -3 ]; then qual=100; 
+       else  qual=$(bc <<< "scale=0;res=100.0/17.0*$qual+2000.0/17.0;res/1"); fi
+     else
+      # try rssi: >-70dBm (100%) downto -100dBm (0%)
+      res=$($script "rssi");
+      if [ ! "$res" = "none" ]; then
+        if [[ ! $res =~ [-0-9\.]* ]]; then res="-120 dBm"; fi
+        qual=${res//dBm/}
+        qual=$(bc <<< "scale=0;res=$qual+0.5;res/1") # just round to next integer 
+        if [ $qual -le -110 ]; then qual=0;
+        elif [ $qual -ge -70 ]; then qual=100; 
+        else  qual=$(bc <<< "scale=0;res=2.5*$qual+275;res/1"); fi
+      fi
+     fi
+    else
+     # modem returns RSSI as number 0-31 - 0 = -113dB (0%), 1 = -111dB, 31 = >=51dB (100%)
+     qual=$(bc <<< "scale=0;res=$res*3.5+0.5;res/1")
+     if [ $qual -gt 100 ]; then res=100; fi
+    fi
+    if [ ! "$res" = "none" ]; then res="$res (${qual}%)"; fi
+    ;;
+
+  operator)
+    # check if operator/network is just a 5 digit number -> extract network name from table
+    if [[ $res =~ ^[0-9]{5}$ ]]; then
+      mcc=${res:0:3}
+      mnc=${res:3:2}
+      op=$(cat $path/mcc-mnc-table.csv | sed -rn 's/^'$mcc'\,[0-9]*\,'$mnc'\,(.*\,){4}(.*)$/\2/p')
+      if [ ! -z "$op" ]; then res="$op ($res)"; fi
+    fi
+   ;;
+
+  *)
+    ;;
+esac
+
+echo $res
+
diff --git a/config/client_config/info_huawei_hilink.sh b/config/client_config/info_huawei_hilink.sh
new file mode 100644
index 00000000..c98ee9fe
--- /dev/null
+++ b/config/client_config/info_huawei_hilink.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+# Information about HUAWEI hilink
+# -------------------------------
+# get info about the device and signal
+# parameter: $1 - "connected", "device", "ipaddress", "mode", "signal"  (see case statement below)
+#            -u,--user - username
+#            -P,--password - password
+#            -p,--pin - SIM pin
+#            -h,--host - host ip address for API calls (optional)
+# returns the value of the parameter, or "none" if not found or empty
+#
+# All device informations are buffered for 5 secs to speed up subsequent calls
+#
+# zbchristian 2021
+
+function _setAPIParams() {
+    if [ ! -z "$hostip" ]; then hilink_host="$hostip"; fi
+    if [ ! -z "$username" ]; then hilink_user="$username"; fi
+    if [ ! -z "$password" ]; then hilink_password="$password"; fi
+    if [ ! -z "$simpin" ]; then hilink_pin="$simpin"; fi
+}
+
+if [ -z "$1" ]; then echo "none"; exit; fi
+property="${1,,}"
+shift
+hostip="192.168.8.1"
+while [ -n "$1" ]; do
+    case "$1" in
+        -u|--user)      username="$2"; shift ;;
+        -P|--password)  password="$2"; shift ;;
+        -p|--pin)       simpin="$2"; shift ;;
+        -h|--host)      hostip="$2"; shift ;;
+    esac
+    shift
+done
+
+status="no valid option given"
+result="none"
+hostip="192.168.8.1"
+if [ "$opt" = "connected" ]; then
+    source /usr/local/sbin/huawei_hilink_api.sh
+    _setAPIParams
+    if ! _initHilinkAPI; then echo "none"; exit; fi
+    result=$(_getMobileDataStatus)
+    _closeHilinkAPI
+else
+    info_file="/tmp/huawei_infos_${hostip}_$(id -u).dat"
+    if [ -f "$info_file" ]; then
+        age=$(( $(date +%s) - $(stat $info_file -c %Y) )) 
+        if [[ $age -gt 10 ]]; then rm -f $info_file; fi
+    fi
+
+    if [ -f "$info_file" ]; then
+        infos=$(cat $info_file)
+    else
+        source /usr/local/sbin/huawei_hilink_api.sh
+        _setAPIParams
+        if ! _initHilinkAPI; then echo "none"; exit; fi
+        infos=$(_getAllInformations)
+        _closeHilinkAPI
+        if [ ! -z "$infos" ]; then echo -n "$infos" > $info_file; fi
+    fi
+
+    case "$property" in
+        device|devicename)
+          key="devicename"
+          ;;
+        ipaddress|wanipaddress)
+          key="wanipaddress"
+          ;;
+        mode)
+          key="workmode"
+          ;;
+        telnumber)
+          key="msisdn"
+          ;;
+        imei|imsi|rssi|rsrq|rsrp|sinr|ecio)
+          key="$property"
+          ;;
+        signal)
+          key="rsrq"
+        ;;
+        operator|fullname)
+          key="fullname"
+        ;;
+        *)
+          key="device"
+        ;;
+      esac
+      if [ -z "$key" ]; then result="none"; fi
+      result=$(echo "$infos" | sed -rn 's/'$key'=\"([^ \s]*)\"/\1/ip')
+      if [ -z "$result" ]; then result="none"; fi
+fi
+echo -n "$result"
+
diff --git a/config/client_config/info_huawei_modem.sh b/config/client_config/info_huawei_modem.sh
new file mode 100644
index 00000000..33c78b7d
--- /dev/null
+++ b/config/client_config/info_huawei_modem.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+# Information about HUAWEI modem - via AT commands
+# ------------------------------------------------
+# get info about the device and signal
+# parameter: $1 - see opts list below
+#            $2 - tty device name for the communicaton (optional)
+# returns the value of the parameter, or "none" if not found or empty
+#
+# requires: socat
+#
+# zbchristian 2020
+
+opts=("manufacturer" "device"     "imei"    "imsi"    "telnumber"            "mode"         "signal"         "operator")
+
+# at command to extract information
+atcmds=("AT+CGMI"    "AT+CGMM"    "AT+CGSN" "AT+CIMI" "AT+CNUM"              "AT+COPS?"     "AT+CSQ"         "AT+COPS?")
+# regexp pattern to extract wanted information from result string
+pats=(  " "          " "          " "       " "       ".*\,\"([0-9\+]*)\".*" '.*\,([0-9])$' ".*: ([0-9]*).*" '.*\,\"([^ ]*)\".*$')
+
+# tty device for communication - usually 3 tty devices are created and the 3rd ttyUSB2 is available, even, when the device is connected
+dev="/dev/ttyUSB2"
+
+atsilent="AT^CURC=0"
+
+if [ ! -z $2 ]; then dev=$2; fi
+
+idx=-1
+opt=${opts[0]}
+if [ ! -z $1 ]; then opt=$1; fi
+
+for i in "${!opts[@]}"; do
+  if [[ ${opts[$i]} == $opt ]]; then idx=$i; fi
+done
+if [[ $idx == -1 ]];then echo "none"; exit; fi 
+
+atcmd=${atcmds[$idx]}
+pat=${pats[$idx]}
+
+
+result=`(echo $atsilent; echo $atcmd) | sudo /usr/bin/socat - $dev`
+# escape the AT command to be used in the regexp
+atesc=${atcmd//[\+]/\\+}
+atesc=${atesc//[\?]/\\?}
+result=`echo $result | sed -rn 's/.*'"$atesc"'\s([^ ]+|[^ ]+ [^ ]+)\sOK.*$/\1/pg'`
+if [[ $pat != " " ]]; then
+  result=`echo $result | sed -rn 's/'"$pat"'/\1/pg'`
+fi
+
+if [ -z "$result" ]; then result="none"; fi
+
+echo $result
+
diff --git a/config/client_config/interfaces b/config/client_config/interfaces
new file mode 100644
index 00000000..157aa22b
--- /dev/null
+++ b/config/client_config/interfaces
@@ -0,0 +1,13 @@
+# interfaces(5) file used by ifup(8) and ifdown(8)
+
+# Please note that this file is written to be used with dhcpcd
+# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
+
+# Include files from /etc/network/interfaces.d:
+source-directory /etc/network/interfaces.d
+
+auto ppp0
+iface ppp0 inet wvdial
+provider connect
+pre-up /usr/local/sbin/ppp0_setpin.sh
+up /usr/local/sbin/ppp0_route.sh
diff --git a/config/client_config/mcc-mnc-table.csv b/config/client_config/mcc-mnc-table.csv
new file mode 100644
index 00000000..34510563
--- /dev/null
+++ b/config/client_config/mcc-mnc-table.csv
@@ -0,0 +1,1691 @@
+MCC,MCC (int),MNC,MNC (int),ISO,Country,Country Code,Network
+289,649,88,2191,ge,Abkhazia,7,A-Mobile
+289,649,68,1679,ge,Abkhazia,7,A-Mobile
+289,649,67,1663,ge,Abkhazia,7,Aquafon
+412,1042,80,2063,af,Afghanistan,93,Afghan Telecom Corp. (AT)
+412,1042,88,2191,af,Afghanistan,93,Afghan Telecom Corp. (AT)
+412,1042,01,31,af,Afghanistan,93,Afghan Wireless/AWCC
+412,1042,40,1039,af,Afghanistan,93,Areeba/MTN
+412,1042,50,1295,af,Afghanistan,93,Etisalat
+412,1042,30,783,af,Afghanistan,93,Etisalat
+412,1042,20,527,af,Afghanistan,93,Roshan/TDCA
+412,1042,03,63,af,Afghanistan,93,WaselTelecom (WT)
+276,630,01,31,al,Albania,355,AMC/Cosmote
+276,630,03,63,al,Albania,355,Eagle Mobile
+276,630,04,79,al,Albania,355,PLUS Communication Sh.a
+276,630,02,47,al,Albania,355,Vodafone
+603,1539,01,31,dz,Algeria,213,ATM Mobils
+603,1539,02,47,dz,Algeria,213,Orascom / DJEZZY
+603,1539,03,63,dz,Algeria,213,Oreedo/Wataniya / Nedjma
+544,1348,11,287,as,American Samoa,684,Blue Sky Communications
+213,531,03,63,ad,Andorra,376,Mobiland
+631,1585,04,79,ao,Angola,244,MoviCel
+631,1585,02,47,ao,Angola,244,Unitel
+365,869,840,2112,ai,Anguilla,1264,Cable and Wireless
+365,869,010,16,ai,Anguilla,1264,Digicell / Wireless Vent. Ltd
+344,836,030,48,ag,Antigua and Barbuda,1268,APUA PCS
+344,836,920,2336,ag,Antigua and Barbuda,1268,C & W
+344,836,930,2352,ag,Antigua and Barbuda,1268,DigiCel/Cing. Wireless
+722,1826,310,784,ar,Argentina Republic,54,Claro/ CTI/AMX
+722,1826,330,816,ar,Argentina Republic,54,Claro/ CTI/AMX
+722,1826,320,800,ar,Argentina Republic,54,Claro/ CTI/AMX
+722,1826,010,16,ar,Argentina Republic,54,Compania De Radiocomunicaciones Moviles SA
+722,1826,070,112,ar,Argentina Republic,54,Movistar/Telefonica
+722,1826,020,32,ar,Argentina Republic,54,Nextel
+722,1826,340,832,ar,Argentina Republic,54,Telecom Personal S.A.
+722,1826,341,833,ar,Argentina Republic,54,Telecom Personal S.A.
+283,643,01,31,am,Armenia,374,ArmenTel/Beeline
+283,643,04,79,am,Armenia,374,Karabakh Telecom
+283,643,10,271,am,Armenia,374,Orange
+283,643,05,95,am,Armenia,374,Vivacell
+363,867,02,47,aw,Aruba,297,Digicel
+363,867,20,527,aw,Aruba,297,Digicel
+363,867,01,31,aw,Aruba,297,Setar GSM
+505,1285,14,335,au,Australia,61,AAPT Ltd.
+505,1285,24,591,au,Australia,61,Advanced Comm Tech Pty.
+505,1285,09,159,au,Australia,61,Airnet Commercial Australia Ltd..
+505,1285,04,79,au,Australia,61,Department of Defense
+505,1285,26,623,au,Australia,61,Dialogue Communications Pty Ltd
+505,1285,12,303,au,Australia,61,H3G Ltd.
+505,1285,06,111,au,Australia,61,H3G Ltd.
+505,1285,88,2191,au,Australia,61,Localstar Holding Pty. Ltd
+505,1285,19,415,au,Australia,61,Lycamobile Pty Ltd
+505,1285,08,143,au,Australia,61,Railcorp/Vodafone
+505,1285,99,2463,au,Australia,61,Railcorp/Vodafone
+505,1285,13,319,au,Australia,61,Railcorp/Vodafone
+505,1285,02,47,au,Australia,61,Singtel Optus
+505,1285,90,2319,au,Australia,61,Singtel Optus
+505,1285,01,31,au,Australia,61,Telstra Corp. Ltd.
+505,1285,11,287,au,Australia,61,Telstra Corp. Ltd.
+505,1285,71,1823,au,Australia,61,Telstra Corp. Ltd.
+505,1285,72,1839,au,Australia,61,Telstra Corp. Ltd.
+505,1285,05,95,au,Australia,61,The Ozitel Network Pty.
+505,1285,16,367,au,Australia,61,Victorian Rail Track Corp. (VicTrack)
+505,1285,07,127,au,Australia,61,Vodafone
+505,1285,03,63,au,Australia,61,Vodafone
+232,562,09,159,at,Austria,43,A1 MobilKom
+232,562,02,47,at,Austria,43,A1 MobilKom
+232,562,01,31,at,Austria,43,A1 MobilKom
+232,562,11,287,at,Austria,43,A1 MobilKom
+232,562,15,351,at,Austria,43,T-Mobile/Telering
+232,562,10,271,at,Austria,43,H3G
+232,562,14,335,at,Austria,43,H3G
+232,562,05,95,at,Austria,43,3/Orange/One Connect
+232,562,12,303,at,Austria,43,3/Orange/One Connect
+232,562,06,111,at,Austria,43,3/Orange/One Connect
+232,562,17,383,at,Austria,43,Spusu/Mass Response
+232,562,04,79,at,Austria,43,T-Mobile/Telering
+232,562,03,63,at,Austria,43,T-Mobile/Telering
+232,562,07,127,at,Austria,43,T-Mobile/Telering
+232,562,19,415,at,Austria,43,Tele2
+232,562,08,143,at,Austria,43,A1 MobilKom
+232,562,13,319,at,Austria,43,UPC Austria
+400,1024,01,31,az,Azerbaijan,994,Azercell Telekom B.M.
+400,1024,04,79,az,Azerbaijan,994,Azerfon.
+400,1024,03,63,az,Azerbaijan,994,Caspian American Telecommunications LLC (CATEL)
+400,1024,02,47,az,Azerbaijan,994,J.V. Bakcell GSM 2000
+364,868,390,912,bs,Bahamas,1242,Bahamas Telco. Comp.
+364,868,39,927,bs,Bahamas,1242,Bahamas Telco. Comp.
+364,868,30,783,bs,Bahamas,1242,Bahamas Telco. Comp.
+364,868,03,63,bs,Bahamas,1242,Smart Communications
+426,1062,01,31,bh,Bahrain,973,Batelco
+426,1062,02,47,bh,Bahrain,973,ZAIN/Vodafone
+426,1062,04,79,bh,Bahrain,973,VIVA
+470,1136,02,47,bd,Bangladesh,880,Robi/Aktel
+470,1136,05,95,bd,Bangladesh,880,Citycell
+470,1136,06,111,bd,Bangladesh,880,Citycell
+470,1136,01,31,bd,Bangladesh,880,GrameenPhone
+470,1136,03,63,bd,Bangladesh,880,Orascom/Banglalink
+470,1136,04,79,bd,Bangladesh,880,TeleTalk
+470,1136,07,127,bd,Bangladesh,880,Airtel/Warid
+342,834,600,1536,bb,Barbados,1246,LIME
+342,834,810,2064,bb,Barbados,1246,Cingular Wireless
+342,834,750,1872,bb,Barbados,1246,Digicel
+342,834,050,80,bb,Barbados,1246,Digicel
+342,834,820,2080,bb,Barbados,1246,Sunbeach
+257,599,03,63,by,Belarus,375,BelCel JV
+257,599,04,79,by,Belarus,375,BeST
+257,599,01,31,by,Belarus,375,Mobile Digital Communications
+257,599,02,47,by,Belarus,375,MTS
+206,518,20,527,be,Belgium,32,Base/KPN
+206,518,01,31,be,Belgium,32,Belgacom/Proximus
+206,518,06,111,be,Belgium,32,Lycamobile Belgium
+206,518,10,271,be,Belgium,32,Mobistar/Orange
+206,518,02,47,be,Belgium,32,SNCT/NMBS
+206,518,05,95,be,Belgium,32,Telenet BidCo NV
+702,1794,67,1663,bz,Belize,501,DigiCell
+702,1794,68,1679,bz,Belize,501,International Telco (INTELCO)
+616,1558,04,79,bj,Benin,229,Bell Benin/BBCOM
+616,1558,02,47,bj,Benin,229,Etisalat/MOOV
+616,1558,05,95,bj,Benin,229,GloMobile
+616,1558,01,31,bj,Benin,229,Libercom
+616,1558,03,63,bj,Benin,229,MTN/Spacetel
+350,848,000,0,bm,Bermuda,1441,Bermuda Digital Communications Ltd (BDC)
+350,848,99,2463,bm,Bermuda,1441,CellOne Ltd
+350,848,10,271,bm,Bermuda,1441,DigiCel / Cingular
+350,848,02,47,bm,Bermuda,1441,M3 Wireless Ltd
+350,848,01,31,bm,Bermuda,1441,Telecommunications (Bermuda & West Indies) Ltd (Digicel Bermuda)
+402,1026,11,287,bt,Bhutan,975,B-Mobile
+402,1026,17,383,bt,Bhutan,975,Bhutan Telecom Ltd (BTL)
+402,1026,77,1919,bt,Bhutan,975,TashiCell
+736,1846,02,47,bo,Bolivia,591,Entel Pcs
+736,1846,01,31,bo,Bolivia,591,Viva/Nuevatel
+736,1846,03,63,bo,Bolivia,591,Tigo
+218,536,90,2319,ba,Bosnia & Herzegov.,387,BH Mobile
+218,536,03,63,ba,Bosnia & Herzegov.,387,Eronet Mobile
+218,536,05,95,ba,Bosnia & Herzegov.,387,M-Tel
+652,1618,04,79,bw,Botswana,267,BeMOBILE
+652,1618,01,31,bw,Botswana,267,Mascom Wireless (Pty) Ltd.
+652,1618,02,47,bw,Botswana,267,Orange
+724,1828,12,303,br,Brazil,55,Claro/Albra/America Movil
+724,1828,38,911,br,Brazil,55,Claro/Albra/America Movil
+724,1828,05,95,br,Brazil,55,Claro/Albra/America Movil
+724,1828,01,31,br,Brazil,55,Vivo S.A./Telemig
+724,1828,32,815,br,Brazil,55,CTBC Celular SA (CTBC)
+724,1828,34,847,br,Brazil,55,CTBC Celular SA (CTBC)
+724,1828,33,831,br,Brazil,55,CTBC Celular SA (CTBC)
+724,1828,08,143,br,Brazil,55,TIM
+724,1828,00,15,br,Brazil,55,Nextel (Telet)
+724,1828,39,927,br,Brazil,55,Nextel (Telet)
+724,1828,30,783,br,Brazil,55,Oi (TNL PCS / Oi)
+724,1828,16,367,br,Brazil,55,Brazil Telcom
+724,1828,31,799,br,Brazil,55,Oi (TNL PCS / Oi)
+724,1828,24,591,br,Brazil,55,Amazonia Celular S/A
+724,1828,54,1359,br,Brazil,55,PORTO SEGURO TELECOMUNICACOES
+724,1828,15,351,br,Brazil,55,Sercontel Cel
+724,1828,07,127,br,Brazil,55,CTBC/Triangulo
+724,1828,19,415,br,Brazil,55,Vivo S.A./Telemig
+724,1828,03,63,br,Brazil,55,TIM
+724,1828,02,47,br,Brazil,55,TIM
+724,1828,04,79,br,Brazil,55,TIM
+724,1828,37,895,br,Brazil,55,Unicel do Brasil Telecomunicacoes Ltda
+724,1828,23,575,br,Brazil,55,Vivo S.A./Telemig
+724,1828,11,287,br,Brazil,55,Vivo S.A./Telemig
+724,1828,10,271,br,Brazil,55,Vivo S.A./Telemig
+724,1828,06,111,br,Brazil,55,Vivo S.A./Telemig
+348,840,570,1392,vg,British Virgin Islands,284,Caribbean Cellular
+348,840,770,1904,vg,British Virgin Islands,284,Digicel
+348,840,170,368,vg,British Virgin Islands,284,LIME
+528,1320,02,47,bn,Brunei Darussalam,673,b-mobile
+528,1320,11,287,bn,Brunei Darussalam,673,Datastream (DTSCom)
+528,1320,01,31,bn,Brunei Darussalam,673,Telekom Brunei Bhd (TelBru)
+284,644,06,111,bg,Bulgaria,359,BTC Mobile EOOD (vivatel)
+284,644,03,63,bg,Bulgaria,359,BTC Mobile EOOD (vivatel)
+284,644,05,95,bg,Bulgaria,359,Telenor/Cosmo/Globul
+284,644,01,31,bg,Bulgaria,359,MobilTel AD
+613,1555,03,63,bf,Burkina Faso,226,TeleCel
+613,1555,01,31,bf,Burkina Faso,226,TeleMob-OnaTel
+613,1555,02,47,bf,Burkina Faso,226,Airtel/ZAIN/CelTel
+642,1602,02,47,bi,Burundi,257,Africel / Safaris
+642,1602,08,143,bi,Burundi,257,Lumitel/Viettel
+642,1602,03,63,bi,Burundi,257,Onatel / Telecel
+642,1602,07,127,bi,Burundi,257,Smart Mobile / LACELL
+642,1602,01,31,bi,Burundi,257,Spacetel / Econet / Leo
+642,1602,82,2095,bi,Burundi,257,Spacetel / Econet / Leo
+456,1110,04,79,kh,Cambodia,855,Cambodia Advance Communications Co. Ltd (CADCOMMS)
+456,1110,02,47,kh,Cambodia,855,Smart Mobile
+456,1110,08,143,kh,Cambodia,855,Metfone
+456,1110,18,399,kh,Cambodia,855,MFone/Camshin/Cellcard
+456,1110,01,31,kh,Cambodia,855,Mobitel/Cam GSM
+456,1110,03,63,kh,Cambodia,855,QB/Cambodia Adv. Comms.
+456,1110,05,95,kh,Cambodia,855,Smart Mobile
+456,1110,06,111,kh,Cambodia,855,Smart Mobile
+456,1110,09,159,kh,Cambodia,855,Sotelco/Beeline
+624,1572,01,31,cm,Cameroon,237,MTN
+624,1572,04,79,cm,Cameroon,237,Nextel
+624,1572,02,47,cm,Cameroon,237,Orange
+302,770,652,1618,ca,Canada,1,BC Tel Mobility
+302,770,630,1584,ca,Canada,1,Bell Aliant
+302,770,651,1617,ca,Canada,1,Bell Mobility
+302,770,610,1552,ca,Canada,1,Bell Mobility
+302,770,670,1648,ca,Canada,1,CityWest Mobility
+302,770,360,864,ca,Canada,1,Clearnet
+302,770,361,865,ca,Canada,1,Clearnet
+302,770,380,896,ca,Canada,1,DMTS Mobility
+302,770,710,1808,ca,Canada,1,Globalstar Canada
+302,770,640,1600,ca,Canada,1,Latitude Wireless
+302,770,370,880,ca,Canada,1,FIDO (Rogers AT&T/ Microcell)
+302,770,320,800,ca,Canada,1,mobilicity
+302,770,702,1794,ca,Canada,1,MT&T Mobility
+302,770,655,1621,ca,Canada,1,MTS Mobility
+302,770,660,1632,ca,Canada,1,MTS Mobility
+302,770,701,1793,ca,Canada,1,NB Tel Mobility
+302,770,703,1795,ca,Canada,1,New Tel Mobility
+302,770,760,1888,ca,Canada,1,Public Mobile
+302,770,657,1623,ca,Canada,1,Quebectel Mobility
+302,770,720,1824,ca,Canada,1,Rogers AT&T Wireless
+302,770,654,1620,ca,Canada,1,Sask Tel Mobility
+302,770,680,1664,ca,Canada,1,Sask Tel Mobility
+302,770,780,1920,ca,Canada,1,Sask Tel Mobility
+302,770,656,1622,ca,Canada,1,Tbay Mobility
+302,770,220,544,ca,Canada,1,Telus Mobility
+302,770,653,1619,ca,Canada,1,Telus Mobility
+302,770,500,1280,ca,Canada,1,Videotron
+302,770,490,1168,ca,Canada,1,WIND
+625,1573,01,31,cv,Cape Verde,238,CV Movel
+625,1573,02,47,cv,Cape Verde,238,T+ Telecom
+346,838,050,80,ky,Cayman Islands,1345,Digicel Cayman Ltd
+346,838,006,6,ky,Cayman Islands,1345,Digicel Ltd.
+346,838,140,320,ky,Cayman Islands,1345,LIME / Cable & Wirel.
+623,1571,01,31,cf,Central African Rep.,236,Centrafr. Telecom+
+623,1571,04,79,cf,Central African Rep.,236,Nationlink
+623,1571,03,63,cf,Central African Rep.,236,Orange/Celca
+623,1571,02,47,cf,Central African Rep.,236,Telecel Centraf.
+622,1570,04,79,td,Chad,235,Salam/Sotel
+622,1570,02,47,td,Chad,235,Tchad Mobile
+622,1570,03,63,td,Chad,235,Tigo/Milicom/Tchad Mobile
+622,1570,01,31,td,Chad,235,Airtel/ZAIN/Celtel
+730,1840,06,111,cl,Chile,56,Blue Two Chile SA
+730,1840,11,287,cl,Chile,56,Celupago SA
+730,1840,15,351,cl,Chile,56,Cibeles Telecom SA
+730,1840,03,63,cl,Chile,56,Claro
+730,1840,10,271,cl,Chile,56,Entel Telefonia
+730,1840,01,31,cl,Chile,56,Entel Telefonia Mov
+730,1840,14,335,cl,Chile,56,Netline Telefonica Movil Ltda
+730,1840,04,79,cl,Chile,56,Nextel SA
+730,1840,09,159,cl,Chile,56,Nextel SA
+730,1840,05,95,cl,Chile,56,Nextel SA
+730,1840,19,415,cl,Chile,56,Sociedad Falabella Movil SPA
+730,1840,02,47,cl,Chile,56,TELEFONICA
+730,1840,07,127,cl,Chile,56,TELEFONICA
+730,1840,12,303,cl,Chile,56,Telestar Movil SA
+730,1840,00,15,cl,Chile,56,TESAM SA
+730,1840,13,319,cl,Chile,56,Tribe Mobile SPA
+730,1840,08,143,cl,Chile,56,VTR Banda Ancha SA
+460,1120,07,127,cn,China,86,China Mobile GSM
+460,1120,02,47,cn,China,86,China Mobile GSM
+460,1120,00,15,cn,China,86,China Mobile GSM
+460,1120,04,79,cn,China,86,China Space Mobile Satellite Telecommunications Co. Ltd (China Spacecom)
+460,1120,05,95,cn,China,86,China Telecom
+460,1120,03,63,cn,China,86,China Telecom
+460,1120,06,111,cn,China,86,China Unicom
+460,1120,01,31,cn,China,86,China Unicom
+732,1842,130,304,co,Colombia,57,Avantel SAS
+732,1842,102,258,co,Colombia,57,Movistar
+732,1842,103,259,co,Colombia,57,TIGO/Colombia Movil
+732,1842,001,1,co,Colombia,57,TIGO/Colombia Movil
+732,1842,101,257,co,Colombia,57,Comcel S.A. Occel S.A./Celcaribe
+732,1842,002,2,co,Colombia,57,Edatel S.A.
+732,1842,187,391,co,Colombia,57,eTb
+732,1842,123,291,co,Colombia,57,Movistar
+732,1842,111,273,co,Colombia,57,TIGO/Colombia Movil
+732,1842,142,322,co,Colombia,57,UNE EPM Telecomunicaciones SA ESP
+732,1842,020,32,co,Colombia,57,UNE EPM Telecomunicaciones SA ESP
+732,1842,154,340,co,Colombia,57,Virgin Mobile Colombia SAS
+654,1620,01,31,km,Comoros,269,HURI - SNPT
+630,1584,90,2319,cd,Congo Dem. Rep.,243,Africell
+630,1584,86,2159,cd,Congo Dem. Rep.,243,Orange RDC sarl
+630,1584,05,95,cd,Congo Dem. Rep.,243,SuperCell
+630,1584,89,2207,cd,Congo Dem. Rep.,243,TIGO/Oasis
+630,1584,01,31,cd,Congo Dem. Rep.,243,Vodacom
+630,1584,88,2191,cd,Congo Dem. Rep.,243,Yozma Timeturns sprl (YTT)
+630,1584,02,47,cd,Congo Dem. Rep.,243,Airtel/ZAIN
+629,1577,01,31,cg,Congo Republic,242,Airtel SA
+629,1577,02,47,cg,Congo Republic,242,Azur SA (ETC)
+629,1577,10,271,cg,Congo Republic,242,MTN/Libertis
+629,1577,07,127,cg,Congo Republic,242,Warid
+548,1352,01,31,ck,Cook Islands,682,Telecom Cook Islands
+712,1810,03,63,cr,Costa Rica,506,Claro
+712,1810,02,47,cr,Costa Rica,506,ICE
+712,1810,01,31,cr,Costa Rica,506,ICE
+712,1810,04,79,cr,Costa Rica,506,Movistar
+712,1810,20,527,cr,Costa Rica,506,Virtualis
+219,537,01,31,hr,Croatia,385,T-Mobile/Cronet
+219,537,02,47,hr,Croatia,385,Tele2
+219,537,10,271,hr,Croatia,385,VIPnet d.o.o.
+368,872,01,31,cu,Cuba,53,C-COM
+362,866,95,2399,cw,Curacao,599,EOCG Wireless NV
+362,866,69,1695,cw,Curacao,599,Polycom N.V./ Digicel
+280,640,10,271,cy,Cyprus,357,MTN/Areeba
+280,640,20,527,cy,Cyprus,357,PrimeTel PLC
+280,640,01,31,cy,Cyprus,357,Vodafone/CyTa
+230,560,08,143,cz,Czech Rep.,420,Compatel s.r.o.
+230,560,02,47,cz,Czech Rep.,420,O2
+230,560,01,31,cz,Czech Rep.,420,T-Mobile / RadioMobil
+230,560,05,95,cz,Czech Rep.,420,Travel Telekommunikation s.r.o.
+230,560,04,79,cz,Czech Rep.,420,Ufone
+230,560,99,2463,cz,Czech Rep.,420,Vodafone
+230,560,03,63,cz,Czech Rep.,420,Vodafone
+238,568,05,95,dk,Denmark,45,ApS KBUS
+238,568,23,575,dk,Denmark,45,Banedanmark
+238,568,28,655,dk,Denmark,45,CoolTEL ApS
+238,568,06,111,dk,Denmark,45,H3G
+238,568,12,303,dk,Denmark,45,Lycamobile Ltd
+238,568,03,63,dk,Denmark,45,Mach Connectivity ApS
+238,568,07,127,dk,Denmark,45,Mundio Mobile
+238,568,04,79,dk,Denmark,45,NextGen Mobile Ltd (CardBoardFish)
+238,568,10,271,dk,Denmark,45,TDC Denmark
+238,568,01,31,dk,Denmark,45,TDC Denmark
+238,568,02,47,dk,Denmark,45,Telenor/Sonofon
+238,568,77,1919,dk,Denmark,45,Telenor/Sonofon
+238,568,20,527,dk,Denmark,45,Telia
+238,568,30,783,dk,Denmark,45,Telia
+638,1592,01,31,dj,Djibouti,253,Djibouti Telecom SA (Evatis)
+366,870,110,272,dm,Dominica,1767,C & W
+366,870,020,32,dm,Dominica,1767,Cingular Wireless/Digicel
+366,870,050,80,dm,Dominica,1767,Wireless Ventures (Dominica) Ltd (Digicel Dominica)
+370,880,02,47,do,Dominican Republic,1809,Claro
+370,880,01,31,do,Dominican Republic,1809,Orange
+370,880,03,63,do,Dominican Republic,1809,TRIcom
+370,880,04,79,do,Dominican Republic,1809,Trilogy Dominicana S. A.
+740,1856,02,47,ec,Ecuador,593,Alegro/Telcsa
+740,1856,00,15,ec,Ecuador,593,MOVISTAR/OteCel
+740,1856,01,31,ec,Ecuador,593,Claro/Porta
+602,1538,01,31,eg,Egypt,20,Orange/Mobinil
+602,1538,03,63,eg,Egypt,20,ETISALAT
+602,1538,02,47,eg,Egypt,20,Vodafone/Mirsfone
+706,1798,01,31,sv,El Salvador,503,CLARO/CTE
+706,1798,02,47,sv,El Salvador,503,Digicel
+706,1798,05,95,sv,El Salvador,503,INTELFON SA de CV
+706,1798,04,79,sv,El Salvador,503,Telefonica
+706,1798,03,63,sv,El Salvador,503,Telemovil
+627,1575,03,63,gq,Equatorial Guinea,240,HiTs-GE
+627,1575,01,31,gq,Equatorial Guinea,240,ORANGE/GETESA
+657,1623,01,31,er,Eritrea,291,Eritel
+248,584,01,31,ee,Estonia,372,EMT GSM
+248,584,02,47,ee,Estonia,372,Radiolinja Eesti
+248,584,03,63,ee,Estonia,372,Tele2 Eesti AS
+248,584,04,79,ee,Estonia,372,Top Connect OU
+636,1590,01,31,et,Ethiopia,251,ETH/MTN
+750,1872,001,1,fk,Falkland Islands (Malvinas),500,Cable and Wireless South Atlantic Ltd (Falkland Islands
+288,648,03,63,fo,Faroe Islands,298,Edge Mobile Sp/F
+288,648,01,31,fo,Faroe Islands,298,Faroese Telecom
+288,648,02,47,fo,Faroe Islands,298,Kall GSM
+542,1346,02,47,fj,Fiji,679,DigiCell
+542,1346,01,31,fj,Fiji,679,Vodafone
+244,580,14,335,fi,Finland,358,Alands
+244,580,26,623,fi,Finland,358,Compatel Ltd
+244,580,03,63,fi,Finland,358,DNA/Finnet
+244,580,12,303,fi,Finland,358,DNA/Finnet
+244,580,13,319,fi,Finland,358,DNA/Finnet
+244,580,04,79,fi,Finland,358,DNA/Finnet
+244,580,21,543,fi,Finland,358,Elisa/Saunalahti
+244,580,05,95,fi,Finland,358,Elisa/Saunalahti
+244,580,82,2095,fi,Finland,358,ID-Mobile
+244,580,11,287,fi,Finland,358,Mundio Mobile (Finland) Ltd
+244,580,09,159,fi,Finland,358,Nokia Oyj
+244,580,10,271,fi,Finland,358,TDC Oy Finland
+244,580,91,2335,fi,Finland,358,TeliaSonera
+208,520,27,639,fr,France,33,AFONE SA
+208,520,92,2351,fr,France,33,Association Plate-forme Telecom
+208,520,28,655,fr,France,33,Astrium
+208,520,88,2191,fr,France,33,Bouygues Telecom
+208,520,21,543,fr,France,33,Bouygues Telecom
+208,520,20,527,fr,France,33,Bouygues Telecom
+208,520,14,335,fr,France,33,Lliad/FREE Mobile
+208,520,07,127,fr,France,33,GlobalStar
+208,520,06,111,fr,France,33,GlobalStar
+208,520,05,95,fr,France,33,GlobalStar
+208,520,29,671,fr,France,33,Orange
+208,520,17,383,fr,France,33,Legos - Local Exchange Global Operation Services SA
+208,520,16,367,fr,France,33,Lliad/FREE Mobile
+208,520,15,351,fr,France,33,Lliad/FREE Mobile
+208,520,25,607,fr,France,33,Lycamobile SARL
+208,520,24,591,fr,France,33,MobiquiThings
+208,520,03,63,fr,France,33,MobiquiThings
+208,520,31,799,fr,France,33,Mundio Mobile (France) Ltd
+208,520,26,623,fr,France,33,NRJ
+208,520,23,575,fr,France,33,Virgin Mobile/Omer
+208,520,89,2207,fr,France,33,Virgin Mobile/Omer
+208,520,91,2335,fr,France,33,Orange
+208,520,02,47,fr,France,33,Orange
+208,520,01,31,fr,France,33,Orange
+208,520,13,319,fr,France,33,S.F.R.
+208,520,11,287,fr,France,33,S.F.R.
+208,520,10,271,fr,France,33,S.F.R.
+208,520,09,159,fr,France,33,S.F.R.
+208,520,04,79,fr,France,33,SISTEER
+208,520,00,15,fr,France,33,Tel/Tel
+208,520,22,559,fr,France,33,Transatel SA
+340,832,20,527,fg,French Guiana,594,Bouygues/DigiCel
+340,832,01,31,fg,French Guiana,594,Orange Caribe
+340,832,02,47,fg,French Guiana,594,Outremer Telecom
+340,832,11,287,fg,French Guiana,594,TelCell GSM
+340,832,03,63,fg,French Guiana,594,TelCell GSM
+547,1351,15,351,pf,French Polynesia,689,Pacific Mobile Telecom (PMT)
+547,1351,20,527,pf,French Polynesia,689,Vini/Tikiphone
+628,1576,04,79,ga,Gabon,241,Azur/Usan S.A.
+628,1576,01,31,ga,Gabon,241,Libertis S.A.
+628,1576,02,47,ga,Gabon,241,MOOV/Telecel
+628,1576,03,63,ga,Gabon,241,Airtel/ZAIN/Celtel Gabon S.A.
+607,1543,02,47,gm,Gambia,220,Africel
+607,1543,03,63,gm,Gambia,220,Comium
+607,1543,01,31,gm,Gambia,220,Gamcel
+607,1543,04,79,gm,Gambia,220,Q-Cell
+282,642,01,31,ge,Georgia,995,Geocell Ltd.
+282,642,03,63,ge,Georgia,995,Iberiatel Ltd.
+282,642,02,47,ge,Georgia,995,Magti GSM Ltd.
+282,642,04,79,ge,Georgia,995,MobiTel/Beeline
+282,642,05,95,ge,Georgia,995,Silknet
+262,610,17,383,de,Germany,49,E-Plus
+262,610,10,271,de,Germany,49,DB Netz AG
+262,610,n/a,271,de,Germany,49,Debitel
+262,610,77,1919,de,Germany,49,E-Plus
+262,610,03,63,de,Germany,49,E-Plus
+262,610,05,95,de,Germany,49,E-Plus
+262,610,12,303,de,Germany,49,E-Plus
+262,610,20,527,de,Germany,49,E-Plus
+262,610,14,335,de,Germany,49,Group 3G UMTS
+262,610,43,1087,de,Germany,49,Lycamobile
+262,610,13,319,de,Germany,49,Mobilcom
+262,610,08,143,de,Germany,49,O2
+262,610,07,127,de,Germany,49,O2
+262,610,11,287,de,Germany,49,O2
+262,610,n/a,287,de,Germany,49,Talkline
+262,610,06,111,de,Germany,49,T-mobile/Telekom
+262,610,01,31,de,Germany,49,T-mobile/Telekom
+262,610,16,367,de,Germany,49,Telogic/ViStream
+262,610,42,1071,de,Germany,49,Vodafone D2
+262,610,04,79,de,Germany,49,Vodafone D2
+262,610,02,47,de,Germany,49,Vodafone D2
+262,610,09,159,de,Germany,49,Vodafone D2
+620,1568,04,79,gh,Ghana,233,Expresso Ghana Ltd
+620,1568,07,127,gh,Ghana,233,GloMobile
+620,1568,03,63,gh,Ghana,233,Milicom/Tigo
+620,1568,01,31,gh,Ghana,233,MTN
+620,1568,02,47,gh,Ghana,233,Vodafone
+620,1568,06,111,gh,Ghana,233,Airtel/ZAIN
+266,614,06,111,gi,Gibraltar,350,CTS Mobile
+266,614,09,159,gi,Gibraltar,350,eazi telecom
+266,614,01,31,gi,Gibraltar,350,Gibtel GSM
+202,514,07,127,gr,Greece,30,AMD Telecom SA
+202,514,02,47,gr,Greece,30,Cosmote
+202,514,01,31,gr,Greece,30,Cosmote
+202,514,14,335,gr,Greece,30,CyTa Mobile
+202,514,04,79,gr,Greece,30,Organismos Sidirodromon Ellados (OSE)
+202,514,03,63,gr,Greece,30,OTE Hellenic Telecommunications Organization SA
+202,514,10,271,gr,Greece,30,Tim/Wind
+202,514,09,159,gr,Greece,30,Tim/Wind
+202,514,05,95,gr,Greece,30,Vodafone
+290,656,01,31,gl,Greenland,299,Tele Greenland
+352,850,110,272,gd,Grenada,1473,Cable & Wireless
+352,850,030,48,gd,Grenada,1473,Digicel
+352,850,050,80,gd,Grenada,1473,Digicel
+340,832,08,143,gp,Guadeloupe,590,Dauphin Telecom SU (Guadeloupe Telecom)
+340,832,10,271,gp,Guadeloupe,590,
+310,784,370,880,gu,Guam,1671,Docomo
+310,784,470,1136,gu,Guam,1671,Docomo
+310,784,140,320,gu,Guam,1671,GTA Wireless
+310,784,033,51,gu,Guam,1671,Guam Teleph. Auth.
+310,784,032,50,gu,Guam,1671,IT&E OverSeas
+311,785,250,592,gu,Guam,1671,Wave Runner LLC
+704,1796,01,31,gt,Guatemala,502,Claro
+704,1796,03,63,gt,Guatemala,502,Telefonica
+704,1796,02,47,gt,Guatemala,502,TIGO/COMCEL
+611,1553,04,79,gn,Guinea,224,MTN/Areeba
+611,1553,05,95,gn,Guinea,224,Celcom
+611,1553,03,63,gn,Guinea,224,Intercel
+611,1553,01,31,gn,Guinea,224,Orange/Sonatel/Spacetel
+611,1553,02,47,gn,Guinea,224,SotelGui
+632,1586,01,31,gw,Guinea-Bissau,245,GuineTel
+632,1586,03,63,gw,Guinea-Bissau,245,Orange
+632,1586,02,47,gw,Guinea-Bissau,245,SpaceTel
+738,1848,02,47,gy,Guyana,592,Cellink Plus
+738,1848,01,31,gy,Guyana,592,DigiCel
+372,882,01,31,ht,Haiti,509,Comcel
+372,882,02,47,ht,Haiti,509,Digicel
+372,882,03,63,ht,Haiti,509,National Telecom SA (NatCom)
+708,1800,040,64,hn,Honduras,504,Digicel
+708,1800,030,48,hn,Honduras,504,HonduTel
+708,1800,001,1,hn,Honduras,504,SERCOM/CLARO
+708,1800,002,2,hn,Honduras,504,Telefonica/CELTEL
+454,1108,28,655,hk,Hongkong China,852,China Mobile/Peoples
+454,1108,13,319,hk,Hongkong China,852,China Mobile/Peoples
+454,1108,12,303,hk,Hongkong China,852,China Mobile/Peoples
+454,1108,09,159,hk,Hongkong China,852,China Motion
+454,1108,07,127,hk,Hongkong China,852,China Unicom Ltd
+454,1108,11,287,hk,Hongkong China,852,China-HongKong Telecom Ltd (CHKTL)
+454,1108,01,31,hk,Hongkong China,852,Citic Telecom Ltd.
+454,1108,02,47,hk,Hongkong China,852,CSL Ltd.
+454,1108,00,15,hk,Hongkong China,852,CSL Ltd.
+454,1108,18,399,hk,Hongkong China,852,CSL Ltd.
+454,1108,10,271,hk,Hongkong China,852,CSL/New World PCS Ltd.
+454,1108,04,79,hk,Hongkong China,852,H3G/Hutchinson
+454,1108,03,63,hk,Hongkong China,852,H3G/Hutchinson
+454,1108,14,335,hk,Hongkong China,852,H3G/Hutchinson
+454,1108,05,95,hk,Hongkong China,852,H3G/Hutchinson
+454,1108,20,527,hk,Hongkong China,852,HKT/PCCW
+454,1108,29,671,hk,Hongkong China,852,HKT/PCCW
+454,1108,16,367,hk,Hongkong China,852,HKT/PCCW
+454,1108,19,415,hk,Hongkong China,852,HKT/PCCW
+454,1108,47,1151,hk,Hongkong China,852,shared by private TETRA systems
+454,1108,40,1039,hk,Hongkong China,852,shared by private TETRA systems
+454,1108,08,143,hk,Hongkong China,852,Truephone
+454,1108,17,383,hk,Hongkong China,852,Vodafone/SmarTone
+454,1108,15,351,hk,Hongkong China,852,Vodafone/SmarTone
+454,1108,06,111,hk,Hongkong China,852,Vodafone/SmarTone
+216,534,01,31,hu,Hungary,36,Pannon/Telenor
+216,534,30,783,hu,Hungary,36,T-mobile/Magyar
+216,534,71,1823,hu,Hungary,36,UPC Magyarorszag Kft.
+216,534,70,1807,hu,Hungary,36,Vodafone
+274,628,09,159,is,Iceland,354,Amitelo
+274,628,07,127,is,Iceland,354,IceCell
+274,628,08,143,is,Iceland,354,Siminn
+274,628,01,31,is,Iceland,354,Siminn
+274,628,11,287,is,Iceland,354,NOVA
+274,628,04,79,is,Iceland,354,VIKING/IMC
+274,628,02,47,is,Iceland,354,Vodafone/Tal hf
+274,628,05,95,is,Iceland,354,Vodafone/Tal hf
+274,628,03,63,is,Iceland,354,Vodafone/Tal hf
+404,1028,42,1071,in,India,91,Aircel
+404,1028,33,831,in,India,91,Aircel
+404,1028,29,671,in,India,91,Aircel
+404,1028,28,655,in,India,91,Aircel
+404,1028,25,607,in,India,91,Aircel
+404,1028,17,383,in,India,91,Aircel
+404,1028,01,31,in,India,91,Aircel Digilink India
+404,1028,15,351,in,India,91,Aircel Digilink India
+404,1028,60,1551,in,India,91,Aircel Digilink India
+405,1029,53,1343,in,India,91,AirTel
+404,1028,86,2159,in,India,91,Barakhamba Sales & Serv.
+404,1028,13,319,in,India,91,Barakhamba Sales & Serv.
+404,1028,74,1871,in,India,91,BSNL
+404,1028,38,911,in,India,91,BSNL
+404,1028,57,1407,in,India,91,BSNL
+404,1028,80,2063,in,India,91,BSNL
+404,1028,73,1855,in,India,91,BSNL
+404,1028,34,847,in,India,91,BSNL
+404,1028,66,1647,in,India,91,BSNL
+404,1028,55,1375,in,India,91,BSNL
+404,1028,72,1839,in,India,91,BSNL
+404,1028,77,1919,in,India,91,BSNL
+404,1028,64,1615,in,India,91,BSNL
+404,1028,54,1359,in,India,91,BSNL
+404,1028,71,1823,in,India,91,BSNL
+404,1028,76,1903,in,India,91,BSNL
+404,1028,62,1583,in,India,91,BSNL
+404,1028,53,1343,in,India,91,BSNL
+404,1028,59,1439,in,India,91,BSNL
+404,1028,75,1887,in,India,91,BSNL
+404,1028,51,1311,in,India,91,BSNL
+404,1028,58,1423,in,India,91,BSNL
+404,1028,81,2079,in,India,91,BSNL
+404,1028,10,271,in,India,91,Bharti Airtel Limited (Delhi)
+404,1028,045,69,in,India,91,Bharti Airtel Limited (Karnataka) (India)
+404,1028,79,1951,in,India,91,CellOne A&N
+404,1028,89,2207,in,India,91,Escorts Telecom Ltd.
+404,1028,88,2191,in,India,91,Escorts Telecom Ltd.
+404,1028,87,2175,in,India,91,Escorts Telecom Ltd.
+404,1028,82,2095,in,India,91,Escorts Telecom Ltd.
+404,1028,12,303,in,India,91,Escotel Mobile Communications
+404,1028,19,415,in,India,91,Escotel Mobile Communications
+404,1028,56,1391,in,India,91,Escotel Mobile Communications
+405,1029,05,95,in,India,91,Fascel Limited
+404,1028,05,95,in,India,91,Fascel
+404,1028,70,1807,in,India,91,Hexacom India
+404,1028,16,367,in,India,91,Hexcom India
+404,1028,04,79,in,India,91,Idea Cellular Ltd.
+404,1028,24,591,in,India,91,Idea Cellular Ltd.
+404,1028,22,559,in,India,91,Idea Cellular Ltd.
+404,1028,78,1935,in,India,91,Idea Cellular Ltd.
+404,1028,07,127,in,India,91,Idea Cellular Ltd.
+404,1028,69,1695,in,India,91,Mahanagar Telephone Nigam
+404,1028,68,1679,in,India,91,Mahanagar Telephone Nigam
+404,1028,83,2111,in,India,91,Reliable Internet Services
+404,1028,36,879,in,India,91,Reliance Telecom Private
+404,1028,52,1327,in,India,91,Reliance Telecom Private
+404,1028,50,1295,in,India,91,Reliance Telecom Private
+404,1028,67,1663,in,India,91,Reliance Telecom Private
+404,1028,18,399,in,India,91,Reliance Telecom Private
+404,1028,85,2143,in,India,91,Reliance Telecom Private
+404,1028,09,159,in,India,91,Reliance Telecom Private
+404,1028,41,1055,in,India,91,RPG Cellular
+404,1028,14,335,in,India,91,Spice
+404,1028,44,1103,in,India,91,Spice
+404,1028,11,287,in,India,91,Sterling Cellular Ltd.
+405,1029,034,52,in,India,91,TATA / Karnataka
+404,1028,30,783,in,India,91,Usha Martin Telecom
+510,1296,08,143,id,Indonesia,62,Axis/Natrindo
+510,1296,99,2463,id,Indonesia,62,Esia (PT Bakrie Telecom) (CDMA)
+510,1296,07,127,id,Indonesia,62,Flexi (PT Telkom) (CDMA)
+510,1296,89,2207,id,Indonesia,62,H3G CP
+510,1296,21,543,id,Indonesia,62,Indosat/Satelindo/M3
+510,1296,01,31,id,Indonesia,62,Indosat/Satelindo/M3
+510,1296,00,15,id,Indonesia,62,PT Pasifik Satelit Nusantara (PSN)
+510,1296,27,639,id,Indonesia,62,PT Sampoerna Telekomunikasi Indonesia (STI)
+510,1296,28,655,id,Indonesia,62,PT Smartfren Telecom Tbk
+510,1296,09,159,id,Indonesia,62,PT Smartfren Telecom Tbk
+510,1296,11,287,id,Indonesia,62,PT. Excelcom
+510,1296,10,271,id,Indonesia,62,Telkomsel
+901,2305,13,319,n/a,International Networks,882,Antarctica
+432,1074,19,415,ir,Iran,98,Mobile Telecommunications Company of Esfahan JV-PJS (MTCE)
+432,1074,70,1807,ir,Iran,98,MTCE
+432,1074,35,863,ir,Iran,98,MTN/IranCell
+432,1074,20,527,ir,Iran,98,Rightel
+432,1074,32,815,ir,Iran,98,Taliya
+432,1074,11,287,ir,Iran,98,MCI/TCI
+432,1074,14,335,ir,Iran,98,TKC/KFZO
+418,1048,05,95,iq,Iraq,964,Asia Cell
+418,1048,92,2351,iq,Iraq,964,Itisaluna and Kalemat
+418,1048,82,2095,iq,Iraq,964,Korek
+418,1048,40,1039,iq,Iraq,964,Korek
+418,1048,45,1119,iq,Iraq,964,Mobitel (Iraq-Kurdistan) and Moutiny
+418,1048,30,783,iq,Iraq,964,Orascom Telecom
+418,1048,20,527,iq,Iraq,964,ZAIN/Atheer/Orascom
+418,1048,08,143,iq,Iraq,964,Sanatel
+272,626,04,79,ie,Ireland,353,Access Telecom Ltd.
+272,626,09,159,ie,Ireland,353,Clever Communications Ltd
+272,626,07,127,ie,Ireland,353,eircom Ltd
+272,626,05,95,ie,Ireland,353,Three/H3G
+272,626,11,287,ie,Ireland,353,Tesco Mobile/Liffey Telecom
+272,626,13,319,ie,Ireland,353,Lycamobile
+272,626,03,63,ie,Ireland,353,Meteor Mobile Ltd.
+272,626,02,47,ie,Ireland,353,Three/O2/Digifone
+272,626,01,31,ie,Ireland,353,Vodafone Eircell
+425,1061,14,335,il,Israel,972,Alon Cellular Ltd
+425,1061,02,47,il,Israel,972,Cellcom ltd.
+425,1061,08,143,il,Israel,972,Golan Telekom
+425,1061,15,351,il,Israel,972,Home Cellular Ltd
+425,1061,77,1919,il,Israel,972,Hot Mobile/Mirs
+425,1061,07,127,il,Israel,972,Hot Mobile/Mirs
+425,1061,01,31,il,Israel,972,Orange/Partner Co. Ltd.
+425,1061,03,63,il,Israel,972,Pelephone
+425,1061,12,303,il,Israel,972,Pelephone
+425,1061,16,367,il,Israel,972,Rami Levy Hashikma Marketing Communications Ltd
+425,1061,19,415,il,Israel,972,Telzar/AZI
+222,546,34,847,it,Italy,39,BT Italia SpA
+222,546,02,47,it,Italy,39,Elsacom
+222,546,08,143,it,Italy,39,Fastweb SpA
+222,546,00,15,it,Italy,39,Fix Line
+222,546,99,2463,it,Italy,39,Hi3G
+222,546,77,1919,it,Italy,39,IPSE 2000
+222,546,35,863,it,Italy,39,Lycamobile Srl
+222,546,07,127,it,Italy,39,Noverca Italia Srl
+222,546,33,831,it,Italy,39,PosteMobile SpA
+222,546,00,15,it,Italy,39,Premium Number(s)
+222,546,30,783,it,Italy,39,RFI Rete Ferroviaria Italiana SpA
+222,546,48,1167,it,Italy,39,Telecom Italia Mobile SpA
+222,546,43,1087,it,Italy,39,Telecom Italia Mobile SpA
+222,546,01,31,it,Italy,39,TIM
+222,546,10,271,it,Italy,39,Vodafone
+222,546,06,111,it,Italy,39,Vodafone
+222,546,00,15,it,Italy,39,VOIP Line
+222,546,44,1103,it,Italy,39,WIND (Blu) -
+222,546,88,2191,it,Italy,39,WIND (Blu) -
+612,1554,07,127,ci,Ivory Coast,225,Aircomm SA
+612,1554,02,47,ci,Ivory Coast,225,Atlantik Tel./Moov
+612,1554,04,79,ci,Ivory Coast,225,Comium
+612,1554,01,31,ci,Ivory Coast,225,Comstar
+612,1554,05,95,ci,Ivory Coast,225,MTN
+612,1554,03,63,ci,Ivory Coast,225,Orange
+612,1554,06,111,ci,Ivory Coast,225,OriCell
+338,824,110,272,jm,Jamaica,1876,Cable & Wireless
+338,824,020,32,jm,Jamaica,1876,Cable & Wireless
+338,824,180,384,jm,Jamaica,1876,Cable & Wireless
+338,824,050,80,jm,Jamaica,1876,DIGICEL/Mossel
+440,1088,00,15,jp,Japan,81,Y-Mobile
+440,1088,75,1887,jp,Japan,81,KDDI Corporation
+440,1088,56,1391,jp,Japan,81,KDDI Corporation
+441,1089,70,1807,jp,Japan,81,KDDI Corporation
+440,1088,52,1327,jp,Japan,81,KDDI Corporation
+440,1088,76,1903,jp,Japan,81,KDDI Corporation
+440,1088,71,1823,jp,Japan,81,KDDI Corporation
+440,1088,53,1343,jp,Japan,81,KDDI Corporation
+440,1088,77,1919,jp,Japan,81,KDDI Corporation
+440,1088,08,143,jp,Japan,81,KDDI Corporation
+440,1088,72,1839,jp,Japan,81,KDDI Corporation
+440,1088,54,1359,jp,Japan,81,KDDI Corporation
+440,1088,79,1951,jp,Japan,81,KDDI Corporation
+440,1088,07,127,jp,Japan,81,KDDI Corporation
+440,1088,73,1855,jp,Japan,81,KDDI Corporation
+440,1088,55,1375,jp,Japan,81,KDDI Corporation
+440,1088,88,2191,jp,Japan,81,KDDI Corporation
+440,1088,50,1295,jp,Japan,81,KDDI Corporation
+440,1088,74,1871,jp,Japan,81,KDDI Corporation
+440,1088,70,1807,jp,Japan,81,KDDI Corporation
+440,1088,89,2207,jp,Japan,81,KDDI Corporation
+440,1088,51,1311,jp,Japan,81,KDDI Corporation
+440,1088,67,1663,jp,Japan,81,NTT Docomo
+440,1088,01,31,jp,Japan,81,NTT Docomo
+440,1088,14,335,jp,Japan,81,NTT Docomo
+441,1089,94,2383,jp,Japan,81,NTT Docomo
+441,1089,41,1055,jp,Japan,81,NTT Docomo
+440,1088,62,1583,jp,Japan,81,NTT Docomo
+440,1088,39,927,jp,Japan,81,NTT Docomo
+440,1088,30,783,jp,Japan,81,NTT Docomo
+440,1088,10,271,jp,Japan,81,NTT Docomo
+441,1089,45,1119,jp,Japan,81,NTT Docomo
+440,1088,24,591,jp,Japan,81,NTT Docomo
+440,1088,68,1679,jp,Japan,81,NTT Docomo
+440,1088,15,351,jp,Japan,81,NTT Docomo
+441,1089,98,2447,jp,Japan,81,NTT Docomo
+441,1089,42,1071,jp,Japan,81,NTT Docomo
+440,1088,63,1599,jp,Japan,81,NTT Docomo
+440,1088,38,911,jp,Japan,81,NTT Docomo
+440,1088,26,623,jp,Japan,81,NTT Docomo
+440,1088,11,287,jp,Japan,81,NTT Docomo
+440,1088,21,543,jp,Japan,81,NTT Docomo
+441,1089,44,1103,jp,Japan,81,NTT Docomo
+440,1088,13,319,jp,Japan,81,NTT Docomo
+440,1088,23,575,jp,Japan,81,NTT Docomo
+440,1088,69,1695,jp,Japan,81,NTT Docomo
+440,1088,16,367,jp,Japan,81,NTT Docomo
+441,1089,99,2463,jp,Japan,81,NTT Docomo
+440,1088,34,847,jp,Japan,81,NTT Docomo
+440,1088,64,1615,jp,Japan,81,NTT Docomo
+440,1088,37,895,jp,Japan,81,NTT Docomo
+440,1088,25,607,jp,Japan,81,NTT Docomo
+440,1088,22,559,jp,Japan,81,NTT Docomo
+441,1089,43,1087,jp,Japan,81,NTT Docomo
+440,1088,27,639,jp,Japan,81,NTT Docomo
+440,1088,02,47,jp,Japan,81,NTT Docomo
+440,1088,17,383,jp,Japan,81,NTT Docomo
+440,1088,31,799,jp,Japan,81,NTT Docomo
+440,1088,87,2175,jp,Japan,81,NTT Docomo
+440,1088,65,1631,jp,Japan,81,NTT Docomo
+440,1088,36,879,jp,Japan,81,NTT Docomo
+441,1089,92,2351,jp,Japan,81,NTT Docomo
+440,1088,12,303,jp,Japan,81,NTT Docomo
+440,1088,58,1423,jp,Japan,81,NTT Docomo
+440,1088,28,655,jp,Japan,81,NTT Docomo
+440,1088,03,63,jp,Japan,81,NTT Docomo
+440,1088,18,399,jp,Japan,81,NTT Docomo
+441,1089,91,2335,jp,Japan,81,NTT Docomo
+440,1088,32,815,jp,Japan,81,NTT Docomo
+440,1088,61,1567,jp,Japan,81,NTT Docomo
+440,1088,66,1647,jp,Japan,81,NTT Docomo
+440,1088,35,863,jp,Japan,81,NTT Docomo
+441,1089,93,2367,jp,Japan,81,NTT Docomo
+441,1089,40,1039,jp,Japan,81,NTT Docomo
+440,1088,49,1183,jp,Japan,81,NTT Docomo
+440,1088,29,671,jp,Japan,81,NTT Docomo
+440,1088,09,159,jp,Japan,81,NTT Docomo
+440,1088,19,415,jp,Japan,81,NTT Docomo
+441,1089,90,2319,jp,Japan,81,NTT Docomo
+440,1088,33,831,jp,Japan,81,NTT Docomo
+440,1088,60,1551,jp,Japan,81,NTT Docomo
+440,1088,99,2463,jp,Japan,81,NTT Docomo
+440,1088,78,1935,jp,Japan,81,Okinawa Cellular Telephone
+440,1088,04,79,jp,Japan,81,SoftBank Mobile Corp
+441,1089,62,1583,jp,Japan,81,SoftBank Mobile Corp
+440,1088,45,1119,jp,Japan,81,SoftBank Mobile Corp
+440,1088,20,527,jp,Japan,81,SoftBank Mobile Corp
+440,1088,96,2415,jp,Japan,81,SoftBank Mobile Corp
+440,1088,40,1039,jp,Japan,81,SoftBank Mobile Corp
+441,1089,63,1599,jp,Japan,81,SoftBank Mobile Corp
+440,1088,47,1151,jp,Japan,81,SoftBank Mobile Corp
+440,1088,95,2399,jp,Japan,81,SoftBank Mobile Corp
+440,1088,41,1055,jp,Japan,81,SoftBank Mobile Corp
+441,1089,64,1615,jp,Japan,81,SoftBank Mobile Corp
+440,1088,46,1135,jp,Japan,81,SoftBank Mobile Corp
+440,1088,97,2431,jp,Japan,81,SoftBank Mobile Corp
+440,1088,42,1071,jp,Japan,81,SoftBank Mobile Corp
+441,1089,65,1631,jp,Japan,81,SoftBank Mobile Corp
+440,1088,90,2319,jp,Japan,81,SoftBank Mobile Corp
+440,1088,92,2351,jp,Japan,81,SoftBank Mobile Corp
+440,1088,98,2447,jp,Japan,81,SoftBank Mobile Corp
+440,1088,43,1087,jp,Japan,81,SoftBank Mobile Corp
+440,1088,93,2367,jp,Japan,81,SoftBank Mobile Corp
+440,1088,48,1167,jp,Japan,81,SoftBank Mobile Corp
+440,1088,06,111,jp,Japan,81,SoftBank Mobile Corp
+441,1089,61,1567,jp,Japan,81,SoftBank Mobile Corp
+440,1088,44,1103,jp,Japan,81,SoftBank Mobile Corp
+440,1088,94,2383,jp,Japan,81,SoftBank Mobile Corp
+440,1088,85,2143,jp,Japan,81,KDDI Corporation
+440,1088,83,2111,jp,Japan,81,KDDI Corporation
+440,1088,80,2063,jp,Japan,81,KDDI Corporation
+440,1088,86,2159,jp,Japan,81,KDDI Corporation
+440,1088,81,2079,jp,Japan,81,KDDI Corporation
+440,1088,84,2127,jp,Japan,81,KDDI Corporation
+440,1088,82,2095,jp,Japan,81,KDDI Corporation
+416,1046,77,1919,jo,Jordan,962,Orange/Petra
+416,1046,03,63,jo,Jordan,962,Umniah Mobile Co.
+416,1046,02,47,jo,Jordan,962,Xpress
+416,1046,01,31,jo,Jordan,962,ZAIN /J.M.T.S
+401,1025,01,31,kz,Kazakhstan,7,Beeline/KaR-Tel LLP
+401,1025,07,127,kz,Kazakhstan,7,Dalacom/Altel
+401,1025,02,47,kz,Kazakhstan,7,K-Cell
+401,1025,77,1919,kz,Kazakhstan,7,Tele2/NEO/MTS
+639,1593,05,95,ke,Kenya,254,Econet Wireless
+639,1593,07,127,ke,Kenya,254,Orange
+639,1593,02,47,ke,Kenya,254,Safaricom Ltd.
+639,1593,03,63,ke,Kenya,254,Airtel/Zain/Celtel Ltd.
+545,1349,09,159,ki,Kiribati,686,Kiribati Frigate
+467,1127,193,403,kp,Korea N. Dem. People's Rep.,850,Sun Net
+450,1104,02,47,kr,Korea S Republic of,82,KT Freetel Co. Ltd.
+450,1104,04,79,kr,Korea S Republic of,82,KT Freetel Co. Ltd.
+450,1104,08,143,kr,Korea S Republic of,82,KT Freetel Co. Ltd.
+450,1104,06,111,kr,Korea S Republic of,82,LG Telecom
+450,1104,03,63,kr,Korea S Republic of,82,SK Telecom
+450,1104,05,95,kr,Korea S Republic of,82,SK Telecom Co. Ltd
+419,1049,04,79,kw,Kuwait,965,Viva
+419,1049,03,63,kw,Kuwait,965,Wataniya
+419,1049,02,47,kw,Kuwait,965,Zain
+437,1079,03,63,kg,Kyrgyzstan,996,AkTel LLC
+437,1079,01,31,kg,Kyrgyzstan,996,Beeline/Bitel
+437,1079,05,95,kg,Kyrgyzstan,996,MEGACOM
+437,1079,09,159,kg,Kyrgyzstan,996,O!/NUR Telecom
+457,1111,02,47,la,Laos P.D.R.,856,ETL Mobile
+457,1111,01,31,la,Laos P.D.R.,856,Lao Tel
+457,1111,08,143,la,Laos P.D.R.,856,Beeline/Tigo/Millicom
+457,1111,03,63,la,Laos P.D.R.,856,UNITEL/LAT
+247,583,05,95,lv,Latvia,371,Bite
+247,583,01,31,lv,Latvia,371,Latvian Mobile Phone
+247,583,09,159,lv,Latvia,371,SIA Camel Mobile
+247,583,08,143,lv,Latvia,371,SIA IZZI
+247,583,07,127,lv,Latvia,371,SIA Master Telecom
+247,583,06,111,lv,Latvia,371,SIA Rigatta
+247,583,02,47,lv,Latvia,371,Tele2
+247,583,03,63,lv,Latvia,371,TRIATEL/Telekom Baltija
+415,1045,33,831,lb,Lebanon,961,Cellis
+415,1045,32,815,lb,Lebanon,961,Cellis
+415,1045,35,863,lb,Lebanon,961,Cellis
+415,1045,34,847,lb,Lebanon,961,FTML Cellis
+415,1045,39,927,lb,Lebanon,961,MIC2/LibanCell/MTC
+415,1045,38,911,lb,Lebanon,961,MIC2/LibanCell/MTC
+415,1045,37,895,lb,Lebanon,961,MIC2/LibanCell/MTC
+415,1045,01,31,lb,Lebanon,961,MIC1 (Alfa)
+415,1045,03,63,lb,Lebanon,961,MIC2/LibanCell/MTC
+415,1045,36,879,lb,Lebanon,961,MIC2/LibanCell/MTC
+651,1617,02,47,ls,Lesotho,266,Econet/Ezi-cel
+651,1617,01,31,ls,Lesotho,266,Vodacom Lesotho
+618,1560,07,127,lr,Liberia,231,CELLCOM
+618,1560,04,79,lr,Liberia,231,Comium BVI
+618,1560,02,47,lr,Liberia,231,Libercell
+618,1560,20,527,lr,Liberia,231,LibTelco
+618,1560,01,31,lr,Liberia,231,Lonestar
+606,1542,02,47,ly,Libya,218,Al-Madar
+606,1542,01,31,ly,Libya,218,Al-Madar
+606,1542,06,111,ly,Libya,218,Hatef
+606,1542,00,15,ly,Libya,218,Libyana
+606,1542,03,63,ly,Libya,218,Libyana
+295,661,06,111,li,Liechtenstein,423,CUBIC (Liechtenstein
+295,661,07,127,li,Liechtenstein,423,First Mobile AG
+295,661,02,47,li,Liechtenstein,423,Orange
+295,661,01,31,li,Liechtenstein,423,Swisscom FL AG
+295,661,77,1919,li,Liechtenstein,423,Alpmobile/Tele2
+295,661,05,95,li,Liechtenstein,423,Telecom FL1 AG
+246,582,02,47,lt,Lithuania,370,Bite
+246,582,01,31,lt,Lithuania,370,Omnitel
+246,582,03,63,lt,Lithuania,370,Tele2
+270,624,77,1919,lu,Luxembourg,352,Millicom Tango GSM
+270,624,01,31,lu,Luxembourg,352,P+T/Post LUXGSM
+270,624,99,2463,lu,Luxembourg,352,Orange/VOXmobile S.A.
+455,1109,01,31,mo,Macao China,853,C.T.M. TELEMOVEL+
+455,1109,04,79,mo,Macao China,853,C.T.M. TELEMOVEL+
+455,1109,02,47,mo,Macao China,853,China Telecom
+455,1109,05,95,mo,Macao China,853,Hutchison Telephone Co. Ltd
+455,1109,03,63,mo,Macao China,853,Hutchison Telephone Co. Ltd
+455,1109,06,111,mo,Macao China,853,Smartone Mobile
+455,1109,00,15,mo,Macao China,853,Smartone Mobile
+294,660,75,1887,mk,Macedonia,389,ONE/Cosmofone
+294,660,02,47,mk,Macedonia,389,ONE/Cosmofone
+294,660,01,31,mk,Macedonia,389,T-Mobile/Mobimak
+294,660,03,63,mk,Macedonia,389,VIP Mobile
+646,1606,01,31,mg,Madagascar,261,Airtel/MADACOM
+646,1606,02,47,mg,Madagascar,261,Orange/Soci
+646,1606,03,63,mg,Madagascar,261,Sacel
+646,1606,04,79,mg,Madagascar,261,Telma
+650,1616,01,31,mw,Malawi,265,TNM/Telekom Network Ltd.
+650,1616,10,271,mw,Malawi,265,Airtel/Zain/Celtel ltd.
+502,1282,01,31,my,Malaysia,60,Art900
+502,1282,151,337,my,Malaysia,60,Baraka Telecom Sdn Bhd
+502,1282,19,415,my,Malaysia,60,CelCom
+502,1282,13,319,my,Malaysia,60,CelCom
+502,1282,198,408,my,Malaysia,60,CelCom
+502,1282,16,367,my,Malaysia,60,Digi Telecommunications
+502,1282,10,271,my,Malaysia,60,Digi Telecommunications
+502,1282,20,527,my,Malaysia,60,Electcoms Wireless Sdn Bhd
+502,1282,17,383,my,Malaysia,60,Maxis
+502,1282,12,303,my,Malaysia,60,Maxis
+502,1282,11,287,my,Malaysia,60,MTX Utara
+502,1282,153,339,my,Malaysia,60,Webe/Packet One Networks (Malaysia) Sdn Bhd
+502,1282,155,341,my,Malaysia,60,Samata Communications Sdn Bhd
+502,1282,154,340,my,Malaysia,60,Tron/Talk Focus Sdn Bhd
+502,1282,18,399,my,Malaysia,60,U Mobile
+502,1282,195,405,my,Malaysia,60,XOX Com Sdn Bhd
+502,1282,152,338,my,Malaysia,60,YES
+472,1138,01,31,mv,Maldives,960,Dhiraagu/C&W
+472,1138,02,47,mv,Maldives,960,Ooredo/Wataniya
+610,1552,01,31,ml,Mali,223,Malitel
+610,1552,02,47,ml,Mali,223,Orange/IKATEL
+278,632,21,543,mt,Malta,356,GO Mobile
+278,632,77,1919,mt,Malta,356,Melita
+278,632,01,31,mt,Malta,356,Vodafone
+340,832,12,303,mq,Martinique (French Department of),596,UTS Caraibe
+609,1545,02,47,mr,Mauritania,222,Chinguitel SA
+609,1545,01,31,mr,Mauritania,222,Mattel
+609,1545,10,271,mr,Mauritania,222,Mauritel
+617,1559,10,271,mu,Mauritius,230,Emtel Ltd
+617,1559,03,63,mu,Mauritius,230,Mahanagar Telephone
+617,1559,02,47,mu,Mauritius,230,Mahanagar Telephone
+617,1559,01,31,mu,Mauritius,230,Orange/Cellplus
+334,820,50,1295,mx,Mexico,52,AT&T/IUSACell
+334,820,050,80,mx,Mexico,52,AT&T/IUSACell
+334,820,040,64,mx,Mexico,52,AT&T/IUSACell
+334,820,04,79,mx,Mexico,52,AT&T/IUSACell
+334,820,030,48,mx,Mexico,52,Movistar/Pegaso
+334,820,03,63,mx,Mexico,52,Movistar/Pegaso
+334,820,01,31,mx,Mexico,52,NEXTEL
+334,820,09,159,mx,Mexico,52,NEXTEL
+334,820,090,144,mx,Mexico,52,NEXTEL
+334,820,010,16,mx,Mexico,52,NEXTEL
+334,820,080,128,mx,Mexico,52,Operadora Unefon SA de CV
+334,820,070,112,mx,Mexico,52,Operadora Unefon SA de CV
+334,820,060,96,mx,Mexico,52,SAI PCS
+334,820,020,32,mx,Mexico,52,TelCel/America Movil
+334,820,02,47,mx,Mexico,52,TelCel/America Movil
+550,1360,01,31,fm,Micronesia,691,FSM Telecom
+259,601,04,79,md,Moldova,373,Eventis Mobile
+259,601,05,95,md,Moldova,373,IDC/Unite
+259,601,99,2463,md,Moldova,373,IDC/Unite
+259,601,03,63,md,Moldova,373,IDC/Unite
+259,601,02,47,md,Moldova,373,Moldcell
+259,601,01,31,md,Moldova,373,Orange/Voxtel
+212,530,10,271,mc,Monaco,377,Monaco Telecom
+212,530,01,31,mc,Monaco,377,Monaco Telecom
+428,1064,98,2447,mn,Mongolia,976,G-Mobile Corporation Ltd
+428,1064,99,2463,mn,Mongolia,976,Mobicom
+428,1064,91,2335,mn,Mongolia,976,Skytel Co. Ltd
+428,1064,00,15,mn,Mongolia,976,Skytel Co. Ltd
+428,1064,88,2191,mn,Mongolia,976,Unitel
+297,663,02,47,me,Montenegro,382,Monet/T-mobile
+297,663,03,63,me,Montenegro,382,Mtel
+297,663,01,31,me,Montenegro,382,Telenor/Promonte GSM
+354,852,860,2144,ms,Montserrat,1664,Cable & Wireless
+604,1540,01,31,ma,Morocco,212,IAM/Itissallat
+604,1540,02,47,ma,Morocco,212,INWI/WANA
+604,1540,00,15,ma,Morocco,212,Medi Telecom
+643,1603,01,31,mz,Mozambique,258,mCel
+643,1603,03,63,mz,Mozambique,258,Movitel
+643,1603,04,79,mz,Mozambique,258,Vodacom
+414,1044,01,31,mm,Myanmar (Burma),95,Myanmar Post & Teleco.
+414,1044,05,95,mm,Myanmar (Burma),95,Oreedoo
+414,1044,06,111,mm,Myanmar (Burma),95,Telenor
+649,1609,03,63,na,Namibia,264,Leo / Orascom
+649,1609,01,31,na,Namibia,264,MTC
+649,1609,02,47,na,Namibia,264,Switch/Nam. Telec.
+429,1065,02,47,np,Nepal,977,Ncell
+429,1065,01,31,np,Nepal,977,NT Mobile / Namaste
+429,1065,04,79,np,Nepal,977,Smart Cell
+204,516,14,335,nl,Netherlands,31,6GMOBILE BV
+204,516,23,575,nl,Netherlands,31,Aspider Solutions
+204,516,05,95,nl,Netherlands,31,Elephant Talk Communications Premium Rate Services Netherlands BV
+204,516,17,383,nl,Netherlands,31,Intercity Mobile Communications BV
+204,516,08,143,nl,Netherlands,31,KPN Telecom B.V.
+204,516,69,1695,nl,Netherlands,31,KPN Telecom B.V.
+204,516,10,271,nl,Netherlands,31,KPN Telecom B.V.
+204,516,12,303,nl,Netherlands,31,KPN/Telfort
+204,516,28,655,nl,Netherlands,31,Lancelot BV
+204,516,09,159,nl,Netherlands,31,Lycamobile Ltd
+204,516,06,111,nl,Netherlands,31,Mundio/Vectone Mobile
+204,516,21,543,nl,Netherlands,31,NS Railinfrabeheer B.V.
+204,516,24,591,nl,Netherlands,31,Private Mobility Nederland BV
+204,516,98,2447,nl,Netherlands,31,T-Mobile B.V.
+204,516,16,367,nl,Netherlands,31,T-Mobile B.V.
+204,516,20,527,nl,Netherlands,31,T-mobile/former Orange
+204,516,02,47,nl,Netherlands,31,Tele2
+204,516,07,127,nl,Netherlands,31,Teleena Holding BV
+204,516,68,1679,nl,Netherlands,31,Unify Mobile
+204,516,18,399,nl,Netherlands,31,UPC Nederland BV
+204,516,04,79,nl,Netherlands,31,Vodafone Libertel
+204,516,03,63,nl,Netherlands,31,Voiceworks Mobile BV
+204,516,15,351,nl,Netherlands,31,Ziggo BV
+362,866,630,1584,an,Netherlands Antilles,599,Cingular Wireless
+362,866,51,1311,an,Netherlands Antilles,599,TELCELL GSM
+362,866,91,2335,an,Netherlands Antilles,599,SETEL GSM
+362,866,951,2385,an,Netherlands Antilles,599,UTS Wireless
+546,1350,01,31,nc,New Caledonia,687,OPT Mobilis
+530,1328,28,655,nz,New Zealand,64,2degrees
+530,1328,05,95,nz,New Zealand,64,Spark/NZ Telecom
+530,1328,02,47,nz,New Zealand,64,Spark/NZ Telecom
+530,1328,04,79,nz,New Zealand,64,Telstra
+530,1328,24,591,nz,New Zealand,64,Two Degrees Mobile Ltd
+530,1328,01,31,nz,New Zealand,64,Vodafone
+530,1328,03,63,nz,New Zealand,64,Walker Wireless Ltd.
+710,1808,21,543,ni,Nicaragua,505,Empresa Nicaraguense de Telecomunicaciones SA (ENITEL)
+710,1808,30,783,ni,Nicaragua,505,Movistar
+710,1808,73,1855,ni,Nicaragua,505,Claro
+614,1556,03,63,ne,Niger,227,MOOV/TeleCel
+614,1556,04,79,ne,Niger,227,Orange/Sahelc.
+614,1556,01,31,ne,Niger,227,Orange/Sahelc.
+614,1556,02,47,ne,Niger,227,Airtel/Zain/CelTel
+621,1569,20,527,ng,Nigeria,234,Airtel/ZAIN/Econet
+621,1569,60,1551,ng,Nigeria,234,ETISALAT
+621,1569,50,1295,ng,Nigeria,234,Glo Mobile
+621,1569,40,1039,ng,Nigeria,234,M-Tel/Nigeria Telecom. Ltd.
+621,1569,30,783,ng,Nigeria,234,MTN
+621,1569,99,2463,ng,Nigeria,234,Starcomms
+621,1569,25,607,ng,Nigeria,234,Visafone
+621,1569,01,31,ng,Nigeria,234,Visafone
+555,1365,01,31,nu,Niue,683,Niue Telecom
+242,578,09,159,no,Norway,47,Com4 AS
+242,578,14,335,no,Norway,47,ICE Nordisk Mobiltelefon AS
+242,578,21,543,no,Norway,47,Jernbaneverket (GSM-R)
+242,578,20,527,no,Norway,47,Jernbaneverket (GSM-R)
+242,578,23,575,no,Norway,47,Lycamobile Ltd
+242,578,02,47,no,Norway,47,Netcom
+242,578,22,559,no,Norway,47,Network Norway AS
+242,578,05,95,no,Norway,47,Network Norway AS
+242,578,06,111,no,Norway,47,ICE Nordisk Mobiltelefon AS
+242,578,08,143,no,Norway,47,TDC Mobil A/S
+242,578,04,79,no,Norway,47,Tele2
+242,578,01,31,no,Norway,47,Telenor
+242,578,12,303,no,Norway,47,Telenor
+242,578,03,63,no,Norway,47,Teletopia
+242,578,07,127,no,Norway,47,Ventelo AS
+242,578,017,23,no,Norway,47,Ventelo AS
+422,1058,03,63,om,Oman,968,Nawras
+422,1058,02,47,om,Oman,968,Oman Mobile/GTO
+410,1040,08,143,pk,Pakistan,92,Instaphone
+410,1040,01,31,pk,Pakistan,92,Mobilink
+410,1040,06,111,pk,Pakistan,92,Telenor
+410,1040,03,63,pk,Pakistan,92,UFONE/PAKTel
+410,1040,07,127,pk,Pakistan,92,Warid Telecom
+410,1040,04,79,pk,Pakistan,92,ZONG/CMPak
+552,1362,80,2063,pw,Palau (Republic of),680,Palau Mobile Corp. (PMC) (Palau
+552,1362,01,31,pw,Palau (Republic of),680,Palau National Communications Corp. (PNCC) (Palau
+425,1061,05,95,ps,Palestinian Territory,970,Jawwal
+425,1061,06,111,ps,Palestinian Territory,970,Wataniya Mobile
+714,1812,01,31,pa,Panama,507,Cable & W./Mas Movil
+714,1812,03,63,pa,Panama,507,Claro
+714,1812,04,79,pa,Panama,507,Digicel
+714,1812,02,47,pa,Panama,507,Movistar
+714,1812,020,32,pa,Panama,507,Movistar
+537,1335,03,63,pg,Papua New Guinea,675,Digicel
+537,1335,02,47,pg,Papua New Guinea,675,GreenCom PNG Ltd
+537,1335,01,31,pg,Papua New Guinea,675,Pacific Mobile
+744,1860,02,47,py,Paraguay,595,Claro/Hutchison
+744,1860,03,63,py,Paraguay,595,Compa
+744,1860,01,31,py,Paraguay,595,Hola/VOX
+744,1860,05,95,py,Paraguay,595,TIM/Nucleo/Personal
+744,1860,04,79,py,Paraguay,595,Tigo/Telecel
+716,1814,20,527,pe,Peru,51,Claro /Amer.Mov./TIM
+716,1814,10,271,pe,Peru,51,Claro /Amer.Mov./TIM
+716,1814,02,47,pe,Peru,51,GlobalStar
+716,1814,01,31,pe,Peru,51,GlobalStar
+716,1814,06,111,pe,Peru,51,Movistar
+716,1814,17,383,pe,Peru,51,Nextel
+716,1814,07,127,pe,Peru,51,Nextel
+716,1814,15,351,pe,Peru,51,Viettel Mobile
+515,1301,00,15,ph,Philippines,63,Fix Line
+515,1301,01,31,ph,Philippines,63,Globe Telecom
+515,1301,02,47,ph,Philippines,63,Globe Telecom
+515,1301,88,2191,ph,Philippines,63,Next Mobile
+515,1301,18,399,ph,Philippines,63,RED Mobile/Cure
+515,1301,03,63,ph,Philippines,63,Smart
+515,1301,05,95,ph,Philippines,63,SUN/Digitel
+260,608,17,383,pl,Poland,48,Aero2 SP.
+260,608,18,399,pl,Poland,48,AMD Telecom.
+260,608,38,911,pl,Poland,48,CallFreedom Sp. z o.o.
+260,608,12,303,pl,Poland,48,Cyfrowy POLSAT S.A.
+260,608,08,143,pl,Poland,48,e-Telko
+260,608,09,159,pl,Poland,48,Lycamobile
+260,608,16,367,pl,Poland,48,Mobyland
+260,608,36,879,pl,Poland,48,Mundio Mobile Sp. z o.o.
+260,608,07,127,pl,Poland,48,Play/P4
+260,608,11,287,pl,Poland,48,NORDISK Polska
+260,608,05,95,pl,Poland,48,Orange/IDEA/Centertel
+260,608,03,63,pl,Poland,48,Orange/IDEA/Centertel
+260,608,35,863,pl,Poland,48,PKP Polskie Linie Kolejowe S.A.
+260,608,98,2447,pl,Poland,48,Play/P4
+260,608,06,111,pl,Poland,48,Play/P4
+260,608,01,31,pl,Poland,48,Polkomtel/Plus
+260,608,14,335,pl,Poland,48,Sferia
+260,608,13,319,pl,Poland,48,Sferia
+260,608,10,271,pl,Poland,48,Sferia
+260,608,34,847,pl,Poland,48,T-Mobile/ERA
+260,608,02,47,pl,Poland,48,T-Mobile/ERA
+260,608,15,351,pl,Poland,48,Tele2
+260,608,04,79,pl,Poland,48,Tele2
+268,616,04,79,pt,Portugal,351,Lycamobile
+268,616,07,127,pt,Portugal,351,NOS/Optimus
+268,616,03,63,pt,Portugal,351,NOS/Optimus
+268,616,06,111,pt,Portugal,351,MEO/TMN
+268,616,01,31,pt,Portugal,351,Vodafone
+330,816,110,272,pr,Puerto Rico,,Puerto Rico Telephone Company Inc. (PRTC)
+330,816,11,287,pr,Puerto Rico,,Puerto Rico Telephone Company Inc. (PRTC)
+427,1063,01,31,qa,Qatar,974,Ooredoo/Qtel
+427,1063,02,47,qa,Qatar,974,Vodafone
+647,1607,00,15,re,Reunion,262,Orange
+647,1607,02,47,re,Reunion,262,Outremer Telecom
+647,1607,10,271,re,Reunion,262,SFR
+226,550,03,63,ro,Romania,40,Cosmote
+226,550,11,287,ro,Romania,40,Enigma Systems
+226,550,16,367,ro,Romania,40,Lycamobile
+226,550,10,271,ro,Romania,40,Orange
+226,550,05,95,ro,Romania,40,RCS&RDS Digi Mobile
+226,550,02,47,ro,Romania,40,Romtelecom SA
+226,550,06,111,ro,Romania,40,Telemobil/Zapp
+226,550,01,31,ro,Romania,40,Vodafone
+226,550,04,79,ro,Romania,40,Telemobil/Zapp
+250,592,12,303,ru,Russian Federation,79,Baykal Westcom
+250,592,28,655,ru,Russian Federation,79,BeeLine/VimpelCom
+250,592,10,271,ru,Russian Federation,79,DTC/Don Telecom
+250,592,13,319,ru,Russian Federation,79,Kuban GSM
+250,592,35,863,ru,Russian Federation,79,MOTIV/LLC Ekaterinburg-2000
+250,592,02,47,ru,Russian Federation,79,Megafon
+250,592,01,31,ru,Russian Federation,79,MTS
+250,592,03,63,ru,Russian Federation,79,NCC
+250,592,16,367,ru,Russian Federation,79,NTC
+250,592,19,415,ru,Russian Federation,79,OJSC Altaysvyaz
+250,592,11,287,ru,Russian Federation,79,Orensot
+250,592,92,2351,ru,Russian Federation,79,Printelefone
+250,592,04,79,ru,Russian Federation,79,Sibchallenge
+250,592,44,1103,ru,Russian Federation,79,StavTelesot
+250,592,20,527,ru,Russian Federation,79,Tele2/ECC/Volgogr.
+250,592,93,2367,ru,Russian Federation,79,Telecom XXL
+250,592,39,927,ru,Russian Federation,79,UralTel
+250,592,17,383,ru,Russian Federation,79,UralTel
+250,592,99,2463,ru,Russian Federation,79,BeeLine/VimpelCom
+250,592,05,95,ru,Russian Federation,79,Yenisey Telecom
+250,592,15,351,ru,Russian Federation,79,ZAO SMARTS
+250,592,07,127,ru,Russian Federation,79,ZAO SMARTS
+635,1589,14,335,rw,Rwanda,250,Airtel
+635,1589,10,271,rw,Rwanda,250,MTN/Rwandacell
+635,1589,13,319,rw,Rwanda,250,TIGO
+356,854,110,272,kn,Saint Kitts and Nevis,1869,Cable & Wireless
+356,854,50,1295,kn,Saint Kitts and Nevis,1869,Digicel
+356,854,70,1807,kn,Saint Kitts and Nevis,1869,UTS Cariglobe
+358,856,110,272,lc,Saint Lucia,1758,Cable & Wireless
+358,856,30,783,lc,Saint Lucia,1758,Cingular Wireless
+358,856,50,1295,lc,Saint Lucia,1758,Digicel (St Lucia) Limited
+549,1353,27,639,ws,Samoa,685,Samoatel Mobile
+549,1353,01,31,ws,Samoa,685,Telecom Samoa Cellular Ltd.
+292,658,01,31,sm,San Marino,378,Prima Telecom
+626,1574,01,31,st,Sao Tome & Principe,239,CSTmovel
+901,2305,14,335,n/a,Satellite Networks,870,AeroMobile
+901,2305,11,287,n/a,Satellite Networks,870,InMarSAT
+901,2305,12,303,n/a,Satellite Networks,870,Maritime Communications Partner AS
+901,2305,05,95,n/a,Satellite Networks,870,Thuraya Satellite
+420,1056,07,127,sa,Saudi Arabia,966,Zain
+420,1056,03,63,sa,Saudi Arabia,966,Etihad/Etisalat/Mobily
+420,1056,06,111,sa,Saudi Arabia,966,Lebara Mobile
+420,1056,01,31,sa,Saudi Arabia,966,STC/Al Jawal
+420,1056,05,95,sa,Saudi Arabia,966,Virgin Mobile
+420,1056,04,79,sa,Saudi Arabia,966,Zain
+608,1544,03,63,sn,Senegal,221,Expresso/Sudatel
+608,1544,01,31,sn,Senegal,221,Orange/Sonatel
+608,1544,02,47,sn,Senegal,221,TIGO/Sentel GSM
+220,544,03,63,rs,Serbia,381,MTS/Telekom Srbija
+220,544,01,31,rs,Serbia,381,Telenor/Mobtel
+220,544,02,47,rs,Serbia,381,Telenor/Mobtel
+220,544,05,95,rs,Serbia,381,VIP Mobile
+633,1587,10,271,sc,Seychelles,248,Airtel
+633,1587,01,31,sc,Seychelles,248,C&W
+633,1587,02,47,sc,Seychelles,248,Smartcom
+619,1561,03,63,sl,Sierra Leone,232,Africel
+619,1561,01,31,sl,Sierra Leone,232,Airtel/Zain/Celtel
+619,1561,04,79,sl,Sierra Leone,232,Comium
+619,1561,05,95,sl,Sierra Leone,232,Africel
+619,1561,02,47,sl,Sierra Leone,232,Tigo/Millicom
+619,1561,25,607,sl,Sierra Leone,232,Mobitel
+525,1317,12,303,sg,Singapore,65,GRID Communications Pte Ltd
+525,1317,03,63,sg,Singapore,65,MobileOne Ltd
+525,1317,02,47,sg,Singapore,65,Singtel
+525,1317,01,31,sg,Singapore,65,Singtel
+525,1317,07,127,sg,Singapore,65,Singtel
+525,1317,06,111,sg,Singapore,65,Starhub
+525,1317,05,95,sg,Singapore,65,Starhub
+231,561,03,63,sk,Slovakia,421,4Ka
+231,561,06,111,sk,Slovakia,421,O2
+231,561,01,31,sk,Slovakia,421,Orange
+231,561,05,95,sk,Slovakia,421,Orange
+231,561,15,351,sk,Slovakia,421,Orange
+231,561,04,79,sk,Slovakia,421,T-Mobile
+231,561,02,47,sk,Slovakia,421,T-Mobile
+231,561,99,2463,sk,Slovakia,421,Zeleznice Slovenskej republiky (ZSR)
+293,659,41,1055,si,Slovenia,386,Mobitel
+293,659,40,1039,si,Slovenia,386,SI.Mobil
+293,659,10,271,si,Slovenia,386,Slovenske zeleznice d.o.o.
+293,659,64,1615,si,Slovenia,386,T-2 d.o.o.
+293,659,70,1807,si,Slovenia,386,Telemach/TusMobil/VEGA
+540,1344,02,47,sb,Solomon Islands,677,bemobile
+540,1344,10,271,sb,Solomon Islands,677,BREEZE
+540,1344,01,31,sb,Solomon Islands,677,BREEZE
+637,1591,30,783,so,Somalia,252,Golis
+637,1591,19,415,so,Somalia,252,HorTel
+637,1591,60,1551,so,Somalia,252,Nationlink
+637,1591,10,271,so,Somalia,252,Nationlink
+637,1591,04,79,so,Somalia,252,Somafone
+637,1591,71,1823,so,Somalia,252,Somtel
+637,1591,82,2095,so,Somalia,252,Somtel
+637,1591,01,31,so,Somalia,252,Telesom
+655,1621,02,47,za,South Africa,27,8.ta
+655,1621,21,543,za,South Africa,27,Cape Town Metropolitan
+655,1621,07,127,za,South Africa,27,Cell C
+655,1621,10,271,za,South Africa,27,MTN
+655,1621,12,303,za,South Africa,27,MTN
+655,1621,06,111,za,South Africa,27,Sentech
+655,1621,01,31,za,South Africa,27,Vodacom
+655,1621,19,415,za,South Africa,27,Wireless Business Solutions (Pty) Ltd
+659,1625,03,63,ss,South Sudan (Republic of),,Gemtel Ltd (South Sudan
+659,1625,02,47,ss,South Sudan (Republic of),,MTN South Sudan (South Sudan
+659,1625,04,79,ss,South Sudan (Republic of),,Network of The World Ltd (NOW) (South Sudan
+659,1625,06,111,ss,South Sudan (Republic of),,Zain South Sudan (South Sudan
+214,532,23,575,es,Spain,34,Lycamobile SL
+214,532,22,559,es,Spain,34,Digi Spain Telecom SL
+214,532,15,351,es,Spain,34,BT Espana  SAU
+214,532,18,399,es,Spain,34,Cableuropa SAU (ONO)
+214,532,08,143,es,Spain,34,Euskaltel SA
+214,532,20,527,es,Spain,34,fonYou Wireless SL
+214,532,32,815,es,Spain,34,ION Mobile
+214,532,21,543,es,Spain,34,Jazz Telecom SAU
+214,532,26,623,es,Spain,34,Lleida
+214,532,25,607,es,Spain,34,Lycamobile SL
+214,532,07,127,es,Spain,34,Movistar
+214,532,05,95,es,Spain,34,Movistar
+214,532,09,159,es,Spain,34,Orange
+214,532,03,63,es,Spain,34,Orange
+214,532,11,287,es,Spain,34,Orange
+214,532,17,383,es,Spain,34,R Cable y Telec. Galicia SA
+214,532,19,415,es,Spain,34,Simyo/KPN
+214,532,16,367,es,Spain,34,Telecable de Asturias SA
+214,532,27,639,es,Spain,34,Truphone
+214,532,01,31,es,Spain,34,Vodafone
+214,532,06,111,es,Spain,34,Vodafone Enabler Espana SL
+214,532,04,79,es,Spain,34,Yoigo
+413,1043,05,95,lk,Sri Lanka,94,Airtel
+413,1043,03,63,lk,Sri Lanka,94,Etisalat/Tigo
+413,1043,08,143,lk,Sri Lanka,94,H3G Hutchison
+413,1043,01,31,lk,Sri Lanka,94,Mobitel Ltd.
+413,1043,02,47,lk,Sri Lanka,94,MTN/Dialog
+308,776,01,31,pm,St. Pierre & Miquelon,508,Ameris
+360,864,110,272,vc,St. Vincent & Gren.,1784,C & W
+360,864,100,256,vc,St. Vincent & Gren.,1784,Cingular
+360,864,10,271,vc,St. Vincent & Gren.,1784,Cingular
+360,864,050,80,vc,St. Vincent & Gren.,1784,Digicel
+360,864,70,1807,vc,St. Vincent & Gren.,1784,Digicel
+634,1588,00,15,sd,Sudan,249,Canar Telecom
+634,1588,02,47,sd,Sudan,249,MTN
+634,1588,22,559,sd,Sudan,249,MTN
+634,1588,15,351,sd,Sudan,249,Sudani One
+634,1588,07,127,sd,Sudan,249,Sudani One
+634,1588,08,143,sd,Sudan,249,Vivacell
+634,1588,05,95,sd,Sudan,249,Vivacell
+634,1588,01,31,sd,Sudan,249,ZAIN/Mobitel
+634,1588,06,111,sd,Sudan,249,ZAIN/Mobitel
+746,1862,03,63,sr,Suriname,597,Digicel
+746,1862,01,31,sr,Suriname,597,Telesur
+746,1862,02,47,sr,Suriname,597,Telecommunicatiebedrijf Suriname (TELESUR)
+746,1862,04,79,sr,Suriname,597,UNIQA
+653,1619,10,271,sz,Swaziland,268,Swazi MTN
+653,1619,01,31,sz,Swaziland,268,SwaziTelecom
+240,576,35,863,se,Sweden,46,42 Telecom AB
+240,576,16,367,se,Sweden,46,42 Telecom AB
+240,576,26,623,se,Sweden,46,Beepsend
+240,576,30,783,se,Sweden,46,NextGen Mobile Ltd (CardBoardFish)
+240,576,28,655,se,Sweden,46,CoolTEL Aps
+240,576,25,607,se,Sweden,46,Digitel Mobile Srl
+240,576,22,559,se,Sweden,46,Eu Tel AB
+240,576,27,639,se,Sweden,46,Fogg Mobile AB
+240,576,18,399,se,Sweden,46,Generic Mobile Systems Sweden AB
+240,576,17,383,se,Sweden,46,Gotalandsnatet AB
+240,576,02,47,se,Sweden,46,H3G Access AB
+240,576,04,79,se,Sweden,46,H3G Access AB
+240,576,36,879,se,Sweden,46,ID Mobile
+240,576,23,575,se,Sweden,46,Infobip Ltd.
+240,576,11,287,se,Sweden,46,Lindholmen Science Park AB
+240,576,12,303,se,Sweden,46,Lycamobile Ltd
+240,576,29,671,se,Sweden,46,Mercury International Carrier Services
+240,576,19,415,se,Sweden,46,Mundio Mobile (Sweden) Ltd
+240,576,10,271,se,Sweden,46,Spring Mobil AB
+240,576,05,95,se,Sweden,46,Svenska UMTS-N
+240,576,14,335,se,Sweden,46,TDC Sverige AB
+240,576,07,127,se,Sweden,46,Tele2 Sverige AB
+240,576,06,111,se,Sweden,46,Telenor (Vodafone)
+240,576,24,591,se,Sweden,46,Telenor (Vodafone)
+240,576,08,143,se,Sweden,46,Telenor (Vodafone)
+240,576,01,31,se,Sweden,46,Telia Mobile
+240,576,13,319,se,Sweden,46,Ventelo Sverige AB
+240,576,20,527,se,Sweden,46,Wireless Maingate AB
+240,576,15,351,se,Sweden,46,Wireless Maingate Nordic AB
+228,552,51,1311,ch,Switzerland,41,BebbiCell AG
+228,552,09,159,ch,Switzerland,41,Comfone AG
+228,552,05,95,ch,Switzerland,41,Comfone AG
+228,552,07,127,ch,Switzerland,41,TDC Sunrise
+228,552,54,1359,ch,Switzerland,41,Lycamobile AG
+228,552,52,1327,ch,Switzerland,41,Mundio Mobile AG
+228,552,03,63,ch,Switzerland,41,Salt/Orange
+228,552,01,31,ch,Switzerland,41,Swisscom
+228,552,12,303,ch,Switzerland,41,TDC Sunrise
+228,552,02,47,ch,Switzerland,41,TDC Sunrise
+228,552,08,143,ch,Switzerland,41,TDC Sunrise
+228,552,53,1343,ch,Switzerland,41,upc cablecom GmbH
+417,1047,02,47,sy,Syrian Arab Republic,963,MTN/Spacetel
+417,1047,09,159,sy,Syrian Arab Republic,963,Syriatel Holdings
+417,1047,01,31,sy,Syrian Arab Republic,963,Syriatel Holdings
+466,1126,68,1679,tw,Taiwan,886,ACeS Taiwan - ACeS Taiwan Telecommunications Co Ltd
+466,1126,05,95,tw,Taiwan,886,Asia Pacific Telecom Co. Ltd (APT)
+466,1126,11,287,tw,Taiwan,886,Chunghwa Telecom LDM
+466,1126,92,2351,tw,Taiwan,886,Chunghwa Telecom LDM
+466,1126,01,31,tw,Taiwan,886,Far EasTone
+466,1126,07,127,tw,Taiwan,886,Far EasTone
+466,1126,06,111,tw,Taiwan,886,Far EasTone
+466,1126,02,47,tw,Taiwan,886,Far EasTone
+466,1126,03,63,tw,Taiwan,886,Far EasTone
+466,1126,10,271,tw,Taiwan,886,Global Mobile Corp.
+466,1126,56,1391,tw,Taiwan,886,International Telecom Co. Ltd (FITEL)
+466,1126,88,2191,tw,Taiwan,886,KG Telecom
+466,1126,99,2463,tw,Taiwan,886,TransAsia
+466,1126,97,2431,tw,Taiwan,886,Taiwan Cellular
+466,1126,93,2367,tw,Taiwan,886,Mobitai
+466,1126,89,2207,tw,Taiwan,886,T-Star/VIBO
+466,1126,09,159,tw,Taiwan,886,VMAX Telecom Co. Ltd
+436,1078,04,79,tk,Tajikistan,992,Babilon-M
+436,1078,05,95,tk,Tajikistan,992,Bee Line
+436,1078,02,47,tk,Tajikistan,992,CJSC Indigo Tajikistan
+436,1078,12,303,tk,Tajikistan,992,Tcell/JC Somoncom
+436,1078,03,63,tk,Tajikistan,992,MLT/TT mobile
+436,1078,01,31,tk,Tajikistan,992,Tcell/JC Somoncom
+640,1600,08,143,tz,Tanzania,255,Benson Informatics Ltd
+640,1600,06,111,tz,Tanzania,255,Dovetel (T) Ltd
+640,1600,09,159,tz,Tanzania,255,Halotel/Viettel Ltd
+640,1600,11,287,tz,Tanzania,255,Smile Communications Tanzania Ltd
+640,1600,07,127,tz,Tanzania,255,Tanzania Telecommunications Company Ltd (TTCL)
+640,1600,02,47,tz,Tanzania,255,TIGO/MIC
+640,1600,01,31,tz,Tanzania,255,Tri Telecomm. Ltd.
+640,1600,04,79,tz,Tanzania,255,Vodacom Ltd
+640,1600,05,95,tz,Tanzania,255,Airtel/ZAIN/Celtel
+640,1600,03,63,tz,Tanzania,255,Zantel/Zanzibar Telecom
+520,1312,20,527,th,Thailand,66,ACeS Thailand - ACeS Regional Services Co Ltd
+520,1312,15,351,th,Thailand,66,ACT Mobile
+520,1312,03,63,th,Thailand,66,Advanced Wireless Networks/AWN
+520,1312,01,31,th,Thailand,66,AIS/Advanced Info Service
+520,1312,23,575,th,Thailand,66,Digital Phone Co.
+520,1312,00,15,th,Thailand,66,Hutch/CAT CDMA
+520,1312,05,95,th,Thailand,66,Total Access (DTAC)
+520,1312,18,399,th,Thailand,66,Total Access (DTAC)
+520,1312,99,2463,th,Thailand,66,True Move/Orange
+520,1312,04,79,th,Thailand,66,True Move/Orange
+514,1300,01,31,tp,Timor-Leste,670,Telin/ Telkomcel
+514,1300,02,47,tp,Timor-Leste,670,Timor Telecom
+615,1557,02,47,tg,Togo,228,Telecel/MOOV
+615,1557,03,63,tg,Togo,228,Telecel/MOOV
+615,1557,01,31,tg,Togo,228,Togo Telecom/TogoCELL
+539,1337,43,1087,to,Tonga,676,Shoreline Communication
+539,1337,01,31,to,Tonga,676,Tonga Communications
+374,884,120,288,tt,Trinidad and Tobago,1868,Bmobile/TSTT
+374,884,12,303,tt,Trinidad and Tobago,1868,Bmobile/TSTT
+374,884,130,304,tt,Trinidad and Tobago,1868,Digicel
+374,884,140,320,tt,Trinidad and Tobago,1868,LaqTel Ltd.
+605,1541,01,31,tn,Tunisia,216,Orange
+605,1541,03,63,tn,Tunisia,216,Oreedo/Orascom
+605,1541,02,47,tn,Tunisia,216,TuniCell/Tunisia Telecom
+605,1541,06,111,tn,Tunisia,216,TuniCell/Tunisia Telecom
+286,646,04,79,tr,Turkey,90,AVEA/Aria
+286,646,03,63,tr,Turkey,90,AVEA/Aria
+286,646,01,31,tr,Turkey,90,Turkcell
+286,646,02,47,tr,Turkey,90,Vodafone-Telsim
+438,1080,01,31,tm,Turkmenistan,993,MTS/Barash Communication
+438,1080,02,47,tm,Turkmenistan,993,Altyn Asyr/TM-Cell
+376,886,350,848,tc,Turks and Caicos Islands,,Cable & Wireless (TCI) Ltd
+376,886,050,80,tc,Turks and Caicos Islands,,Digicel TCI Ltd
+376,886,352,850,tc,Turks and Caicos Islands,,IslandCom Communications Ltd.
+553,1363,01,31,tv,Tuvalu,,Tuvalu Telecommunication Corporation (TTC)
+641,1601,01,31,ug,Uganda,256,Airtel/Celtel
+641,1601,66,1647,ug,Uganda,256,i-Tel Ltd
+641,1601,30,783,ug,Uganda,256,K2 Telecom Ltd
+641,1601,10,271,ug,Uganda,256,MTN Ltd.
+641,1601,14,335,ug,Uganda,256,Orange
+641,1601,33,831,ug,Uganda,256,Smile Communications Uganda Ltd
+641,1601,18,399,ug,Uganda,256,Suretelecom Uganda Ltd
+641,1601,11,287,ug,Uganda,256,Uganda Telecom Ltd.
+641,1601,22,559,ug,Uganda,256,Airtel/Warid
+255,597,06,111,ua,Ukraine,380,Astelit/LIFE
+255,597,05,95,ua,Ukraine,380,Golden Telecom
+255,597,39,927,ua,Ukraine,380,Golden Telecom
+255,597,04,79,ua,Ukraine,380,Intertelecom Ltd (IT)
+255,597,67,1663,ua,Ukraine,380,KyivStar
+255,597,03,63,ua,Ukraine,380,KyivStar
+255,597,21,543,ua,Ukraine,380,Telesystems Of Ukraine CJSC (TSU)
+255,597,07,127,ua,Ukraine,380,TriMob LLC
+255,597,50,1295,ua,Ukraine,380,UMC/MTS
+255,597,02,47,ua,Ukraine,380,Beeline
+255,597,01,31,ua,Ukraine,380,UMC/MTS
+255,597,68,1679,ua,Ukraine,380,Beeline
+424,1060,03,63,ae,United Arab Emirates,971,DU
+431,1073,02,47,ae,United Arab Emirates,971,Etisalat
+424,1060,02,47,ae,United Arab Emirates,971,Etisalat
+430,1072,02,47,ae,United Arab Emirates,971,Etisalat
+234,564,03,63,gb,United Kingdom,44,Airtel/Vodafone
+234,564,77,1919,gb,United Kingdom,44,BT Group
+234,564,76,1903,gb,United Kingdom,44,BT Group
+234,564,92,2351,gb,United Kingdom,44,Cable and Wireless
+234,564,07,127,gb,United Kingdom,44,Cable and Wireless
+234,564,36,879,gb,United Kingdom,44,Cable and Wireless Isle of Man
+234,564,18,399,gb,United Kingdom,44,Cloud9/wire9 Tel.
+235,565,02,47,gb,United Kingdom,44,Everyth. Ev.wh.
+234,564,17,383,gb,United Kingdom,44,FlexTel
+234,564,55,1375,gb,United Kingdom,44,Guernsey Telecoms
+234,564,14,335,gb,United Kingdom,44,HaySystems
+234,564,94,2383,gb,United Kingdom,44,H3G Hutchinson
+234,564,20,527,gb,United Kingdom,44,H3G Hutchinson
+234,564,75,1887,gb,United Kingdom,44,Inquam Telecom Ltd
+234,564,50,1295,gb,United Kingdom,44,Jersey Telecom
+234,564,35,863,gb,United Kingdom,44,JSC Ingenicum
+234,564,26,623,gb,United Kingdom,44,Lycamobile
+234,564,58,1423,gb,United Kingdom,44,Manx Telecom
+234,564,01,31,gb,United Kingdom,44,Mapesbury C. Ltd
+234,564,28,655,gb,United Kingdom,44,Marthon Telecom
+234,564,10,271,gb,United Kingdom,44,O2 Ltd.
+234,564,02,47,gb,United Kingdom,44,O2 Ltd.
+234,564,11,287,gb,United Kingdom,44,O2 Ltd.
+234,564,08,143,gb,United Kingdom,44,OnePhone
+234,564,16,367,gb,United Kingdom,44,Opal Telecom
+234,564,34,847,gb,United Kingdom,44,Everyth. Ev.wh./Orange
+234,564,33,831,gb,United Kingdom,44,Everyth. Ev.wh./Orange
+234,564,19,415,gb,United Kingdom,44,PMN/Teleware
+234,564,12,303,gb,United Kingdom,44,Railtrack Plc
+234,564,22,559,gb,United Kingdom,44,Routotelecom
+234,564,57,1407,gb,United Kingdom,44,Sky UK Limited
+234,564,24,591,gb,United Kingdom,44,Stour Marine
+234,564,37,895,gb,United Kingdom,44,Synectiv Ltd.
+234,564,30,783,gb,United Kingdom,44,Everyth. Ev.wh./T-Mobile
+234,564,31,799,gb,United Kingdom,44,Everyth. Ev.wh./T-Mobile
+234,564,32,815,gb,United Kingdom,44,Everyth. Ev.wh./T-Mobile
+234,564,27,639,gb,United Kingdom,44,Vodafone
+234,564,09,159,gb,United Kingdom,44,Tismi
+234,564,25,607,gb,United Kingdom,44,Truphone
+234,564,51,1311,gb,United Kingdom,44,Jersey Telecom
+234,564,23,575,gb,United Kingdom,44,Vectofone Mobile Wifi
+234,564,91,2335,gb,United Kingdom,44,Vodafone
+234,564,15,351,gb,United Kingdom,44,Vodafone
+234,564,78,1935,gb,United Kingdom,44,Wave Telecom Ltd
+310,784,050,80,us,United States,1,
+310,784,880,2176,us,United States,1,
+310,784,850,2128,us,United States,1,Aeris Comm. Inc.
+310,784,640,1600,us,United States,1,
+310,784,510,1296,us,United States,1,Airtel Wireless LLC
+310,784,190,400,us,United States,1,Unknown
+312,786,090,144,us,United States,1,Allied Wireless Communications Corporation
+311,785,130,304,us,United States,1,
+310,784,710,1808,us,United States,1,Arctic Slope Telephone Association Cooperative Inc.
+310,784,680,1664,us,United States,1,AT&T Wireless Inc.
+310,784,070,112,us,United States,1,AT&T Wireless Inc.
+310,784,560,1376,us,United States,1,AT&T Wireless Inc.
+310,784,410,1040,us,United States,1,AT&T Wireless Inc.
+310,784,380,896,us,United States,1,AT&T Wireless Inc.
+310,784,170,368,us,United States,1,AT&T Wireless Inc.
+310,784,150,336,us,United States,1,AT&T Wireless Inc.
+310,784,980,2432,us,United States,1,AT&T Wireless Inc.
+311,785,810,2064,us,United States,1,Bluegrass Wireless LLC
+311,785,800,2048,us,United States,1,Bluegrass Wireless LLC
+311,785,440,1088,us,United States,1,Bluegrass Wireless LLC
+310,784,900,2304,us,United States,1,Cable & Communications Corp.
+311,785,590,1424,us,United States,1,California RSA No. 3 Limited Partnership
+311,785,500,1280,us,United States,1,Cambridge Telephone Company Inc.
+310,784,830,2096,us,United States,1,Caprock Cellular Ltd.
+310,784,013,19,us,United States,1,Verizon Wireless
+311,785,281,641,us,United States,1,Verizon Wireless
+311,785,486,1158,us,United States,1,Verizon Wireless
+311,785,270,624,us,United States,1,Verizon Wireless
+311,785,286,646,us,United States,1,Verizon Wireless
+311,785,275,629,us,United States,1,Verizon Wireless
+311,785,480,1152,us,United States,1,Verizon Wireless
+310,784,012,18,us,United States,1,Verizon Wireless
+311,785,280,640,us,United States,1,Verizon Wireless
+311,785,485,1157,us,United States,1,Verizon Wireless
+311,785,110,272,us,United States,1,Verizon Wireless
+311,785,285,645,us,United States,1,Verizon Wireless
+311,785,274,628,us,United States,1,Verizon Wireless
+311,785,390,912,us,United States,1,Verizon Wireless
+310,784,010,16,us,United States,1,Verizon Wireless
+311,785,279,633,us,United States,1,Verizon Wireless
+311,785,484,1156,us,United States,1,Verizon Wireless
+310,784,910,2320,us,United States,1,Verizon Wireless
+311,785,284,644,us,United States,1,Verizon Wireless
+311,785,489,1161,us,United States,1,Verizon Wireless
+311,785,273,627,us,United States,1,Verizon Wireless
+311,785,289,649,us,United States,1,Verizon Wireless
+310,784,004,4,us,United States,1,Verizon Wireless
+311,785,278,632,us,United States,1,Verizon Wireless
+311,785,483,1155,us,United States,1,Verizon Wireless
+310,784,890,2192,us,United States,1,Verizon Wireless
+311,785,283,643,us,United States,1,Verizon Wireless
+311,785,488,1160,us,United States,1,Verizon Wireless
+311,785,272,626,us,United States,1,Verizon Wireless
+311,785,288,648,us,United States,1,Verizon Wireless
+311,785,277,631,us,United States,1,Verizon Wireless
+311,785,482,1154,us,United States,1,Verizon Wireless
+310,784,590,1424,us,United States,1,Verizon Wireless
+311,785,282,642,us,United States,1,Verizon Wireless
+311,785,487,1159,us,United States,1,Verizon Wireless
+311,785,271,625,us,United States,1,Verizon Wireless
+311,785,287,647,us,United States,1,Verizon Wireless
+311,785,276,630,us,United States,1,Verizon Wireless
+311,785,481,1153,us,United States,1,Verizon Wireless
+312,786,270,624,us,United States,1,Cellular Network Partnership LLC
+310,784,360,864,us,United States,1,Cellular Network Partnership LLC
+312,786,280,640,us,United States,1,Cellular Network Partnership LLC
+311,785,190,400,us,United States,1,
+310,784,030,48,us,United States,1,
+310,784,480,1152,us,United States,1,Choice Phone LLC
+311,785,120,288,us,United States,1,Choice Phone LLC
+310,784,630,1584,us,United States,1,
+310,784,420,1056,us,United States,1,Cincinnati Bell Wireless LLC
+310,784,180,384,us,United States,1,Cingular Wireless
+310,784,620,1568,us,United States,1,Coleman County Telco /Trans TX
+311,785,040,64,us,United States,1,
+310,784,06,111,us,United States,1,Consolidated Telcom
+310,784,60,1551,us,United States,1,Consolidated Telcom
+310,784,26,623,us,United States,1,
+312,786,380,896,us,United States,1,
+310,784,930,2352,us,United States,1,
+311,785,240,576,us,United States,1,
+310,784,080,128,us,United States,1,
+310,784,700,1792,us,United States,1,Cross Valliant Cellular Partnership
+312,786,030,48,us,United States,1,Cross Wireless Telephone Co.
+311,785,140,320,us,United States,1,Cross Wireless Telephone Co.
+311,785,520,1312,us,United States,1,
+312,786,040,64,us,United States,1,Custer Telephone Cooperative Inc.
+310,784,440,1088,us,United States,1,Dobson Cellular Systems
+310,784,990,2448,us,United States,1,E.N.M.R. Telephone Coop.
+310,784,750,1872,us,United States,1,East Kentucky Network LLC
+312,786,130,304,us,United States,1,East Kentucky Network LLC
+312,786,120,288,us,United States,1,East Kentucky Network LLC
+310,784,090,144,us,United States,1,Edge Wireless LLC
+310,784,610,1552,us,United States,1,Elkhart TelCo. / Epic Touch Co.
+311,785,210,528,us,United States,1,
+311,785,311,785,us,United States,1,Farmers
+311,785,460,1120,us,United States,1,Fisher Wireless Services Inc.
+310,784,430,1072,us,United States,1,GCI Communication Corp.
+311,785,370,880,us,United States,1,GCI Communication Corp.
+310,784,920,2336,us,United States,1,Get Mobile Inc.
+310,784,970,2416,us,United States,1,
+311,785,340,832,us,United States,1,Illinois Valley Cellular RSA 2 Partnership
+311,785,030,48,us,United States,1,
+311,785,410,1040,us,United States,1,Iowa RSA No. 2 Limited Partnership
+312,786,170,368,us,United States,1,Iowa RSA No. 2 Limited Partnership
+310,784,770,1904,us,United States,1,Iowa Wireless Services LLC
+310,784,650,1616,us,United States,1,Jasper
+310,784,870,2160,us,United States,1,Kaplan Telephone Company Inc.
+312,786,180,384,us,United States,1,Keystone Wireless LLC
+310,784,690,1680,us,United States,1,Keystone Wireless LLC
+311,785,310,784,us,United States,1,Lamar County Cellular
+310,784,016,22,us,United States,1,Leap Wireless International Inc.
+311,785,090,144,us,United States,1,
+310,784,040,64,us,United States,1,Matanuska Tel. Assn. Inc.
+310,784,780,1920,us,United States,1,Message Express Co. / Airlink PCS
+311,785,660,1632,us,United States,1,
+311,785,330,816,us,United States,1,Michigan Wireless LLC
+311,785,000,0,us,United States,1,
+310,784,400,1024,us,United States,1,Minnesota South. Wirel. Co. / Hickory
+312,786,010,16,us,United States,1,Missouri RSA No 5 Partnership
+311,785,920,2336,us,United States,1,Missouri RSA No 5 Partnership
+311,785,020,32,us,United States,1,Missouri RSA No 5 Partnership
+311,785,010,16,us,United States,1,Missouri RSA No 5 Partnership
+312,786,220,544,us,United States,1,Missouri RSA No 5 Partnership
+310,784,350,848,us,United States,1,Mohave Cellular LP
+310,784,570,1392,us,United States,1,MTPCS LLC
+310,784,290,656,us,United States,1,NEP Cellcorp Inc.
+310,784,34,847,us,United States,1,Nevada Wireless LLC
+311,785,380,896,us,United States,1,
+310,784,600,1536,us,United States,1,New-Cell Inc.
+311,785,100,256,us,United States,1,
+311,785,300,768,us,United States,1,Nexus Communications Inc.
+310,784,130,304,us,United States,1,North Carolina RSA 3 Cellular Tel. Co.
+311,785,610,1552,us,United States,1,North Dakota Network Company
+312,786,230,560,us,United States,1,North Dakota Network Company
+310,784,450,1104,us,United States,1,Northeast Colorado Cellular Inc.
+311,785,710,1808,us,United States,1,Northeast Wireless Networks LLC
+310,784,670,1648,us,United States,1,Northstar
+310,784,011,17,us,United States,1,Northstar
+311,785,420,1056,us,United States,1,Northwest Missouri Cellular Limited Partnership
+310,784,540,1344,us,United States,1,
+310,784,760,1888,us,United States,1,Panhandle Telephone Cooperative Inc.
+310,784,580,1408,us,United States,1,PCS ONE
+311,785,170,368,us,United States,1,PetroCom
+311,785,670,1648,us,United States,1,Pine Belt Cellular Inc.
+311,785,080,128,us,United States,1,
+310,784,790,1936,us,United States,1,
+310,784,100,256,us,United States,1,Plateau Telecommunications Inc.
+310,784,940,2368,us,United States,1,Poka Lambro Telco Ltd.
+311,785,540,1344,us,United States,1,
+311,785,730,1840,us,United States,1,
+310,784,500,1280,us,United States,1,Public Service Cellular Inc.
+312,786,160,352,us,United States,1,RSA 1 Limited Partnership
+311,785,430,1072,us,United States,1,RSA 1 Limited Partnership
+311,785,350,848,us,United States,1,Sagebrush Cellular Inc.
+311,785,910,2320,us,United States,1,
+310,784,46,1135,us,United States,1,SIMMETRY
+311,785,260,608,us,United States,1,SLO Cellular Inc / Cellular One of San Luis
+310,784,320,800,us,United States,1,Smith Bagley Inc.
+310,784,15,351,us,United States,1,Unknown
+316,790,011,17,us,United States,1,Southern Communications Services Inc.
+312,786,530,1328,us,United States,1,Sprint Spectrum
+311,785,490,1168,us,United States,1,Sprint Spectrum
+310,784,120,288,us,United States,1,Sprint Spectrum
+316,790,010,16,us,United States,1,Sprint Spectrum
+312,786,190,400,us,United States,1,Sprint Spectrum
+311,785,880,2176,us,United States,1,Sprint Spectrum
+311,785,870,2160,us,United States,1,Sprint Spectrum
+310,784,200,512,us,United States,1,T-Mobile
+310,784,250,592,us,United States,1,T-Mobile
+310,784,160,352,us,United States,1,T-Mobile
+310,784,240,576,us,United States,1,T-Mobile
+310,784,660,1632,us,United States,1,T-Mobile
+310,784,230,560,us,United States,1,T-Mobile
+310,784,31,799,us,United States,1,T-Mobile
+310,784,220,544,us,United States,1,T-Mobile
+310,784,270,624,us,United States,1,T-Mobile
+310,784,210,528,us,United States,1,T-Mobile
+310,784,260,608,us,United States,1,T-Mobile
+310,784,330,816,us,United States,1,T-Mobile
+310,784,800,2048,us,United States,1,T-Mobile
+310,784,300,768,us,United States,1,T-Mobile
+310,784,280,640,us,United States,1,T-Mobile
+310,784,310,784,us,United States,1,T-Mobile
+311,785,740,1856,us,United States,1,
+310,784,740,1856,us,United States,1,Telemetrix Inc.
+310,784,14,335,us,United States,1,Testing
+310,784,950,2384,us,United States,1,Unknown
+310,784,860,2144,us,United States,1,Texas RSA 15B2 Limited Partnership
+311,785,830,2096,us,United States,1,Thumb Cellular Limited Partnership
+311,785,050,80,us,United States,1,Thumb Cellular Limited Partnership
+310,784,460,1120,us,United States,1,TMP Corporation
+310,784,490,1168,us,United States,1,Triton PCS
+312,786,290,656,us,United States,1,Uintah Basin Electronics Telecommunications Inc.
+311,785,860,2144,us,United States,1,Uintah Basin Electronics Telecommunications Inc.
+310,784,960,2400,us,United States,1,Uintah Basin Electronics Telecommunications Inc.
+310,784,020,32,us,United States,1,Union Telephone Co.
+311,785,220,544,us,United States,1,United States Cellular Corp.
+310,784,730,1840,us,United States,1,United States Cellular Corp.
+311,785,650,1616,us,United States,1,United Wireless Communications Inc.
+310,784,38,911,us,United States,1,USA 3650 AT&T
+310,784,520,1312,us,United States,1,VeriSign
+310,784,003,3,us,United States,1,Unknown
+310,784,23,575,us,United States,1,Unknown
+310,784,24,591,us,United States,1,Unknown
+310,784,25,607,us,United States,1,Unknown
+310,784,530,1328,us,United States,1,West Virginia Wireless
+310,784,26,623,us,United States,1,Unknown
+310,784,340,832,us,United States,1,Westlink Communications LLC
+311,785,150,336,us,United States,1,
+311,785,070,112,us,United States,1,Wisconsin RSA #7 Limited Partnership
+310,784,390,912,us,United States,1,Yorkville Telephone Cooperative
+748,1864,01,31,uy,Uruguay,598,Ancel/Antel
+748,1864,03,63,uy,Uruguay,598,Ancel/Antel
+748,1864,10,271,uy,Uruguay,598,Claro/AM Wireless
+748,1864,07,127,uy,Uruguay,598,MOVISTAR
+434,1076,04,79,uz,Uzbekistan,998,Bee Line/Unitel
+434,1076,01,31,uz,Uzbekistan,998,Buztel
+434,1076,07,127,uz,Uzbekistan,998,MTS/Uzdunrobita
+434,1076,05,95,uz,Uzbekistan,998,Ucell/Coscom
+434,1076,02,47,uz,Uzbekistan,998,Uzmacom
+541,1345,05,95,vu,Vanuatu,678,DigiCel
+541,1345,01,31,vu,Vanuatu,678,SMILE
+734,1844,03,63,ve,Venezuela,58,DigiTel C.A.
+734,1844,02,47,ve,Venezuela,58,DigiTel C.A.
+734,1844,01,31,ve,Venezuela,58,DigiTel C.A.
+734,1844,06,111,ve,Venezuela,58,Movilnet C.A.
+734,1844,04,79,ve,Venezuela,58,Movistar/TelCel
+452,1106,07,127,vn,Viet Nam,84,Beeline
+452,1106,01,31,vn,Viet Nam,84,Mobifone
+452,1106,03,63,vn,Viet Nam,84,S-Fone/Telecom
+452,1106,05,95,vn,Viet Nam,84,VietnaMobile
+452,1106,08,143,vn,Viet Nam,84,Viettel Mobile
+452,1106,06,111,vn,Viet Nam,84,Viettel Mobile
+452,1106,04,79,vn,Viet Nam,84,Viettel Mobile
+452,1106,02,47,vn,Viet Nam,84,Vinaphone
+376,886,50,1295,vi,Virgin Islands U.S.,1340,Digicel
+421,1057,04,79,ye,Yemen,967,HITS/Y Unitel
+421,1057,02,47,ye,Yemen,967,MTN/Spacetel
+421,1057,01,31,ye,Yemen,967,Sabaphone
+421,1057,03,63,ye,Yemen,967,Yemen Mob. CDMA
+645,1605,03,63,zm,Zambia,260,Zamtel/Cell Z/MTS
+645,1605,02,47,zm,Zambia,260,MTN/Telecel
+645,1605,01,31,zm,Zambia,260,Airtel/Zain/Celtel
+648,1608,04,79,zw,Zimbabwe,263,Econet
+648,1608,01,31,zw,Zimbabwe,263,Net One
+648,1608,03,63,zw,Zimbabwe,263,Telecel
diff --git a/config/client_config/onoff_huawei_hilink.sh b/config/client_config/onoff_huawei_hilink.sh
new file mode 100644
index 00000000..9b3f8413
--- /dev/null
+++ b/config/client_config/onoff_huawei_hilink.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+# connect/disconnect Huawei mobile data stick in Hilink mode (e.g. E3372h)
+# ========================================================================
+#
+# options: -u, --user       - user name (default "admin")
+#          -P, --password   - password
+#          -h, --host       - host ip address (default 192.168.8.1)
+#          -d, --devname    - device name (IP is extracted using default route)
+#          -p, --pin        - PIN of SIM card
+#          -c, --connect    - connect 0/1 to set datamode off/on
+#
+# required software: curl, base64, sha256sum
+#
+# zbchristian 2021
+
+# include the hilink API (defaults: hilink_user=admin, hilink_host=192.168.8.1)
+source /usr/local/sbin/huawei_hilink_api.sh
+
+# include the raspap helper functions
+source /usr/local/sbin/raspap_helpers.sh
+
+datamode=""
+devname=""
+while [ -n "$1" ]; do
+    case "$1" in
+        -u|--user)      hilink_user="$2"; shift ;;
+        -P|--password)  hilink_password="$2"; shift ;;
+        -p|--pin)       if [[ $2 =~ ^[0-9]{4,8} ]]; then hilink_pin="$2"; fi; shift ;;
+        -h|--host)      hilink_host="$2"; shift ;;
+        -d|--devname)   devname="$2"; shift ;;
+        -c|--connect)   if [ "$2" = "1" ]; then datamode=1; else datamode=0; fi; shift ;;
+    esac
+    shift
+done
+
+if [ ! -z "$devname" ]; then # get host IP for given device name
+    gw=$(ip route list |  sed -rn "s/default via (([0-9]{1,3}\.){3}[0-9]{1,3}).*dev $devname.*/\1/p")
+    if [ -z "$gw" ]; then exit; fi  # device name not found in routing list -> abort 
+    hilink_host="$gw"
+fi
+
+if [ -z "$hilink_password" ] || [ -z "$hilink_pin" ]; then 
+    _getAuthRouter
+    if [ ! -z "$raspap_user" ]; then hilink_user="$raspap_user"; fi
+    if [ ! -z "$raspap_password" ]; then hilink_password="$raspap_password"; fi
+    if [ ! -z "$raspap_pin" ]; then hilink_pin="$raspap_pin"; fi
+fi
+
+echo  "Hilink: switch device at $hilink_host to mode $datamode" | systemd-cat
+
+status="usage: -c 1/0 to disconnect/connect"
+if [ -z "$datamode" ] || [ ! _initHilinkAPI ]; then echo "Hilink: failed - return status: $status"; exit; fi
+
+if ! _switchMobileData "$datamode"; then echo -n "Hilink: could not switch the data mode on/off . Error: ";_getErrorText; fi
+
+if ! _closeHilinkAPI; then echo -n "Hilink: failed - return status: $status . Error: ";_getErrorText; fi
+
+
diff --git a/config/client_config/ppp0_route.sh b/config/client_config/ppp0_route.sh
new file mode 100644
index 00000000..f1d6bc3d
--- /dev/null
+++ b/config/client_config/ppp0_route.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# get gateway and ip address of UTMS modem connected to ppp0
+# add a default route 
+# called by /etc/network/interfaces.d/ppp0, when device is coming up
+#
+ppp0rt=""
+let i=1
+while [ -z "$ppp0rt" ] ; do
+  let i+=1
+  if [ $i -gt 20 ]; then
+    exit 1
+  fi
+  sleep 1
+  ppp0rt=`ip route list | grep -m 1 ppp0`
+done
+gate=`echo $ppp0rt |  sed -rn 's/(([0-9]{1,3}\.){3}[0-9]{1,3}).*ppp0.*src (([0-9]{1,3}\.){3}[0-9]{1,3})/\1/p'`
+src=`echo $ppp0rt |  sed -rn 's/(([0-9]{1,3}\.){3}[0-9]{1,3}).*ppp0.*src (([0-9]{1,3}\.){3}[0-9]{1,3})/\3/p'`
+
+ip route add default via $gate proto dhcp src $src metric 10
+exit 0
diff --git a/config/client_config/ppp0_setpin.sh b/config/client_config/ppp0_setpin.sh
new file mode 100644
index 00000000..74c1b415
--- /dev/null
+++ b/config/client_config/ppp0_setpin.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# in case /dev/ttyUSB0 does not exist, wait for it at most 30 seconds
+let i=1
+while ! test -c /dev/ttyUSB0; do
+  let i+=1
+  if [ $i -gt 2 ]; then
+    logger -s -t setpin "/dev/ttyUSB0 does not exist"
+    exit 3
+  fi
+  logger -s -t setpin "waiting 3 seconds for /dev/ttyUSB0"
+  sleep 3
+done
+# check for pin and set it if necessary
+wvdial pinstatus 2>&1 | grep -q '^+CPIN: READY'
+if [ $? -eq 0 ]; then
+  logger -s -t setpin "SIM card is ready to use :-)"
+else
+  logger -s -t setpin "setting PIN"
+  wvdial pin 2>/dev/null
+fi
+exit 0
diff --git a/config/client_config/raspap_helpers.sh b/config/client_config/raspap_helpers.sh
new file mode 100644
index 00000000..a20ba309
--- /dev/null
+++ b/config/client_config/raspap_helpers.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+# 
+# Helper functions to extract informations from RaspAP config/settings
+#
+# zbchristian 2021
+#
+# get the values of a RaspAP config variable
+# call: _getRaspapConfig RASPAP_MOBILEDATA_CONFIG
+
+raspap_webroot="/var/www/html"
+
+function _getWebRoot() {
+    local path
+    path=$(cat /etc/lighttpd/lighttpd.conf | sed -rn "s/server.document-root \s*= \"([^ \s]*)\"/\1/p")
+    if [ ! -z "$path" ]; then raspap_webroot="$path"; fi
+    if [ -z "$path" ]; then return 1; else return 0; fi
+}
+
+# expand an RaspAP config variable utilizing PHP
+function _getRaspapConfig() {
+    local conf var
+    raspap_config=""
+    var="$1"
+    if [ ! -z "$var" ]; then 
+        if ! _getWebRoot; then return 1; fi
+        conf="$raspap_webroot/includes/config.php"
+        if [ -f "$conf" ]; then
+            conf=$(php -r 'include "'$conf'"; echo '$var';' 2> /dev/null)
+            if [ ! -z "$conf" ] && [ -d ${conf%/*} ]; then raspap_config="$conf"; fi
+        fi
+    fi
+    if [ -z "$raspap_config" ]; then return 1; else return 0; fi
+}
+
+# Username and password for mobile data devices is stored in a file (RASPAP_MOBILEDATA_CONFIG)  
+function _getAuthRouter() {
+    local mfile mdata pin user pw
+    if ! _getRaspapConfig "RASPI_MOBILEDATA_CONFIG"; then return 1; fi
+    mfile="$raspap_config" 
+    if [ -f $mfile ]; then      
+        mdata=$(cat "$mfile")
+        pin=$(echo "$mdata" | sed -rn 's/pin = ([^ \s]*)/\1/ip')
+        if [ ! -z "$pin" ]; then raspap_pin="$pin"; fi
+        user=$(echo "$mdata" | sed -rn 's/router_user = ([^ \s]*)/\1/ip')
+        if [ ! -z "$user" ]; then raspap_user="$user"; fi
+        pw=$(echo "$mdata" | sed -rn 's/router_pw = ([^ \s]*)/\1/ip')
+        if [ ! -z "$pw" ]; then raspap_password="$pw"; fi
+        return 0
+    fi
+    return 1
+}
diff --git a/config/client_config/start_huawei_hilink@.service b/config/client_config/start_huawei_hilink@.service
new file mode 100644
index 00000000..b735b1b1
--- /dev/null
+++ b/config/client_config/start_huawei_hilink@.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Bring up HUAWEI mobile hilink device
+			
+[Service]
+Type=oneshot
+RemainAfterExit=no
+ExecStart=/bin/sleep 15
+ExecStart=/usr/local/sbin/onoff_huawei_hilink.sh -c 1 -d %i
+
+[Install]
+Alias=start_ltemodem.service
+WantedBy=multi-user.target
+
diff --git a/config/client_config/start_ppp0_device.service b/config/client_config/start_ppp0_device.service
new file mode 100644
index 00000000..2fc88e5c
--- /dev/null
+++ b/config/client_config/start_ppp0_device.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Start ppp0 interface
+BindsTo=dev-ttyUSB0.device
+After=dev-ttyUSB0.device
+
+[Service]
+Type=forking
+RemainAfterExit=yes
+ExecStart=/sbin/ifup ppp0
+ExecStop=/sbin/ifdown ppp0
+
+[Install]
+Alias=startppp0.service
+WantedBy=multi-user.target
+
+
diff --git a/config/client_config/wvdial.conf b/config/client_config/wvdial.conf
new file mode 100644
index 00000000..8de5b3c6
--- /dev/null
+++ b/config/client_config/wvdial.conf
@@ -0,0 +1,21 @@
+[Dialer Defaults]
+Modem Type = Analog Modem
+ISDN = 0
+Baud = 9600
+Modem = /dev/ttyUSB0
+
+[Dialer pin]
+Init1 = AT+CPIN="XXXX"
+
+[Dialer connect]
+Init1 = ATZ
+Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
+Init3 = AT+CGDCONT=1,"IP","web.vodafone.de"
+New PPPD = yes
+Phone = *99#
+Password = me
+Username = vodafone
+Stupid Mode = 1
+
+[Dialer pinstatus]
+Init1 = AT+CPIN?
diff --git a/config/client_udev_prototypes.json b/config/client_udev_prototypes.json
new file mode 100644
index 00000000..bd49f419
--- /dev/null
+++ b/config/client_udev_prototypes.json
@@ -0,0 +1,64 @@
+{
+  "info": "UDEV rules for different client types. $...$ expressions will be replaces automatically ($MAC$, $IDVENDOR$, $IDPRODUCT$, $DEVNAME$)",
+  "udev_rules_file": "/etc/udev/rules.d/80-raspap-net-devices.rules",
+  "script_path": "/usr/local/sbin",
+  "network_devices": [
+    {
+     "type": "eth", 
+     "type_info": "ethernet port", 
+     "clientid": 0,
+     "comment": "standard ethernet port",
+     "name_prefix": "eth",
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\", ENV{raspapType}=\"eth\" "
+    },
+    {
+     "type": "usb", 
+     "type_info": "usb network interface", 
+     "clientid": 1,
+     "comment": "network interface - e.g. USB tethering of an Android phone ",
+     "name_prefix": "usb",
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}=\"eth\" "
+    },
+    {
+     "type": "wlan", 
+     "type_info": "wireless adapter", 
+     "clientid": 2,
+     "comment": "standard wireless interface",
+     "name_prefix": "wlan",
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\", ENV{raspapType}=\"wlan\" "
+    },
+    {
+     "type": "ppp", 
+     "type_info": "mobile data modem", 
+     "clientid": 3,
+     "name_prefix": "ppp",
+     "comment": "recognized mobile data modems are automatically named as ppp0-9. Renaming is not possible. Dialin service relies on the name",
+     "udev_rule": "SUBSYSTEM==\"tty\", KERNEL==\"ttyUSB0\", TAG+=\"systemd\", ENV{SYSTEMD_WANTS}=\"start start_ppp0_device.service\" "
+    },
+    {
+     "type": "hilink",
+     "type_info": "Huawei Hilink",
+     "clientid": 4,
+     "comment": "Huawei mobile data device in router mode. Control via HTTP. Device is connecting via service",
+     "name_prefix": "hilink",
+     "default_ip": "192.168.8.1",
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}=\"hilink\", TAG+=\"systemd\", ENV{SYSTEMD_WANTS}=\"start start_huawei_hilink@hilink%n.service\" "
+    },
+    {
+     "type": "phone", 
+     "type_info": "USB tethered phone", 
+     "clientid": 5,
+     "comment": "ethernet access provided by tethering from phone via USB",
+     "name_prefix": "phone",
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}=\"phone\" "
+    },
+    {
+     "type": "tun", 
+     "type_info": "tunnel device", 
+     "clientid": -1,
+     "comment": "tunneling device used by OpenVPN",
+     "name_prefix": "tun"
+    }
+  ]
+}
+
diff --git a/config/config.php b/config/config.php
index b0dc1928..44670716 100755
--- a/config/config.php
+++ b/config/config.php
@@ -15,12 +15,15 @@ define('RASPI_ADBLOCK_LISTPATH', '/etc/raspap/adblock/');
 define('RASPI_ADBLOCK_CONFIG', RASPI_DNSMASQ_PREFIX.'adblock.conf');
 define('RASPI_HOSTAPD_CONFIG', '/etc/hostapd/hostapd.conf');
 define('RASPI_DHCPCD_CONFIG', '/etc/dhcpcd.conf');
+define('RASPI_DHCPCD_LOG', '/var/log/dnsmasq.log');
 define('RASPI_WPA_SUPPLICANT_CONFIG', '/etc/wpa_supplicant/wpa_supplicant.conf');
 define('RASPI_HOSTAPD_CTRL_INTERFACE', '/var/run/hostapd');
 define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
+define('RASPI_OPENVPN_CLIENT_PATH', '/etc/openvpn/client/');
 define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
-define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
+define('RASPI_WIREGUARD_PATH', '/etc/wireguard/');
+define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
diff --git a/config/defaults.json b/config/defaults.json
index 9055870d..6acb3c92 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -33,6 +33,25 @@
     "uap0": {
       "dhcp-range": [ "192.168.200.50,192.168.200.150,12h" ]
     }
+  },
+  "wireguard": {
+    "server": {
+      "Address": [ "10.8.2.1/24" ],
+      "ListenPort": [ "51820" ],
+      "DNS": [ "9.9.9.9" ],
+      "PostUp": [ "iptables -A FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A  POSTROUTING -o wg0 -j MASQUERADE" ],
+      "PostDown": [ "iptables -D FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D  POSTROUTING -o wg0 -j MASQUERADE" ]
+    },
+    "peer": {
+      "Address": [ "10.8.1.2/24" ],
+      "Endpoint": [ "10.8.2.1:51820" ],
+      "ListenPort": [ "21841" ],
+      "AllowedIPs": ["10.8.2.0/24"],
+      "PersistentKeepalive": [ "15" ]
+    }
+  },
+  "txpower": {
+    "dbm": [ "auto", "30", "20", "17", "10", "6", "3", "1", "0" ]
   }
 }
 
