diff --git a/image-extras/common/root/autoprovision-stage2.sh b/image-extras/common/root/autoprovision-stage2.sh
index 594d4e2..dad8c59 100755
--- a/image-extras/common/root/autoprovision-stage2.sh
+++ b/image-extras/common/root/autoprovision-stage2.sh
@@ -4,6 +4,36 @@
 
 . /root/autoprovision-functions.sh
 
+check_repo() 
+{
+    printf "\033[32;1mChecking OpenWrt repo availability...\033[0m\n"
+    opkg update | grep -q "Failed to download" && printf "\033[32;1mopkg failed. Check internet or date. Command for force ntp sync: ntpd -p ptbtime1.ptb.de\033[0m\n" && exit 1
+}
+
+route_vpn () 
+{
+cat << EOF > /etc/hotplug.d/iface/30-rknroute
+#!/bin/sh
+
+ip route add table vpn default dev wg0
+EOF
+}
+
+add_mark() 
+{
+    grep -q "99 vpn" /etc/iproute2/rt_tables || echo '99 vpn' >> /etc/iproute2/rt_tables
+    
+    if ! uci show network | grep -q mark0x1; then
+        printf "\033[32;1mConfigure mark rule\033[0m\n"
+        uci add network rule
+        uci set network.@rule[-1].name='mark0x1'
+        uci set network.@rule[-1].mark='0x1'
+        uci set network.@rule[-1].priority='100'
+        uci set network.@rule[-1].lookup='vpn'
+        uci commit
+    fi
+}
+
 dnsmasqfull() 
 {
 		if opkg list-installed | grep -q dnsmasq-full; then
@@ -118,26 +148,10 @@ installPackages()
 
     log "Autoprovisioning stage2 is about to install packages"
 
-    # switch ssh from dropbear to openssh (needed to install sshtunnel)
-    #opkg remove dropbear
-    #opkg install openssh-server openssh-sftp-server sshtunnel
-
-    #/etc/init.d/sshd enable
-    #mkdir /root/.ssh
-    #chmod 0700 /root/.ssh
-    #mv /etc/dropbear/authorized_keys /root/.ssh/
-    #rm -rf /etc/dropbear
-
     # CUSTOMIZE
     # install some more packages that don't need any extra steps
     #opkg install lua luci ppp-mod-pppoe screen mc unzip logrotate
     opkg install logrotate curl
-
-    # this is needed for the vlans on tp-link 3020 with only a single hw ethernet port
-    #opkg install kmod-macvlan ip
-
-    # just in case if we were run in a firmware that didn't already have luci
-    #/etc/init.d/uhttpd enable
 }
 
 autoprovisionStage2()
@@ -183,8 +197,14 @@ EOF
     fi
 }
 
-autoprovisionStage2
+check_repo
+route_vpn
+add_mark
 dnsmasqfull
 dnscrypt2
 add_getdomains
+autoprovisionStage2
+
+printf "\033[32;1mRestart network\033[0m\n"
+/etc/init.d/network restart