diff --git a/package/gluon-config-mode-tunneldigger/Makefile b/package/gluon-config-mode-tunneldigger/Makefile
new file mode 100644
index 00000000..179d2ec9
--- /dev/null
+++ b/package/gluon-config-mode-tunneldigger/Makefile
@@ -0,0 +1,37 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-config-mode-tunneldigger
+PKG_VERSION:=1
+
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+
+include ../gluon.mk
+
+PKG_CONFIG_DEPENDS += $(GLUON_I18N_CONFIG)
+
+
+define Package/gluon-config-mode-tunneldigger
+  SECTION:=gluon
+  CATEGORY:=Gluon
+  TITLE:=Toggle tunneldigger and bandwidth limit
+  DEPENDS:=gluon-config-mode-core-virtual +gluon-mesh-vpn-tunneldigger
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+	$(call GluonBuildI18N,gluon-config-mode-tunneldigger,i18n)
+	$(call GluonSrcDiet,./luasrc,$(PKG_BUILD_DIR)/luadest/)
+endef
+
+define Package/gluon-config-mode-tunneldigger/install
+	$(CP) $(PKG_BUILD_DIR)/luadest/* $(1)/
+	$(call GluonInstallI18N,gluon-config-mode-tunneldigger,$(1))
+endef
+
+$(eval $(call BuildPackage,gluon-config-mode-tunneldigger))
diff --git a/package/gluon-config-mode-tunneldigger/i18n/de.po b/package/gluon-config-mode-tunneldigger/i18n/de.po
new file mode 100644
index 00000000..7641c769
--- /dev/null
+++ b/package/gluon-config-mode-tunneldigger/i18n/de.po
@@ -0,0 +1,36 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"PO-Revision-Date: 2015-10-07 00:32+0100\n"
+"Last-Translator: Cyrus Fox <cyrus@lambdacore.de>\n"
+"Language-Team: German\n"
+"Language: de\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+msgid "Downstream (kbit/s)"
+msgstr "Downstream (kbit/s)"
+
+msgid "Limit bandwidth"
+msgstr "Bandbreite begrenzen"
+
+msgid "Upstream (kbit/s)"
+msgstr "Upstream (kbit/s)"
+
+msgid "Use internet connection (mesh VPN)"
+msgstr "Internetverbindung nutzen (Mesh-VPN)"
+
+msgid ""
+"Your internet connection can be used to establish a VPN connection "
+"with other nodes. Enable this option if there are no other nodes reachable "
+"over WLAN in your vicinity or you want to make a part of your connection's "
+"bandwidth available for the network. You can limit how much bandwidth the "
+"node will use at most."
+msgstr ""
+"Dein Knoten kann deine Internetverbindung nutzen um darüber eine "
+"VPN Verbindung zu anderen Knoten aufzubauen. Die dafür "
+"genutzte Bandbreite kannst du beschränken. Aktiviere die Option, falls keine "
+"per WLAN erreichbaren Nachbarknoten in deiner Nähe sind oder du deine "
+"Internetverbindung für das Mesh-Netzwerk zur Verfügung stellen möchtest."
diff --git a/package/gluon-config-mode-tunneldigger/i18n/gluon-config-mode-tunneldigger.pot b/package/gluon-config-mode-tunneldigger/i18n/gluon-config-mode-tunneldigger.pot
new file mode 100644
index 00000000..b6722919
--- /dev/null
+++ b/package/gluon-config-mode-tunneldigger/i18n/gluon-config-mode-tunneldigger.pot
@@ -0,0 +1,22 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8"
+
+msgid "Downstream (kbit/s)"
+msgstr ""
+
+msgid "Limit bandwidth"
+msgstr ""
+
+msgid "Upstream (kbit/s)"
+msgstr ""
+
+msgid "Use internet connection (mesh VPN)"
+msgstr ""
+
+msgid ""
+"Your internet connection can be used to establish a VPN connection "
+"with other nodes. Enable this option if there are no other nodes reachable "
+"over WLAN in your vicinity or you want to make a part of your connection's "
+"bandwidth available for the network. You can limit how much bandwidth the "
+"node will use at most."
+msgstr ""
diff --git a/package/gluon-config-mode-tunneldigger/luasrc/lib/gluon/config-mode/wizard/0300-mesh-vpn.lua b/package/gluon-config-mode-tunneldigger/luasrc/lib/gluon/config-mode/wizard/0300-mesh-vpn.lua
new file mode 100755
index 00000000..50edeb60
--- /dev/null
+++ b/package/gluon-config-mode-tunneldigger/luasrc/lib/gluon/config-mode/wizard/0300-mesh-vpn.lua
@@ -0,0 +1,47 @@
+return function(form, uci)
+	local msg = translate(
+		'Your internet connection can be used to establish a ' ..
+	        'VPN connection with other nodes. ' ..