diff --git a/config/iptables_rules.json b/config/iptables_rules.json
new file mode 100644
index 00000000..d9b6f5f9
--- /dev/null
+++ b/config/iptables_rules.json
@@ -0,0 +1,205 @@
+{
+    "info": "IPTABLES rules. $...$ expressions will be replaces automatically ($INTERFACE$, $PORT$, $IPADDRESS$)",
+    "rules_v4_file": "/etc/iptables/rules.v4",
+    "rules_v6_file": "/etc/iptables/rules.v6",
+    "order": [ "pre_rules", "restriction_rules", "main_rules", "exception_rules" ],
+    "pre_rules": [
+        {
+            "name": "firewall policies",
+            "fw-state": true,
+            "comment": "Policy rules (firewall)",
+            "rules": [
+                "-P INPUT DROP",
+                "-P FORWARD ACCEPT",
+                "-P OUTPUT ACCEPT",
+                "-t nat -P PREROUTING ACCEPT",
+                "-t nat -P POSTROUTING ACCEPT",
+                "-t nat -P INPUT ACCEPT",
+                "-t nat -P OUTPUT ACCEPT"
+            ]
+        },
+        {
+            "name": "policies",
+            "fw-state": false,
+            "comment": "Policy rules",
+            "rules": [
+                "-P INPUT ACCEPT",
+                "-P FORWARD ACCEPT",
+                "-P OUTPUT ACCEPT",
+                "-t nat -P PREROUTING ACCEPT",
+                "-t nat -P POSTROUTING ACCEPT",
+                "-t nat -P INPUT ACCEPT",
+                "-t nat -P OUTPUT ACCEPT"
+            ]
+        },
+        {
+            "name": "loopback",
+            "fw-state": true,
+            "comment": "allow loopback device",
+            "rules": [
+                "-A INPUT -i lo -j ACCEPT",
+                "-A OUTPUT -o lo -j ACCEPT"
+            ]
+        },
+        {
+            "name": "ping",
+            "fw-state": true,
+            "ip-version": 4,
+            "comment": "allow ping request and echo",
+            "rules": [
+                "-A INPUT -p icmp --icmp-type 8/0 -j ACCEPT",
+                "-A INPUT -p icmp --icmp-type 0/0 -j ACCEPT"
+            ]
+        },
+        {
+            "name": "ping IPv6",
+            "fw-state": true,
+            "ip-version": 6,
+            "comment": "allow ping request and echo for IPv6",
+            "rules": [
+                "-A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT",
+                "-A INPUT -p icmpv6 --icmpv6-type echo-reply -j ACCEPT"
+            ]
+        },
+        {
+            "name": "ntp",
+            "fw-state": true,
+            "comment": "allow ntp request via udp (tcp should work w/o rule)",
+            "rules": [
+                "-A INPUT -p udp --sport 123 -j ACCEPT"
+            ]
+        },
+        {
+            "name": "dns",
+            "fw-state": true,
+            "comment": "allow dns request via tcp and udp",
+            "rules": [
+                "-A INPUT -p udp -m multiport --sport 53,853 -j ACCEPT",
+                "-A INPUT -p tcp -m multiport --sport 53,853 -j ACCEPT"
+            ]
+        }
+    ],
+    "main_rules": [
+        {
+            "name": "accesspoint",
+            "fw-state": true,
+            "comment": "Access point interface by default no restrictions",
+            "dependson": [
+                    { "var": "ap-device", "type": "string", "replace": "$INTERFACE$" }
+            ],
+            "rules": [
+                    "-A INPUT -i $INTERFACE$ -j ACCEPT",
+                    "-A OUTPUT -o $INTERFACE$ -j ACCEPT"
+            ]
+        },
+        {
+            "name": "NAT for access point",
+            "comment": "Masquerading needed for access point",
+            "rules": [
+                "-t nat -A POSTROUTING -j MASQUERADE"
+            ]
+        },
+        {
+            "name": "clients",
+            "fw-state": true,
+            "comment": "Rules for client interfaces (includes tun device)",
+            "rules": [
+                "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT"
+            ]
+        },
+        {
+            "name": "openvpn",
+            "comment": "Rules for tunnel device (tun)",
+            "ip-version": 4,
+            "dependson": [
+                  { "var": "openvpn-enable", "type": "bool" },
+                  { "var": "openvpn-serverip", "type": "string", "replace": "$IPADDRESS$" },
+                  { "var": "ap-device", "type": "string", "replace": "$INTERFACE$" }
+            ],
+            "rules": [
+                "-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT",
+                "-A FORWARD -i tun+ -o $INTERFACE$ -m state --state RELATED,ESTABLISHED -j ACCEPT",
+                "-A FORWARD -i $INTERFACE$ -o tun+ -j ACCEPT",
+                "-t nat -A POSTROUTING -o tun+ -j MASQUERADE"
+            ]
+        },
+        {
+            "name": "wireguard",
+            "comment": "Rules for wireguard device (wg)",
+            "ip-version": 4,
+            "dependson": [
+                  { "var": "wireguard-enable", "type": "bool" },
+                  { "var": "wireguard-serverip", "type": "string", "replace": "$IPADDRESS$" },
+                  { "var": "client-device", "type": "string", "replace": "$INTERFACE$" }
+            ],
+            "rules": [
+                "-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT",
+                "-A FORWARD -i wg+ -j ACCEPT",
+                "-t nat -A POSTROUTING -o $INTERFACE$ -j MASQUERADE"
+            ]
+        }
+    ],
+    "exception_rules": [
+        {
+            "name": "ssh",
+            "fw-state": true,
+            "comment": "Allow ssh access to RaspAP on port 22",
+            "dependson": [
+                { "var": "ssh-enable", "type": "bool" }
+            ],
+            "rules": [
+                "-A INPUT -p tcp --dport 22 -j ACCEPT"
+            ]
+        },
+        {
+            "name": "http",
+            "fw-state": true,
+            "comment": "Allow access to RaspAP GUI (https)",
+            "dependson": [
+                { "var": "http-enable", "type": "bool" }
+            ],
+            "rules": [
+                "-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT"
+            ]
+        },
+        {
+            "name": "interface",
+            "fw-state": true,
+            "comment": "Exclude interface from firewall",
+            "dependson": [
+                { "var": "excl-devices", "type": "list", "replace": "$INTERFACE$" }
+            ],
+            "rules": [
+                "-A INPUT -i $INTERFACE$ -j ACCEPT",
+                "-A OUTPUT -o $INTERFACE$ -j ACCEPT"
+            ]
+        },
+        {
+            "name": "ipaddress",
+            "fw-state": true,
+            "ip-version": 4,
+            "comment": "allow access from/to IP",
+            "dependson": [
+                { "var": "excluded-ips", "type": "list", "replace": "$IPADDRESS$" }
+            ],
+            "rules": [
+                "-A INPUT -s $IPADDRESS$ -j ACCEPT",
+                "-A INPUT -d $IPADDRESS$ -j ACCEPT"
+            ]
+        }
+    ],
+    "restriction_rules": [
+        {
+            "name": "ipaddress",
+            "fw-state": true,
+            "ip-version": 4,
+            "dependson": [
+                { "var": "restricted-ips", "type": "list", "replace": "$IPADDRESS$" }
+            ],
+            "comment": "Block access from IP-address",
+            "rules": [
+                "-A INPUT -s $IPADDRESS$ -j DROP"
+            ]
+        }
+    ]
+}
diff --git a/dist/raspap/css/fonts/RaspAP.eot b/dist/raspap/css/fonts/RaspAP.eot
new file mode 100755
index 00000000..d77690f6
Binary files /dev/null and b/dist/raspap/css/fonts/RaspAP.eot differ
diff --git a/dist/raspap/css/fonts/RaspAP.svg b/dist/raspap/css/fonts/RaspAP.svg
new file mode 100755
index 00000000..27920e40
--- /dev/null
+++ b/dist/raspap/css/fonts/RaspAP.svg
@@ -0,0 +1,12 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >
+<svg xmlns="http://www.w3.org/2000/svg">
+<metadata>Generated by IcoMoon</metadata>
+<defs>
+<font id="RaspAP" horiz-adv-x="1024">
+<font-face units-per-em="1024" ascent="960" descent="-64" />
+<missing-glyph horiz-adv-x="1024" />
+<glyph unicode="&#x20;" horiz-adv-x="512" d="" />
+<glyph unicode="&#xe900;" glyph-name="wireguard" d="M1023.147 463.147c0 0 23.595 496.853-522.453 496.853-482.859 0-497.963-476.587-497.963-476.587s-70.997-547.413 509.141-547.413c556.501 0 511.275 527.147 511.275 527.147zM347.947 636.757c102.4 62.72 233.344 24.363 282.368-69.888 9.301-17.877 10.496-45.355 4.608-64.128-20.352-64.683-68.309-100.949-134.187-116.395 19.413 16.64 34.859 35.499 39.808 61.525 1.195 5.504 1.88 11.827 1.88 18.31 0 20.027-6.533 38.528-17.584 53.488l0.174-0.246c-16.797 22.874-43.588 37.556-73.809 37.556-11.257 0-22.038-2.037-31.995-5.763l0.63 0.207c-40.533-15.36-62.72-52.395-58.752-97.877 3.712-42.24 35.797-69.632 95.787-80.043-8.96-4.736-15.872-8.235-22.613-11.989-27.988-15.524-51.374-35.995-69.74-60.451l-0.404-0.562c-6.101-8.192-10.24-8.875-19.541-3.2-120.619 73.771-128.384 258.859 3.371 339.456zM257.707 180.992c-19.413-4.949-38.187-12.203-57.984-18.688 9.685 65.365 86.229 125.568 150.997 118.699-18.043-24.598-29.583-54.982-31.551-87.945l-0.022-0.46c-21.504-3.968-41.813-6.613-61.44-11.605zM669.995 819.2c19.115-0.725 38.315-0.427 57.472-0.853 5.287-0.363 10.162-1.075 14.91-2.128l-0.659 0.123c-4.574-6.938-9.348-12.986-14.582-18.599l0.076 0.082c-6.827-6.4-14.549-12.629-24.448-2.944-2.347 2.347-7.979 1.792-12.075 1.877-19.072 0.213-38.144 0.853-57.173 0.128-17.856-0.589-34.82-2.396-51.386-5.353l2.149 0.318c-3.072-0.555-7.595-10.667-6.229-14.421 3.328-8.832 8.149-18.56 15.317-24.192 26.411-20.907 54.485-39.595 81.067-60.288 25.771-20.139 49.792-42.24 64.427-72.533 19.029-39.595 19.627-81.067 11.392-122.752-13.739-69.547-48.939-127.147-105.941-169.045-22.955-16.853-51.413-26.453-77.696-38.528-23.168-10.667-46.933-19.84-70.144-30.379-41.813-19.029-65.28-64.427-58.411-111.573 6.357-43.307 44.373-79.445 87.851-86.912 52.181-8.96 106.069 25.003 118.827 78.080 14.336 59.605-18.048 112.896-78.72 129.024l-10.923 2.816c16.213 7.253 30.208 12.416 43.179 19.541q33.835 18.645 66.475 39.467c6.4 4.096 9.856 4.096 15.36-0.597 41.685-36.096 66.56-80.981 73.557-135.979 11.52-91.093-31.573-174.763-112.896-217.643-125.781-66.347-279.765 9.173-307.541 148.651-23.808 119.467 60.501 227.84 162.005 248.747 43.648 9.003 83.541 27.179 114.56 60.8 20.053 21.675 29.739 40.277 33.067 48.683 5.86 14.568 9.259 31.458 9.259 49.142 0 0.094 0 0.187 0 0.281v-0.014c-0.72 15.473-4.371 29.921-10.408 43.044l0.296-0.719c-10.581 24.149-51.2 62.549-61.227 70.656l-95.573 74.837c-3.371 2.773-7.168 2.56-15.36 2.005-9.813-0.683-34.773-2.048-45.525 0.768 8.704 6.613 32.427 16.213 42.667 23.893-30.976 20.907-66.304 13.397-98.773 19.627 7.509 13.995 44.629 35.456 65.749 37.888-1.455 13.545-3.483 25.484-6.166 37.173l0.406-2.101c-1.28 4.736-6.571 9.387-11.221 12.075-11.179 6.571-23.083 11.989-35.968 18.517 10.935 7.156 24.244 11.558 38.555 11.945l0.101 0.002c1.66 0.068 3.608 0.107 5.566 0.107 11.77 0 23.21-1.408 34.163-4.064l-0.987 0.202c23.040-5.248 41.387-1.792 59.691 13.824-14.421 5.803-28.843 11.093-42.795 17.365-16.163 7.396-29.343 14.415-42.082 22.091l1.89-1.056c36.267-5.035 71.296-18.645 108.373-13.653l0.939 5.035-86.101 20.053c51.328 4.693 99.115 5.461 144.384-16.555 12.757-6.229 26.027-11.349 38.272-18.432 5.973-3.413 9.941-10.24 14.848-15.573 3.84-4.181 6.997-9.813 11.776-12.373 18.091-9.6 37.973-9.984 58.283-9.515l0.427 6.827c20.437-6.4 43.392-29.952 43.392-47.147-33.109 0-66.133 0.128-99.2-0.171-3.541 0-7.040-2.603-10.539-4.011 3.328-1.963 6.613-5.461 10.027-5.589zM627.328 868.139c-1.461-0.899-2.42-2.488-2.42-4.302 0-1.516 0.67-2.876 1.731-3.799l0.006-0.005c1.344-2.305 3.804-3.83 6.62-3.83 1.429 0 2.767 0.393 3.91 1.076l-0.035-0.019c3.2 1.621 6.315 3.328 10.155 5.333-3.072 2.645-5.547 4.864-8.107 6.955-4.523 3.712-8.235 1.365-11.861-1.408z" />
+<glyph unicode="&#xe901;" glyph-name="raspap" horiz-adv-x="1031" d="M540.058 281.983c0-104.182-84.446-188.637-188.625-188.637-104.176 0-188.62 84.455-188.62 188.637 0 104.171 84.444 188.625 188.62 188.625 104.179 0 188.625-84.455 188.625-188.625zM351.437 550.062c-147.818 0-268.074-120.259-268.074-268.080 0-147.826 120.257-268.091 268.074-268.091s268.077 120.265 268.077 268.091c0 147.821-120.259 268.080-268.077 268.080zM351.437-58.985c-188 0-340.95 152.958-340.95 340.967 0 188.003 152.95 340.956 340.95 340.956 188.003 0 340.953-152.953 340.953-340.956 0-188.009-152.95-340.967-340.953-340.967zM404.82 698.222c185.52 0 339.484-137.497 365.479-315.929l79.208-5.253c-24.125 224.046-214.339 399.077-444.686 399.077-10.909 0-21.723-0.412-32.433-1.186l5.16-77.823c9.017 0.661 18.093 1.113 27.272 1.113zM404.989 874.303c285.73 0 520.41-222.659 539.731-503.584l78.375-5.205c-16.843 326.355-287.644 586.685-618.106 586.685-14.884 0-29.644-0.561-44.264-1.6l5.157-77.719c12.919 0.928 25.958 1.424 39.106 1.424z" />
+</font></defs></svg>
\ No newline at end of file
diff --git a/dist/raspap/css/fonts/RaspAP.ttf b/dist/raspap/css/fonts/RaspAP.ttf
new file mode 100755
index 00000000..11221442
Binary files /dev/null and b/dist/raspap/css/fonts/RaspAP.ttf differ
diff --git a/dist/raspap/css/fonts/RaspAP.woff b/dist/raspap/css/fonts/RaspAP.woff
new file mode 100755
index 00000000..875f0253
Binary files /dev/null and b/dist/raspap/css/fonts/RaspAP.woff differ
diff --git a/dist/raspap/css/style.css b/dist/raspap/css/style.css
new file mode 100644
index 00000000..45305ca1
--- /dev/null
+++ b/dist/raspap/css/style.css
@@ -0,0 +1,54 @@
+ /*!
+ * RaspAP-Brands Brand Icons - https://raspap.com
+ * License - https://github.com/billz/RaspAP-Brands-webgui/blob/master/LICENSE
+ */
+@font-face {
+  font-family: 'RaspAP';
+  src:  url('fonts/RaspAP.eot?e76qs3');
+  src:  url('fonts/RaspAP.eot?e76qs3#iefix') format('embedded-opentype'),
+    url('fonts/RaspAP.ttf?e76qs3') format('truetype'),
+    url('fonts/RaspAP.woff?e76qs3') format('woff'),
+    url('fonts/RaspAP.svg?e76qs3#RaspAP') format('svg');
+  font-weight: normal;
+  font-style: normal;
+  font-display: block;
+}
+
+[class^="ra-"], [class*=" ra-"] {
+  /* use !important to prevent issues with browser extensions that change ..webfonts */
+  font-family: 'RaspAP' !important;
+  speak: none;
+  font-style: normal;
+  font-weight: normal;
+  font-variant: normal;
+  text-transform: none;
+  line-height: 1;
+
+  /* Better Font Rendering =========== */
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+.ra-wireguard:before {
+  font-size: 1.2rem;
+  content: "\e900";
+  color: #d1d3e2;
+  vertical-align: middle;
+}
+
+.card-header .ra-wireguard:before {
+  color: #fff;
+}
+
+.sidebar .nav-item.active .nav-link
+span.ra-wireguard:before {
+  color: #6e707e;
+}
+
+.ra-raspap:before {
+  font-size: 4.35rem;
+  content: "\e901";
+  color: #d8224c;
+  margin-left: 0.1em;
+}
+
diff --git a/includes/adblock.php b/includes/adblock.php
index 034971b7..c61c25f6 100755
--- a/includes/adblock.php
+++ b/includes/adblock.php
@@ -78,8 +78,8 @@ function DisplayAdBlockConfig()
     $adblock_custom_content = file_get_contents(RASPI_ADBLOCK_LISTPATH .'custom.txt');
 
