diff --git a/package/gluon-mesh-vpn-openvpn/check_site.lua b/package/gluon-mesh-vpn-openvpn/check_site.lua
index baa2132a..863d2be8 100644
--- a/package/gluon-mesh-vpn-openvpn/check_site.lua
+++ b/package/gluon-mesh-vpn-openvpn/check_site.lua
@@ -1 +1 @@
-need_string(in_domain({'mesh_vpn', 'openvpn', 'config'}))
+-- need_string(in_domain({'mesh_vpn', 'openvpn', ''}))
diff --git a/package/gluon-mesh-vpn-openvpn/luasrc/lib/gluon/upgrade/400-mesh-vpn-openvpn b/package/gluon-mesh-vpn-openvpn/luasrc/lib/gluon/upgrade/400-mesh-vpn-openvpn
index cdba7cbb..dcd8dbdb 100755
--- a/package/gluon-mesh-vpn-openvpn/luasrc/lib/gluon/upgrade/400-mesh-vpn-openvpn
+++ b/package/gluon-mesh-vpn-openvpn/luasrc/lib/gluon/upgrade/400-mesh-vpn-openvpn
@@ -6,23 +6,33 @@ local vpn_core = require 'gluon.mesh-vpn'
 
 local uci = require('simple-uci').cursor()
 
+-- https://stackoverflow.com/a/4991602/3990041
+function file_exists(name)
+   local f=io.open(name,"r")
+   if f~=nil then io.close(f) return true else return false end
+end
 
-local enabled = vpn_core.enabled()
+local vpn = {
+	enabled = vpn_core.enabled(),
 
-local file = '/etc/openvpn/mesh_vpn.ovpn'
+	client = true,
+	dev = vpn_core.get_interface(),
+	dev_type = 'tap'
+}
 
--- TODO: support for directly specifying options in site conf??
+for key, value in pairs(site.mesh_vpn.openvpn.config()) do
+	vpn[key] = value
+end
 
-fd = io.open(file, 'w')
-fd:write(site.mesh_vpn.openvpn.config())
-fd:write("\ndev " .. vpn_core.get_interface())
-fd:close()
+-- if mesh_vpn is on but we have no key, even tho we need one then we can't proceed
+if vpn.key ~= nil and not file_exists(vpn.key) then
+	vpn.enabled = false
+end
 
 -- NOTE: ip is set by static-ip
+-- TODO: maybe better integration? currently we still listen to openvpn push
 
-uci:section('openvpn', 'openvpn', 'mesh_vpn', {
-	enabled = enabled,
-	config = file,
-})
+uci:delete('openvpn', 'mesh_vpn')
+uci:section('openvpn', 'openvpn', 'mesh_vpn', vpn)
 
 uci:save('openvpn')
diff --git a/package/gluon-mesh-vpn-openvpn/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/openvpn.lua b/package/gluon-mesh-vpn-openvpn/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/openvpn.lua
index 3b599fc4..935d2765 100755
--- a/package/gluon-mesh-vpn-openvpn/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/openvpn.lua
+++ b/package/gluon-mesh-vpn-openvpn/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/openvpn.lua
@@ -6,6 +6,7 @@ local vpn_core = require 'gluon.mesh-vpn'
 local M = {}
 
 function M.public_key()
+	-- TODO: get key from openvpn.mesh_vpn.key and then get fingerprint
 	return nil
 end