     $adblock_log = '';
-    exec('sudo chmod o+r /tmp/dnsmasq.log');
-    $handle = fopen("/tmp/dnsmasq.log", "r");
+    exec('sudo chmod o+r '.RASPI_DHCPCD_LOG);
+    $handle = fopen(RASPI_DHCPCD_LOG, "r");
     if ($handle) {
         while (($line = fgets($handle)) !== false) {
             if (preg_match('/(0.0.0.0)/', $line)) {
diff --git a/includes/configure_client.php b/includes/configure_client.php
index 540f0fef..19269025 100755
--- a/includes/configure_client.php
+++ b/includes/configure_client.php
@@ -61,7 +61,7 @@ function DisplayWPAConfig()
                     if (strlen($network['passphrase']) >=8 && strlen($network['passphrase']) <= 63) {
                         unset($wpa_passphrase);
                         unset($line);
-                        exec('wpa_passphrase '.escapeshellarg($ssid). ' ' . escapeshellarg($network['passphrase']), $wpa_passphrase);
+                        exec('wpa_passphrase '. ssid2utf8( escapeshellarg($ssid) ) . ' ' . escapeshellarg($network['passphrase']), $wpa_passphrase);
                         foreach ($wpa_passphrase as $line) {
                             if (preg_match('/^\s*}\s*$/', $line)) {
                                 if (array_key_exists('priority', $network)) {
@@ -69,7 +69,11 @@ function DisplayWPAConfig()
                                 }
                                 fwrite($wpa_file, $line.PHP_EOL);
                             } else {
-                                fwrite($wpa_file, $line.PHP_EOL);
+                                if ( preg_match('/\\\\x[0-9A-Fa-f]{2}/',$ssid) && strpos($line, "ssid=\"") !== false ) {
+                                     fwrite($wpa_file, "\tssid=P\"".$ssid."\"".PHP_EOL);
+                                } else {
+                                     fwrite($wpa_file, $line.PHP_EOL);
+                                }
                             }
                         }
                     } else {
diff --git a/includes/defaults.php b/includes/defaults.php
index e3a0a5cb..bdc38dfb 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.6.7',
+  'RASPI_VERSION' => '2.8.4',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
@@ -20,12 +20,15 @@ $defaults = [
   'RASPI_ADBLOCK_CONFIG' =>  RASPI_DNSMASQ_PREFIX.'adblock.conf',
   'RASPI_HOSTAPD_CONFIG' => '/etc/hostapd/hostapd.conf',
   'RASPI_DHCPCD_CONFIG' => '/etc/dhcpcd.conf',
+  'RASPI_DHCPCD_LOG' => '/var/log/dnsmasq.log',
   'RASPI_WPA_SUPPLICANT_CONFIG' => '/etc/wpa_supplicant/wpa_supplicant.conf',
   'RASPI_HOSTAPD_CTRL_INTERFACE' => '/var/run/hostapd',
   'RASPI_WPA_CTRL_INTERFACE' => '/var/run/wpa_supplicant',
+  'RASPI_OPENVPN_CLIENT_PATH' => '/etc/openvpn/client/',
   'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
   'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
-  'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
+  'RASPI_WIREGUARD_PATH' => '/etc/wireguard/',
+  'RASPI_WIREGUARD_CONFIG' => RASPI_WIREGUARD_PATH.'wg0.conf',
   'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
   'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf',
   'RASPI_ACCESS_CHECK_IP' => '1.1.1.1',
@@ -42,6 +45,7 @@ $defaults = [
   'RASPI_DHCP_ENABLED' => true,
   'RASPI_ADBLOCK_ENABLED' => false,
   'RASPI_OPENVPN_ENABLED' => false,
+  'RASPI_WIREGUARD_ENABLED' => false,
   'RASPI_TORPROXY_ENABLED' => false,
   'RASPI_CONFAUTH_ENABLED' => true,
   'RASPI_CHANGETHEME_ENABLED' => true,
diff --git a/includes/dhcp.php b/includes/dhcp.php
index 2329838b..850d5847 100755
--- a/includes/dhcp.php
+++ b/includes/dhcp.php
@@ -226,7 +226,7 @@ function updateDnsmasqConfig($iface,$status)
 
     // write default 090_raspap.conf
     $config = '# RaspAP default config'.PHP_EOL;
-    $config .='log-facility=/tmp/dnsmasq.log'.PHP_EOL;
+    $config .='log-facility='.RASPI_DHCPCD_LOG.PHP_EOL;
     $config .='conf-dir=/etc/dnsmasq.d'.PHP_EOL;
     // handle log option
     if ($_POST['log-dhcp'] == "1") {
diff --git a/includes/firewall.php b/includes/firewall.php
new file mode 100644
index 00000000..f44833c3
--- /dev/null
+++ b/includes/firewall.php
@@ -0,0 +1,368 @@
+<?php
+
+require_once 'includes/status_messages.php';
+require_once 'includes/functions.php';
+
+define('RASPAP_IPTABLES_SCRIPT', "/tmp/iptables_raspap.sh");
+define('RASPAP_IP6TABLES_SCRIPT', "/tmp/ip6tables_raspap.sh");
+
+/**
+ *
+ * @param  array $rule
+ * @param  array $conf
+ * @return array $don
+ */
+function getDependson(&$rule, &$conf)
+{
+    if (isset($rule["dependson"][0]) ) {
+        $don = &$rule["dependson"];
+        if (!empty($don[0]) && isset($conf[$don[0]["var"]]) ) {
+            if (!isset($don[0]["type"]) ) { $don[0]["type"]="bool";
+            }
+            return $don;
+        }
+    }
+    return false;
+}
+
+/**
+ *
+ * @param  array $sect
+ * @param  array $conf
+ * @return boolean $active
+ */
+function isRuleEnabled(&$sect, &$conf)
+{
+    $fw_on = isset($conf["firewall-enable"]) && $conf["firewall-enable"];
+    $active = isset($sect["fw-state"]) && $sect["fw-state"]==1;
+    $active = $fw_on ? $active : !$active;
+    $active = $active || !isset($sect["fw-state"]);
+    if (($don = getDependson($sect, $conf)) !== false 
+        && $don[0]["type"] == "bool" && !$conf[$don[0]["var"]] 
+    ) {  $active = false;
+    }
+    return $active;
+}
+
+/**
+ *
+ * @param  array $sect
+ * @param  array $conf
+ * @return string $str
+ */
+function createRuleStr(&$sect, &$conf)
+{
+    if (!is_array($sect["rules"]) ) { return "";
+    }
+    $rules = $sect["rules"];
+    $depon = getDependson($sect, $conf);
+    $rs = array();
+    foreach ( $rules as $rule ) {
+        if (preg_match('/\$[a-z0-9]*\$/i', $rule) ) {
+            $r = array($rule);
+            foreach ( $depon as $dep ) {
+                $rr = array();
+                $repl=$val="";
+                switch ( $dep["type"] ) {
+                case "list":
+                    if (isset($dep["var"]) && !empty($conf[$dep["var"]]) ) { $val = explode(' ', $conf[$dep["var"]]);
+                    }
+                    if (!empty($val) && isset($dep["replace"]) ) { $repl=$dep["replace"];
+                    }
+                    break;
+                case "string":
+                    if (isset($dep["var"]) ) { $val=$conf[$dep["var"]];
+                    }
+                    if (!empty($val) && isset($dep["replace"]) ) { $repl=$dep["replace"];
+                    }
+                    break;
+                default:
+                    break;
+                }
+                if (!empty($repl) && !empty($val) ) {
+                    if (is_array($val) ) {
+                        foreach ( $val as $v ) { $rr = array_merge($rr, str_replace($repl, $v, $r));
+                        }
+                    }
+                    else { $rr = array_merge($rr, str_replace($repl, $val, $r));
+                    }
+                }
+                $r = !empty($rr) ? $rr : $r;
+            }
+            $rs = array_merge($rs, $rr);
+        } else {
+            $rs[] = $rule;
+        }
+    }
+    $str="";
+    foreach ( $rs as $r ) {
+        if (!preg_match('/\$[a-z0-9]*\$/i', $r) ) { $str .= '$IPT '.$r."\n";
+        }
+    }
+    return $str;
+}
+
+
+/**
+ *
+ * @param  array $rule
+ * @return boolean
+ */
+function isIPv4(&$rule)
+{
+    return !isset($rule["ip-version"]) || strstr($rule["ip-version"], "4") !== false; 
+}
+
+/**
+ *
+ * @param  array $rule
+ * @return boolean
+ */
+function isIPv6(&$rule)
+{
+    return !isset($rule["ip-version"]) || strstr($rule["ip-version"], "6") !== false; 
+}
+
+/**
+ *
+ * @return boolean 
+ */
+function configureFirewall()
+{
+    $json = file_get_contents(RASPI_IPTABLES_CONF);
+    $ipt  = json_decode($json, true);
+    $conf = ReadFirewallConf();
+    $txt = "#!/bin/bash\n";
+    file_put_contents(RASPAP_IPTABLES_SCRIPT, $txt);
+    file_put_contents(RASPAP_IP6TABLES_SCRIPT, $txt);
+    file_put_contents(RASPAP_IPTABLES_SCRIPT, 'IPT="iptables"'."\n", FILE_APPEND);
+    file_put_contents(RASPAP_IP6TABLES_SCRIPT, 'IPT="ip6tables"'."\n", FILE_APPEND);
+    $txt = "\$IPT -F\n";
+    $txt .= "\$IPT -X\n";
+    $txt .= "\$IPT -t nat -F\n";
+    file_put_contents(RASPAP_IPTABLES_SCRIPT, $txt, FILE_APPEND);
+    file_put_contents(RASPAP_IP6TABLES_SCRIPT, $txt, FILE_APPEND);
+    if (empty($conf) || empty($ipt) ) { return false;
+    }
+    $count=0;
+    foreach ( $ipt["order"] as $idx ) {
+        if (isset($ipt[$idx]) ) {
+            foreach ( $ipt[$idx] as $i => $sect ) {
+                if (isRuleEnabled($sect, $conf) ) {
+                    $str_rules= createRuleStr($sect, $conf);
+                    if (!empty($str_rules) ) {
+                        if (isIPv4($sect) ) { file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND);
+                        }
+                        if (isIPv6($sect) ) { file_put_contents(RASPAP_IP6TABLES_SCRIPT, $str_rules, FILE_APPEND);
+                        }
+                        ++$count;
+                    }
+                }
+            }
+        }
+    }
+    if ($count > 0 ) {
+        exec("chmod +x ".RASPAP_IPTABLES_SCRIPT);
+        exec("sudo ".RASPAP_IPTABLES_SCRIPT);
+        exec("sudo iptables-save | sudo tee /etc/iptables/rules.v4");
+        unlink(RASPAP_IPTABLES_SCRIPT);
+        exec("chmod +x ".RASPAP_IP6TABLES_SCRIPT);
+        exec("sudo ".RASPAP_IP6TABLES_SCRIPT);
+        exec("sudo ip6tables-save | sudo tee /etc/iptables/rules.v6");
+        unlink(RASPAP_IP6TABLES_SCRIPT);
+    }
+    return ($count > 0);
+}
+
+/**
+ *
+ * @param array $conf
+ * @return string $ret
+ */
+function WriteFirewallConf($conf)
+{
+    $ret = false;
+    if (is_array($conf) ) { write_php_ini($conf, RASPI_FIREWALL_CONF);
+    }
+    return $ret;
+}
+
+/**
+ *
+ * @return array $conf
+ */
+function ReadFirewallConf()
+{
+    $conf = array();
+    if (file_exists(RASPI_FIREWALL_CONF) ) {
+        $conf = parse_ini_file(RASPI_FIREWALL_CONF);
+    }
+    if ( !isset($conf["firewall-enable"]) ) {
+        $conf["firewall-enable"] = false;
+        $conf["ssh-enable"] = false;
+        $conf["http-enable"] = false;
+        $conf["excl-devices"] = "";
+        $conf["excluded-ips"] = "";
+        $conf["ap-device"] = "";
+        $conf["client-device"] = "";
+        $conf["restricted-ips"] = "";
+    }
+    exec('ifconfig | grep -E -i "^tun[0-9]"', $ret);
+    $conf["openvpn-enable"] = !empty($ret);
+    unset($ret);
+    exec('ifconfig | grep -E -i "^wg[0-9]"', $ret);
+    $conf["wireguard-enable"] = !empty($ret);
+    return $conf;
+}
+
+/**
+ *
+ * @return string $ips
+ */
+function getVPN_IPs()
+{
+    $ips = "";
+    // get openvpn and wireguard server IPs
+    if (RASPI_OPENVPN_ENABLED && ($fconf = glob(RASPI_OPENVPN_CLIENT_PATH ."/*.conf")) !== false && !empty($fconf) ) {
+        foreach ( $fconf as $f ) {
+            unset($result);
+            exec('cat '.$f.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_:]*)\s*([0-9]*)\s*$/\1 \2/ip" ', $result);
+            if (!empty($result) ) {
+                $result = explode(" ", $result[0]);
+                $ip = (isset($result[0])) ? $result[0] : "";
+                $port = (isset($result[1])) ? $result[1] : "";
+                if (!empty($ip) ) {
+                    $ip = gethostbyname($ip);
+                    if (filter_var($ip, FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) { $ips .= " $ip";
+                    }
+                }
+            }
+        }
+    }
+    // get wireguard server IPs
+    if (RASPI_WIREGUARD_ENABLED && ($fconf = glob(RASPI_WIREGUARD_PATH ."/*.conf")) !== false && !empty($fconf) ) {
+        foreach ( $fconf as $f ) {
+            unset($result);
+            exec('sudo /bin/cat '.$f.' |  sed -rn "s/^endpoint\s*=\s*\[?([a-z0-9\.\-\_:]*)\]?:([0-9]*)\s*$/\1 \2/ip" ', $result);
+            if (!empty($result) ) {
+                $result = explode(" ", $result[0]);
+                $ip = (isset($result[0])) ? $result[0] : "";
+                $port = (isset($result[1])) ? $result[1] : "";
+                if (!empty($ip) ) {
+                     $ip = gethostbyname($ip);
+                    if (filter_var($ip, FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) { $ips .= " $ip";
+                    }
+                }
+            }
+        }
+    }
+    return trim($ips);
+}
+
+/**
+ *
+ * @return array $fw_conf
+ */
+function getFirewallConfiguration() 
+{
+    $fw_conf = ReadFirewallConf();
+    
+    $json = file_get_contents(RASPI_IPTABLES_CONF);
+    getWifiInterface();
+    $ap_device = $_SESSION['ap_interface'];
+    $clients = getClients();
+    $str_clients = "";
+    foreach( $clients["device"] as $dev ) {
+        if (!$dev["isAP"] ) {
+            if (!empty($str_clients) ) { $str_clients .= ", ";
+            }
+            $str_clients .= $dev["name"];
+        }
+    }
+    $fw_conf["ap-device"] = $ap_device;
+    $fw_conf["client-list"] = $str_clients;
+    $id=findCurrentClientIndex($clients);
+    if ($id >= 0 ) { $fw_conf["client-device"] = $clients["device"][$id]["name"];
+    }
+    return $fw_conf;
+}
+
+/**
+ *
+ */
+function updateFirewall() 
+{
+    $fw_conf = getFirewallConfiguration();
+    if ( isset($fw_conf["firewall-enable"]) ) {
+        WriteFirewallConf($fw_conf);
+        configureFirewall();
+    }
+    return;
+}
+
+/**
+ *
+ */
+function DisplayFirewallConfig()
+{
+    $status = new StatusMessages();
+
+    $fw_conf = getFirewallConfiguration();
+    $ap_device = $fw_conf["ap-device"];
+    $str_clients = $fw_conf["client-list"];
+
+    if (!empty($_POST)) {
+        $fw_conf["ssh-enable"] = isset($_POST['ssh-enable']);
+        $fw_conf["http-enable"] = isset($_POST['http-enable']);
+        $fw_conf["firewall-enable"] = isset($_POST['firewall-enable']) || isset($_POST['apply-firewall']);
+        if (isset($_POST['firewall-enable']) ) { $status->addMessage(_('Firewall is now enabled'), 'success');
+        }
+        if (isset($_POST['apply-firewall']) ) {  $status->addMessage(_('Firewall settings changed'), 'success');
+        }
+        if (isset($_POST['firewall-disable']) ) { $status->addMessage(_('Firewall is now disabled'), 'warning');
+        }
+        if (isset($_POST['save-firewall']) ) {  $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success');
+        }
+        if (isset($_POST['excl-devices'])  ) {
+            $excl = filter_var($_POST['excl-devices'], FILTER_SANITIZE_STRING);
+            $excl = str_replace(',', ' ', $excl);
+            $excl = trim(preg_replace('/\s+/', ' ', $excl));
+            if ($fw_conf["excl-devices"] != $excl ) {
+                $status->addMessage(_('Exclude devices '. $excl), 'success');
+                $fw_conf["excl-devices"] = $excl;
+            }
+        }
+        if (isset($_POST['excluded-ips'])  ) {
+            $excl = filter_var($_POST['excluded-ips'], FILTER_SANITIZE_STRING);
+            $excl = str_replace(',', ' ', $excl);
+            $excl = trim(preg_replace('/\s+/', ' ', $excl));
+            if (!empty($excl) ) {
+                $excl = explode(' ', $excl);
+                $str_excl = "";
+                foreach ( $excl as $ip ) {
+                    if (filter_var($ip, FILTER_VALIDATE_IP) ) { $str_excl .= "$ip ";
+                    } else { $status->addMessage(_('Exclude IP address '. $ip . ' failed - not a valid IP address'), 'warning');
+                    }
+                }
+            }
+            $str_excl = trim($str_excl);
+            if ($fw_conf["excluded-ips"] != $str_excl ) {
+                 $status->addMessage(_('Exclude IP address(es) '. $str_excl), 'success');
+                 $fw_conf["excluded-ips"] = $str_excl;
+            }
+        }
+        WriteFirewallConf($fw_conf);
+        configureFirewall();
+    }
+    $vpn_ips = getVPN_IPs();
+    echo renderTemplate(
+        "firewall", compact(
+            "status",
+            "ap_device",
+            "str_clients",
+            "fw_conf",
+            "vpn_ips"
+        )
+    );
+}
+
diff --git a/includes/functions.php b/includes/functions.php
index 0e8336b8..526b3ae1 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -152,15 +152,16 @@ function getDefaultNetValue($svc,$iface,$key)
  * Returns default options for the specified service
  *
  * @param string $svc
+ * @param string $key
  * @return object $json
  */
-function getDefaultNetOpts($svc)
+function getDefaultNetOpts($svc,$key)
 {
     $json = json_decode(file_get_contents(RASPI_CONFIG_NETWORK), true);
     if ($json === null) {
         return false;
     } else {
-        return $json[$svc]['options'];
+        return $json[$svc][$key];
     }
 }
 
@@ -224,6 +225,62 @@ function safefilerewrite($fileName, $dataToSave)
     }
 }
 
+/**
+ * Prepends data to a file if not exists
+ *
+ * @param string $filename
+ * @param string $dataToSave
+ * @return boolean
+ */
+function file_prepend_data($filename, $dataToSave)
+{
+    $context = stream_context_create();
+    $file = fopen($filename, 'r', 1, $context);
+    $file_data = readfile($file);
+
+    if (!preg_match('/^'.$dataToSave.'/', $file_data)) {
+        $tmp_file = tempnam(sys_get_temp_dir(), 'php_prepend_');
+        file_put_contents($tmp_file, $dataToSave);
+        file_put_contents($tmp_file, $file, FILE_APPEND);
+        fclose($file);
+        unlink($filename);
+        rename($tmp_file, $filename);
+        return true;
+    } else {
+        return false;
+    }
+}
+
+/**
+ * Fetches a meta value from a file
+ *
+ * @param string $filename
+ * @param string $pattern
+ * @return string
+ */
+function file_get_meta($filename, $pattern)
+{
+    if(file_exists($filename)) {
+        $context = stream_context_create();
+        $file_data = file_get_contents($filename, false, $context);
+        preg_match('/^'.$pattern.'/', $file_data, $matched);
+        return $matched[1];
+    } else {
+        return false;
+    }
+}
+
+/**
+ * Callback function for array_filter
+ *
+ * @param string $var
+ * @return filtered value
+ */
+function filter_comments($var)
+{
+    return $var[0] != '#';
+}
+
 /**
  * Saves a CSRF token in the session
  */
@@ -615,7 +672,7 @@ function getThemeOpt()
 function getColorOpt()
 {
     if (!isset($_COOKIE['color'])) {
-        $color = "#d8224c";
+        $color = "#2b8080";
     } else {
         $color = $_COOKIE['color'];
     }
@@ -636,11 +693,70 @@ function getBridgedState()
     return  $arrHostapdConf['BridgedEnable'];
 }
 
+/**
+ * Validates the format of a CIDR notation string
+ *
+ * @param string $cidr
+ * @return bool
+ */
+function validateCidr($cidr)
+{
+    $parts = explode('/', $cidr);
+    if(count($parts) != 2) {
+        return false;
+    }
+    $ip = $parts[0];
+    $netmask = intval($parts[1]);
+
+    if($netmask < 0) {
+        return false;
+    }
+    if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+        return $netmask <= 32;
+    }
+    if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+        return $netmask <= 128;
+    }
+    return false;
+}    
+
 // Validates a host or FQDN
-function validate_host($host) {
+function validate_host($host)
+{
   return preg_match('/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i', $host);
 }
 
+// Gets night mode toggle value
+// @return boolean
+function getNightmode()
+{
+    if ($_COOKIE['theme'] == 'lightsout.css') {
+        return true;
+    } else {
+        return false;
+    }
+}	
+	
+// search array for matching string and return only first matching group
+function preg_only_match($pat,$haystack)
+{
+  $match = "";
+  if(!empty($haystack) && !empty($pat)) {
+    if(!is_array($haystack)) $haystack = array($haystack);
+    $str = preg_grep($pat,$haystack);
+    if (!empty($str) && preg_match($pat,array_shift($str),$match) === 1 ) $match = $match[1];
+  }
+  return $match;
+}
+
+// Sanitizes a string for QR encoding
+// @param string $str
+// @return string
+function qr_encode($str)
+{
+    return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
+}
+
 function evalHexSequence($string) {
     $evaluator = function ($input) {
 	return hex2bin($input[1]);
@@ -648,3 +764,30 @@ function evalHexSequence($string) {
     return preg_replace_callback('/\\\x(..)/', $evaluator, $string);
 }
 
+function hexSequence2lower($string) {
+ return preg_replace_callback('/\\\\x([0-9A-F]{2})/', function($b){ return '\x'.strtolower($b[1]); }, $string);
+}
+
+/* File upload callback object
+ *
+ */
+class validation
+{
+    public function check_name_length($object)
+    {
+        if (strlen($object->file['filename']) > 255) {
+            $object->set_error('File name is too long.');
+        }
+    }
+}
+
+/* Resolves public IP address
+ *
+ * @return string $public_ip
+ */
+function get_public_ip()
+{
+    exec('wget https://ipinfo.io/ip -qO -', $public_ip);
+    return $public_ip[0];
+}
+
diff --git a/includes/get_clients.php b/includes/get_clients.php
new file mode 100644
index 00000000..c167a538
--- /dev/null
+++ b/includes/get_clients.php
@@ -0,0 +1,307 @@
+<?php
+
+require_once 'includes/functions.php';
+require_once 'includes/wifi_functions.php';
+
+function getClients($simple=true)
+{
+    exec('ifconfig -a | grep -oP "^(?!lo)(\w*)"', $rawdevs); // all devices except loopback
+    $path=RASPI_CLIENT_SCRIPT_PATH;
+    $cl=array();
+    if (!empty($rawdevs) && is_array($rawdevs)) {
+        $cl["clients"]=count($rawdevs);
+        // search for possibly not connected modem 
+        exec("find /sys/bus/usb/devices/usb*/ -name dev ", $devtty); // search for ttyUSB
+        $devtty = preg_only_match("/(ttyUSB0)/", $devtty);
+        if (empty(preg_only_match("/(ppp)[0-9]/", $rawdevs))) {
+            if (!empty($devtty)) {
+                $rawdevs[]="ppp0";
+                exec("udevadm info --name='$devtty' 2> /dev/null");
+            }
+        }
+        foreach ($rawdevs as $i => $dev) {
+            $cl["device"][$i]["name"]=$dev;
+            $nam = (preg_match("/^(\w+)[0-9]$/",$dev,$nam) === 1) ? $nam=$nam[1] : "";
+            $cl["device"][$i]["type"]=$ty=getClientType($dev);
+            unset($udevinfo);
+            exec("udevadm info /sys/class/net/$dev 2> /dev/null", $udevinfo);
+            if ($nam == "ppp" && isset($devtty)) {
+                exec("udevadm info --name='$devtty' 2> /dev/null", $udevinfo);
+            }
+            if (!empty($udevinfo) && is_array($udevinfo)) {
+                $model = preg_only_match("/ID_MODEL_ENC=(.*)$/", $udevinfo);
+                if (empty($model) || preg_match("/^[0-9a-f]{4}$/", $model) === 1) {
+                     $model = preg_only_match("/ID_MODEL_FROM_DATABASE=(.*)$/", $udevinfo);
+                }
+                if (empty($model)) {
+                    $model = preg_only_match("/ID_OUI_FROM_DATABASE=(.*)$/", $udevinfo);
+                }
+                $vendor = preg_only_match("/ID_VENDOR_ENC=(.*)$/", $udevinfo);
+                if (empty($vendor) || preg_match("/^[0-9a-f]{4}$/", $vendor) === 1) {
+                    $vendor = preg_only_match("/ID_VENDOR_FROM_DATABASE=(.*)$/", $udevinfo);
+                }
+                $driver = preg_only_match("/ID_NET_DRIVER=(.*)$/", $udevinfo);
+                $vendorid = preg_only_match("/ID_VENDOR_ID=(.*)$/", $udevinfo);
+                $productid = preg_only_match("/ID_MODEL_ID=(.*)$/", $udevinfo);
+            }
+            $cl["device"][$i]["model"] = preg_replace("/\\\\x20/", " ", $model);
+            $cl["device"][$i]["vendor"] = preg_replace("/\\\\x20/", " ", $vendor);
+            $cl["device"][$i]["vid"] = $vendorid;
+            $cl["device"][$i]["pid"] = $productid;
+            unset($mac);
+            exec("cat /sys/class/net/$dev/address 2> /dev/null", $mac);
+            $cl["device"][$i]["mac"] = empty($mac) ? "":$mac[0];
+            unset($ip);
+            exec("ifconfig $dev 2> /dev/null", $ip);
+            $cl["device"][$i]["ipaddress"] =  preg_only_match("/.*inet ([0-9\.]+) .*/", $ip);
+
+            switch($ty) {
+            case "eth":
+                unset($res);
+                exec("ip link show $dev 2> /dev/null | grep -oP ' UP '", $res);
+                if (empty($res) && empty($ipadd)) {
+                    $cl["device"][$i]["connected"] = "n";
+                } else {
+                    $cl["device"][$i]["connected"] = "y";
+                }
+                break;
+            case "wlan":
+                unset($retiw);
+                exec("iwconfig $dev 2> /dev/null | sed -rn 's/.*(mode:master).*/1/ip'", $retiw);
+                $cl["device"][$i]["isAP"] = !empty($retiw);
+                unset($retiw);
+                exec("iw dev $dev link 2> /dev/null", $retiw);
+                if (!$simple && !empty($ssid=preg_only_match("/.*SSID:\s*([^\"]*).*/", $retiw)) ) {
+                    $cl["device"][$i]["connected"] = "y";
+                    $cl["device"][$i]["ssid"] = $ssid;
+                    $cl["device"][$i]["ssidutf8"] = ssid2utf8($ssid);
+                    $cl["device"][$i]["ap-mac"] = preg_only_match("/^Connected to ([0-9a-f\:]*).*$/", $retiw);
+                    $sig = preg_only_match("/.*signal: (.*)$/", $retiw);
+                    $val = preg_only_match("/^([0-9\.-]*).*$/", $sig);
+                    if (!is_numeric($val)) {
+                        $val = -100;
+                    }
+                    if ($val >= -50 ) {
+                        $qual=100;
+                    } else if ($val < -100) {
+                        $qual=0;
+                    } else {
+                        $qual=round($val*2+200);
+                    }
+                    $cl["device"][$i]["signal"] = "$sig (".$qual."%)";
+                    $cl["device"][$i]["bitrate"] = preg_only_match("/.*bitrate: ([0-9\.]* \w*\/s).*$/", $retiw);
+                    $cl["device"][$i]["freq"] = preg_only_match("/.*freq: (.*)$/", $retiw);
+                    $cl["device"][$i]["ap-mac"] = preg_only_match("/^Connected to ([0-9a-f\:]*).*$/", $retiw);
+                } else {
+                    $cl["device"][$i]["connected"] = "n";
+                }
+                break;
+            case "ppp":
+                unset($res);
+                exec("ip link show $dev 2> /dev/null | grep -oP '( UP | UNKNOWN)'", $res);
+                if ($simple) {
+                    if (empty($res)) {
+                        $cl["device"][$i]["connected"] = "n";
+                        $cl["device"][$i]["signal"] =  "-100 dB (0%)";
+                    } else {
+                        $cl["device"][$i]["connected"] = "y";
+                        $cl["device"][$i]["signal"] =  "-0 dB (0%)";
+                    }
+                    break;
+                }
+                if (empty($res) && empty($ipadd)) {
+                    $cl["device"][$i]["connected"] = "n";
+                } else {
+                    $cl["device"][$i]["connected"] = "y";
+                }
+                unset($res);
+                exec("$path/info_huawei.sh mode modem", $res);
+                $cl["device"][$i]["mode"] = $res[0];
+                unset($res);
+                exec("$path/info_huawei.sh device modem", $res);
+                if ($res[0] != "none" ) {
+                    $cl["device"][$i]["model"] = $res[0];
+                }
+                unset($res);
+                exec("$path/info_huawei.sh signal modem", $res);
+                $cl["device"][$i]["signal"] = $res[0];
+                unset($res);
+                exec("$path/info_huawei.sh operator modem", $res);
+                $cl["device"][$i]["operator"] = $res[0];
+                break;
+            case "hilink":
+				$pin=$user=$pw="";
+				getMobileLogin($pin,$pw,$user);
+				$opts=$pin.' '.$user.' '.$pw;
+                unset($res);
+                //              exec("ip link show $dev 2> /dev/null | grep -oP ' UP '",$res);
+                exec("ifconfig -a | grep -i $dev -A 1 | grep -oP '(?<=inet )([0-9]{1,3}\.){3}'", $apiadd);
+                $apiadd = !empty($apiadd) ? $apiadd[0]."1" : "";
+                unset($res);
+                exec("$path/info_huawei.sh mode hilink $apiadd \"$opts\" ", $res);
+                $cl["device"][$i]["mode"] = $res[0];
+                unset($res);
+                exec("$path/info_huawei.sh device hilink $apiadd \"$opts\" ", $res);
+                if ($res[0] != "none" ) {
+                    $cl["device"][$i]["model"] = $res[0];
+                }
+                unset($res);
+                exec("$path/info_huawei.sh signal hilink $apiadd \"$opts\" ", $res);
+                $cl["device"][$i]["signal"] = $res[0];
+                unset($ipadd);
+                exec("$path/info_huawei.sh ipaddress hilink $apiadd \"$opts\" ", $ipadd);
+                if (!empty($ipadd) && $ipadd[0] !== "none" ) {
+                    $cl["device"][$i]["connected"] = "y";
+                    $cl["device"][$i]["wan_ip"] = $ipadd[0];
+                } else {
+                    $cl["device"][$i]["connected"] = "n";
+                    $cl["device"][$i]["wan_ip"] = "-";
+                }
+                unset($res);
+                exec("$path/info_huawei.sh operator hilink $apiadd \"$opts\" ", $res);
+                $cl["device"][$i]["operator"] = $res[0];
+                break;
+            case "phone":
+            case "usb":
+                $cl["device"][$i]["connected"] = "y";
+                break;
+            default:
+            }
+            if (!isset($cl["device"][$i]["signal"])) {
+                $cl["device"][$i]["signal"]= $cl["device"][$i]["connected"] == "n" ? "-100 dB (0%)": "0 dB (100%)";;
+            }
+            if (!isset($cl["device"][$i]["isAP"])) {
+                $cl["device"][$i]["isAP"]=false;
+            }
+        }
+    }
+    return $cl;
+}
+
+function getClientType($dev) {
+    loadClientConfig();
+    // check if device type stored in DEVTYPE or raspapType (from UDEV rule) protperty of the device
+    exec("udevadm info /sys/class/net/$dev 2> /dev/null", $udevadm);
+    $type="none";
+    if (!empty($udevadm)) {
+         $type=preg_only_match("/raspapType=(\w*)/i",$udevadm);
+        if (empty($type)) {
+            $type=preg_only_match("/DEVTYPE=(\w*)/i",$udevadm);
+        }
+    }
+    if (empty($type) || $type == "none" || array_search($type, $_SESSION["net-device-name-prefix"]) === false) {
+        // no device type yet -> get device type from device name 
+        if (preg_match("/^(\w+)[0-9]$/",$dev,$nam) === 1) $nam=$nam[1];
+        else $nam="none";
+        if (($n = array_search($nam, $_SESSION["net-device-name-prefix"])) === false) $n = count($_SESSION["net-device-types"])-1;
+        $type = $_SESSION["net-device-types"][$n];
+    }
+    return $type;
+}
+
+function getMobileLogin(&$pin,&$pw,&$user) {
+	if (file_exists(($f = RASPI_MOBILEDATA_CONFIG))) {
+		$dat = parse_ini_file($f);
+		$pin = (isset($dat["pin"]) && preg_match("/^[0-9]*$/", $dat["pin"])) ? "-p ".$dat["pin"] : "";
+		$user = (isset($dat["router_user"]) && !empty($dat["router_user"]) ) ? "-u ".$dat["router_user"] : "";
+		$pw = (isset($dat["router_pw"]) && !empty($dat["router_pw"]) ) ? "-P ".$dat["router_pw"] : "";
+	}
+}
+
+function loadClientConfig()
+{
+    // load network device config file for UDEV rules into $_SESSION
+    if (!isset($_SESSION["udevrules"])) {
+        $_SESSION["net-device-types"]=array();
+        $_SESSION["net-device-name-prefix"]=array();
+        try {
+            $udevrules = file_get_contents(RASPI_CLIENT_CONFIG_PATH);
+            $_SESSION["udevrules"] = json_decode($udevrules, true);
+            // get device types
+            foreach ($_SESSION["udevrules"]["network_devices"] as $dev) {
+                $_SESSION["net-device-name-prefix"][]=$dev["name_prefix"];
+                $_SESSION["net-device-types"][]=$dev["type"];
+                $_SESSION["net-device-types-info"][]=$dev["type_info"];
+            }
+        } catch (Exception $e) {
+            $_SESSION["udevrules"]= null;
+        }
+        $_SESSION["net-device-types"][]="none";
+        $_SESSION["net-device-types-info"][]="unknown";
+        $_SESSION["net-device-name-prefix"][]="none";
+    }
+}
+
+function findCurrentClientIndex($clients)
+{
+    $devid = -1;
+    if (!empty($clients)) {
+        $ncl=$clients["clients"];
+        if ($ncl > 0) {
+            $ty=-1;
+            foreach ($clients["device"] as $i => $dev) {               
+                $id=array_search($dev["type"], $_SESSION["net-device-types"]);
+                if ($id >=0 && $_SESSION["udevrules"]["network_devices"][$id]["clientid"] > $ty && !$dev["isAP"]) {
+                    $ty=$id;
+                    $devid=$i;
+                }
+            }
+        }
+    }
+    return $devid;
+}
+
+function waitClientConnected($dev, $timeout=10)
+{
+    do {
+        exec('ifconfig -a | grep -i '.$dev.' -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"', $res);
+        $connected= !empty($res);
+        if (!$connected) {
+            sleep(1);
+        }
+    } while (!$connected && --$timeout > 0);
+    return $connected;
+}
+
+function setClientState($state)
+{
+    $clients=getClients();
+    if (($idx = findCurrentClientIndex($clients)) >= 0) {
+        $dev = $clients["device"][$idx];
+        exec('ifconfig -a | grep -i '.$dev["name"].' -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"', $res);
+        if (!empty($res)) {
+            $connected=$res[0];
+        }
+        switch($dev["type"]) {
+        case "wlan":
+            if ($state =="up") {
+                exec('sudo ip link set '.$dev["name"].' up');
+            }
+            if (!empty($connected) && $state =="down") {
+                exec('sudo ip link set '.$dev["name"].' down');
+            }
+            break;
+        case "hilink":
+            preg_match("/^([0-9]{1,3}\.){3}/", $connected, $ipadd);
+            $ipadd = $ipadd[0].'1'; // ip address of the Hilink api
+            $mode = ($state == "up") ? 1 : 0;
+            $pin=$user=$pw="";
+			getMobileLogin($pin,$pw,$user);
+            exec('sudo '.RASPI_CLIENT_SCRIPT_PATH.'/onoff_huawei_hilink.sh -c '.$mode.' -h '.$ipadd.' '.$pin.' '.$user.' '.$pw);
+            break;
+        case "ppp":
+            if ($state == "up") {
+                exec('sudo ifup '.$dev["name"]);
+            }
+            if (!empty($connected) && $state == "down") {
+                exec('sudo ifdown '.$dev["name"]);
+            }
+            break;
+        default:
+            break;
+        }
+        if ($state=="up") {
+            waitClientConnected($dev["name"], 15);
+        }
+    }
+}
diff --git a/includes/hostapd.php b/includes/hostapd.php
index a41b320b..812d81ee 100755
--- a/includes/hostapd.php
+++ b/includes/hostapd.php
@@ -25,12 +25,17 @@ function DisplayHostAPDConfig()
     ];
     $arrSecurity = array(1 => 'WPA', 2 => 'WPA2', 3 => 'WPA+WPA2', 'none' => _("None"));
     $arrEncType = array('TKIP' => 'TKIP', 'CCMP' => 'CCMP', 'TKIP CCMP' => 'TKIP+CCMP');
+    $arrTxPower = getDefaultNetOpts('txpower','dbm');
     $managedModeEnabled = false;
     exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
     sort($interfaces);
 
     exec("iw reg get | awk '/country / { sub(/:/,\"\",$2); print $2 }'", $country_code);
 
+    $cmd = "iw dev ".$_SESSION['ap_interface']." info | awk '$1==\"txpower\" {print $2}'";
+    exec($cmd, $txpower);
+    $txpower = intval($txpower[0]);
+
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['SaveHostAPDSettings'])) {
             SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status);
@@ -85,9 +90,20 @@ function DisplayHostAPDConfig()
         $arrConfig['disassoc_low_ack_bool'] = 1;
     }
     // assign country_code from iw reg if not set in config
-    if (!isset($arrConfig['country_code']) && isset($country_code[0])) {
+    if (empty($arrConfig['country_code']) && isset($country_code[0])) {
         $arrConfig['country_code'] = $country_code[0];
     }
+    // set txpower with iw if value is non-default ('auto')
+    if (isset($_POST['txpower']) && ($_POST['txpower'] != 'auto')) {
+        $sdBm = $_POST['txpower'] * 100;
+        exec('sudo /sbin/iw dev '.$_POST['interface'].' set txpower fixed '.$sdBm, $return);
+        $status->addMessage('Setting transmit power to '.$_POST['txpower'].' dBm.', 'success');
+        $txpower = $_POST['txpower'];
+    } elseif ($_POST['txpower'] == 'auto') {
+        exec('sudo /sbin/iw dev '.$_POST['interface'].' set txpower auto', $return);
+        $status->addMessage('Setting transmit power to '.$_POST['txpower'].'.', 'success');
+        $txpower = $_POST['txpower'];
+    }
 
     echo renderTemplate(
         "hostapd", compact(
@@ -101,6 +117,8 @@ function DisplayHostAPDConfig()
             "selectedHwMode",
             "arrSecurity",
             "arrEncType",
+            "arrTxPower",
+            "txpower",
             "arrHostapdConf"
         )
     );
@@ -207,7 +225,6 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
 
     // Verify input
     if (empty($_POST['ssid']) || strlen($_POST['ssid']) > 32) {
-        // Not sure of all the restrictions of SSID
         $status->addMessage('SSID must be between 1 and 32 characters', 'danger');
         $good_input = false;
     }
@@ -237,8 +254,6 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
     }
 
     if (! in_array($_POST['interface'], $interfaces)) {
-        // The user is probably up to something here but it may also be a
-        // genuine error.
         $status->addMessage('Unknown interface '.htmlspecialchars($_POST['interface'], ENT_QUOTES), 'danger');
         $good_input = false;
     }
@@ -302,29 +317,28 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
         // Set dhcp values from system config, fallback to default if undefined
         $jsonData = json_decode(getNetConfig($ap_iface), true);
         $ip_address = ($jsonData['StaticIP'] == '') ? getDefaultNetValue('dhcp',$ap_iface,'static ip_address') : $jsonData['StaticIP'];
-        $domain_name_server = ($jsonData['StaticDNS'] =='') ? getDefaultNetValue('dhcp',$ap_iface,'static domain_name_server') : $jsonData['StaticDNS'];
+        $domain_name_server = ($jsonData['StaticDNS'] =='') ? getDefaultNetValue('dhcp','wlan0','static domain_name_server') : $jsonData['StaticDNS'];
         $routers = ($jsonData['StaticRouters'] == '') ? getDefaultNetValue('dhcp',$ap_iface,'static routers') : $jsonData['StaticRouters'];
         $netmask = ($jsonData['SubnetMask'] == '' || $jsonData['SubnetMask'] == '0.0.0.0') ? getDefaultNetValue('dhcp',$ap_iface,'subnetmask') : $jsonData['SubnetMask'];
         $ip_address.= (!preg_match('/.*\/\d+/', $ip_address)) ? '/'.mask2cidr($netmask) : null;
 
         if ($bridgedEnable == 1) {
-            $config = array_keys(getDefaultNetOpts('dhcp'));
+            $config = array_keys(getDefaultNetOpts('dhcp','options'));
             $config[] = PHP_EOL.'# RaspAP br0 configuration';
             $config[] = 'denyinterfaces eth0 wlan0';
             $config[] = 'interface br0';
             $config[] = PHP_EOL;
         } elseif ($wifiAPEnable == 1) {
-            $config = array_keys(getDefaultNetOpts('dhcp'));
+            $config = array_keys(getDefaultNetOpts('dhcp','options'));
             $config[] = PHP_EOL.'# RaspAP uap0 configuration';
             $config[] = 'interface uap0';
             $config[] = 'static ip_address='.$ip_address;
             $config[] = 'nohook wpa_supplicant';
             $config[] = PHP_EOL;
         } else {
-            // Default wlan0 config
             $def_ip = array();
-            $config = [ '# RaspAP wlan0 configuration' ];
-            $config[] = 'interface wlan0';
+            $config = [ '# RaspAP '.$ap_iface.' configuration' ];
+            $config[] = 'interface '.$ap_iface;
             $config[] = 'static ip_address='.$ip_address;
             $config[] = 'static routers='.$routers;
             $config[] = 'static domain_name_server='.$domain_name_server;
diff --git a/includes/internetRoute.php b/includes/internetRoute.php
index 0143a099..e83dca22 100755
--- a/includes/internetRoute.php
+++ b/includes/internetRoute.php
@@ -11,10 +11,23 @@ function getRouteInfo($checkAccess)
     $rInfo = array();
     // get all default routes
     exec('ip route list |  sed -rn "s/default via (([0-9]{1,3}\.){3}[0-9]{1,3}).*dev (\w*).*src (([0-9]{1,3}\.){3}[0-9]{1,3}).*/\3 \4 \1/p"', $routes);
-    exec('ip route list |  sed -rn "s/default dev (\w*) scope link/\1/p"', $devs);
+    $devpat = array("tun", "ppp");  // routing in case of VPN and PPP connection are different
+    foreach ($devpat as $pat) {
+       exec('ip route list |  grep -oP "'.$pat.'[0-9]" | sort -u', $devs);
+    }
     if (!empty($devs)) {
-        foreach ($devs as $dev)
-            exec('ip route list |  sed -rn "s/(([0-9]{1,3}\.){3}[0-9]{1,3}).*dev.*("' . $dev . '").*scope link src (([0-9]{1,3}\.){3}[0-9]{1,3}).*/\3 \4 \1/p"', $routes);
+        foreach ($devs as $dev) {
+            unset($gateway);
+            unset($ipadd);
+            exec('ip route list |  sed -rn "s/^.*via (([0-9]{1,3}\.){3}[0-9]{1,3}) dev "' . $dev . '".*$/\1/p" | head -n 1', $gateway);
+            if (empty($gateway)) {
+                exec('ip route list | sed -rn "s/(([0-9]{1,3}\.){3}[0-9]{1,3}).*dev.*"' . $dev . '".*scope link src.*/\1/p"', $gateway);
+            }
+            exec('ifconfig -a | grep -i ' . $dev . ' -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"', $ipadd);
+            if (!empty($gateway) && !empty($ipadd)) {
+                $routes[]="$dev $ipadd[0] $gateway[0]";
+            }
+        }
     }
     if (!empty($routes)) {
         foreach ($routes as $i => $route) {
@@ -41,5 +54,4 @@ function getRouteInfo($checkAccess)
     }
     return $rInfo;
 }
-?>
 
diff --git a/includes/openvpn.php b/includes/openvpn.php
index 6f9e40b5..a89c3e18 100755
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@@ -3,6 +3,7 @@
 require_once 'includes/status_messages.php';
 require_once 'includes/config.php';
 require_once 'includes/wifi_functions.php';
+require_once 'app/lib/uploader.php';
 
 getWifiInterface();
 
@@ -20,7 +21,9 @@ function DisplayOpenVPNConfig()
             if (isset($_POST['authPassword'])) {
                 $authPassword = strip_tags(trim($_POST['authPassword']));
             }
-            $return = SaveOpenVPNConfig($status, $_FILES['customFile'], $authUser, $authPassword);
+            if (is_uploaded_file( $_FILES["customFile"]["tmp_name"])) {
+                $return = SaveOpenVPNConfig($status, $_FILES['customFile'], $authUser, $authPassword);
+            }
         } elseif (isset($_POST['StartOpenVPN'])) {
             $status->addMessage('Attempting to start OpenVPN', 'info');
             exec('sudo /bin/systemctl start openvpn-client@client', $return);
@@ -39,16 +42,32 @@ function DisplayOpenVPNConfig()
     }
 
     exec('pidof openvpn | wc -l', $openvpnstatus);
-    exec('wget https://ipinfo.io/ip -qO -', $return);
-
     $serviceStatus = $openvpnstatus[0] == 0 ? "down" : "up";
     $auth = file(RASPI_OPENVPN_CLIENT_LOGIN, FILE_IGNORE_NEW_LINES);
-    $public_ip = $return[0];
+    $public_ip = get_public_ip();
 
     // parse client auth credentials
     if (!empty($auth)) {
-        $authUser = $auth[0];
-        $authPassword = $auth[1];
+        $auth = array_filter($auth, 'filter_comments');
+        $authUser = current($auth);
+        $authPassword = next($auth);
+    }
+    $clients = preg_grep('/_client.(conf)$/', scandir(pathinfo(RASPI_OPENVPN_CLIENT_CONFIG, PATHINFO_DIRNAME)));
+    exec("readlink ".RASPI_OPENVPN_CLIENT_CONFIG." | xargs basename", $ret);
+    $conf_default =  empty($ret) ? "none" : $ret[0];
+
+    $logEnable = 0;
+    if (!empty($_POST) && !isset($_POST['log-openvpn'])) {
+        $logOutput = "";
+        $f = @fopen("/tmp/openvpn.log", "r+");
+        if ($f !== false) {
+            ftruncate($f, 0);
+            fclose($f);
+        }
+    } elseif (isset($_POST['log-openvpn']) || filesize('/tmp/openvpn.log') >0) {
+        $logEnable = 1;
+        exec("sudo /etc/raspap/openvpn/openvpnlog.sh", $logOutput);
+        $logOutput = file_get_contents('/tmp/openvpn.log');
     }
 
     echo renderTemplate(
@@ -56,9 +75,13 @@ function DisplayOpenVPNConfig()
             "status",
             "serviceStatus",
             "openvpnstatus",
+            "logEnable",
+            "logOutput",
             "public_ip",
             "authUser",
-            "authPassword"
+            "authPassword",
+            "clients",
+            "conf_default"
         )
     );
 }
@@ -76,8 +99,8 @@ function DisplayOpenVPNConfig()
  */
 function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
 {
-    $tmp_ovpnclient = '/tmp/ovpnclient.ovpn';
-    $tmp_authdata = '/tmp/authdata';
+    define('KB', 1024);
+    $tmp_destdir = '/tmp/';
     $auth_flag = 0;
 
     try {
@@ -86,76 +109,49 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
             throw new RuntimeException('Invalid parameters');
         }
 
-        // Parse returned errors
-        switch ($file['error']) {
-        case UPLOAD_ERR_OK:
-            break;
-        case UPLOAD_ERR_NO_FILE:
-            throw new RuntimeException('OpenVPN configuration file not sent');
-        case UPLOAD_ERR_INI_SIZE:
-        case UPLOAD_ERR_FORM_SIZE:
-            throw new RuntimeException('Exceeded filesize limit');
-        default:
-            throw new RuntimeException('Unknown errors');
+        $upload = \RaspAP\Uploader\Upload::factory('ovpn',$tmp_destdir);
+        $upload->set_max_file_size(64*KB);
+        $upload->set_allowed_mime_types(array('ovpn' => 'text/plain'));
+        $upload->file($file);
+
+        $validation = new validation;
+        $upload->callbacks($validation, array('check_name_length'));
+        $results = $upload->upload();
+
+        if (!empty($results['errors'])) {
+            throw new RuntimeException($results['errors'][0]);
         }
 
-        // Validate extension
-        $ext = pathinfo($file['name'], PATHINFO_EXTENSION);
-        if ($ext != 'ovpn') {
-            throw new RuntimeException('Invalid file extension');
-        }
-
-        // Validate MIME type
-        $finfo = new finfo(FILEINFO_MIME_TYPE);
-        if (false === $ext = array_search(
-            $finfo->file($file['tmp_name']),
-            array(
-                'ovpn' => 'text/plain'
-            ),
-            true
-        )
-        ) {
-            throw new RuntimeException('Invalid file format');
-        }
-
-        // Validate filesize
-        define('KB', 1024);
-        if ($file['size'] > 64*KB) {
-            throw new RuntimeException('File size limit exceeded');
-        }
-
-        // Use safe filename, save to /tmp
-        if (!move_uploaded_file(
-            $file['tmp_name'],
-            sprintf(
-                '/tmp/%s.%s',
-                'ovpnclient',
-                $ext
-            )
-        )
-        ) {
-            throw new RuntimeException('Unable to move uploaded file');
-        }
         // Good file upload, update auth credentials if present
         if (!empty($authUser) && !empty($authPassword)) {
             $auth_flag = 1;
-            // Move tmp authdata to /etc/openvpn/login.conf
+            $tmp_authdata = $tmp_destdir .'ovpn/authdata';
             $auth = $authUser .PHP_EOL . $authPassword .PHP_EOL;
             file_put_contents($tmp_authdata, $auth);
-            system("sudo cp $tmp_authdata " . RASPI_OPENVPN_CLIENT_LOGIN, $return);
+            chmod($tmp_authdata, 0644);
+            $client_auth = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_login.conf';
+            system("sudo mv $tmp_authdata $client_auth", $return);
+            system("sudo rm ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
+            system("sudo ln -s $client_auth ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
             if ($return !=0) {
                 $status->addMessage('Unable to save client auth credentials', 'danger');
             }
         }
 
         // Set iptables rules and, optionally, auth-user-pass
-        exec("sudo /etc/raspap/openvpn/configauth.sh $tmp_ovpnclient $auth_flag " .$_SESSION['ap_interface'], $return);
+        $tmp_ovpn = $results['full_path'];
+        exec("sudo /etc/raspap/openvpn/configauth.sh $tmp_ovpn $auth_flag " .$_SESSION['ap_interface'], $return);
         foreach ($return as $line) {
             $status->addMessage($line, 'info');
         }
 
-        // Copy tmp client config to /etc/openvpn/client
-        system("sudo cp $tmp_ovpnclient " . RASPI_OPENVPN_CLIENT_CONFIG, $return);
+        // Move uploaded ovpn config from /tmp and create symlink
+        $client_ovpn = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_client.conf';
+        chmod($tmp_ovpn, 0644);
+        system("sudo mv $tmp_ovpn $client_ovpn", $return);
+        system("sudo rm ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+        system("sudo ln -s $client_ovpn ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+
         if ($return ==0) {
             $status->addMessage('OpenVPN client.conf uploaded successfully', 'info');
         } else {
@@ -168,3 +164,4 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
         return $status;
     }
 }
+
diff --git a/includes/system.php b/includes/system.php
index 7cd53b24..db7f3c48 100755
--- a/includes/system.php
+++ b/includes/system.php
@@ -147,6 +147,7 @@ function DisplaySystem()
         'pl_PL.UTF-8' => 'Polskie',
         'pt_BR.UTF-8' => 'Português',
         'ru_RU.UTF-8' => 'Русский',
+        'ro_RO.UTF-8' => 'Română',
         'sv_SE.UTF-8' => 'Svenska',
         'tr_TR.UTF-8' => 'Türkçe',
         'vi_VN.UTF-8' => 'Tiếng Việt (Vietnamese)'
diff --git a/includes/themes.php b/includes/themes.php
index 58afe68a..ab4cf43c 100755
--- a/includes/themes.php
+++ b/includes/themes.php
@@ -7,13 +7,11 @@ function DisplayThemeConfig(&$extraFooterScripts)
 {
     $themes = [
         "default"    => "RaspAP (default)",
-        "hackernews" => "HackerNews",
-        "lightsout"  => "Lights Out"
+        "hackernews" => "HackerNews"
     ];
     $themeFiles = [
         "default"    => "custom.php",
-        "hackernews" => "hackernews.css",
-        "lightsout"  => "lightsout.css"
+        "hackernews" => "hackernews.css"
     ];
     $selectedTheme = array_search($_COOKIE['theme'], $themeFiles);
 
diff --git a/includes/wifi_functions.php b/includes/wifi_functions.php
index b7b543df..dcc57ede 100755
--- a/includes/wifi_functions.php
+++ b/includes/wifi_functions.php
@@ -6,9 +6,11 @@ function knownWifiStations(&$networks)
 {
     // Find currently configured networks
     exec(' sudo cat ' . RASPI_WPA_SUPPLICANT_CONFIG, $known_return);
+    $index = 0;
     foreach ($known_return as $line) {
         if (preg_match('/network\s*=/', $line)) {
-            $network = array('visible' => false, 'configured' => true, 'connected' => false);
+            $network = array('visible' => false, 'configured' => true, 'connected' => false, 'index' => $index);
+            ++$index;
         } elseif (isset($network) && $network !== null) {
             if (preg_match('/^\s*}\s*$/', $line)) {
                 $networks[$ssid] = $network;
@@ -18,6 +20,7 @@ function knownWifiStations(&$networks)
                 switch (strtolower($lineArr[0])) {
                 case 'ssid':
                     $ssid = trim($lineArr[1], '"');
+                    $ssid = str_replace('P"','',$ssid);
                     $network['ssid'] = $ssid;
                     break;
                 case 'psk':
@@ -68,11 +71,16 @@ function nearbyWifiStations(&$networks, $cached = true)
     exec('cat '.RASPI_HOSTAPD_CONFIG.' | sed -rn "s/ssid=(.*)\s*$/\1/p" ', $ap_ssid);
     $ap_ssid = $ap_ssid[0];
 
+    $index = 0;
+    if ( !empty($networks) ) {
+        $lastnet = end($networks);
+        if ( isset($lastnet['index']) ) $index = $lastnet['index'] + 1;
+    }
+    
     foreach (explode("\n", $scan_results) as $network) {
         $arrNetwork = preg_split("/[\t]+/", $network);  // split result into array
 
         $ssid = trim($arrNetwork[4]);
-        $ssid = evalHexSequence($ssid);
 
         // exclude raspap ssid
         if (empty($ssid) || $ssid == $ap_ssid) {
@@ -84,8 +92,6 @@ function nearbyWifiStations(&$networks, $cached = true)
             continue;
         }
 
-        $networks[$ssid]['ssid'] = $ssid;
-
         // If network is saved
         if (array_key_exists($ssid, $networks)) {
             $networks[$ssid]['visible'] = true;
@@ -93,13 +99,16 @@ function nearbyWifiStations(&$networks, $cached = true)
             // TODO What if the security has changed?
         } else {
             $networks[$ssid] = array(
+                'ssid' => $ssid,
                 'configured' => false,
                 'protocol' => ConvertToSecurity($arrNetwork[3]),
                 'channel' => ConvertToChannel($arrNetwork[1]),
                 'passphrase' => '',
                 'visible' => true,
-                'connected' => false
+                'connected' => false,
+                'index' => $index
             );
+            ++$index;
         }
 
         // Save RSSI, if the current value is larger than the already stored
@@ -116,7 +125,7 @@ function connectedWifiStations(&$networks)
     exec('iwconfig ' .$_SESSION['wifi_client_interface'], $iwconfig_return);
     foreach ($iwconfig_return as $line) {
         if (preg_match('/ESSID:\"([^"]+)\"/i', $line, $iwconfig_ssid)) {
-            $networks[$iwconfig_ssid[1]]['connected'] = true;
+            $networks[hexSequence2lower($iwconfig_ssid[1])]['connected'] = true;
         }
     }
 }
@@ -180,3 +189,12 @@ function reinitializeWPA($force)
     return $result;
 }
 
+/*
+ * Replace escaped bytes (hex) by binary - assume UTF8 encoding
+ *
+ * @param string $ssid
+ */
+function ssid2utf8($ssid) {
+    return  evalHexSequence($ssid);
+}
+
diff --git a/includes/wireguard.php b/includes/wireguard.php
new file mode 100644
index 00000000..dfe04d5c
--- /dev/null
+++ b/includes/wireguard.php
@@ -0,0 +1,310 @@
+<?php
+
+require_once 'includes/status_messages.php';
+require_once 'config.php';
+
+/**
+ * Displays wireguard server & peer configuration
+ */
+function DisplayWireGuardConfig()
+{
+    $status = new StatusMessages();
+    if (!RASPI_MONITOR_ENABLED) {
+        $optRules     = $_POST['wgRules'];
+        $optConf      = $_POST['wgCnfOpt'];
+        $optSrvEnable = $_POST['wgSrvEnable'];
+        $optLogEnable = $_POST['wgLogEnable'];
+        if (isset($_POST['savewgsettings']) && $optConf == 'manual' && $optSrvEnable == 1 ) {
+            SaveWireGuardConfig($status);
+        } elseif (isset($_POST['savewgsettings']) && $optConf == 'upload' && is_uploaded_file($_FILES["wgFile"]["tmp_name"])) {
+            SaveWireGuardUpload($status, $_FILES['wgFile'], $optRules);
+        } elseif (isset($_POST['savewgsettings']) && isset($_POST['wg_penabled']) ) {
+            SaveWireGuardConfig($status);
+        } elseif (isset($_POST['startwg'])) {
+            $status->addMessage('Attempting to start WireGuard', 'info');
+            exec('sudo /bin/systemctl start wg-quick@wg0', $return);
+            foreach ($return as $line) {
+                $status->addMessage($line, 'info');
+            }
+        } elseif (isset($_POST['stopwg'])) {
+            $status->addMessage('Attempting to stop WireGuard', 'info');
+            exec('sudo /bin/systemctl stop wg-quick@wg0', $return);
+            foreach ($return as $line) {
+                $status->addMessage($line, 'info');
+            }
+        }
+        CheckWireGuardLog( $optLogEnable, $status );
+    }
+
+    // fetch server config
+    exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
+    $conf = ParseConfig($return);
+    $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
+    $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
+    $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
+    $wg_srvdns = ($conf['DNS'] == '') ? getDefaultNetValue('wireguard','server','DNS') : $conf['DNS'];
+    $wg_peerpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-public.key', $return);
+    if (sizeof($conf) >0) {
+        $wg_senabled = true;
+    }
+
+    // fetch client config
+    exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $preturn);
+    $conf = ParseConfig($preturn);
+    $wg_pipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','peer','Address') : $conf['Address'];
+    $wg_plistenport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','peer','ListenPort') : $conf['ListenPort'];
+    $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
+    $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
+    $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
+    if (sizeof($conf) >0) {
+        $wg_penabled = true;
+    }
+
+    // fetch service status
+    exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
+    $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
+    $wg_state = ($wgstatus[0] > 0);
+    $public_ip = get_public_ip();
+
+    echo renderTemplate(
+        "wireguard", compact(
+            "status",
+            "wg_state",
+            "serviceStatus",
+            "public_ip",
+            "optRules",
+            "optLogEnable",
+            "peer_id",
+            "wg_srvpubkey",
+            "wg_srvport",
+            "wg_srvipaddress",
+            "wg_srvdns",
+            "wg_senabled",
+            "wg_penabled",
+            "wg_pipaddress",
+            "wg_plistenport",
+            "wg_peerpubkey",
+            "wg_pendpoint",
+            "wg_pallowedips",
+            "wg_pkeepalive"
+        )
+    );
+}
+
+/**
+ * Validates uploaded .conf file, adds iptables post-up and
+ * post-down rules.
+ *
+ * @param  object $status
+ * @param  object $file
+ * @param  boolean $optRules
+ * @return object $status
+ */
+function SaveWireGuardUpload($status, $file, $optRules)
+{
+    define('KB', 1024);
+    $tmp_destdir = '/tmp/';
+    $auth_flag = 0;
+
+    try {
+        // If undefined or multiple files, treat as invalid
+        if (!isset($file['error']) || is_array($file['error'])) {
+            throw new RuntimeException('Invalid parameters');
+        }
+
+        $upload = \RaspAP\Uploader\Upload::factory('wg',$tmp_destdir);
+        $upload->set_max_file_size(64*KB);
+        $upload->set_allowed_mime_types(array('text/plain'));
+        $upload->file($file);
+
+        $validation = new validation;
+        $upload->callbacks($validation, array('check_name_length'));
+        $results = $upload->upload();
+
+        if (!empty($results['errors'])) {
+            throw new RuntimeException($results['errors'][0]);
+        }
+
+        // Valid upload, get file contents
+        $tmp_wgconfig = $results['full_path'];
+        $tmp_contents = file_get_contents($tmp_wgconfig);
+
+        // Set iptables rules
+        if (isset($optRules) && !preg_match('/PostUp|PostDown/m',$tmp_contents)) {
+            $rules[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
+            $rules[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
+            $rules[] = '';
+            $rules = join(PHP_EOL, $rules);
+            $rules = preg_replace('/wlan0/m', $_SESSION['ap_interface'], $rules);
+            $tmp_contents = preg_replace('/^\s*$/ms', $rules, $tmp_contents, 1);
+            file_put_contents($tmp_wgconfig, $tmp_contents);
+        }
+
+        // Move processed file from tmp to destination
+        system("sudo mv $tmp_wgconfig ". RASPI_WIREGUARD_CONFIG, $return);
+
+        if ($return ==0) {
+            $status->addMessage('WireGuard configuration uploaded successfully', 'info');
+        } else {
+            $status->addMessage('Unable to save WireGuard configuration', 'danger');
+        }
+        return $status;
+
+    } catch (RuntimeException $e) {
+        $status->addMessage($e->getMessage(), 'danger');
+        return $status;
+    }
+}
+
+/**
+ * Validate user input, save wireguard configuration
+ *
+ * @param object $status
+ * @return boolean
+ */
+function SaveWireGuardConfig($status)
+{
+    // Set defaults
+    $good_input = true;
+    $peer_id = 1;
+    // Validate server input
+    if ($_POST['wgSrvEnable'] == 1) {
+        if (isset($_POST['wg_srvport'])) {
+            if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
+                $status->addMessage('Invalid value for server local port', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_plistenport'])) {
+            if (strlen($_POST['wg_plistenport']) > 5 || !is_numeric($_POST['wg_plistenport'])) {
+                $status->addMessage('Invalid value for peer local port', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_srvipaddress'])) {
+            if (!validateCidr($_POST['wg_srvipaddress'])) {
+                $status->addMessage('Invalid value for server IP address', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_srvdns'])) {
+            if (!filter_var($_POST['wg_srvdns'],FILTER_VALIDATE_IP)) {
+                $status->addMessage('Invalid value for DNS', 'danger');
+                $good_input = false;
+            }
+        }
+    }
+    // Validate peer input
+    if ($_POST['wg_penabled'] == 1) {
+        if (isset($_POST['wg_pipaddress'])) {
+            if (!validateCidr($_POST['wg_pipaddress'])) {
+                $status->addMessage('Invalid value for peer IP address', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
+            $wg_pendpoint_seg = substr($_POST['wg_pendpoint'],0,strpos($_POST['wg_pendpoint'],':'));
+            if (!filter_var($wg_pendpoint_seg,FILTER_VALIDATE_IP)) {
+                $status->addMessage('Invalid value for endpoint address', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_pallowedips']) && strlen(trim($_POST['wg_pallowedips']) >0)) {
+            if (!validateCidr($_POST['wg_pallowedips'])) {
+                $status->addMessage('Invalid value for allowed IPs', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
+            if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
+                $status->addMessage('Invalid value for persistent keepalive', 'danger');
+                $good_input = false;
+            }
+        }
+    }
+
+    // Save settings
+    if ($good_input) {
+        // server (wg0.conf)
+        if ($_POST['wgSrvEnable'] == 1) {
+            // fetch server private key from filesytem
+            $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+            $config[] = '[Interface]';
+            $config[] = 'Address = '.$_POST['wg_srvipaddress'];
+            $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+            $config[] = 'DNS = '.$_POST['wg_srvdns'];
+            $config[] = 'PrivateKey = '.$wg_srvprivkey;
+            $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
+            $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
+            $config[] = '';
+            $config[] = '[Peer]';
+            $config[] = 'PublicKey = '.$_POST['wg-peer'];
+            $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+            if ($_POST['wg_pkeepalive'] !== '') {
+                $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+            }
+            $config[] = '';
+            $config = join(PHP_EOL, $config);
+
+            file_put_contents("/tmp/wgdata", $config);
+            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+        } else {
+            # remove selected conf + keys
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_CONFIG, $return);
+        }
+        // client1 (client.conf)
+        if ($_POST['wg_penabled'] == 1) {
+            // fetch peer private key from filesystem 
+            $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
+            $config = [];
+            $config[] = '[Interface]';
+            $config[] = 'Address = '.trim($_POST['wg_pipaddress']);
+            $config[] = 'PrivateKey = '.$wg_peerprivkey;
+            $config[] = 'ListenPort = '.$_POST['wg_plistenport'];
+            $config[] = '';
+            $config[] = '[Peer]';
+            $config[] = 'PublicKey = '.$_POST['wg-server'];
+            $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+            $config[] = 'Endpoint = '.$_POST['wg_pendpoint'];
+            if ($_POST['wg_pkeepalive'] !== '') {
+                $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+            }
+            $config[] = '';
+            $config = join(PHP_EOL, $config);
+
+            file_put_contents("/tmp/wgdata", $config);
+            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
+        } else {
+             # remove selected conf + keys
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-peer-public.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_PATH.'client.conf', $return);
+        }
+
+        foreach ($return as $line) {
+            $status->addMessage($line, 'info');
+        }
+        if ($return == 0) {
+            $status->addMessage('WireGuard configuration updated successfully', 'success');
+        } else {
+            $status->addMessage('WireGuard configuration failed to be updated', 'danger');
+        }
+    }
+}
+
+/**
+ *
+ * @return object $status
+ */
+function CheckWireGuardLog( $opt, $status )
+{
+   // handle log option
+    if ( $opt == "1") {
+        exec("sudo journalctl --identifier wg-quick > /tmp/wireguard.log");
+        $status->addMessage('WireGuard debug log updated', 'success');
+    }
+    return $status;
+}
+
diff --git a/index.php b/index.php
index f20c9cf2..2a25876c 100755
--- a/index.php
+++ b/index.php
@@ -7,15 +7,15 @@
  * Enables use of simple web interface rather than SSH to control WiFi and related services  on the Raspberry Pi.
  * Recommended distribution is Raspberry Pi OS (32-bit) Lite. Specific instructions to install the supported software are
  * in the README and original post by @SirLagz. For a quick run through, the packages required for the WebGUI are:
- * lighttpd (version 1.4.53 installed via apt)
- * php-cgi (version 7.3.19-1 installed via apt)
+ * lighttpd (version 1.4.59 installed via apt)
+ * php-cgi (version 7.4.25 installed via apt)
  * along with their supporting packages, php7.3 will also need to be enabled.
  *
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.6.7
- * @link    https://github.com/raspap/raspap-webgui/
+ * @version 2.8.4
+ * @link    https://github.com/RaspAP/raspap-webgui/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/
  *
@@ -45,6 +45,7 @@ require_once 'includes/themes.php';
 require_once 'includes/data_usage.php';
 require_once 'includes/about.php';
 require_once 'includes/openvpn.php';
+require_once 'includes/wireguard.php';
 require_once 'includes/torproxy.php';
 
 $config = getConfig();
@@ -82,6 +83,9 @@ $bridgedEnabled = getBridgedState();
     <!-- Custom Fonts -->
     <link href="dist/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
 
+    <!-- RaspAP Fonts -->
+    <link href="dist/raspap/css/style.css" rel="stylesheet" type="text/css">
+
     <!-- Custom CSS -->
     <link href="<?php echo $theme_url; ?>" title="main" rel="stylesheet">
 
@@ -161,6 +165,11 @@ $bridgedEnabled = getBridgedState();
           <?php if (RASPI_OPENVPN_ENABLED) : ?>
         <li class="nav-item">
           <a class="nav-link" href="openvpn_conf"><i class="fas fa-key fa-fw mr-2"></i><span class="nav-label"><?php echo _("OpenVPN"); ?></a>
+        </li>
+          <?php endif; ?>
+          <?php if (RASPI_WIREGUARD_ENABLED) : ?>
+        <li class="nav-item">
+          <a class="nav-link" href="wg_conf"><span class="ra-wireguard mr-2"></span><span class="nav-label"><?php echo _("WireGuard"); ?></a>
         </li>
           <?php endif; ?>
           <?php if (RASPI_TORPROXY_ENABLED) : ?>
@@ -214,8 +223,13 @@ $bridgedEnabled = getBridgedState();
           <i class="fa fa-bars"></i>
         </button>
         <!-- Topbar Navbar -->
-        <p class="text-left brand-title mt-3 ml-2"><?php //echo _("WiFi Configuration Portal"); ?></p>
+        <p class="text-left brand-title mt-3 ml-2"></p>
         <ul class="navbar-nav ml-auto">
+          <!-- Nav Item - Night mode -->
+          <div class="custom-control custom-switch mt-4">
+            <input type="checkbox" class="custom-control-input" id="night-mode" <?php echo getNightmode() ? 'checked' : null ; ?> >
+            <label class="custom-control-label" for="night-mode"><i class="far fa-moon mr-1 text-muted"></i></label>
+          </div>
           <div class="topbar-divider d-none d-sm-block"></div>
           <!-- Nav Item - User -->
           <li class="nav-item dropdown no-arrow">
@@ -254,6 +268,12 @@ $bridgedEnabled = getBridgedState();
         case "/openvpn_conf":
             DisplayOpenVPNConfig();
             break;
+        case "/wg_conf":
+            DisplayWireGuardConfig();
+            break;
+        case "/torproxy_conf":
+            DisplayTorProxyConfig();
+            break;
         case "/torproxy_conf":
             DisplayTorProxyConfig();
             break;
diff --git a/installers/common.sh b/installers/common.sh
index 023550f0..f2480434 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -43,9 +43,9 @@ function _install_raspap() {
     _update_system_packages
     _install_dependencies
     _enable_php_lighttpd
+    _check_for_old_configs
     _create_raspap_directories
     _optimize_php
-    _check_for_old_configs
     _download_latest_files
     _change_file_ownership
     _create_hostapd_scripts
@@ -139,10 +139,10 @@ function _get_linux_distro() {
 # Sets php package option based on Linux version, abort if unsupported distro
 function _set_php_package() {
     case $RELEASE in
-        18.04|19.10) # Ubuntu Server
+        18.04|19.10|11*) # Ubuntu Server & Debian 11
             php_package="php7.4-cgi"
             phpcgiconf="/etc/php/7.4/cgi/php.ini" ;;
-        10*)
+        10*|11*)
             php_package="php7.3-cgi"
             phpcgiconf="/etc/php/7.3/cgi/php.ini" ;;
         9*)
@@ -159,7 +159,7 @@ function _set_php_package() {
 function _install_dependencies() {
     _install_log "Installing required packages"
     _set_php_package
-    if [ "$php_package" = "php7.4-cgi" ]; then
+    if [ "$php_package" = "php7.4-cgi" ] && [ ${OS,,} = "ubuntu" ]; then
         echo "Adding apt-repository ppa:ondrej/php"
         sudo apt-get install $apt_option software-properties-common || _install_status 1 "Unable to install dependency"
         sudo add-apt-repository $apt_option ppa:ondrej/php || _install_status 1 "Unable to add-apt-repository ppa:ondrej/php"
@@ -352,21 +352,19 @@ function _prompt_install_openvpn() {
 
 # Prompt to install WireGuard
 function _prompt_install_wireguard() {
-    if [ "$insiders" == 1 ]; then
-        _install_log "Configure WireGuard support"
-        echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: "
-        if [ "$assume_yes" == 0 ]; then
-            read answer < /dev/tty
-            if [ "$answer" != "${answer#[Nn]}" ]; then
-                echo -e
-            else
-                _install_wireguard
-            fi
-        elif [ "$wg_option" == 1 ]; then
-            _install_wireguard
+    _install_log "Configure WireGuard support"
+    echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: "
+    if [ "$assume_yes" == 0 ]; then
+        read answer < /dev/tty
+        if [ "$answer" != "${answer#[Nn]}" ]; then
+            echo -e
         else
-            echo "(Skipped)"
+            _install_wireguard
         fi
+    elif [ "$wg_option" == 1 ]; then
+        _install_wireguard
+    else
+        echo "(Skipped)"
     fi
 }
 
@@ -427,6 +425,10 @@ function _download_latest_files() {
     if [ "$upgrade" == 1 ]; then
         _install_log "Applying existing configuration to ${webroot_dir}/includes"
         sudo mv /tmp/config.php $webroot_dir/includes  || _install_status 1 "Unable to move config.php to ${webroot_dir}/includes"
+        
+        if [ -f /tmp/raspap.auth ]; then
+            sudo mv /tmp/raspap.auth $raspap_dir || _install_status 1 "Unable to restore authentification credentials file to ${raspap_dir}"
+        fi
     fi
 
     _install_status 0
@@ -447,6 +449,10 @@ function _check_for_old_configs() {
     if [ "$upgrade" == 1 ]; then
         _install_log "Moving existing configuration to /tmp"
         sudo mv $webroot_dir/includes/config.php /tmp || _install_status 1 "Unable to move config.php to /tmp"
+
+        if [ -f $raspap_dir/raspap.auth ]; then
+            sudo mv $raspap_dir/raspap.auth /tmp || _install_status 1 "Unable to backup raspap.auth to /tmp"
+        fi
     else
         _install_log "Backing up existing configs to ${raspap_dir}/backups"
         if [ -f /etc/network/interfaces ]; then
@@ -609,7 +615,7 @@ function _optimize_php() {
     if [ "$upgrade" == 0 ]; then
         _install_log "Optimize PHP configuration"
         if [ ! -f "$phpcgiconf" ]; then
-            _install_status 1 "PHP configuration could not be found."
+            _install_status 2 "PHP configuration could not be found."
             return
         fi
 
@@ -669,7 +675,7 @@ function _install_complete() {
         # Prompt to reboot if wired ethernet (eth0) is connected.
         # With default_configuration this will create an active AP on restart.
         if ip a | grep -q ': eth0:.*state UP'; then
-            echo -n "The system needs to be rebooted as a final step. Reboot now? [y/N]: "
+            echo -n "The system needs to be rebooted as a final step. Reboot now? [Y/n]: "
             read answer < /dev/tty
             if [ "$answer" != "${answer#[Nn]}" ]; then
                 echo "Installation reboot aborted."
diff --git a/installers/configauth.sh b/installers/configauth.sh
index 166c657b..e3cb8ccf 100755
--- a/installers/configauth.sh
+++ b/installers/configauth.sh
@@ -35,7 +35,7 @@ echo "Checking iptables rules"
 rules=(
 "-A POSTROUTING -o tun0 -j MASQUERADE"
 "-A FORWARD -i tun0 -o ${interface} -m state --state RELATED,ESTABLISHED -j ACCEPT"
-"-A FORWARD -i wlan0 -o tun0 -j ACCEPT"
+"-A FORWARD -i ${interface} -o tun0 -j ACCEPT"
 )
 
 for rule in "${rules[@]}"; do
diff --git a/installers/install_feature_clients.sh b/installers/install_feature_clients.sh
new file mode 100644
index 00000000..e1a6ca92
--- /dev/null
+++ b/installers/install_feature_clients.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+#
+# RaspAP feature installation: handling of mobile data clients and client configuration
+# to be sources by the RaspAP installer script
+# Author: @zbchristian <christian@zeitnitz.eu>
+# Author URI: https://github.com/zbchristian/
+# License: GNU General Public License v3.0
+# License URI: https://github.com/raspap/raspap-webgui/blob/master/LICENSE
+
+# path for mobile modem scripts 
+readonly raspap_clients_scripts="/usr/local/sbin"
+#
+# table of mobile network operators - links the 5 digit operator code (from the modem) with a clear text operator name 
+readonly raspap_clients_operator_table="https://raw.githubusercontent.com/musalbas/mcc-mnc-table/master/mcc-mnc-table.csv"
+
+function _install_feature_clients() {
+    name="feature clients"
+
+    _install_log "Install $name"
+
+    _install_log " - required packages for mobile data clients"
+    sudo apt-get -y install wvdial socat bc || _install_status 1 "Unable to install dependencies for $name"
+
+    _install_log " - copy configuration files and scripts"
+    # Move scripts 
+    sudo cp "$webroot_dir/config/client_config/"*.sh "$raspap_clients_scripts/" || _install_status 1 "Unable to move client scripts ($name)"
+    sudo chmod a+rx "$raspap_clients_scripts/"*.sh  || _install_status 1 "Unable to chmod client scripts ($name)"
+    #    wget $raspap_clients_operator_table -o "$raspap_clients_scripts/"mcc-mnc-table.csv || _install_status 1 "Unable to wget operator table ($name)"
+    sudo cp "$webroot_dir/config/client_config/mcc-mnc-table.csv" "$raspap_clients_scripts/" || _install_status 1 "Unable to move client data ($name)"
+    # wvdial settings
+    sudo cp "$webroot_dir/config/client_config/wvdial.conf" "/etc/" || _install_status 1 "Unable to install client configuration ($name)"
+    sudo cp "$webroot_dir/config/client_config/interfaces" "/etc/network/interfaces" || _install_status 1 "Unable to install interface settings ($name)"
+    # udev rules/services to auto start mobile data services
+    sudo cp "$webroot_dir/config/client_config/70-mobile-data-sticks.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules ($name)"
+    sudo cp "$webroot_dir/config/client_config/80-raspap-net-devices.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules ($name)"
+    sudo cp "$webroot_dir/config/client_config/"*.service "/etc/systemd/system/" || _install_status 1 "Unable to install client startup services ($name)"
+    # client configuration and udev rule templates
+    sudo cp "$webroot_dir/config/client_udev_prototypes.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration ($name)"
+    _install_status 0
+}
diff --git a/installers/install_feature_firewall.sh b/installers/install_feature_firewall.sh
new file mode 100644
index 00000000..a2eecdc7
--- /dev/null
+++ b/installers/install_feature_firewall.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# RaspAP feature installation: Firewall
+# to be sources by the RaspAP installer script
+# Author: @zbchristian <christian@zeitnitz.eu>
+# Author URI: https://github.com/zbchristian/
+# License: GNU General Public License v3.0
+# License URI: https://github.com/raspap/raspap-webgui/blob/master/LICENSE
+
+function _install_feature_firewall() {
+    name="feature firewall"
+
+    _install_log "Install $name"
+	# create config dir
+	sudo mkdir "$raspap_network/firewall" || _install_status 1 "Unable to create firewall config directory" 
+    # copy firewall configuration 
+    sudo cp "$webroot_dir/config/iptables_rules.json" "$raspap_network/firewall/" || _install_status 1 "Unable to copy iptables templates"
+	sudo chown $raspap_user:$raspap_user -R "$raspap_network/firewall" || _install_status 1 "Unable to change ownership of firewall directory and files "
+    _install_status 0
+}
diff --git a/installers/openvpnlog.sh b/installers/openvpnlog.sh
index 96e79e2d..d933d669 100755
--- a/installers/openvpnlog.sh
+++ b/installers/openvpnlog.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 touch /tmp/openvpn.log
-grep -m 100 openvpn /var/log/syslog | sudo tee /tmp/openvpn.log
+journalctl |grep -m 200 openvpn | sudo tee /tmp/openvpn.log
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 60759f3d..945aa0c8 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -20,8 +20,9 @@ www-data ALL=(ALL) NOPASSWD:/bin/systemctl start openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl enable openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl disable openvpn-client@client
-www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf
-www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/login.conf
+www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/ovpn/* /etc/openvpn/client/*.conf
+www-data ALL=(ALL) NOPASSWD:/usr/bin/ln -s /etc/openvpn/client/*.conf /etc/openvpn/client/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/openvpn/client/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/dnsmasq.d/090_*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf
@@ -30,15 +31,35 @@ www-data ALL=(ALL) NOPASSWD:/sbin/reboot
 www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] down
 www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] up
 www-data ALL=(ALL) NOPASSWD:/sbin/ip -s a f label wlan[0-9]
+www-data ALL=(ALL) NOPASSWD:/sbin/ifup *
+www-data ALL=(ALL) NOPASSWD:/sbin/ifdown *
+www-data ALL=(ALL) NOPASSWD:/sbin/iw
 www-data ALL=(ALL) NOPASSWD:/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/enablelog.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/disablelog.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/servicestart.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
+www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/openvpnlog.sh
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
-www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
+www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /var/log/dnsmasq.log
+www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasq_custom /etc/raspap/adblock/custom.txt
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg-*.key /etc/wireguard/wg-*.key
+www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg/* /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
+www-data ALL=(ALL) NOPASSWD:/usr/bin/socat - /dev/ttyUSB[0-9]
+www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/onoff_huawei_hilink.sh *
+www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/wvdial.conf
+www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/udev/rules.d/80-raspap-net-devices.rules
+www-data ALL=(ALL) NOPASSWD:/usr/bin/tee -a /etc/udev/rules.d/80-raspap-net-devices.rules
+www-data ALL=(ALL) NOPASSWD:/usr/bin/journalctl --identifier wg-quick
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl * wg-quick@wg0
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
+www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/wg-*.key
 
diff --git a/installers/uninstall.sh b/installers/uninstall.sh
index 4f155cac..56ca1d87 100755
--- a/installers/uninstall.sh
+++ b/installers/uninstall.sh
@@ -202,7 +202,7 @@ function _remove_installed_packages() {
     fi
     echo -n "Remove the following installed packages? lighttpd hostapd iptables-persistent $php_package $dhcpcd_package vnstat qrencode [y/N]: "
     read answer
-    if [ "$answer" != 'n' ] && [ "$answer" != 'N' ]; then
+    if [ "$answer" == 'y' ] || [ "$answer" == 'Y' ]; then
         echo "Removing packages."
         sudo apt-get remove lighttpd hostapd iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_error "Unable to remove installed packages"
         sudo apt-get autoremove || _install_error "Unable to run apt autoremove"
diff --git a/installers/update_firewall.sh b/installers/update_firewall.sh
new file mode 100644
index 00000000..2a7d9212
--- /dev/null
+++ b/installers/update_firewall.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+# include the raspap helper functions
+source /usr/local/sbin/raspap_helpers.sh
+
+_getWebRoot
+
+echo -n "Update firewall ... "
+
+cat << EOF > /tmp/updateFirewall.php
+<?php
+//set_include_path('/var/www/html/');
+\$_SESSION['locale']="en_GB.UTF-8";
+
+require_once 'includes/config.php';
+require_once 'includes/defaults.php';
+require_once RASPI_CONFIG.'/raspap.php';
+require_once 'includes/locale.php';
+require_once 'includes/wifi_functions.php';
+require_once 'includes/get_clients.php';
+require_once 'includes/firewall.php';
+
+updateFirewall();
+
+?>
+EOF
+
+sudo php -d include_path=$raspap_webroot /tmp/updateFirewall.php
+rm /tmp/updateFirewall.php
+echo "done."
diff --git a/locale/da_DK/LC_MESSAGES/messages.mo b/locale/da_DK/LC_MESSAGES/messages.mo
index ddcee07d..98094dad 100644
Binary files a/locale/da_DK/LC_MESSAGES/messages.mo and b/locale/da_DK/LC_MESSAGES/messages.mo differ
diff --git a/locale/da_DK/LC_MESSAGES/messages.po b/locale/da_DK/LC_MESSAGES/messages.po
index 0b41bc40..7edbab58 100644
--- a/locale/da_DK/LC_MESSAGES/messages.po
+++ b/locale/da_DK/LC_MESSAGES/messages.po
@@ -3,8 +3,8 @@ msgstr ""
 "Project-Id-Version: raspap\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2021-01-13 08:19\n"
-"Last-Translator: Svend Skipper Andersen\n"
+"PO-Revision-Date: 2020-04-14 08:51\n"
+"Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "Language-Team: Danish\n"
 "Language: da_DK\n"
 "MIME-Version: 1.0\n"
@@ -12,10 +12,8 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 "X-Crowdin-Project: raspap\n"
-"X-Crowdin-Project-ID: 395801\n"
 "X-Crowdin-Language: da\n"
 "X-Crowdin-File: /master/locale/en_US/LC_MESSAGES/messages.po\n"
-"X-Crowdin-File-ID: 10\n"
 
 #: index.php
 msgid "RaspAP Wifi Configuration Portal"
@@ -253,12 +251,6 @@ msgstr "Klientliste"
 msgid "Interface"
 msgstr "Interface"
 
-msgid "Enable DHCP for this interface"
-msgstr "Aktivér DHCP for denne grænseflade"
-
-msgid "Enable this option if you want RaspAP to assign IP addresses on the selected interface."
-msgstr "Aktivér denne indstilling hvis du ønsker at RaspAP skal tildele IP-adresser på den valgte grænseflade."
-
 msgid "DNS Server"
 msgstr "DNS-server"
 
@@ -352,9 +344,6 @@ msgstr "Format"
 msgid "Choose a hosted server"
 msgstr "Vælg en hostet server"
 
-msgid "Enable these options to log DHCP server activity."
-msgstr "Aktivér disse indstillinger for at logge DHCP-serveraktivitet."
-
 msgid "Log DHCP requests"
 msgstr "Log DHCP anmodninger"
 
@@ -455,31 +444,10 @@ msgstr "Maksimal klientantal"
 msgid "Configures the max_num_sta option of hostapd. The default and maximum is 2007. If empty or 0, the default applies."
 msgstr "Konfigurerer max_num_sta i hostapd. Standard og maksimum er 2007. Hvis tom eller 0, bruges standard."
 
-msgid "Beacon interval"
-msgstr "Beaconinterval"
-
-msgid "Disable <code>disassoc_low_ack</code>"
-msgstr "Deaktivér <code>disassoc_low_ack</code>"
-
-msgid "Do not disassociate stations based on excessive transmission failures."
-msgstr "Undlad at frakoble stationer baseret på overdrevne transmissionsfejl."
-
-msgid "Executing RaspAP service start"
-msgstr "Udfører RaspAP servicestart"
-
-msgid "Close"
-msgstr "Luk"
-
-msgid "Enable this option to log <code>hostapd</code> activity."
-msgstr "Aktivér denne indstilling for at logge <code>hostapd</code> aktivitet."
-
 #: includes/networking.php
 msgid "Summary"
 msgstr "Oversigt"
 
-msgid "Internet connection"
-msgstr "Internetforbindelse"
-
 msgid "Current settings"
 msgstr "Nuværende indstillinger"
 
@@ -507,9 +475,6 @@ msgstr "Deaktiveret"
 msgid "Static IP Options"
 msgstr "Statiske IP-indstillinger"
 
-msgid "Metric"
-msgstr "Metrisk"
-
 msgid "Apply settings"
 msgstr "Anvend indstillinger"
 
@@ -562,12 +527,6 @@ msgstr "Systemet genstarter nu!"
 msgid "System Shutting Down Now!"
 msgstr "Systemet lukker ned nu!"
 
-msgid "Web server port"
-msgstr "Webserverport"
-
-msgid "Web server bind address"
-msgstr "Webserver bind-adresse"
-
 #: includes/themes.php
 msgid "Theme settings"
 msgstr "Temaindstillinger"
@@ -575,9 +534,6 @@ msgstr "Temaindstillinger"
 msgid "Select a theme"
 msgstr "Vælg et tema"
 
-msgid "Color"
-msgstr "Farve"
-
 #: includes/data_usage.php
 msgid "Data usage"
 msgstr "Dataforbrug"
@@ -778,24 +734,3 @@ msgstr "Statistikker"
 msgid "Information provided by adblock"
 msgstr "Information leveret af adblock"
 
-msgid "Enable custom blocklist"
-msgstr "Aktiver brugerdefineret blokliste"
-
-msgid "Define custom hosts to be blocked by entering an IPv4 or IPv6 address followed by any whitespace (spaces or tabs) and the host name."
-msgstr "Definer brugerdefinerede værter, der skal blokeres ved at indtaste en IPv4- eller IPv6-adresse efterfulgt af blanke tegn (mellemrum eller faneblade) og værtsnavnet."
-
-msgid "<b>IPv4 example:</b> 0.0.0.0 badhost.com"
-msgstr "<b>IPv4 eksempel:</b> 0.0.0.0 badhost.com"
-
-msgid "This option adds an <code>addn-hosts</code> directive to the dnsmasq configuration."
-msgstr "Denne indstilling tilføjer et <code>addn-værts</code> direktiv til dnsmasq-konfigurationen."
-
-msgid "Custom blocklist not defined"
-msgstr "Brugerdefineret blokliste ikke defineret"
-
-msgid "Invalid custom IP address found on line "
-msgstr "Ugyldig brugerdefineret IP-adresse fundet på linje "
-
-msgid "Invalid custom host found on line "
-msgstr "Ugyldig brugerdefineret vært fundet på linje "
-
diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index 646eef09..84b77220 100644
Binary files a/locale/en_US/LC_MESSAGES/messages.mo and b/locale/en_US/LC_MESSAGES/messages.mo differ
diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index a28fb4ec..723549ba 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -1104,11 +1104,11 @@ msgstr "Allowed IPs"
 msgid "Persistent keepalive"
 msgstr "Persistent keepalive"
 
-msgid "Display WireGuard status"
-msgstr "Display WireGuard status"
+msgid "Enable this option to display an updated <code>wg-quick</code> debug log."
+msgstr "Enable this option to display an updated <code>wg-quick</code> debug log."
 
-msgid "Enable this option to display an updated WireGuard status."
-msgstr "Enable this option to display an updated WireGuard status."
+msgid "WireGuard debug log updated"
+msgstr "WireGuard debug log updated"
 
 msgid "Scan this QR code with your client to connect to this tunnel"
 msgstr "Scan this QR code with your client to connect to this tunnel"
@@ -1140,3 +1140,73 @@ msgstr "WireGuard configuration updated successfully"
 msgid "WireGuard configuration failed to be updated"
 msgstr "WireGuard configuration failed to be updated"
 
+#: templates/firewall.php
+
+msgid "Client Firewall"
+msgstr "Client Firewall"
+
+msgid "Firewall is ENABLED"
+msgstr "Firewall is ENABLED"
+
+msgid "Firewall is OFF"
+msgstr "Firewall is OFF"
+
+msgid "The default firewall will only allow outgoing and already established traffic."
+msgstr "The default firewall will only allow outgoing and already established traffic."
+
+msgid "No incoming UDP traffic is allowed."
+msgstr "No incoming UDP traffic is allowed."
+
+msgid "There are no restrictions for the access point <code>%s</code>."
+msgstr "There are no restrictions for the access point <code>%s</code>."
+
+msgid "Exception: Service"
+msgstr "Exception: Service"
+
+msgid "allow SSH access on port 22"
+msgstr "allow SSH access on port 22"
+
+msgid "allow access to the RaspAP GUI on port 80 or 443"
+msgstr "allow access to the RaspAP GUI on port 80 or 443"
+
+msgid "Allow incoming connections for some services from the internet side."
+msgstr "Allow incoming connections for some services from the internet side."
+
+msgid "Exception: network device"
+msgstr "Exception: network device"
+
+msgid "Exclude device(s)"
+msgstr "Exclude device(s)"
+
+msgid "Exclude the given network device(s) (separated by a blank or comma) from firewall rules."
+msgstr "Exclude the given network device(s) (separated by a blank or comma) from firewall rules."
+
+msgid "Current client devices: <code>%s</code>"
+msgstr "Current client devices: <code>%s</code>"
+
+msgid "The access point <code>%s</code> is per default excluded."
+msgstr "The access point <code>%s</code> is per default excluded."
+
+msgid "Exception: IP-Address"
+msgstr "Exception: IP-Address"
+
+msgid "Allow incoming connections from"
+msgstr "Allow incoming connections from"
+
+msgid "For the given IP-addresses (separated by a blank or comma) the incoming connection (via TCP and UDP) is accepted."
+msgstr "For the given IP-addresses (separated by a blank or comma) the incoming connection (via TCP and UDP) is accepted."
+
+msgid "This is required for an OpenVPN via UDP or Wireguard connection."
+msgstr "This is required for an OpenVPN via UDP or Wireguard connection."
+
+msgid "The list of configured VPN server IP addresses: <code><b>%s</b></code>"
+msgstr "The list of configured VPN server IP addresses: <code><b>%s</b></code>"
+
+msgid "Disable Firewall"
+msgstr "Disable Firewall"
+
+msgid "Enable Firewall"
+msgstr "Enable Firewall"
+
+msgid "Apply changes"
+msgstr "Apply changes"
diff --git a/locale/es_MX/LC_MESSAGES/messages.mo b/locale/es_MX/LC_MESSAGES/messages.mo
index 29f3fb6c..e90306c7 100644
Binary files a/locale/es_MX/LC_MESSAGES/messages.mo and b/locale/es_MX/LC_MESSAGES/messages.mo differ
diff --git a/locale/es_MX/LC_MESSAGES/messages.po b/locale/es_MX/LC_MESSAGES/messages.po
index dfc1661e..4926c273 100644
--- a/locale/es_MX/LC_MESSAGES/messages.po
+++ b/locale/es_MX/LC_MESSAGES/messages.po
@@ -1,22 +1,19 @@
-# RaspAP Portable Object file
-# Project home: https://github.com/billz/raspap-webgui
-# Licensed under the GNU General Public License v3.0
-# This file is distributed under the same license as the RaspAP package
-# FIRST AUTHOR billzimmerman@gmail.com, 2017
-#
-#, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: 1.2.1\n"
+"Project-Id-Version: raspap\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2019-10-21 23:15+0000\n"
-"Last-Translator: Luis Franco <luis_franco1990@hotmail.com>\n"
-"Language-Team: \n"
-"Language: es_MX\n"
+"PO-Revision-Date: 2020-04-14 08:51\n"
+"Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
+"Language-Team: Spanish\n"
+"Language: es_ES\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Crowdin-Project: raspap\n"
+"X-Crowdin-Language: es-ES\n"
+"X-Crowdin-File: /master/locale/en_US/LC_MESSAGES/messages.po\n"
 
 #: index.php
 msgid "RaspAP Wifi Configuration Portal"
@@ -35,7 +32,13 @@ msgid "WiFi client"
 msgstr "Cliente wiFi"
 
 msgid "Hotspot"
-msgstr "Hotspot"
+msgstr ""
+
+msgid "Memory Use"
+msgstr ""
+
+msgid "CPU Temp"
+msgstr ""
 
 msgid "Networking"
 msgstr "Red de trabajo"
@@ -44,10 +47,10 @@ msgid "DHCP Server"
 msgstr "Servidor DHCP"
 
 msgid "OpenVPN"
-msgstr "OpenVPN"
+msgstr ""
 
 msgid "TOR proxy"
-msgstr "TOR proxy"
+msgstr ""
 
 msgid "Authentication"
 msgstr "Autentificacion"
@@ -97,7 +100,7 @@ msgid "Client settings"
 msgstr "Configuracion de Cliente"
 
 msgid "SSID"
-msgstr "SSID"
+msgstr ""
 
 msgid "Channel"
 msgstr "Canal"
@@ -178,8 +181,8 @@ msgstr "Paquetes Trasnferidos"
 msgid "Transferred Bytes"
 msgstr "Bytes Trasnferidos"
 
-msgid "Wireless Information"
-msgstr "Informacion Inalambrica"
+msgid "Wireless Client"
+msgstr ""
 
 msgid "Connected To"
 msgstr "Conectado a"
@@ -248,6 +251,9 @@ msgstr "Lista de Clientes"
 msgid "Interface"
 msgstr "Interfaz"
 
+msgid "DNS Server"
+msgstr "Servidor DNS"
+
 msgid "Starting IP Address"
 msgstr "Dirección IP de incio"
 
@@ -318,31 +324,31 @@ msgid "Dnsmasq is not running"
 msgstr "Dnsmasq no esta iniciado"
 
 msgid "Upstream DNS servers"
-msgstr "Upstream DNS servers"
+msgstr ""
 
 msgid "Only ever query DNS servers configured below"
-msgstr "Only ever query DNS servers configured below"
+msgstr ""
 
 msgid "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
-msgstr "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
+msgstr ""
 
 msgid "This option adds <code>no-resolv</code> to the dnsmasq configuration."
-msgstr "This option adds <code>no-resolv</code> to the dnsmasq configuration."
+msgstr ""
 
 msgid "Add upstream DNS server"
-msgstr "Add upstream DNS server"
+msgstr ""
 
 msgid "Format"
-msgstr "Format"
+msgstr ""
 
 msgid "Choose a hosted server"
-msgstr "Choose a hosted server"
+msgstr ""
 
 msgid "Log DHCP requests"
-msgstr "Log DHCP requests"
+msgstr ""
 
 msgid "Log DNS queries"
-msgstr "Log DNS queries"
+msgstr ""
 
 #: includes/hostapd.php
 msgid "Basic"
@@ -367,7 +373,7 @@ msgid "Encryption Type"
 msgstr "Tipo de Encriptacion"
 
 msgid "PSK"
-msgstr "PSK"
+msgstr ""
 
 msgid "Advanced settings"
 msgstr "Configuracion Avanzada"
@@ -426,6 +432,9 @@ msgstr "Salida del archivo de registro"
 msgid "WiFi client AP mode"
 msgstr "Modo AP de WiFi de cliente"
 
+msgid "Bridged AP mode"
+msgstr ""
+
 msgid "Hide SSID in broadcast"
 msgstr "Ocultar SSID en la transmisión"
 
@@ -445,9 +454,6 @@ msgstr "Configuracion Actual"
 msgid "Default Gateway"
 msgstr "Puerta de Enlace predeterminada"
 
-msgid "DNS Server"
-msgstr "Servidor DNS"
-
 msgid "Alternate DNS Server"
 msgstr "Servidor DNS Alterno"
 
@@ -606,7 +612,7 @@ msgid "Diffie Hellman parameters"
 msgstr "Parámetros Diffie Hellman"
 
 msgid "KeepAlive"
-msgstr "KeepAlive"
+msgstr ""
 
 msgid "Server log"
 msgstr "Registro del servidor"
@@ -660,6 +666,10 @@ msgstr "Intentando iniciar TOR"
 msgid "Attempting to stop TOR"
 msgstr "Intentando detener TOR"
 
+#: template/dashboard.php
+msgid "Bridged AP mode is enabled. For Hostname and IP, see your router's admin page."
+msgstr ""
+
 #: common form controls
 msgid "Save settings"
 msgstr "Guardar Configuraciones"
@@ -682,3 +692,45 @@ msgstr "arriba"
 msgid "down"
 msgstr "abajo"
 
+msgid "adblock"
+msgstr ""
+
+msgid "Ad Blocking"
+msgstr ""
+
+msgid "Start Ad Blocking"
+msgstr ""
+
+msgid "Restart Ad Blocking"
+msgstr ""
+
+msgid "Blocklist settings"
+msgstr ""
+
+msgid "Enable blocklists"
+msgstr ""
+
+msgid "Enable this option if you want RaspAP to <b>block DNS requests for ads, tracking and other virtual garbage</b>. Blocklists are gathered from multiple, actively maintained sources and automatically updated, cleaned, optimized and moderated on a daily basis."
+msgstr ""
+
+msgid "This option adds <code>conf-file</code> and <code>addn-hosts</code> to the dnsmasq configuration."
+msgstr ""
+
+msgid "Choose a blocklist provider"
+msgstr ""
+
+msgid "Hostnames blocklist last updated"
+msgstr ""
+
+msgid "Domains blocklist last updated"
+msgstr ""
+
+msgid "Update now"
+msgstr ""
+
+msgid "Statistics"
+msgstr ""
+
+msgid "Information provided by adblock"
+msgstr ""
+
diff --git a/locale/ja_JP/LC_MESSAGES/messages.mo b/locale/ja_JP/LC_MESSAGES/messages.mo
index 5dfbb4ba..1298711a 100644
Binary files a/locale/ja_JP/LC_MESSAGES/messages.mo and b/locale/ja_JP/LC_MESSAGES/messages.mo differ
diff --git a/locale/ja_JP/LC_MESSAGES/messages.po b/locale/ja_JP/LC_MESSAGES/messages.po
index 26401630..439ec8b4 100644
--- a/locale/ja_JP/LC_MESSAGES/messages.po
+++ b/locale/ja_JP/LC_MESSAGES/messages.po
@@ -1,26 +1,19 @@
-# RaspAP Portable Object file
-# Project home: https://github.com/billz/raspap-webgui
-# Licensed under the GNU General Public License v3.0
-# This file is distributed under the same license as the RaspAP package
-# FIRST AUTHOR billzimmerman@gmail.com, 2017
-# 
-# Translators:
-# William Zimmerman <billzimmerman@gmail.com>, 2019
-# 
-#, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: 1.2.1\n"
+"Project-Id-Version: raspap\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2019-10-25 17:42+0000\n"
-"Last-Translator: William Zimmerman <billzimmerman@gmail.com>, 2019\n"
-"Language-Team: Japanese (https://www.transifex.com/na-360/teams/104285/ja/)\n"
+"PO-Revision-Date: 2020-04-17 06:37\n"
+"Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
+"Language-Team: Japanese\n"
+"Language: ja_JP\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Language: ja\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
+"X-Crowdin-Project: raspap\n"
+"X-Crowdin-Language: ja\n"
+"X-Crowdin-File: /master/locale/en_US/LC_MESSAGES/messages.po\n"
 
 #: index.php
 msgid "RaspAP Wifi Configuration Portal"
@@ -41,6 +34,12 @@ msgstr "WiFiクライアント"
 msgid "Hotspot"
 msgstr "ホットスポット"
 
+msgid "Memory Use"
+msgstr "メモリ使用率"
+
+msgid "CPU Temp"
+msgstr "CPU温度"
+
 msgid "Networking"
 msgstr "ネットワーク"
 
@@ -115,9 +114,7 @@ msgstr "パスフレーズ"
 msgid "Wifi settings updated successfully"
 msgstr "Wifi設定が正常に更新されました"
 
-msgid ""
-"Wifi settings updated but cannot restart (cannot execute 'wpa_cli "
-"reconfigure')"
+msgid "Wifi settings updated but cannot restart (cannot execute 'wpa_cli reconfigure')"
 msgstr "Wifi設定は更新されましたが、再起動できません（「wpa_cli reconfigure」を実行できません）"
 
 msgid "Wifi settings failed to be updated"
@@ -147,11 +144,8 @@ msgstr "隠す"
 msgid "Not configured"
 msgstr "設定されていません"
 
-msgid ""
-"<strong>Note:</strong> WEP access points appear as 'Open'. RaspAP does not "
-"currently support connecting to WEP"
-msgstr ""
-"<strong>注：</strong> WEPアクセスポイントは「オープン」と表示されます。RaspAPは現在、WEPへの接続をサポートしていません"
+msgid "<strong>Note:</strong> WEP access points appear as 'Open'. RaspAP does not currently support connecting to WEP"
+msgstr "<strong>注：</strong> WEPアクセスポイントは「オープン」と表示されます。RaspAPは現在、WEPへの接続をサポートしていません"
 
 #: includes/dashboard.php
 msgid "Interface Information"
@@ -187,8 +181,8 @@ msgstr "転送されたパケット"
 msgid "Transferred Bytes"
 msgstr "転送されたバイト"
 
-msgid "Wireless Information"
-msgstr "ワイヤレスの情報"
+msgid "Wireless Client"
+msgstr "無線クライアント"
 
 msgid "Connected To"
 msgstr "接続"
@@ -330,31 +324,31 @@ msgid "Dnsmasq is not running"
 msgstr "Dnsmasqが実行されていません"
 
 msgid "Upstream DNS servers"
-msgstr "Upstream DNS servers"
+msgstr "アップストリームDNSサーバー"
 
 msgid "Only ever query DNS servers configured below"
-msgstr "Only ever query DNS servers configured below"
+msgstr ""
 
 msgid "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
-msgstr "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
+msgstr ""
 
 msgid "This option adds <code>no-resolv</code> to the dnsmasq configuration."
-msgstr "This option adds <code>no-resolv</code> to the dnsmasq configuration."
+msgstr ""
 
 msgid "Add upstream DNS server"
-msgstr "Add upstream DNS server"
+msgstr "アップストリームDNSサーバーを追加"
 
 msgid "Format"
-msgstr "Format"
+msgstr ""
 
 msgid "Choose a hosted server"
-msgstr "Choose a hosted server"
+msgstr ""
 
 msgid "Log DHCP requests"
-msgstr "Log DHCP requests"
+msgstr ""
 
 msgid "Log DNS queries"
-msgstr "Log DNS queries"
+msgstr ""
 
 #: includes/hostapd.php
 msgid "Basic"
@@ -438,17 +432,17 @@ msgstr "ログファイル出力"
 msgid "WiFi client AP mode"
 msgstr "WiFiクライアントAPモード"
 
+msgid "Bridged AP mode"
+msgstr ""
+
 msgid "Hide SSID in broadcast"
 msgstr "ブロードキャストでSSIDを非表示"
 
 msgid "Maximum number of clients"
 msgstr "クライアントの最大数"
 
-msgid ""
-"Configures the max_num_sta option of hostapd. The default and maximum is "
-"2007. If empty or 0, the default applies."
-msgstr ""
-"hostapdのmax_num_staオプションを構成します。 デフォルトおよび最大値は2007です。空欄または0の場合、デフォルトが適用されます。"
+msgid "Configures the max_num_sta option of hostapd. The default and maximum is 2007. If empty or 0, the default applies."
+msgstr "hostapdのmax_num_staオプションを構成します。 デフォルトおよび最大値は2007です。空欄または0の場合、デフォルトが適用されます。"
 
 #: includes/networking.php
 msgid "Summary"
@@ -672,6 +666,10 @@ msgstr "TORを実行しようとしています"
 msgid "Attempting to stop TOR"
 msgstr "TORを停止しようとしています"
 
+#: template/dashboard.php
+msgid "Bridged AP mode is enabled. For Hostname and IP, see your router's admin page."
+msgstr ""
+
 #: common form controls
 msgid "Save settings"
 msgstr "設定を保存"
@@ -693,3 +691,46 @@ msgstr "上"
 
 msgid "down"
 msgstr "下"
+
+msgid "adblock"
+msgstr "adblock"
+
+msgid "Ad Blocking"
+msgstr "広告ブロック"
+
+msgid "Start Ad Blocking"
+msgstr "広告ブロックを開始する"
+
+msgid "Restart Ad Blocking"
+msgstr "広告ブロックを再開する"
+
+msgid "Blocklist settings"
+msgstr ""
+
+msgid "Enable blocklists"
+msgstr ""
+
+msgid "Enable this option if you want RaspAP to <b>block DNS requests for ads, tracking and other virtual garbage</b>. Blocklists are gathered from multiple, actively maintained sources and automatically updated, cleaned, optimized and moderated on a daily basis."
+msgstr ""
+
+msgid "This option adds <code>conf-file</code> and <code>addn-hosts</code> to the dnsmasq configuration."
+msgstr ""
+
+msgid "Choose a blocklist provider"
+msgstr ""
+
+msgid "Hostnames blocklist last updated"
+msgstr ""
+
+msgid "Domains blocklist last updated"
+msgstr ""
+
+msgid "Update now"
+msgstr "今すぐ更新する"
+
+msgid "Statistics"
+msgstr "統計"
+
+msgid "Information provided by adblock"
+msgstr ""
+
diff --git a/locale/ko_KR/LC_MESSAGES/messages.mo b/locale/ko_KR/LC_MESSAGES/messages.mo
index 9eb3acb9..f5163afc 100644
Binary files a/locale/ko_KR/LC_MESSAGES/messages.mo and b/locale/ko_KR/LC_MESSAGES/messages.mo differ
diff --git a/locale/ko_KR/LC_MESSAGES/messages.po b/locale/ko_KR/LC_MESSAGES/messages.po
index 9f3a8aa3..2879edcf 100644
--- a/locale/ko_KR/LC_MESSAGES/messages.po
+++ b/locale/ko_KR/LC_MESSAGES/messages.po
@@ -1,26 +1,19 @@
-# RaspAP Portable Object file
-# Project home: https://github.com/billz/raspap-webgui
-# Licensed under the GNU General Public License v3.0
-# This file is distributed under the same license as the RaspAP package
-# FIRST AUTHOR billzimmerman@gmail.com, 2017
-# 
-# Translators:
-# William Zimmerman <billzimmerman@gmail.com>, 2019
-# 
-#, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: 1.2.1\n"
+"Project-Id-Version: raspap\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2019-10-25 17:42+0000\n"
-"Last-Translator: William Zimmerman <billzimmerman@gmail.com>, 2019\n"
-"Language-Team: Korean (https://www.transifex.com/na-360/teams/104285/ko/)\n"
+"PO-Revision-Date: 2020-04-14 08:51\n"
+"Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
+"Language-Team: Korean\n"
+"Language: ko_KR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Language: ko\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
+"X-Crowdin-Project: raspap\n"
+"X-Crowdin-Language: ko\n"
+"X-Crowdin-File: /master/locale/en_US/LC_MESSAGES/messages.po\n"
 
 #: index.php
 msgid "RaspAP Wifi Configuration Portal"
@@ -41,6 +34,12 @@ msgstr "WiFi 클라이언트"
 msgid "Hotspot"
 msgstr "핫스팟"
 
+msgid "Memory Use"
+msgstr ""
+
+msgid "CPU Temp"
+msgstr ""
+
 msgid "Networking"
 msgstr "네트워킹"
 
@@ -101,7 +100,7 @@ msgid "Client settings"
 msgstr "클라이언트 설정 "
 
 msgid "SSID"
-msgstr "SSID"
+msgstr ""
 
 msgid "Channel"
 msgstr "채널 "
@@ -115,9 +114,7 @@ msgstr "암호 "
 msgid "Wifi settings updated successfully"
 msgstr "Wifi 설정이 성공적으로 업데이트되었습니다"
 
-msgid ""
-"Wifi settings updated but cannot restart (cannot execute 'wpa_cli "
-"reconfigure')"
+msgid "Wifi settings updated but cannot restart (cannot execute 'wpa_cli reconfigure')"
 msgstr "Wifi 설정이 업데이트되었지만 재시작할 수 없습니다('wpa_cli reconfigure'를 실행할 수 없습니다)"
 
 msgid "Wifi settings failed to be updated"
@@ -147,11 +144,8 @@ msgstr "숨기기 "
 msgid "Not configured"
 msgstr "환결설정 안됨"
 
-msgid ""
-"<strong>Note:</strong> WEP access points appear as 'Open'. RaspAP does not "
-"currently support connecting to WEP"
-msgstr ""
-"<strong>주의:</strong> WEP 접근점은 'Open'으로 표시됩니다. RaspAP은 현재 WEP 연결을 지원하지 않습니다"
+msgid "<strong>Note:</strong> WEP access points appear as 'Open'. RaspAP does not currently support connecting to WEP"
+msgstr "<strong>주의:</strong> WEP 접근점은 'Open'으로 표시됩니다. RaspAP은 현재 WEP 연결을 지원하지 않습니다"
 
 #: includes/dashboard.php
 msgid "Interface Information"
@@ -187,8 +181,8 @@ msgstr "전송된 패킷"
 msgid "Transferred Bytes"
 msgstr "전송된 바이트량"
 
-msgid "Wireless Information"
-msgstr "무선 정보"
+msgid "Wireless Client"
+msgstr ""
 
 msgid "Connected To"
 msgstr "연결"
@@ -330,31 +324,31 @@ msgid "Dnsmasq is not running"
 msgstr "Dnsmasq가 실행 중이 아닙니다 "
 
 msgid "Upstream DNS servers"
-msgstr "Upstream DNS servers"
+msgstr ""
 
 msgid "Only ever query DNS servers configured below"
-msgstr "Only ever query DNS servers configured below"
+msgstr ""
 
 msgid "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
-msgstr "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
+msgstr ""
 
 msgid "This option adds <code>no-resolv</code> to the dnsmasq configuration."
-msgstr "This option adds <code>no-resolv</code> to the dnsmasq configuration."
+msgstr ""
 
 msgid "Add upstream DNS server"
-msgstr "Add upstream DNS server"
+msgstr ""
 
 msgid "Format"
-msgstr "Format"
+msgstr ""
 
 msgid "Choose a hosted server"
-msgstr "Choose a hosted server"
+msgstr ""
 
 msgid "Log DHCP requests"
-msgstr "Log DHCP requests"
+msgstr ""
 
 msgid "Log DNS queries"
-msgstr "Log DNS queries"
+msgstr ""
 
 #: includes/hostapd.php
 msgid "Basic"
@@ -379,7 +373,7 @@ msgid "Encryption Type"
 msgstr "암호화 유형"
 
 msgid "PSK"
-msgstr "PSK"
+msgstr ""
 
 msgid "Advanced settings"
 msgstr "고급 설정 "
@@ -438,18 +432,17 @@ msgstr "로그파일 출력"
 msgid "WiFi client AP mode"
 msgstr "WiFi 클라이언트 AP 모드 "
 
+msgid "Bridged AP mode"
+msgstr ""
+
 msgid "Hide SSID in broadcast"
 msgstr "방송 중에 SSID 숨기기 "
 
 msgid "Maximum number of clients"
 msgstr "클라이언트 최대 개수"
 
-msgid ""
-"Configures the max_num_sta option of hostapd. The default and maximum is "
-"2007. If empty or 0, the default applies."
-msgstr ""
-"hostapd의 max_num_sta option을 구성합니다. 기본값 및 최대값은 2007입니다. 비었거나 0인 경우 기본값이 "
-"적용됩니다."
+msgid "Configures the max_num_sta option of hostapd. The default and maximum is 2007. If empty or 0, the default applies."
+msgstr "hostapd의 max_num_sta option을 구성합니다. 기본값 및 최대값은 2007입니다. 비었거나 0인 경우 기본값이 적용됩니다."
 
 #: includes/networking.php
 msgid "Summary"
@@ -673,6 +666,10 @@ msgstr "TOR 시작 시도 중입니다 "
 msgid "Attempting to stop TOR"
 msgstr "TOR 중지 시도 중입니다 "
 
+#: template/dashboard.php
+msgid "Bridged AP mode is enabled. For Hostname and IP, see your router's admin page."
+msgstr ""
+
 #: common form controls
 msgid "Save settings"
 msgstr "설정 저장"
@@ -694,3 +691,46 @@ msgstr "작동"
 
 msgid "down"
 msgstr "다운"
+
+msgid "adblock"
+msgstr ""
+
+msgid "Ad Blocking"
+msgstr ""
+
+msgid "Start Ad Blocking"
+msgstr ""
+
+msgid "Restart Ad Blocking"
+msgstr ""
+
+msgid "Blocklist settings"
+msgstr ""
+
+msgid "Enable blocklists"
+msgstr ""
+
+msgid "Enable this option if you want RaspAP to <b>block DNS requests for ads, tracking and other virtual garbage</b>. Blocklists are gathered from multiple, actively maintained sources and automatically updated, cleaned, optimized and moderated on a daily basis."
+msgstr ""
+
+msgid "This option adds <code>conf-file</code> and <code>addn-hosts</code> to the dnsmasq configuration."
+msgstr ""
+
+msgid "Choose a blocklist provider"
+msgstr ""
+
+msgid "Hostnames blocklist last updated"
+msgstr ""
+
+msgid "Domains blocklist last updated"
+msgstr ""
+
+msgid "Update now"
+msgstr ""
+
+msgid "Statistics"
+msgstr ""
+
+msgid "Information provided by adblock"
+msgstr ""
+
diff --git a/locale/ro_RO/LC_MESSAGES/messages.mo b/locale/ro_RO/LC_MESSAGES/messages.mo
new file mode 100644
index 00000000..13768252
Binary files /dev/null and b/locale/ro_RO/LC_MESSAGES/messages.mo differ
diff --git a/locale/ro_RO/LC_MESSAGES/messages.po b/locale/ro_RO/LC_MESSAGES/messages.po
new file mode 100644
index 00000000..3003a48f
--- /dev/null
+++ b/locale/ro_RO/LC_MESSAGES/messages.po
@@ -0,0 +1,1206 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: raspap\n"
+"Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
+"POT-Creation-Date: 2017-10-19 08:56+0000\n"
+"PO-Revision-Date: 2021-12-31 14:29\n"
+"Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
+"Language-Team: Romanian\n"
+"Language: ro_RO\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : (n==0 || (n%100>0 && n%100<20)) ? 1 : 2);\n"
+"X-Crowdin-Project: raspap\n"
+"X-Crowdin-Project-ID: 395801\n"
+"X-Crowdin-Language: ro\n"
+"X-Crowdin-File: /master/locale/en_US/LC_MESSAGES/messages.po\n"
+"X-Crowdin-File-ID: 10\n"
+
+#: index.php
+msgid "RaspAP Wifi Configuration Portal"
+msgstr "Portal de configurare RaspAP Wi-Fi"
+
+msgid "Toggle navigation"
+msgstr "Comută navigarea"
+
+msgid "RaspAP Wifi Portal"
+msgstr "Portal Wifi RaspAP"
+
+msgid "Dashboard"
+msgstr "Tablou de bord"
+
+msgid "WiFi client"
+msgstr "Client Wi-Fi"
+
+msgid "Hotspot"
+msgstr "Hotspot"
+
+msgid "Memory Use"
+msgstr "Memorie utilizată"
+
+msgid "CPU Temp"
+msgstr "Temp CPU"
+
+msgid "Networking"
+msgstr "Reţele"
+
+msgid "DHCP Server"
+msgstr "Serverul DHCP"
+
+msgid "OpenVPN"
+msgstr "OpenVPN"
+
+msgid "TOR proxy"
+msgstr "Proxy TOR"
+
+msgid "Authentication"
+msgstr "Autentificare"
+
+msgid "Change Theme"
+msgstr "Schimbare temă"
+
+msgid "System"
+msgstr "Sistem"
+
+msgid "About RaspAP"
+msgstr "Despre RaspAP"
+
+#: includes/admin.php
+msgid "Authentication settings"
+msgstr "Setări de autentificare"
+
+msgid "New passwords do not match"
+msgstr "Parolele noi nu coincid"
+
+msgid "Username must not be empty"
+msgstr "Numele de utilizator trebuie să fie completat"
+
+msgid "Admin password updated"
+msgstr "Parolă de administrare actualizată"
+
+msgid "Failed to update admin password"
+msgstr "Actualizarea parolei de administrare a eșuat"
+
+msgid "Old password does not match"
+msgstr "Parola anterioară nu se potrivește"
+
+msgid "Username"
+msgstr "Nume de utilizator"
+
+msgid "Old password"
+msgstr "Parola anterioară"
+
+msgid "New password"
+msgstr "Parola nouă"
+
+msgid "Repeat new password"
+msgstr "Reintroduceți parola nouă"
+
+#: includes/configure_client.php
+msgid "Client settings"
+msgstr "Setările clientului"
+
+msgid "SSID"
+msgstr "SSID"
+
+msgid "Channel"
+msgstr "Canal"
+
+msgid "Security"
+msgstr "Securitate"
+
+msgid "Passphrase"
+msgstr "Parolă"
+
+msgid "Wifi settings updated successfully"
+msgstr "Setările Wi-Fi actualizate cu succes"
+
+msgid "Wifi settings updated but cannot restart (cannot execute 'wpa_cli reconfigure')"
+msgstr "Setările Wi-Fi actualizate dar nu pot reporni (nu se poate executa 'wpa_cli reconfigurare')"
+
+msgid "Wifi settings failed to be updated"
+msgstr "Setările Wi-Fi nu au putut fi actualizate"
+
+msgid "Failed to update wifi settings"
+msgstr "Actualizarea setărilor Wi-Fi a eșuat"
+
+msgid "Rescan"
+msgstr "Scanează din nou"
+
+msgid "Update"
+msgstr "Actualizare"
+
+msgid "Add"
+msgstr "Adaugă"
+
+msgid "Delete"
+msgstr "Șterge"
+
+msgid "Show"
+msgstr "Afișează"
+
+msgid "Hide"
+msgstr "Ascunde"
+
+msgid "Not configured"
+msgstr "Neconfigurat"
+
+msgid "Connected"
+msgstr ""
+
+msgid "Known"
+msgstr ""
+
+msgid "Nearby"
+msgstr ""
+
+msgid "<strong>Note:</strong> WEP access points appear as 'Open'. RaspAP does not currently support connecting to WEP"
+msgstr "<strong>Notă:</strong> Punctele de acces WEP apar ca 'Open'. RaspAP nu acceptă conectarea la WEP"
+
+msgid "No Wifi stations found"
+msgstr ""
+
+msgid "Reinitializing wpa_supplicant"
+msgstr ""
+
+msgid "Click 'Rescan' to search for nearby Wifi stations."
+msgstr ""
+
+msgid "Click 'Reinitialize' to force reinitialize <code>wpa_supplicant</code>."
+msgstr ""
+
+msgid "Reinitialize"
+msgstr ""
+
+#: includes/dashboard.php
+msgid "Interface Information"
+msgstr "Informaţii Interfaţă"
+
+msgid "Interface Name"
+msgstr "Numele interfeței"
+
+msgid "IPv4 Address"
+msgstr "Adresă IPv4"
+
+msgid "IPv6 Address"
+msgstr "Adresă IPv6"
+
+msgid "Subnet Mask"
+msgstr "Mască subrețea"
+
+msgid "Mac Address"
+msgstr "Adresa Mac"
+
+msgid "Interface Statistics"
+msgstr "Statistici interfață"
+
+msgid "Received Packets"
+msgstr "Pachete primite"
+
+msgid "Received Bytes"
+msgstr "Octeți primiți"
+
+msgid "Transferred Packets"
+msgstr "Pachete transferate"
+
+msgid "Transferred Bytes"
+msgstr "Octeți transferați"
+
+msgid "Wireless Client"
+msgstr "Client wireless"
+
+msgid "Connected To"
+msgstr "Conectat la"
+
+msgid "AP Mac Address"
+msgstr "Adresă Mac a AP"
+
+msgid "Bitrate"
+msgstr "Bitrate"
+
+msgid "Signal Level"
+msgstr "Nivelul semnalului"
+
+msgid "Transmit Power"
+msgstr "Putere de transmisie"
+
+msgid "Frequency"
+msgstr "Frecvența"
+
+msgid "Link Quality"
+msgstr "Calitate legătură"
+
+msgid "Information provided by ip and iw and from system"
+msgstr "Informaţii furnizate de ip, iw şi de sistem"
+
+msgid "No MAC Address Found"
+msgstr "Nu s-a găsit nicio adresă MAC"
+
+msgid "No IP Address Found"
+msgstr "Nu s-a găsit nicio adresă IP"
+
+msgid "No Subnet Mask Found"
+msgstr "Nu s-a găsit nicio mască de subrețea"
+
+msgid "No Data"
+msgstr "Nu există date"
+
+msgid "Not connected"
+msgstr "Neconectat"
+
+msgid "Interface is up"
+msgstr "Interfață activă"
+
+msgid "Interface is down"
+msgstr "Interfață inactivă"
+
+msgid "Interface already down"
+msgstr "Interfața era inactivă"
+
+msgid "Start wlan0"
+msgstr "Pornire wlan0"
+
+msgid "Stop wlan0"
+msgstr "Oprire wlan0"
+
+msgid "Connected Devices"
+msgstr "Dispozitive conectate"
+
+msgid "Client: Ethernet cable"
+msgstr ""
+
+msgid "Ethernet"
+msgstr ""
+
+msgid "Client: Smartphone (USB tethering)"
+msgstr ""
+
+msgid "Smartphone"
+msgstr ""
+
+msgid "WiFi"
+msgstr ""
+
+msgid "Mobile Data Client"
+msgstr ""
+
+msgid "Mobile Data"
+msgstr ""
+
+msgid "No information available"
+msgstr ""
+
+msgid "Interface name invalid"
+msgstr ""
+
+msgid "Required exec function is disabled. Check if exec is not added to php <code>disable_functions</code>."
+msgstr ""
+
+msgid "Waiting for the interface to start ..."
+msgstr ""
+
+msgid "Stop the Interface"
+msgstr ""
+
+msgid "Connection mode"
+msgstr ""
+
+msgid "Signal quality"
+msgstr ""
+
+msgid "WAN IP"
+msgstr ""
+
+msgid "Web-GUI"
+msgstr ""
+
+msgid "Signal strength"
+msgstr ""
+
+msgid "No Client device or not yet configured"
+msgstr ""
+
+#: includes/dhcp.php
+msgid "DHCP server settings"
+msgstr "Setări server DHCP"
+
+msgid "Client list"
+msgstr "Listă clienți"
+
+msgid "Interface"
+msgstr "Interfață"
+
+msgid "Enable DHCP for this interface"
+msgstr "Activează DHCP pentru această interfață"
+
+msgid "Enable this option if you want RaspAP to assign IP addresses on the selected interface."
+msgstr "Activați această opțiune dacă doriți ca RaspAP să atribuie adrese IP pe interfața selectată."
+
+msgid "DNS Server"
+msgstr "Server DNS"
+
+msgid "Starting IP Address"
+msgstr "Adresă IP de început"
+
+msgid "Ending IP Address"
+msgstr "Adresă IP finală"
+
+msgid "Static Leases"
+msgstr "Adrese atribuite static"
+
+msgid "Add static DHCP lease"
+msgstr "Adaugă adrese statice serverului DHCP"
+
+msgid "Lease Time"
+msgstr "Timp de atribuire"
+
+msgid "Interval"
+msgstr "Interval"
+
+msgid "Active DHCP leases"
+msgstr "Adrese atribuite DHCP"
+
+msgid "Expire time"
+msgstr "Timp de expirare"
+
+msgid "MAC Address"
+msgstr "Adresă MAC"
+
+msgid "Optional comment"
+msgstr ""
+
+msgid "Host name"
+msgstr "Denumire client"
+
+msgid "Client ID"
+msgstr "Identitatea clientului"
+
+msgid "Information provided by Dnsmasq"
+msgstr "Informații furnizate de Dnsmasq"
+
+msgid "Stop dnsmasq"
+msgstr "Oprire dnsmasq"
+
+msgid "Start dnsmasq"
+msgstr "Pornire Dnsmasq"
+
+msgid "Dnsmasq configuration updated successfully"
+msgstr "Configurarea dnsmasq actualizată cu succes"
+
+msgid "dnsmasq already running"
+msgstr "dnsmasq este pornit"
+
+msgid "Successfully started dnsmasq"
+msgstr "Dnsmasq pornit cu succes"
+
+msgid "Failed to start dnsmasq"
+msgstr "Pornirea dnsmasq a eșuat"
+
+msgid "Successfully stopped dnsmasq"
+msgstr "Dnsmasq oprit cu succes"
+
+msgid "Failed to stop dnsmasq"
+msgstr "Oprirea dnsmasq a eșuat"
+
+msgid "dnsmasq already stopped"
+msgstr "dnsmasq deja oprit"
+
+msgid "Dnsmasq is running"
+msgstr "Dnsmasq rulează"
+
+msgid "Dnsmasq is not running"
+msgstr "Dnsmasq nu rulează"
+
+msgid "Upstream DNS servers"
+msgstr "Servere DNS upstream"
+
+msgid "Only ever query DNS servers configured below"
+msgstr "Numai serverele DNS configurate mai jos"
+
+msgid "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
+msgstr "Activați această opțiune dacă doriți ca RaspAP să <b>trimită interogări DNS la serverele configurate mai jos exclusiv</b>. În mod implicit, RaspAP folosește și serverele sale DHCP upstream."
+
+msgid "This option adds <code>no-resolv</code> to the dnsmasq configuration."
+msgstr "Această opțiune adaugă <code>no-resolv</code> la configurația dnsmasq."
+
+msgid "Add upstream DNS server"
+msgstr "Adaugă server DNS upstream"
+
+msgid "Format"
+msgstr "Format"
+
+msgid "Choose a hosted server"
+msgstr "Alege un server"
+
+msgid "Enable these options to log DHCP server activity."
+msgstr "Activați aceste opțiuni pentru a înregistra activitatea serverului DHCP."
+
+msgid "Log DHCP requests"
+msgstr "Înregistrează cererile DHCP"
+
+msgid "Log DNS queries"
+msgstr "Înregistrează interogările DNS"
+
+msgid "Restrict access"
+msgstr "Restricționare acces"
+
+msgid "Limit network access to static clients"
+msgstr "Limitează accesul la rețea pentru clienții statici"
+
+msgid "Enable this option if you want RaspAP to <b>ignore any clients</b> which are not specified in the static leases list."
+msgstr "Activați această opțiune dacă doriți ca RaspAP să <b>ignore orice clienți</b> care nu sunt specificați în lista de leasing static."
+
+msgid "This option adds <code>dhcp-ignore</code> to the dnsmasq configuration."
+msgstr "Această opțiune adaugă <code>dhcp-ignore</code> la configurația dnsmasq."
+
+msgid "Clients with a particular hardware MAC address can always be allocated the same IP address."
+msgstr "Clienților cu o anumită adresă MAC hardware li se poate atribui întotdeauna aceeași adresă IP."
+
+msgid "This option adds <code>dhcp-host</code> entries to the dnsmasq configuration."
+msgstr "Această opţiune adaugă <code>dhcp-host</code> intrărilor la configuraţia dnsmasq."
+
+msgid "This toggles the <code>gateway</code>/<code>nogateway</code> option for this interface in the DHCPCD configuration."
+msgstr "Comută între <code>gateway</code>/<code>nogateway</code> pentru această interfaţă în configuraţia DHCPCD."
+
+#: includes/hostapd.php
+msgid "Basic"
+msgstr "Setări de bază"
+
+msgid "Advanced"
+msgstr "Setări avansate"
+
+msgid "Basic settings"
+msgstr "Setări de bază"
+
+msgid "Wireless Mode"
+msgstr "Standard"
+
+msgid "Security settings"
+msgstr "Setări de securitate"
+
+msgid "Security type"
+msgstr "Tipul de securitate"
+
+msgid "Encryption Type"
+msgstr "Tipul de criptare"
+
+msgid "PSK"
+msgstr "PSK"
+
+msgid "Advanced settings"
+msgstr "Setări avansate"
+
+msgid "Country Code"
+msgstr "Codul țării"
+
+msgid "Information provided by hostapd"
+msgstr "Informații furnizate de hostapd"
+
+msgid "Attempting to start hotspot"
+msgstr "Se încearcă pornirea hotspot-ului"
+
+msgid "Attempting to stop hotspot"
+msgstr "Se încearcă oprirea hotspot-ului"
+
+msgid "HostAPD is not running"
+msgstr "HostAPD nu rulează"
+
+msgid "HostAPD is running"
+msgstr "HostAPD rulează"
+
+msgid "SSID must be between 1 and 32 characters"
+msgstr "SSID trebuie să aibă între 1 și 32 de caractere"
+
+msgid "WPA passphrase must be between 8 and 63 characters"
+msgstr "Parola WPA trebuie să aibă între 8 şi 63 de caractere"
+
+msgid "Unknown interface"
+msgstr "Interfață necunoscută"
+
+msgid "Country code must be blank or two characters"
+msgstr "Codul țării trebuie să fie necompletat sau format din două caractere"
+
+msgid "Wifi Hotspot settings saved"
+msgstr "Setările punctului de acces Wi-Fi sunt salvate"
+
+msgid "Unable to save wifi hotspot settings"
+msgstr "Nu s-au putut salva setările pentru punctul de acces Wi-Fi"
+
+msgid "Start hotspot"
+msgstr "Pornește punctul de acces"
+
+msgid "Stop hotspot"
+msgstr "Oprește punctul de acces"
+
+msgid "Restart hotspot"
+msgstr "Restarteaza punctul de acces"
+
+msgid "Enable logging"
+msgstr "Activează înregistrarea"
+
+msgid "Logfile output"
+msgstr "Jurnal"
+
+msgid "WiFi client AP mode"
+msgstr "Mod AP al clientului Wi-Fi"
+
+msgid "Bridged AP mode"
+msgstr "Mod bridged AP"
+
+msgid "Hide SSID in broadcast"
+msgstr "Ascunde transmiterea SSID"
+
+msgid "Maximum number of clients"
+msgstr "Număr maxim de clienți"
+
+msgid "Configures the <code>max_num_sta</code> option of hostapd. The default and maximum is 2007. If empty or 0, the default applies."
+msgstr ""
+
+msgid "Beacon interval"
+msgstr "Interval semnalizator"
+
+msgid "Disable <code>disassoc_low_ack</code>"
+msgstr "Dezactivează <code>disassoc_low_ack</code>"
+
+msgid "Do not disassociate stations based on excessive transmission failures."
+msgstr "Nu disocia stațiile pe baza erorilor de transmisie excesive."
+
+msgid "Executing RaspAP service start"
+msgstr "Pornire serviciu RaspAP"
+
+msgid "Close"
+msgstr "Închide"
+
+msgid "Enable this option to log <code>hostapd</code> activity."
+msgstr "Activează această opţiune pentru a înregistra activitatea <code>hostapd</code>."
+
+msgid "Transmit power (dBm)"
+msgstr ""
+
+msgid "Sets the <code>txpower</code> option for the AP interface and the configured country."
+msgstr ""
+
+msgid "dBm is a unit of level used to indicate that a power ratio is expressed in decibels (dB) with reference to one milliwatt (mW). 30 dBm is equal to 1000 mW, while 0 dBm equals 1.25 mW."
+msgstr ""
+
+#: includes/networking.php
+msgid "Summary"
+msgstr "Sumar"
+
+msgid "Internet connection"
+msgstr "Conexiune la internet"
+
+msgid "Current settings"
+msgstr "Setările curente"
+
+msgid "Default Gateway"
+msgstr "Gateway implicit"
+
+msgid "Alternate DNS Server"
+msgstr "Server DNS alternativ"
+
+msgid "Adapter IP Address Settings"
+msgstr "Setări adresă IP adaptor"
+
+msgid "Enable Fallback to Static Option"
+msgstr "Utilizați o adresă statică dacă serverul nu răspunde"
+
+msgid "Static IP"
+msgstr "IP static"
+
+msgid "Enabled"
+msgstr "Activat"
+
+msgid "Disabled"
+msgstr "Dezactivat"
+
+msgid "Static IP Options"
+msgstr "Opțiuni IP static"
+
+msgid "Metric"
+msgstr "Metric"
+
+msgid "Apply settings"
+msgstr "Aplicare setări"
+
+msgid "Information provided by /sys/class/net"
+msgstr "Informații furnizate de /sys/class/net"
+
+msgid "Network Devices"
+msgstr ""
+
+msgid "Mobile Data Settings"
+msgstr ""
+
+msgid "Properties of network devices"
+msgstr ""
+
+msgid "Device"
+msgstr ""
+
+msgid "MAC"
+msgstr ""
+
+msgid "USB vid/pid"
+msgstr ""
+
+msgid "Device type"
+msgstr ""
+
+msgid "Fixed name"
+msgstr ""
+
+msgid "Change"
+msgstr ""
+
+msgid "Settings for Mobile Data Devices"
+msgstr ""
+
+msgid "PIN of SIM card"
+msgstr ""
+
+msgid "APN Settings (Modem device ppp0)"
+msgstr ""
+
+msgid "Access Point Name (APN)"
+msgstr ""
+
+msgid "Password"
+msgstr ""
+
+msgid "Successfully Updated Network Configuration"
+msgstr ""
+
+msgid "Error saving network configuration to file"
+msgstr ""
+
+msgid "Unable to detect interface"
+msgstr ""
+
+#: includes/system.php
+msgid "System Information"
+msgstr "Informații Sistem"
+
+msgid "Language"
+msgstr "Limbă"
+
+msgid "Language settings"
+msgstr "Setări limbă"
+
+msgid "Select a language"
+msgstr "Selectați limba"
+
+msgid "Language setting saved"
+msgstr "Setarea limbii salvată"
+
+msgid "Console"
+msgstr "Consolă"
+
+msgid "Hostname"
+msgstr "Nume gazdă"
+
+msgid "Pi Revision"
+msgstr "Model Pi"
+
+msgid "Uptime"
+msgstr "Timp de funcționare"
+
+msgid "Memory Used"
+msgstr "Memorie utilizată"
+
+msgid "CPU Load"
+msgstr "Încărcare procesor"
+
+msgid "Reboot"
+msgstr "Restartează"
+
+msgid "Shutdown"
+msgstr "Inchide"
+
+msgid "System Rebooting Now!"
+msgstr "Sistemul reporneşte acum!"
+
+msgid "System Shutting Down Now!"
+msgstr "Sistemul se închide acum!"
+
+msgid "Web server port"
+msgstr "Portul serverului web"
+
+msgid "Web server bind address"
+msgstr "Adresă de legătură server web"
+
+#: includes/themes.php
+msgid "Theme settings"
+msgstr "Setări temă"
+
+msgid "Select a theme"
+msgstr "Selectaţi o temă"
+
+msgid "Color"
+msgstr "Culoare"
+
+#: includes/data_usage.php
+msgid "Data usage"
+msgstr "Utilizarea datelor"
+
+msgid "Data usage monitoring"
+msgstr "Monitorizare utilizare date"
+
+msgid "Hourly traffic amount"
+msgstr "Trafic pe oră"
+
+msgid "Daily traffic amount"
+msgstr "Trafic zilnic"
+
+msgid "Monthly traffic amount"
+msgstr "Trafic lunar"
+
+msgid "Hourly"
+msgstr "Pe oră"
+
+msgid "Daily"
+msgstr "Zilnic"
+
+msgid "Monthly"
+msgstr "Lunar"
+
+msgid "interface"
+msgstr "interfață"
+
+msgid "date"
+msgstr "dată"
+
+msgid "Send MB"
+msgstr "MO trimiși"
+
+msgid "Receive MB"
+msgstr "MO recepționați"
+
+msgid "Information provided by vnstat"
+msgstr "Informaţii furnizate de vnstat"
+
+msgid "Loading {0} bandwidth chart"
+msgstr "Se încarcă {0} graficul lățimii de bandă"
+
+msgid "Showing {0} to {1} of {2} entries"
+msgstr "Se afișează {0} la {1} din {2} intrări"
+
+#: includes/openvpn.php
+msgid "OpenVPN is not running"
+msgstr "OpenVPN nu funcționează"
+
+msgid "OpenVPN is running"
+msgstr "OpenVPN rulează"
+
+msgid "Server settings"
+msgstr "Setări server"
+
+msgid "Select OpenVPN configuration file (.ovpn)"
+msgstr "Selectaţi fişierul de configurare OpenVPN (.ovpn)"
+
+msgid "Client Log"
+msgstr "Jurnal client"
+
+msgid "Port"
+msgstr "Port"
+
+msgid "Protocol"
+msgstr "Protocol"
+
+msgid "Root CA certificate"
+msgstr "Certificat Root CA"
+
+msgid "Server certificate"
+msgstr "Certificat server"
+
+msgid "Diffie Hellman parameters"
+msgstr "Parametrii Diffie Hellman"
+
+msgid "KeepAlive"
+msgstr "Ține activ"
+
+msgid "Server log"
+msgstr "Jurnal server"
+
+msgid "Start OpenVPN"
+msgstr "Pornește OpenVPN"
+
+msgid "Stop OpenVPN"
+msgstr "Oprește OpenVPN"
+
+msgid "Information provided by openvpn"
+msgstr "Informaţii furnizate de openvpn"
+
+msgid "Attempting to start openvpn"
+msgstr "Se încearcă pornirea openvpn"
+
+msgid "Attempting to stop openvpn"
+msgstr "Se încearcă oprirea openvpn"
+
+msgid "Configurations"
+msgstr "Configurații"
+
+msgid "Currently available OpenVPN client configurations are displayed below."
+msgstr "Configurațiile clientului OpenVPN disponibile sunt afișate mai jos."
+
+msgid "Activating a configuraton will restart the <code>openvpn-client</code> service."
+msgstr "Activarea unei configurații va reporni serviciul <code>openvpn-client</code>."
+
+msgid "Delete OpenVPN client"
+msgstr "Ștergere client OpenVPN"
+
+msgid "Delete client configuration? This cannot be undone."
+msgstr "Ștergeți configurarea clientului? Această acțiune nu poate fi anulată."
+
+msgid "Activate OpenVPN client"
+msgstr "Activare client OpenVPN"
+
+msgid "Activate client configuration? This will restart the openvpn-client service."
+msgstr "Activați configurarea clientului? Aceasta va reporni serviciul openvpn-client."
+
+msgid "Activate"
+msgstr "Activează"
+
+msgid "Cancel"
+msgstr "Anulează"
+
+msgid "Enable this option to log <code>openvpn</code> activity."
+msgstr "Activați această opțiune pentru a înregistra activitatea <code>openvpn</code>."
+
+msgid "Authentification Method"
+msgstr "Metoda de autentificare"
+
+msgid "Username and password"
+msgstr "Nume utilizator și parolă"
+
+msgid "Certificates"
+msgstr "Certificate"
+
+msgid "Enter username and password"
+msgstr "Introduceți numele utilizator și parola"
+
+msgid "Certificates in the configuration file"
+msgstr "Certificate în fișierul de configurare"
+
+msgid "RaspAP supports certificates by including them in the configuration file."
+msgstr "RaspAP acceptă certificate prin includerea lor în fișierul de configurare."
+
+msgid "Signing certification authority (CA) certificate (e.g. <code>ca.crt</code>): enclosed in <code>&lt;ca> ... &lt;/ca></code> tags."
+msgstr "Se semnează certificatul 'certification authority' (CA) (de ex. <code>ca.crt</code>): inclus în etichetele <code>&lt;ca> ... &lt;/ca></code>."
+
+msgid "Client certificate (public key) (e.g. <code>client.crt</code>): enclosed in <code>&lt;cert> ... &lt;/cert></code> tags."
+msgstr "Certificatul clientului (cheie publică) (de ex. <code>client.crt</code>): inclus în etichetele <code>&lt;cert> ... &lt;/cert></code>."
+
+msgid "Private key of the client certificate (e.g. <code>client.key</code>): enclosed in <code>&lt;key> ... &lt;/key></code> tags."
+msgstr "Cheia privată a certificatului clientului (de ex. <code>client.key</code>): inclus în etichetele <code>&lt;key> ... &lt;/key></code>."
+
+msgid "Configuration File"
+msgstr "Fișier de configurare"
+
+#: includes/torproxy.php
+msgid "TOR is not running"
+msgstr "TOR nu rulează"
+
+msgid "TOR is running"
+msgstr "TOR rulează"
+
+msgid "Relay"
+msgstr "Releu"
+
+msgid "Relay settings"
+msgstr "Setări releu"
+
+msgid "Nickname"
+msgstr "Pseudonim"
+
+msgid "Address"
+msgstr "Adresă"
+
+msgid "Start TOR"
+msgstr "Pornește TOR"
+
+msgid "Stop TOR"
+msgstr "Oprește TOR"
+
+msgid "Information provided by tor"
+msgstr "Informaţii furnizate de tor"
+
+msgid "Attempting to start TOR"
+msgstr "Se încearcă pornirea TOR"
+
+msgid "Attempting to stop TOR"
+msgstr "Se încearcă oprirea TOR"
+
+#: template/dashboard.php
+msgid "Bridged AP mode is enabled. For Hostname and IP, see your router's admin page."
+msgstr "Modul AP punte este activat. Pentru Nume gazdă și IP, vedeți pagina de administrare a routerului."
+
+#: common form controls
+msgid "Save settings"
+msgstr "Salvare setări"
+
+msgid "Refresh"
+msgstr "Reîmprospătare"
+
+msgid "running"
+msgstr "rulează"
+
+msgid "stopped"
+msgstr "oprit"
+
+msgid "Remove"
+msgstr "Șterge"
+
+msgid "up"
+msgstr "activ"
+
+msgid "down"
+msgstr "inactiv"
+
+msgid "adblock"
+msgstr "adblock"
+
+msgid "Ad Blocking"
+msgstr "Blocare reclame"
+
+msgid "Start Ad Blocking"
+msgstr "Pornește Blocarea Reclamelor"
+
+msgid "Restart Ad Blocking"
+msgstr "Repornește Blocarea Reclamelor"
+
+msgid "Blocklist settings"
+msgstr "Setari lista de blocați"
+
+msgid "Enable blocklists"
+msgstr "Activare lista de blocați"
+
+msgid "Enable this option if you want RaspAP to <b>block DNS requests for ads, tracking and other virtual garbage</b>. Blocklists are gathered from multiple, actively maintained sources and automatically updated, cleaned, optimized and moderated on a daily basis."
+msgstr "Activați această opțiune dacă doriți ca RaspAP să <b>blocheze cererile DNS pentru reclame, urmărire și alte gunoaie virtuale</b>. Listele de blocați sunt colectate din surse multiple, întreținute în mod activ și actualizate automat, curățate, optimizate și moderate zilnic."
+
+msgid "This option adds <code>conf-file</code> and <code>addn-hosts</code> to the dnsmasq configuration."
+msgstr "Această opțiune adaugă <code>conf-file</code> și <code>addn-hosts</code> la configurația dnsmasq."
+
+msgid "Choose a blocklist provider"
+msgstr "Alegeți un furnizor de lista de blocați"
+
+msgid "Hostnames blocklist last updated"
+msgstr "Lista numelor gazdă blocate ultima dată actualizată"
+
+msgid "Domains blocklist last updated"
+msgstr "Ultima actualizare a listei de domenii blocate"
+
+msgid "Update now"
+msgstr "Actualizați acum"
+
+msgid "Statistics"
+msgstr "Statistici"
+
+msgid "Information provided by adblock"
+msgstr "Informaţie furnizateă de adblock"
+
+msgid "Enable custom blocklist"
+msgstr "Activează lista de blocare personalizată"
+
+msgid "Define custom hosts to be blocked by entering an IPv4 or IPv6 address followed by any whitespace (spaces or tabs) and the host name."
+msgstr "Definiţi gazdele personalizate care să fie blocate prin introducerea unei adrese IPv4 sau IPv6 urmată de orice spaţiu alb (spaţii sau taburi) şi numele gazdei."
+
+msgid "<b>IPv4 example:</b> 0.0.0.0 badhost.com"
+msgstr "<b>exemplu IPv4:</b> 0.0.0.0 badhost.com"
+
+msgid "This option adds an <code>addn-hosts</code> directive to the dnsmasq configuration."
+msgstr "Această opțiune adaugă o directivă <code>addn-hosts</code> la configurația dnsmasq."
+
+msgid "Custom blocklist not defined"
+msgstr "Lista de blocati personalizată nu este definită"
+
+msgid "Invalid custom IP address found on line "
+msgstr "Adresă IP particularizată nevalidă găsită în linie "
+
+msgid "Invalid custom host found on line "
+msgstr "Gazdă personalizată nevalidă în linie "
+
+msgid "Tunnel settings"
+msgstr "Setări tunel"
+
+msgid "Configuration Method"
+msgstr ""
+
+msgid "Upload file"
+msgstr ""
+
+msgid "Create manually"
+msgstr ""
+
+msgid "Upload a WireGuard config"
+msgstr ""
+
+msgid "This option uploads and installs an existing WireGuard <code>.conf</code> file on this device."
+msgstr ""
+
+msgid "Apply iptables rules for AP interface"
+msgstr ""
+
+msgid "Recommended if you wish to forward network traffic from the wg0 interface to clients connected on the AP interface."
+msgstr ""
+
+msgid "This option adds <strong>iptables</strong> <code>Postup</code> and <code>PostDown</code> rules for the configured AP interface (%s)."
+msgstr ""
+
+msgid "Select WireGuard configuration file (.conf)"
+msgstr ""
+
+msgid "Create a local WireGuard config"
+msgstr ""
+
+msgid "Enable server"
+msgstr "Activează serverul"
+
+msgid "Enable this option to secure network traffic by creating an encrypted tunnel between RaspAP and configured peers."
+msgstr ""
+
+msgid "This setting generates a new WireGuard <code>.conf</code> file on this device."
+msgstr ""
+
+msgid "Local public key"
+msgstr "Cheie publică locală"
+
+msgid "Local Port"
+msgstr "Port local"
+
+msgid "IP Address"
+msgstr "Adresă IP"
+
+msgid "DNS"
+msgstr "DNS"
+
+msgid "Peer"
+msgstr "Partener"
+
+msgid "Enable peer"
+msgstr "Activare partener"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer."
+msgstr "Activați această opțiune pentru a cripta traficul prin crearea unui tunel între RaspAP și acest partener."
+
+msgid "This option adds <code>client.conf</code> to the WireGuard configuration."
+msgstr "Această opţiune adaugă <code>client.conf</code> la configuraţia WireGuard."
+
+msgid "Peer public key"
+msgstr "Cheie publică partener"
+
+msgid "Endpoint address"
+msgstr "Adresă punct final"
+
+msgid "Allowed IPs"
+msgstr "IP-uri permise"
+
+msgid "Persistent keepalive"
+msgstr "Persistent keepalive"
+
+msgid "Display WireGuard debug log"
+msgstr ""
+
+msgid "Enable this option to display an updated WireGuard debug log."
+msgstr ""
+
+msgid "Scan this QR code with your client to connect to this tunnel"
+msgstr "Scanați acest cod QR cu clientul pentru a vă conecta la acest tunel"
+
+msgid "or download the <code>client.conf</code> file to your device."
+msgstr "sau descărcați fișierul <code>client.conf</code> pe dispozitivul dvs."
+
+msgid "Download"
+msgstr "Descărcare"
+
+msgid "Start WireGuard"
+msgstr "Pornește WireGuard"
+
+msgid "Stop WireGuard"
+msgstr "Oprește WireGuard"
+
+msgid "Information provided by wireguard"
+msgstr "Informaţii oferite de wireguard"
+
+msgid "Attempting to start WireGuard"
+msgstr "Se încearcă pornirea WireGuard"
+
+msgid "Attempting to stop WireGuard"
+msgstr "Se încearcă oprirea WireGuard"
+
+msgid "WireGuard configuration updated successfully"
+msgstr "Configurarea WireGuard actualizată cu succes"
+
+msgid "WireGuard configuration failed to be updated"
+msgstr "Configurarea WireGuard nu a putut fi actualizată"
+
+msgid "Client Firewall"
+msgstr ""
+
+msgid "Firewall is ENABLED"
+msgstr ""
+
+msgid "Firewall is OFF"
+msgstr ""
+
+msgid "The default firewall will only allow outgoing and already established traffic."
+msgstr ""
+
+msgid "No incoming UDP traffic is allowed."
+msgstr ""
+
+msgid "There are no restrictions for the access point <code>%s</code>."
+msgstr ""
+
+msgid "Exception: Service"
+msgstr ""
+
+msgid "allow SSH access on port 22"
+msgstr ""
+
+msgid "allow access to the RaspAP GUI on port 80 or 443"
+msgstr ""
+
+msgid "Allow incoming connections for some services from the internet side."
+msgstr ""
+
+msgid "Exception: network device"
+msgstr ""
+
+msgid "Exclude device(s)"
+msgstr ""
+
+msgid "Exclude the given network device(s) (separated by a blank or comma) from firewall rules."
+msgstr ""
+
+msgid "Current client devices: <code>%s</code>"
+msgstr ""
+
+msgid "The access point <code>%s</code> is per default excluded."
+msgstr ""
+
+msgid "Exception: IP-Address"
+msgstr ""
+
+msgid "Allow incoming connections from"
+msgstr ""
+
+msgid "For the given IP-addresses (separated by a blank or comma) the incoming connection (via TCP and UDP) is accepted."
+msgstr ""
+
+msgid "This is required for an OpenVPN via UDP or Wireguard connection."
+msgstr ""
+
+msgid "The list of configured VPN server IP addresses: <code><b>%s</b></code>"
+msgstr ""
+
+msgid "Disable Firewall"
+msgstr ""
+
+msgid "Enable Firewall"
+msgstr ""
+
+msgid "Apply changes"
+msgstr ""
+
diff --git a/locale/ru_RU/LC_MESSAGES/messages.mo b/locale/ru_RU/LC_MESSAGES/messages.mo
index 8c5c4d55..2dd711b0 100644
Binary files a/locale/ru_RU/LC_MESSAGES/messages.mo and b/locale/ru_RU/LC_MESSAGES/messages.mo differ
diff --git a/locale/ru_RU/LC_MESSAGES/messages.po b/locale/ru_RU/LC_MESSAGES/messages.po
index 8516ff52..b50f2805 100644
--- a/locale/ru_RU/LC_MESSAGES/messages.po
+++ b/locale/ru_RU/LC_MESSAGES/messages.po
@@ -3,8 +3,8 @@ msgstr ""
 "Project-Id-Version: raspap\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2020-05-19 15:29\n"
-"Last-Translator: Denis Trifiniuc\n"
+"PO-Revision-Date: 2020-04-14 08:51\n"
+"Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "Language-Team: Russian\n"
 "Language: ru_RU\n"
 "MIME-Version: 1.0\n"
@@ -35,10 +35,10 @@ msgid "Hotspot"
 msgstr "Точка доступа"
 
 msgid "Memory Use"
-msgstr "Использование RAM"
+msgstr ""
 
 msgid "CPU Temp"
-msgstr "Температура ЦП"
+msgstr ""
 
 msgid "Networking"
 msgstr "Сетевые"
@@ -47,10 +47,10 @@ msgid "DHCP Server"
 msgstr "DHCP сервер"
 
 msgid "OpenVPN"
-msgstr "OpenVPN"
+msgstr ""
 
 msgid "TOR proxy"
-msgstr "TOR proxy"
+msgstr ""
 
 msgid "Authentication"
 msgstr "авторизации"
@@ -100,7 +100,7 @@ msgid "Client settings"
 msgstr "Настройки клиента"
 
 msgid "SSID"
-msgstr "SSID"
+msgstr ""
 
 msgid "Channel"
 msgstr "Канал"
@@ -182,7 +182,7 @@ msgid "Transferred Bytes"
 msgstr "Передано Байт"
 
 msgid "Wireless Client"
-msgstr "WiFi клиент"
+msgstr ""
 
 msgid "Connected To"
 msgstr "Подключено к"
@@ -324,31 +324,31 @@ msgid "Dnsmasq is not running"
 msgstr "Dnsmasq не запущена"
 
 msgid "Upstream DNS servers"
-msgstr "Пользовательские DNS-серверы"
+msgstr ""
 
 msgid "Only ever query DNS servers configured below"
-msgstr "Использовать только DNS-серверы, настроенные ниже"
+msgstr ""
 
 msgid "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
-msgstr "Включите эту опцию, если вы хотите, чтобы RaspAP <b>отправлял DNS-запросы только на серверы, настроенные ниже</b>. По умолчанию RaspAP также использует восходящие DNS-серверы, назначенные через DHCP."
+msgstr ""
 
 msgid "This option adds <code>no-resolv</code> to the dnsmasq configuration."
-msgstr "Этот параметр добавляет <code>no-resolv</code> в конфигурацию dnsmasq."
+msgstr ""
 
 msgid "Add upstream DNS server"
-msgstr "Добавить сервер DNS"
+msgstr ""
 
 msgid "Format"
-msgstr "Формат"
+msgstr ""
 
 msgid "Choose a hosted server"
-msgstr "Общедоступный DNS-сервер"
+msgstr ""
 
 msgid "Log DHCP requests"
-msgstr "Журнал DHCP-запросов"
+msgstr ""
 
 msgid "Log DNS queries"
-msgstr "Журнал DNS-запросов"
+msgstr ""
 
 #: includes/hostapd.php
 msgid "Basic"
@@ -373,7 +373,7 @@ msgid "Encryption Type"
 msgstr "Тип шифрования"
 
 msgid "PSK"
-msgstr "PSK"
+msgstr ""
 
 msgid "Advanced settings"
 msgstr "Расширенные настройки"
@@ -433,7 +433,7 @@ msgid "WiFi client AP mode"
 msgstr "Режим AP WiFi-клиента"
 
 msgid "Bridged AP mode"
-msgstr "Режим моста ТОЧКИ ДОСТУПА"
+msgstr ""
 
 msgid "Hide SSID in broadcast"
 msgstr "Скрыть SSID при трансляции"
@@ -668,7 +668,7 @@ msgstr "Попытка остановить TOR"
 
 #: template/dashboard.php
 msgid "Bridged AP mode is enabled. For Hostname and IP, see your router's admin page."
-msgstr "Мостовой режим ТОЧКИ ДОСТУПА включен. Для хоста и IP-адреса см. страницу администрирования маршрутизатора."
+msgstr ""
 
 #: common form controls
 msgid "Save settings"
@@ -693,44 +693,44 @@ msgid "down"
 msgstr "вниз"
 
 msgid "adblock"
-msgstr "Adblock"
+msgstr ""
 
 msgid "Ad Blocking"
-msgstr "Ad Blocking"
+msgstr ""
 
 msgid "Start Ad Blocking"
-msgstr "Запустить Ad Blocking"
+msgstr ""
 
 msgid "Restart Ad Blocking"
-msgstr "Перезапустить Ad Blocking"
+msgstr ""
 
 msgid "Blocklist settings"
-msgstr "Настройки блокировки"
+msgstr ""
 
 msgid "Enable blocklists"
-msgstr "Включить блокировку"
+msgstr ""
 
 msgid "Enable this option if you want RaspAP to <b>block DNS requests for ads, tracking and other virtual garbage</b>. Blocklists are gathered from multiple, actively maintained sources and automatically updated, cleaned, optimized and moderated on a daily basis."
-msgstr "Включите эту опцию, если вы хотите, чтобы RaspAP <b>блокировал DNS запросы для рекламы, отслеживания и другого виртуального мусора</b>. Блокирующие списки собираются из множества активно поддерживаемых источников и автоматически обновляются, очищаются, оптимизируются и модерируются ежедневно."
+msgstr ""
 
 msgid "This option adds <code>conf-file</code> and <code>addn-hosts</code> to the dnsmasq configuration."
-msgstr "Эта опция добавляет в конфигурацию dnsmasq <code>conf-file</code> и <code>addn-hosts</code>."
+msgstr ""
 
 msgid "Choose a blocklist provider"
-msgstr "Выберите поставщика черного списка"
+msgstr ""
 
 msgid "Hostnames blocklist last updated"
-msgstr "Имена черного списка последнее обновление"
+msgstr ""
 
 msgid "Domains blocklist last updated"
-msgstr "Последнее обновление списка блокировки доменов"
+msgstr ""
 
 msgid "Update now"
-msgstr "Обновить сейчас"
+msgstr ""
 
 msgid "Statistics"
-msgstr "Статистика"
+msgstr ""
 
 msgid "Information provided by adblock"
-msgstr "Информация получена от Adblock"
+msgstr ""
 
diff --git a/templates/dhcp/logging.php b/templates/dhcp/logging.php
index ce451e6d..ca54a30b 100644
--- a/templates/dhcp/logging.php
+++ b/templates/dhcp/logging.php
@@ -16,8 +16,8 @@
     <div class="form-group col-md-8 mt-2">
       <?php
       if ($conf['log-dhcp'] == 1 || $conf['log-queries'] == 1) {
-          exec('sudo chmod o+r /tmp/dnsmasq.log');
-          $log = file_get_contents('/tmp/dnsmasq.log');
+          exec('sudo /bin/chmod o+r '.RASPI_DHCPCD_LOG);
+          $log = file_get_contents(RASPI_DHCPCD_LOG);
           echo '<textarea class="logoutput">'.htmlspecialchars($log, ENT_QUOTES).'</textarea>';
       } else {
           echo '<textarea class="logoutput my-3"></textarea>';
diff --git a/templates/dhcp/static_leases.php b/templates/dhcp/static_leases.php
index f37e164d..a8d371ba 100644
--- a/templates/dhcp/static_leases.php
+++ b/templates/dhcp/static_leases.php
@@ -1,58 +1,79 @@
 <!-- static leases tab -->
 <div class="tab-pane fade" id="static-leases">
-  <h4 class="mt-3 mb-3"><?php echo _("Static leases") ?></h4>
+  <div class="row">
+    <div class="col-md-12">
+      <h4 class="mt-3 mb-3"><?php echo _("Static leases") ?></h4>
+      <p id="static-lease-description">
+        <small><?php echo _("Clients with a particular hardware MAC address can always be allocated the same IP address.") ?></small>
+        <small class="text-muted"><?php echo _("This option adds <code>dhcp-host</code> entries to the dnsmasq configuration.") ?></small>
+      </p>
+      <div class="dhcp-static-leases js-dhcp-static-lease-container">
+        <?php foreach ($hosts as $host) : ?>
+          <?php list($host, $comment) = array_map("trim", explode("#", $host)); ?>
+          <?php list($mac, $ip) = array_map("trim", explode(",", $host)); ?>
+          <div class="row dhcp-static-lease-row js-dhcp-static-lease-row">
+            <div class="col-md-4 col-xs-3">
+              <input type="text" name="static_leases[mac][]" value="<?php echo htmlspecialchars($mac, ENT_QUOTES) ?>" placeholder="<?php echo _("MAC address") ?>" class="form-control">
+            </div>
+            <div class="col-md-3 col-xs-3">
+              <input type="text" name="static_leases[ip][]" value="<?php echo htmlspecialchars($ip, ENT_QUOTES) ?>" placeholder="<?php echo _("IP address") ?>" class="form-control">
+            </div>
+            <div class="col-md-3 col-xs-3">
+              <input type="text" name="static_leases[comment][]" value="<?php echo htmlspecialchars($comment, ENT_QUOTES) ?>" placeholder="<?php echo _("Optional comment") ?>" class="form-control">
+            </div>
+            <div class="col-md-2 col-xs-3">
+              <button type="button" class="btn btn-outline-danger js-remove-dhcp-static-lease"><i class="far fa-trash-alt"></i></button>
+            </div>
+          </div>
+        <?php endforeach ?>
+      </div>
 
-  <div class="dhcp-static-leases js-dhcp-static-lease-container">
-    <?php foreach ($hosts as $host) : ?>
-      <?php list($host, $comment) = array_map("trim", explode("#", $host)); ?>
-      <?php list($mac, $ip) = array_map("trim", explode(",", $host)); ?>
-      <div class="row dhcp-static-lease-row js-dhcp-static-lease-row">
+      <div class="row dhcp-static-lease-row js-new-dhcp-static-lease">
         <div class="col-md-4 col-xs-3">
-          <input type="text" name="static_leases[mac][]" value="<?php echo htmlspecialchars($mac, ENT_QUOTES) ?>" placeholder="<?php echo _("MAC address") ?>" class="form-control">
+          <input type="text" name="mac" value="" placeholder="<?php echo _("MAC address") ?>" class="form-control" autofocus="autofocus">
         </div>
         <div class="col-md-3 col-xs-3">
-          <input type="text" name="static_leases[ip][]" value="<?php echo htmlspecialchars($ip, ENT_QUOTES) ?>" placeholder="<?php echo _("IP address") ?>" class="form-control">
+          <input type="text" name="ip" value="" placeholder="<?php echo _("IP address") ?>" class="form-control">
         </div>
         <div class="col-md-3 col-xs-3">
-          <input type="text" name="static_leases[comment][]" value="<?php echo htmlspecialchars($comment, ENT_QUOTES) ?>" placeholder="<?php echo _("Optional comment") ?>" class="form-control">
+          <input type="text" name="comment" value="" placeholder="<?php echo _("Optional comment") ?>" class="form-control">
         </div>
         <div class="col-md-2 col-xs-3">
-          <button type="button" class="btn btn-danger js-remove-dhcp-static-lease"><?php echo _("Remove") ?></button>
+          <button type="button" class="btn btn-outline-success js-add-dhcp-static-lease"><i class="far fa-plus-square"></i></button>
         </div>
       </div>
-    <?php endforeach ?>
-  </div>
 
-  <h5 class="mt-3 mb-3"><?php echo _("Add static DHCP lease") ?></h5>
-  <div class="row dhcp-static-lease-row js-new-dhcp-static-lease">
-    <div class="col-md-4 col-xs-3">
-      <input type="text" name="mac" value="" placeholder="<?php echo _("MAC address") ?>" class="form-control" autofocus="autofocus">
-    </div>
-    <div class="col-md-3 col-xs-3">
-      <input type="text" name="ip" value="" placeholder="<?php echo _("IP address") ?>" class="form-control">
-    </div>
-    <div class="col-md-3 col-xs-3">
-      <input type="text" name="comment" value="" placeholder="<?php echo _("Optional comment") ?>" class="form-control">
-    </div>
-    <div class="col-md-2 col-xs-3">
-      <button type="button" class="btn btn-success js-add-dhcp-static-lease"><?php echo _("Add") ?></button>
-    </div>
-  </div>
+      <h5 class="mt-3 mb-3"><?php echo _("Restrict access") ?></h5>
+        <div class="input-group">
+          <input type="hidden" name="dhcp-ignore" value="0">
+            <div class="custom-control custom-switch">
+              <input class="custom-control-input" id="dhcp-ignore" type="checkbox" name="dhcp-ignore" value="1" <?php echo $conf['dhcp-ignore'] ? ' checked="checked"' : "" ?> aria-describedby="dhcp-ignore-description">
+              <label class="custom-control-label" for="dhcp-ignore"><?php echo _("Limit network access to static clients") ?></label>
+            </div>
+            <p id="dhcp-ignore-description">
+              <small><?php echo _("Enable this option if you want RaspAP to <b>ignore any clients</b> which are not specified in the static leases list.") ?></small>
+              <small class="text-muted"><?php echo _("This option adds <code>dhcp-ignore</code> to the dnsmasq configuration.") ?></small>
+            </p>
+          </div>
+        </div>
+      </div>
 
-  <template id="js-dhcp-static-lease-row">
-    <div class="row dhcp-static-lease-row js-dhcp-static-lease-row">
-      <div class="col-md-4 col-xs-3">
-        <input type="text" name="static_leases[mac][]" value="{{ mac }}" placeholder="<?php echo _("MAC address") ?>" class="form-control">
+    <template id="js-dhcp-static-lease-row">
+      <div class="row dhcp-static-lease-row js-dhcp-static-lease-row">
+        <div class="col-md-4 col-xs-3">
+          <input type="text" name="static_leases[mac][]" value="{{ mac }}" placeholder="<?php echo _("MAC address") ?>" class="form-control">
+        </div>
+        <div class="col-md-3 col-xs-3">
+          <input type="text" name="static_leases[ip][]" value="{{ ip }}" placeholder="<?php echo _("IP address") ?>" class="form-control">
+        </div>
+        <div class="col-md-3 col-xs-3">
+          <input type="text" name="static_leases[comment][]" value="{{ comment }}" placeholder="<?php echo _("Optional comment") ?>" class="form-control">
+        </div>
+        <div class="col-md-2 col-xs-3">
+          <button type="button" class="btn btn-outline-danger js-remove-dhcp-static-lease"><i class="far fa-trash-alt"></i></button>
+        </div>
       </div>
-      <div class="col-md-3 col-xs-3">
-        <input type="text" name="static_leases[ip][]" value="{{ ip }}" placeholder="<?php echo _("IP address") ?>" class="form-control">
-      </div>
-      <div class="col-md-3 col-xs-3">
-        <input type="text" name="static_leases[comment][]" value="{{ comment }}" placeholder="<?php echo _("Optional comment") ?>" class="form-control">
-      </div>
-      <div class="col-md-2 col-xs-3">
-        <button type="button" class="btn btn-warning js-remove-dhcp-static-lease"><?php echo _("Remove") ?></button>
-      </div>
-    </div>
-  </template>
+    </template>
+
 </div><!-- /.tab-pane -->
+
diff --git a/templates/firewall.php b/templates/firewall.php
new file mode 100755
index 00000000..70210346
--- /dev/null
+++ b/templates/firewall.php
@@ -0,0 +1,110 @@
+<div class="row">
+  <div class="col-lg-12">
+    <div class="card">
+      <div class="card-header">
+        <div class="row">
+          <div class="col">
+            <i class="fas fa-shield-alt mr-2"></i><?php echo _("Firewall"); ?>
+          </div>
+        </div><!-- /.row -->
+      </div><!-- /.card-header -->
+      <div class="card-body">
+        <?php $status->showMessages(); ?>
+        <h4><?php echo _("Client Firewall"); ?></h4>
+        <?php if ( $fw_conf["firewall-enable"]) : ?>
+           <i class="fas fa-circle mr-2 service-status-up"></i><?php echo _("Firewall is ENABLED"); ?>
+        <?php else : ?>
+           <i class="fas fa-circle mr-2 service-status-down"></i><?php echo _("Firewall is OFF"); ?>
+        <?php endif ?>
+        <div class="row">
+          <div class="col-md-6">
+            <p class="mr-2">
+              <small>
+                <?php echo _("The default firewall will only allow outgoing and already established traffic."); ?><br />
+                <?php echo _("No incoming UDP traffic is allowed."); ?><br />
+                <?php printf(_("There are no restrictions for the access point <code>%s</code>."), $ap_device); ?>
+              </small>
+            </p>
+          </div>
+        </div>
+        <form id="frm-firewall" action="firewall_conf" method="POST" >
+          <?php echo CSRFTokenFieldTag(); ?>
+          <h5><?php echo _("Exception: Service"); ?></h4>
+          <div class="row">
+            <div class="form-group col-md-6">
+                <div class="custom-control custom-switch">
+                    <input class="custom-control-input" id="ssh-enable" type="checkbox" name="ssh-enable" value="1" aria-describedby="exception-description" <?php if ($fw_conf["ssh-enable"]) echo "checked"; ?> >
+                    <label class="custom-control-label" for="ssh-enable"><?php echo _("allow SSH access on port 22") ?></label>
+                </div>
+                <div class="custom-control custom-switch">
+                    <input class="custom-control-input" id="http-enable" type="checkbox" name="http-enable" value="1" aria-describedby="exceptions-description" <?php if ($fw_conf["http-enable"]) echo "checked"; ?> >
+                    <label class="custom-control-label" for="http-enable"><?php echo _("allow access to the RaspAP GUI on port 80 or 443") ?></label>
+                </div>
+                <p class="mb-0" id="exceptions-description">
+                    <small><?php echo _("Allow incoming connections for some services from the internet side.") ?></small>
+                </p>
+            </div>
+          </div>
+          <h5><?php echo _("Exception: network device"); ?></h4>
+          <div class="row">
+            <div class="form-group col-md-6">
+                <label for="excl-device"><?php echo _("Exclude device(s)") ?></label>
+                <input class="form-control" id="excl-devices" type="text" name="excl-devices" value="<?php echo $fw_conf["excl-devices"] ?>" aria-describedby="exclusion-description"  >
+                <p class="mb-0" id="exclusion-description">
+                  <small>
+                    <?php echo _("Exclude the given network device(s) (separated by a blank or comma) from firewall rules."); ?><br />
+                    <?php printf(_("Current client devices: <code>%s</code>"), $str_clients); ?><br />
+                    <?php printf(_("The access point <code>%s</code> is per default excluded."), $ap_device); ?>
+                  </small>
+                </p>
+            </div>
+          </div>
+          <h5><?php echo _("Exception: IP-Address"); ?></h4>
+          <div class="row">
+            <div class="form-group col-md-6">
+                <label for="excluded-ips"><?php echo _("Allow incoming connections from") ?></label>
+                <input class="form-control" id="excluded-ips" type="text" name="excluded-ips" value="<?php echo $fw_conf["excluded-ips"] ?>" aria-describedby="excl-ips-description"  >
+                <p class="mb-0" id="excl-ips-description">
+                  <small>
+                    <?php echo _("For the given IP-addresses (separated by a blank or comma) the incoming connection (via TCP and UDP) is accepted."); ?><br />
+                    <?php echo _("This is required for an OpenVPN via UDP or Wireguard connection."); ?><br />
+                    <?php if ( !empty($vpn_ips) ) printf (_("The list of configured VPN server IP addresses: <code><b>%s</b></code>"), $vpn_ips); ?>
+                  </small>
+                </p>
+            </div>
+          </div>
+          <?php if ($fw_conf["firewall-enable"]) : ?>
+              <input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Apply changes"); ?>" name="apply-firewall" />
+              <input type="submit" class="btn btn-warning firewall-apply" value="<?php echo _("Disable Firewall") ?>"  name="firewall-disable" data-toggle="modal" data-target="#firewallModal"/>
+          <?php else : ?>
+              <input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Save settings"); ?>" name="save-firewall" />
+              <input type="submit" class="btn btn-success firewall-apply" value="<?php echo _("Enable Firewall") ?>" name="firewall-enable" data-toggle="modal" data-target="#firewallModal"/>
+          <?php endif ?>
+        </form>
+      </div><!-- /.card-body -->
+      <div class="card-footer"></div>
+    </div><!-- /.card -->
+  </div><!-- /.col-lg-12 -->
+</div><!-- /.row -->
+
+<!-- Modal -->
+<div class="modal fade" id="firewallModal" tabindex="-1" role="dialog" aria-labelledby="ModalLabel" aria-hidden="true">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <div class="modal-title" id="ModalLabel">
+          <i class="fas fa-sync-alt mr-2"></i><?php echo _("Executing firewall option") ?>
+        </div>
+      </div>
+      <div class="modal-body">
+        <div class="col-md-12 mb-3 mt-1">
+          <?php if($fw_conf["firewall-enable"]) echo _("Disabling firewall").'...'; else echo _("Enabling firewall").'...'; ?>
+        </div>
+      </div>
+      <div class="modal-footer">
+        <button type="button" class="btn btn-outline btn-primary" data-dismiss="modal"><?php echo _("Close"); ?></button>
+      </div>
+    </div>
+  </div>
+</div>
+
diff --git a/templates/hostapd/advanced.php b/templates/hostapd/advanced.php
index f7c9ee93..f331734b 100644
--- a/templates/hostapd/advanced.php
+++ b/templates/hostapd/advanced.php
@@ -52,11 +52,22 @@
         </p>
       </div>
     </div>
+    <div class="row">
+      <div class="form-group col-md-6">
+        <label for="cbxtxpower"><?php echo _("Transmit power (dBm)") ?></label>
+        <i class="fas fa-question-circle text-muted" data-toggle="tooltip" data-placement="auto" title="<?php echo _("dBm is a unit of level used to indicate that a power ratio is expressed in decibels (dB) with reference to one milliwatt (mW). 30 dBm is equal to 1000 mW, while 0 dBm equals 1.25 mW."); ?>"></i>
+        <?php
+          SelectorOptions('txpower', $arrTxPower, $txpower, 'cbxtxpower');
+        ?>
+        <small id="txpower_help" class="text-muted"><?php echo _("Sets the <code>txpower</code> option for the AP interface and the configured country."); ?></small>
+      </div>
+    </div>
+
     <div class="row">
       <div class="form-group col-md-6">
         <label for="max_num_sta"><?php echo _("Maximum number of clients") ?></label>
         <input type="text" id="max_num_sta" class="form-control" name="max_num_sta" placeholder="2007" value="<?php echo $arrConfig["max_num_sta"] ?>" aria-describedby="max_num_sta_help">
-        <small id="max_num_sta_help" class="text-muted"><?php echo _("Configures the max_num_sta option of hostapd. The default and maximum is 2007. If empty or 0, the default applies.") ?></small>
+        <small id="max_num_sta_help" class="text-muted"><?php echo _("Configures the <code>max_num_sta</code> option of hostapd. The default and maximum is 2007. If empty or 0, the default applies.") ?></small>
       </div>
     </div>
     <div class="row">
diff --git a/templates/openvpn.php b/templates/openvpn.php
index 33f61a81..4e0adaba 100755
--- a/templates/openvpn.php
+++ b/templates/openvpn.php
@@ -1,3 +1,15 @@
+  <?php ob_start() ?>
+    <?php if (!RASPI_MONITOR_ENABLED) : ?>
+        <input type="submit" class="btn btn-outline btn-primary" name="SaveOpenVPNSettings" value="Save settings" />
+        <?php if ($openvpnstatus[0] == 0) {
+            echo '<input type="submit" class="btn btn-success" name="StartOpenVPN" value="Start OpenVPN" />' , PHP_EOL;
+          } else {
+            echo '<input type="submit" class="btn btn-warning" name="StopOpenVPN" value="Stop OpenVPN" />' , PHP_EOL;
+          }
+        ?>
+    <?php endif ?>
+  <?php $buttons = ob_get_clean(); ob_end_clean() ?>
+ 
   <div class="row">
     <div class="col-lg-12">
       <div class="card">
@@ -21,72 +33,58 @@
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">
                 <li class="nav-item"><a class="nav-link active" id="clienttab" href="#openvpnclient" data-toggle="tab"><?php echo _("Client settings"); ?></a></li>
-                <li class="nav-item"><a class="nav-link" id="logoutputtab" href="#openvpnlogoutput" data-toggle="tab"><?php echo _("Logfile output"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="configstab" href="#openvpnconfigs" data-toggle="tab"><?php echo _("Configurations"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="loggingtab" href="#openvpnlogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
             </ul>
+
             <!-- Tab panes -->
             <div class="tab-content">
-              <div class="tab-pane active" id="openvpnclient">
-                <h4 class="mt-3"><?php echo _("Client settings"); ?></h4>
-                <div class="row">
-                  <div class="col">
-                    <div class="row mb-2">
-                      <div class="col-lg-12 mt-2 mb-2">
-                        <div class="row ml-1">
-                          <div class="info-item col-xs-3"><?php echo _("IPv4 Address"); ?></div>
-                          <div class="info-value col-xs-3"><?php echo htmlspecialchars($public_ip, ENT_QUOTES); ?><a class="text-gray-500" href="https://ipapi.co/<?php echo($public_ip); ?>" target="_blank" rel="noopener noreferrer"><i class="fas fa-external-link-alt ml-2"></i></a></div>
-                        </div>
-                      </div>
-                    </div>
-                      <div class="row">
-                     <div class="form-group col-lg-12">
-                      <label for="code"><?php echo _("Username"); ?></label>
-                        <input type="text" class="form-control" name="authUser" value="<?php echo htmlspecialchars($authUser, ENT_QUOTES); ?>" />
-                      </div>
-                    </div>
-                    <div class="row">
-                      <div class="form-group col-lg-12">
-                        <label for="code"><?php echo _("Password"); ?></label>
-                        <input type="password" class="form-control" name="authPassword" value="<?php echo htmlspecialchars($authPassword, ENT_QUOTES); ?>" />
-                      </div>
-                    </div>
-                    <div class="row">
-                      <div class="form-group col-lg-12">
-                        <div class="custom-file">
-                          <input type="file" class="custom-file-input" name="customFile" id="customFile">
-                          <label class="custom-file-label" for="customFile"><?php echo _("Select OpenVPN configuration file (.ovpn)"); ?></label>
-                        </div>
-                      </div>
-                    </div>
-                  </div><!-- col-->
-                  <div class="col-sm">
-                      <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/no-trace-200x200.png" class="float-left mb-3 mt-3"></a>
-                  </div>
-                </div><!-- main row -->
-              </div>
-              <div class="tab-pane fade" id="openvpnlogoutput">
-                <h4 class="mt-3"><?php echo _("Client log"); ?></h4>
-                <div class="row">
-                  <div class="form-group col-md-8">
-                    <?php
-                        echo '<textarea class="logoutput"></textarea>';
-                    ?>
-                  </div>
-                </div>
-              </div>
-              <?php if (!RASPI_MONITOR_ENABLED) : ?>
-                  <input type="submit" class="btn btn-outline btn-primary" name="SaveOpenVPNSettings" value="Save settings" />
-                  <?php if ($openvpnstatus[0] == 0) {
-                      echo '<input type="submit" class="btn btn-success" name="StartOpenVPN" value="Start OpenVPN" />' , PHP_EOL;
-                    } else {
-                      echo '<input type="submit" class="btn btn-warning" name="StopOpenVPN" value="Stop OpenVPN" />' , PHP_EOL;
-                    }
-                  ?>
-              <?php endif ?>
-              </form>
-            </div>
+              <?php echo renderTemplate("openvpn/general", $__template_data) ?>
+              <?php echo renderTemplate("openvpn/configs", $__template_data) ?>
+              <?php echo renderTemplate("openvpn/logging", $__template_data) ?>
+            </div><!-- /.tab-content -->
+
+            <?php echo $buttons ?>
+          </form>
         </div><!-- /.card-body -->
-    <div class="card-footer"> Information provided by openvpn</div>
-  </div><!-- /.card -->
-</div><!-- /.col-lg-12 -->
+      <div class="card-footer"><?php echo _("Information provided by openvpn"); ?></div>
+    </div><!-- /.card -->
+  </div><!-- /.col-lg-12 -->
 </div><!-- /.row -->
 
+<!-- modal confirm-delete-->
+<div class="modal fade" id="ovpn-confirm-delete" tabindex="-1" role="dialog" aria-labelledby="ModalLabel" aria-hidden="true">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+      <div class="modal-title" id="ModalLabel"><i class="far fa-trash-alt mr-2"></i><?php echo _("Delete OpenVPN client"); ?></div>
+      </div>
+      <div class="modal-body">
+        <div class="col-md-12 mb-3 mt-1"><?php echo _("Delete client configuration? This cannot be undone."); ?></div>
+      </div>
+      <div class="modal-footer">
+      <button type="button" class="btn btn-outline-secondary" data-dismiss="modal"><?php echo _("Cancel"); ?></button>
+      <button type="button" class="btn btn-outline-danger btn-delete"><?php echo _("Delete"); ?></button>
+      </div>
+    </div>
+  </div>
+</div>
+
+<!-- modal confirm-enable -->
+<div class="modal fade" id="ovpn-confirm-activate" tabindex="-1" role="dialog" aria-labelledby="ModalLabel" aria-hidden="true">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+      <div class="modal-title" id="ModalLabel"><i class="far fa-check-circle mr-2"></i><?php echo _("Activate OpenVPN client"); ?></div>
+      </div>
+      <div class="modal-body">
+        <div class="col-md-12 mb-3 mt-1"><?php echo _("Activate client configuration? This will restart the openvpn-client service."); ?></div>
+      </div>
+      <div class="modal-footer">
+      <button type="button" class="btn btn-outline-secondary" data-dismiss="modal"><?php echo _("Cancel"); ?></button>
+      <button type="button" class="btn btn-outline-success btn-activate"><?php echo _("Activate"); ?></button>
+      </div>
+    </div>
+  </div>
+</div>
+
diff --git a/templates/openvpn/configs.php b/templates/openvpn/configs.php
new file mode 100644
index 00000000..c3e578ee
--- /dev/null
+++ b/templates/openvpn/configs.php
@@ -0,0 +1,35 @@
+<div class="tab-pane fade" id="openvpnconfigs">
+  <div class="row">
+    <div class="col-md">
+      <h4 class="mt-3 mb-3"><?php echo _("Configurations"); ?></h4>
+        <p id="openvpnconfigs-description" class="mb-3">
+          <small><?php echo _("Currently available OpenVPN client configurations are displayed below.") ?></small>
+          <br><small class="text-muted"><?php echo _("Activating a configuraton will restart the <code>openvpn-client</code> service.") ?></small>
+        </p>
+        <div class="openvpn-configs js-openvpn-configs-container">
+          <?php foreach ($clients as $client) :
+                if ($client == $conf_default) {
+                    $btn_class = "active";
+                } else {
+                    $btn_class = "disabled";
+                }
+                $label = preg_replace('/_client$/','',pathinfo($client, PATHINFO_FILENAME));
+                $client = $label;
+          ?>
+            <div class="row mt-2" id="openvpn-client-row-<?php echo htmlspecialchars($client, ENT_QUOTES); ?>" >
+              <div class="col-md-6 col-xs-4">
+                <label><?php echo htmlspecialchars($label, ENT_QUOTES); ?></label>
+              </div>
+              <div class="col-md-auto px-lg-3 col-xs-2">
+                <button type="button" class="btn btn-outline-success <?php echo $btn_class; ?> js-activate-openvpn-client" data-record-id="<?php echo htmlspecialchars($client, ENT_QUOTES); ?>" data-toggle="modal" data-target="#ovpn-confirm-activate" /><i class="far fa-check-circle"></i></button>
+              </div>
+              <div class="col-md-auto col-xs-2">
+                <button type="button" class="btn btn-outline-danger js-remove-openvpn-client" data-record-id="<?php echo htmlspecialchars($client, ENT_QUOTES); ?>" data-toggle="modal" data-target="#ovpn-confirm-delete" /><i class="far fa-trash-alt"></i></button>
+              </div>
+            </div><!-- ./row openvpn-client -->
+          <?php endforeach ?>
+       </div><!-- /.openvpn-configs -->
+      <div class="mb-3"></div>
+    </div><!-- /.tab-pane | manage configs tab -->
+  </div>
+</div>
diff --git a/templates/openvpn/general.php b/templates/openvpn/general.php
new file mode 100644
index 00000000..9398884e
--- /dev/null
+++ b/templates/openvpn/general.php
@@ -0,0 +1,70 @@
+<div class="tab-pane active" id="openvpnclient">
+  <h4 class="mt-3"><?php echo _("Client settings"); ?></h4>
+  <div class="row">
+    <div class="col-lg-8">
+      <div class="row mb-2">
+         <div class="col-lg-12 mt-2 mb-2">
+           <div class="row ml-1">
+            <div class="info-item col-xs-3"><?php echo _("IPv4 Address"); ?></div>
+            <div class="info-value col-xs-3"><?php echo htmlspecialchars($public_ip, ENT_QUOTES); ?><a class="text-gray-500" href="https://ipapi.co/<?php echo($public_ip); ?>" target="_blank" rel="noopener noreferrer"><i class="fas fa-external-link-alt ml-2"></i></a></div>
+           </div>
+         </div>
+      </div>
+      <h5><?php echo _("Authentification Method"); ?></h5>
+      <div class="col-sm-12 mt-2 mb-2 form-check">
+          <input class="form-check-input" id="ovpn-userpw" name="sel1" value="userpw" data-toggle="" data-parent="#clientsettings" data-target="#UserPW" type="radio" checked>
+          <label class="form-check-label"><?php echo _("Username and password"); ?></label>
+      </div>
+      <div class="col-sm-12 mt-2 mb-2 form-check">
+          <input class="form-check-input" id="ovpn-certs" name="sel1" value="certs" data-toggle="" data-parent="#clientsettings" data-target="#Certs" type="radio">
+          <label class="form-check-label"><?php echo _("Certificates"); ?></label>
+      </div>
+      <div class="col-sm-12 ml-2">
+         <div class="panel-group" id="clientsettings">
+           <div class="panel panel-default panel-collapse" id="PanelUserPW" >
+             <div class="panel-heading">
+               <h5 class="panel-title"><?php echo _("Enter username and password"); ?></h5>
+             </div>
+             <div class="panel-body">
+                <div class="form-group col-lg-12">
+                  <label for="code"><?php echo _("Username"); ?></label>
+                  <input type="text" class="form-control" name="authUser" value="<?php echo htmlspecialchars($authUser, ENT_QUOTES); ?>" />
+                </div>
+                <div class="form-group col-lg-12">
+                  <label for="code"><?php echo _("Password"); ?></label>
+                  <input type="password" class="form-control" name="authPassword" value="<?php echo htmlspecialchars($authPassword, ENT_QUOTES); ?>" />
+                </div>
+             </div>
+           </div><!-- panel -->
+           <div class="panel panel-default panel-collapse collapse in" id="PanelCerts">
+             <div class="panel-body">
+               <div class="panel-heading">
+                 <h5 class="panel-title"><?php echo _("Certificates in the configuration file"); ?></h5>
+               </div>
+               <p><?php echo _("RaspAP supports certificates by including them in the configuration file."); ?>
+                 <ul>
+                   <small>
+                     <li><?php echo _("Signing certification authority (CA) certificate (e.g. <code>ca.crt</code>): enclosed in <code>&lt;ca> ... &lt;/ca></code> tags."); ?></li>
+                     <li><?php echo _("Client certificate (public key) (e.g. <code>client.crt</code>): enclosed in <code>&lt;cert> ... &lt;/cert></code> tags."); ?></li>
+                     <li><?php echo _("Private key of the client certificate (e.g. <code>client.key</code>): enclosed in <code>&lt;key> ... &lt;/key></code> tags."); ?></li>
+                   </small>
+                 </ul>
+                </p>
+              </div>
+           </div> <!-- panel -->
+         </div> <!-- panel-group -->
+      </div> <!-- col -->
+      <div class="col-sm-12 ">
+         <div class="form-group">
+            <h5 class="panel-title"><?php echo _("Configuration File"); ?></h4>
+            <div class="custom-file">
+             <input type="file" class="custom-file-input" name="customFile" id="customFile">
+             <label class="custom-file-label" for="customFile"><?php echo _("Select OpenVPN configuration file (.ovpn)"); ?></label>
+           </div>
+         </div>
+      </div> <!-- col -->
+    </div><!-- col-8 -->
+    <div class="col-sm-auto"></div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | general tab -->
+
diff --git a/templates/openvpn/logging.php b/templates/openvpn/logging.php
new file mode 100644
index 00000000..0aef4217
--- /dev/null
+++ b/templates/openvpn/logging.php
@@ -0,0 +1,16 @@
+<!-- logging tab -->
+<div class="tab-pane fade" id="openvpnlogging">
+  <h4 class="mt-3 mb-3"><?php echo _("Logging") ?></h4>
+  <p><?php echo _("Enable this option to log <code>openvpn</code> activity.") ?></p>
+
+  <div class="custom-control custom-switch">
+    <input class="custom-control-input" id="log-openvpn" type="checkbox" name="log-openvpn" value="1" <?php echo $logEnable ? ' checked="checked"' : "" ?> aria-describedby="log-openvpn">
+    <label class="custom-control-label" for="log-openvpn"><?php echo _("Enable logging") ?></label>
+  </div>
+  <div class="row">
+    <div class="form-group col-md-8 mt-2">
+      <textarea class="logoutput"><?php echo htmlspecialchars($logOutput, ENT_QUOTES); ?></textarea>
+    </div>
+  </div>
+</div><!-- /.tab-pane -->
+
diff --git a/templates/themes.php b/templates/themes.php
index c5a06fa4..0e5d7fc2 100755
--- a/templates/themes.php
+++ b/templates/themes.php
@@ -17,7 +17,7 @@
           </div>
           <div class="col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Color"); ?></label>
-            <input class="form-control color-input" value="#d8224c" aria-label="color" />
+            <input class="form-control color-input" value="#2b8080" aria-label="color" />
           </div>
         </div>
         <form action="system_info" method="POST">
diff --git a/templates/torproxy.php b/templates/torproxy.php
old mode 100644
new mode 100755
diff --git a/templates/wg/general.php b/templates/wg/general.php
new file mode 100644
index 00000000..25d74d12
--- /dev/null
+++ b/templates/wg/general.php
@@ -0,0 +1,108 @@
+<!-- wireguard settings tab -->
+<div class="tab-pane active" id="wgsettings">
+  <div class="row">
+    <div class="col-lg-8">
+      <h4 class="mt-3"><?php echo _("Tunnel settings"); ?></h4>
+        <div class="col-lg-12 mt-2">
+          <div class="row mt-3 mb-2">
+            <div class="info-item col-xs-3"><?php echo _("IPv4 Address"); ?></div>
+            <div class="info-value col-xs-3"><?php echo htmlspecialchars($public_ip, ENT_QUOTES); ?><a class="text-gray-500" href="https://ipapi.co/<?php echo($public_ip); ?>" target="_blank" rel="noopener noreferrer"><i class="fas fa-external-link-alt ml-2"></i></a></div>
+          </div>
+        </div>
+        <h5><?php echo _("Configuration Method"); ?></h5>
+        <div class="col-sm-12 mt-2 mb-2 form-check">
+          <input class="form-check-input" id="wg-upload" name="wgCnfOpt" value="upload" data-toggle="" data-parent="#serversettings" data-target="#wgUpload" type="radio" checked>
+          <label class="form-check-label"><?php echo _("Upload file"); ?></label>
+        </div>
+        <div class="col-sm-12 mt-2 mb-2 form-check">
+          <input class="form-check-input" id="wg-manual" name="wgCnfOpt" value="manual" data-toggle="" data-parent="#serversettings" data-target="#wgManual" type="radio">
+          <label class="form-check-label"><?php echo _("Create manually"); ?></label>
+        </div>
+
+        <div class="col-sm-12 ml-2">
+          <div class="panel-group" id="serversettings">
+
+            <div class="panel panel-default panel-collapse" id="PanelUpload">
+              <div class="panel-heading">
+                <h5 class="panel-title"><?php echo _("Upload a WireGuard config"); ?></h5>
+                <p id="wg-description">
+                  <small><?php echo _("This option uploads and installs an existing WireGuard <code>.conf</code> file on this device.") ?></small>
+                </p>
+              </div>
+              <div class="panel-body">
+
+                <div class="form-group">
+                  <div class="custom-control custom-switch">
+                    <?php $checked = $optRules == 1 ? 'checked="checked"' : '' ?>
+                    <input class="custom-control-input" id="chxwgrules" name="wgRules" type="checkbox" value="1" <?php echo $checked ?> />
+                    <label class="custom-control-label" for="chxwgrules"><?php echo _("Apply iptables rules for AP interface"); ?></label>
+                    <i class="fas fa-question-circle text-muted" data-toggle="tooltip" data-placement="auto" title="<?php echo _("Recommended if you wish to forward network traffic from the wg0 interface to clients connected on the AP interface."); ?>"></i>
+                    <p id="wg-description">
+                      <small><?php printf(_("This option adds <strong>iptables</strong> <code>Postup</code> and <code>PostDown</code> rules for the configured AP interface (%s)."), $_SESSION['ap_interface']) ?></small>
+                    </p>
+                  </div>
+                </div>
+
+                <div class="form-group">
+                  <h5 class="panel-title"><?php echo _("Configuration File"); ?></h4>
+                  <div class="custom-file">
+                    <input type="file" class="custom-file-input" name="wgFile" id="wgFile">
+                    <label class="custom-file-label" for="wgFile"><?php echo _("Select WireGuard configuration file (.conf)"); ?></label>
+                  </div>
+                </div>
+                <div class="row mb-2"></div>
+
+              </div><!-- /.panel-body -->
+            </div><!-- /.panel -->
+
+            <div class="panel panel-default panel-collapse" id="PanelManual">
+              <div class="panel-heading">
+                <h5 class="panel-title"><?php echo _("Create a local WireGuard config"); ?></h5>
+                <div class="input-group">
+                  <div class="custom-control custom-switch">
+                    <input class="custom-control-input" id="server_enabled" type="checkbox" name="wgSrvEnable" value="1" <?php echo $wg_senabled ? ' checked="checked"' : "" ?> aria-describedby="server-description">
+                    <label class="custom-control-label" for="server_enabled"><?php echo _("Enable server") ?></label>
+                  </div>
+                  <p id="wg-description">
+                    <small>
+                      <?php echo _("Enable this option to secure network traffic by creating an encrypted tunnel between RaspAP and configured peers.") ?>
+                      <?php echo _("This setting generates a new WireGuard <code>.conf</code> file on this device.") ?>
+                    </small>
+                  </p>
+                </div>
+              </div>
+
+              <div class="panel-body">
+                <label for="code"><?php echo _("Local public key"); ?></label>
+                <div class="input-group col-md-12 mb-3">
+                  <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
+                  <div class="input-group-append">
+                    <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
+                    <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+                  </div>
+                </div>
+              </div>
+
+              <div class="form-group col-xs-3 col-sm-3">
+                <label for="code"><?php echo _("Local Port"); ?></label>
+                <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
+              </div>
+              <div class="form-group col-md-6">
+                <label for="code"><?php echo _("IP Address"); ?></label>
+                <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
+              </div>
+              <div class="form-group col-md-6">
+                <label for="code"><?php echo _("DNS"); ?></label>
+                <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
+              </div>
+              <div class="row mb-3"></div>
+
+            </div><!-- /.panel-body -->
+          </div><!-- /.panel -->
+
+        </div><!-- /.panel-group -->
+      </div><!-- /.col -->
+    </div><!-- /.row -->
+
+</div><!-- /.tab-pane | settings tab -->
+
diff --git a/templates/wg/logging.php b/templates/wg/logging.php
new file mode 100644
index 00000000..02516139
--- /dev/null
+++ b/templates/wg/logging.php
@@ -0,0 +1,19 @@
+<!-- wireguard logging tab -->
+<div class="tab-pane fade" id="wglogging">
+  <div class="row">
+    <div class="col-md-12">
+      <h4 class="mt-3"><?php echo _("Logging"); ?></h4>
+        <p><?php echo _("Enable this option to display an updated <code>wg-quick</code> debug log.") ?></p>
+        <div class="custom-control custom-switch">
+          <input class="custom-control-input" id="wgLogEnable" type="checkbox" name="wgLogEnable" value="1" <?php echo $optLogEnable ? ' checked="checked"' : "" ?> aria-describedby="wgLogEnable">
+          <label class="custom-control-label" for="wgLogEnable"><?php echo _("Logfile output") ?></label>
+        </div>
+        <?php
+          exec('sudo chmod o+r /tmp/wireguard.log');
+          $log = file_get_contents('/tmp/wireguard.log');
+          echo '<textarea class="logoutput my-3">'.htmlspecialchars($log, ENT_QUOTES).'</textarea>';
+        ?>
+    </div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | logging tab -->
+
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
new file mode 100644
index 00000000..d4347575
--- /dev/null
+++ b/templates/wg/peers.php
@@ -0,0 +1,82 @@
+<!-- wireguard peers tab -->
+<div class="tab-pane fade" id="wgpeers">
+  <div class="row">
+    <div class="col-md-6">
+      <h4 class="mt-3"><?php echo _("Peer"); ?></h4>
+        <div class="input-group">
+          <input type="hidden" name="peer_id" value="1">
+          <div class="custom-control custom-switch">
+            <input class="custom-control-input" id="peer_enabled" type="checkbox" name="wg_penabled" value="1" <?php echo $wg_penabled ? ' checked="checked"' : "" ?> aria-describedby="endpoint-description">
+          <label class="custom-control-label" for="peer_enabled"><?php echo _("Enable peer") ?></label>
+        </div>
+        <p id="wg-description">
+          <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer.") ?></small>
+          <small><?php echo _("This option adds <code>client.conf</code> to the WireGuard configuration.") ?></small>
+        </p>
+     </div>
+
+      <div class="row">
+        <div class="col-xs-3 col-sm-6 mt-3">
+          <label for="code"><?php echo _("Peer public key"); ?></label>
+        </div>
+        <div class="input-group col-md-12">
+          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+          <div class="input-group-append">
+            <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
+            <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+          </div>
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="form-group col-xs-3 col-sm-3 mt-3">
+          <label for="code"><?php echo _("Local Port"); ?></label>
+          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="form-group col-xs-3 col-sm-6">
+          <label for="code"><?php echo _("IP Address"); ?></label>
+          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="form-group col-xs-3 col-sm-6">
+          <label for="code"><?php echo _("Endpoint address"); ?></label>
+          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="col-xs-3 col-sm-6">
+          <label for="code"><?php echo _("Allowed IPs"); ?></label>
+          <input type="text" class="form-control mb-3" name="wg_pallowedips" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="col-xs-3 col-sm-6">
+          <label for="code"><?php echo _("Persistent keepalive"); ?></label>
+          <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+    </div>
+
+    <div class="col-md-6 mt-5">
+      <figure class="figure w-75 ml-3">
+        <?php if ($wg_penabled == true ) : ?>
+        <img src="app/img/wg-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
+        <figcaption class="figure-caption">
+          <?php echo _("Scan this QR code with your client to connect to this tunnel"); ?>
+          <?php echo _("or download the <code>client.conf</code> file to your device."); ?>
+        </figcaption>
+        <button class="btn btn-outline-secondary rounded-right wg-client-dl mt-2" type="button"><?php echo _("Download"); ?> <i class="fas fa-download ml-1"></i></button> 
+        <?php endif; ?>
+      </figure>
+    </div>
+
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | peers tab -->
+
diff --git a/templates/wifi_stations.php b/templates/wifi_stations.php
index 32cf8760..cde0bf45 100755
--- a/templates/wifi_stations.php
+++ b/templates/wifi_stations.php
@@ -14,12 +14,11 @@
   </div>
 <?php endif ?>
 
-<?php $index = 0; ?>
-
 <?php if (!empty($connected)): ?>
 <h4 class="h-underlined my-3"><?php echo _("Connected") ?></h4>
 <div class="card-grid">
 	<?php foreach ($connected as $network) : ?>
+	<?php $index = isset($network['index']) ? $network['index'] : -1; ?>
 	<?php echo renderTemplate("wifi_stations/network", compact('network', 'index')) ?>
 	<?php $index++; ?>
 	<?php endforeach ?>
@@ -30,6 +29,7 @@
 <h4 class="h-underlined my-3"><?php echo _("Known") ?></h4>
 <div class="card-grid">
 	<?php foreach ($known as $network) : ?>
+	<?php $index = isset($network['index']) ? $network['index'] : -1; ?>
 	<?php echo renderTemplate("wifi_stations/network", compact('network', 'index')) ?>
 	<?php $index++; ?>
 	<?php endforeach ?>
@@ -40,6 +40,7 @@
 <h4 class="h-underlined my-3"><?php echo _("Nearby") ?></h4>
 <div class="card-grid">
 	<?php foreach ($nearby as $network) : ?>
+	<?php $index = isset($network['index']) ? $network['index'] : -1; ?>
 	<?php echo renderTemplate("wifi_stations/network", compact('network', 'index')) ?>
 	<?php $index++; ?>
 	<?php endforeach ?>
diff --git a/templates/wifi_stations/network.php b/templates/wifi_stations/network.php
index e0a9684c..1199a5e5 100644
--- a/templates/wifi_stations/network.php
+++ b/templates/wifi_stations/network.php
@@ -4,8 +4,7 @@
 		<?php if (strlen($network['ssid']) == 0) {
 			$network['ssid'] = "(unknown)";
 		} ?>
-		<h5 class="card-title"><?php echo htmlspecialchars($network['ssid'], ENT_QUOTES); ?></h5>
-
+		<h5 class="card-title"><?php echo htmlspecialchars($network['ssidutf8'], ENT_QUOTES); ?></h5>
 		<div class="info-item-wifi"><?php echo _("Status"); ?></div>
 		<div>
 			<?php if ($network['configured']) { ?>
@@ -62,7 +61,7 @@
 				<?php if ($network['protocol'] === 'Open') { ?>
 					<input type="password" disabled class="form-control" aria-describedby="passphrase" name="passphrase<?php echo $index ?>" value="" />
 				<?php } else { ?>
-					<input type="password" class="form-control js-validate-psk" aria-describedby="passphrase" name="passphrase<?php echo $index ?>" value="<?php echo $network['passphrase'] ?>" data-target="#update<?php echo $index ?>" data-colors="#ffd0d0,#d0ffd0">
+					<input type="password" class="form-control" aria-describedby="passphrase" name="passphrase<?php echo $index ?>" value="<?php echo $network['passphrase'] ?>" data-target="#update<?php echo $index ?>" data-colors="#ffd0d0,#d0ffd0">
 					<div class="input-group-append">
 						<button class="btn btn-outline-secondary js-toggle-password" type="button" data-target="[name=passphrase<?php echo $index ?>]" data-toggle-with="<?php echo _("Hide") ?>">Show</button>
 					</div>
@@ -75,7 +74,7 @@
 				<input type="submit" class="col-xs-4 col-md-4 btn btn-warning" value="<?php echo _("Update"); ?>" id="update<?php echo $index ?>" name="update<?php echo $index ?>"<?php echo ($network['protocol'] === 'Open' ? ' disabled' : '')?> data-toggle="modal" data-target="#configureClientModal" />
 				<button type="submit" class="col-xs-4 col-md-4 btn btn-info" value="<?php echo $index?>" name="connect"><?php echo _("Connect"); ?></button>
 			<?php } else { ?>
-				<input type="submit" class="col-xs-4 col-md-4 btn btn-info" value="<?php echo _("Add"); ?>" id="update<?php echo $index ?>" name="update<?php echo $index ?>" <?php echo ($network['protocol'] === 'Open' ? '' : ' disabled')?> data-toggle="modal" data-target="#configureClientModal" />
+				<input type="submit" class="col-xs-4 col-md-4 btn btn-info" value="<?php echo _("Add"); ?>" id="update<?php echo $index ?>" name="update<?php echo $index ?>" data-toggle="modal" data-target="#configureClientModal" />
 			<?php } ?>
 			<input type="submit" class="col-xs-4 col-md-4 btn btn-danger" value="<?php echo _("Delete"); ?>" name="delete<?php echo $index ?>"<?php echo ($network['configured'] ? '' : ' disabled')?> data-toggle="modal" data-target="#configureClientModal" />
 		</div><!-- /.btn-group -->
diff --git a/templates/wireguard.php b/templates/wireguard.php
new file mode 100755
index 00000000..ee28dfa1
--- /dev/null
+++ b/templates/wireguard.php
@@ -0,0 +1,53 @@
+  <?php ob_start() ?>
+    <?php if (!RASPI_MONITOR_ENABLED) : ?>
+      <input type="submit" class="btn btn-outline btn-primary" name="savewgsettings" value="<?php echo _("Save settings"); ?>">
+      <?php if ($wg_state) : ?>
+        <input type="submit" class="btn btn-warning" name="stopwg" value="<?php echo _("Stop WireGuard"); ?>">
+      <?php else : ?>
+        <input type="submit" class="btn btn-success" name="startwg" value="<?php echo _("Start WireGuard"); ?>">
+      <?php endif ?>
+    <?php endif ?>
+  <?php $buttons = ob_get_clean(); ob_end_clean() ?>
+
+  <div class="row">
+    <div class="col-lg-12">
+      <div class="card">
+        <div class="card-header">
+          <div class="row">
+            <div class="col">
+              <span class="ra-wireguard mr-2"></span><?php echo _("WireGuard"); ?>
+            </div>
+            <div class="col">
+              <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
+                <span class="icon text-gray-600"><i class="fas fa-circle service-status-<?php echo $serviceStatus ?>"></i></span>
+                <span class="text service-status">wg <?php echo _($serviceStatus) ?></span>
+              </button>
+            </div>
+          </div><!-- /.row -->
+        </div><!-- /.card-header -->
+        <div class="card-body">
+        <?php $status->showMessages(); ?>
+          <form role="form" action="/wg_conf" enctype="multipart/form-data" method="POST">
+            <?php echo CSRFTokenFieldTag() ?>
+            <!-- Nav tabs -->
+            <ul class="nav nav-tabs">
+                <li class="nav-item"><a class="nav-link active" id="settingstab" href="#wgsettings" data-toggle="tab"><?php echo _("Settings"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="peertab" href="#wgpeers" data-toggle="tab"><?php echo _("Peer"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="loggingtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
+            </ul>
+
+            <!-- Tab panes -->
+            <div class="tab-content">
+              <?php echo renderTemplate("wg/general", $__template_data) ?>
+              <?php echo renderTemplate("wg/peers", $__template_data) ?>
+              <?php echo renderTemplate("wg/logging", $__template_data) ?>
+            </div><!-- /.tab-content -->
+
+          <?php echo $buttons ?>
+          </form>
+        </div><!-- /.card-body -->
+        <div class="card-footer"><?php echo _("Information provided by wireguard"); ?></div>
+      </div><!-- /.card -->
+    </div><!-- /.col-lg-12 -->
+  </div><!-- /.row -->
+
diff --git a/yarn.lock b/yarn.lock
index 0b90ec2f..71c854e0 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -645,9 +645,9 @@ camelcase@^5.0.0:
   integrity sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==
 
 caniuse-lite@^1.0.30000998, caniuse-lite@^1.0.30001219:
-  version "1.0.30001228"
-  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001228.tgz#bfdc5942cd3326fa51ee0b42fbef4da9d492a7fa"
-  integrity sha512-QQmLOGJ3DEgokHbMSA8cj2a+geXqmnpyOFT0lhQV6P3/YOJvGDEwoedcwxEQ30gJIwIIunHIicunJ2rzK5gB2A==
+  version "1.0.30001230"
+  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001230.tgz#8135c57459854b2240b57a4a6786044bdc5a9f71"
+  integrity sha512-5yBd5nWCBS+jWKTcHOzXwo5xzcj4ePE/yjtkZyUV1BTUmrBaA9MRGC+e7mxnqXSA90CmCA8L3eKLaSUkt099IQ==
 
 caseless@~0.12.0:
   version "0.12.0"
@@ -1179,9 +1179,9 @@ ee-first@1.1.1:
   integrity sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=
 
 electron-to-chromium@^1.3.723:
-  version "1.3.738"
-  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.738.tgz#aec24b091c82acbfabbdcce08076a703941d17ca"
-  integrity sha512-vCMf4gDOpEylPSLPLSwAEsz+R3ShP02Y3cAKMZvTqule3XcPp7tgc/0ESI7IS6ZeyBlGClE50N53fIOkcIVnpw==
+  version "1.3.739"
+  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.739.tgz#f07756aa92cabd5a6eec6f491525a64fe62f98b9"
+  integrity sha512-+LPJVRsN7hGZ9EIUUiWCpO7l4E3qBYHNadazlucBfsXBbccDFNKUBAgzE68FnkWGJPwD/AfKhSzL+G+Iqb8A4A==
 
 emoji-regex@^7.0.1:
   version "7.0.3"
@@ -2756,15 +2756,10 @@ minimatch@^3.0.2, minimatch@^3.0.4, minimatch@~3.0.2:
   dependencies:
     brace-expansion "^1.1.7"
 
-minimist@^1.1.3, minimist@^1.2.5:
-  version "1.2.5"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
-  integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
-
-minimist@^1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.0.tgz#a35008b20f41383eec1fb914f4cd5df79a264284"
-  integrity sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=
+minimist@^1.1.3, minimist@^1.2.0, minimist@^1.2.5:
+  version "1.2.6"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44"
+  integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==
 
 minipass@^2.6.0, minipass@^2.8.6, minipass@^2.9.0:
   version "2.9.0"