+	        'Enable this option if there are no other nodes reachable ' ..
+	        'over WLAN in your vicinity or you want to make a part of ' ..
+	        'your connection\'s bandwidth available for the network. You can limit how ' ..
+	        'much bandwidth the node will use at most.'
+	)
+
+	local s = form:section(Section, nil, msg)
+
+	local o
+
+	local meshvpn = s:option(Flag, "meshvpn", translate("Use internet connection (mesh VPN)"))
+	meshvpn.default = uci:get_bool("tunneldigger", "mesh_vpn", "enabled")
+	function meshvpn:write(data)
+		uci:set("tunneldigger", "mesh_vpn", "enabled", data)
+	end
+
+	local limit = s:option(Flag, "limit_enabled", translate("Limit bandwidth"))
+	limit:depends(meshvpn, true)
+	limit.default = uci:get_bool("simple-tc", "mesh_vpn", "enabled")
+	function limit:write(data)
+		uci:set("simple-tc", "mesh_vpn", "interface")
+		uci:set("simple-tc", "mesh_vpn", "enabled", data)
+		uci:set("simple-tc", "mesh_vpn", "ifname", "mesh-vpn")
+	end
+
+	o = s:option(Value, "limit_ingress", translate("Downstream (kbit/s)"))
+	o:depends(limit, true)
+	o.default = uci:get("simple-tc", "mesh_vpn", "limit_ingress")
+	o.datatype = "uinteger"
+	function o:write(data)
+		uci:set("simple-tc", "mesh_vpn", "limit_ingress", data)
+	end
+
+	o = s:option(Value, "limit_egress", translate("Upstream (kbit/s)"))
+	o:depends(limit, true)
+	o.default = uci:get("simple-tc", "mesh_vpn", "limit_egress")
+	o.datatype = "uinteger"
+	function o:write(data)
+		uci:set("simple-tc", "mesh_vpn", "limit_egress", data)
+	end
+
+	return {'tunneldigger', 'simple-tc'}
+end
diff --git a/package/gluon-mesh-vpn-tunneldigger/Makefile b/package/gluon-mesh-vpn-tunneldigger/Makefile
new file mode 100644
index 00000000..b8323cb2
--- /dev/null
+++ b/package/gluon-mesh-vpn-tunneldigger/Makefile
@@ -0,0 +1,42 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-mesh-vpn-tunneldigger
+PKG_VERSION:=3
+
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+
+include ../gluon.mk
+
+define Package/gluon-mesh-vpn-tunneldigger
+  SECTION:=gluon
+  CATEGORY:=Gluon
+  TITLE:=Support for connecting meshes via tunneltigger/l2tpv3 pseudowire
+  DEPENDS:=+gluon-core +gluon-wan-dnsmasq +tunneldigger +iptables +iptables-mod-extra +simple-tc
+endef
+
+define Package/gluon-mesh-vpn-tunneldigger/description
+	Gluon community wifi mesh firmware framework: tunneldigger support
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+	$(call GluonSrcDiet,./luasrc,$(PKG_BUILD_DIR)/luadest/)
+endef
+
+define Package/gluon-mesh-vpn-tunneldigger/install
+	$(CP) ./files/* $(1)/
+	$(CP) $(PKG_BUILD_DIR)/luadest/* $(1)/	
+endef
+
+define Package/gluon-mesh-vpn-tunneldigger/postinst
+#!/bin/sh
+$(call GluonCheckSite,check_site.lua)
+endef
+
+$(eval $(call BuildPackage,gluon-mesh-vpn-tunneldigger))
diff --git a/package/gluon-mesh-vpn-tunneldigger/check_site.lua b/package/gluon-mesh-vpn-tunneldigger/check_site.lua
new file mode 100644
index 00000000..39470a10
--- /dev/null
+++ b/package/gluon-mesh-vpn-tunneldigger/check_site.lua
@@ -0,0 +1,9 @@
+need_number('tunneldigger_mesh_vpn.mtu')
+need_boolean('tunneldigger_mesh_vpn.enabled', false)
+need_string_array('tunneldigger_mesh_vpn.brokers')
+
+if need_table('tunneldigger_mesh_vpn.bandwidth_limit', nil, false) then
+	need_boolean('tunneldigger_mesh_vpn.bandwidth_limit.enabled', false)
+	need_number('tunneldigger_mesh_vpn.bandwidth_limit.ingress', false)
+	need_number('tunneldigger_mesh_vpn.bandwidth_limit.egress', false)
+end
diff --git a/package/gluon-mesh-vpn-tunneldigger/files/lib/gluon/mesh-vpn-tunneldigger/iptables.rules b/package/gluon-mesh-vpn-tunneldigger/files/lib/gluon/mesh-vpn-tunneldigger/iptables.rules
new file mode 100644
index 00000000..2b16750c
--- /dev/null
+++ b/package/gluon-mesh-vpn-tunneldigger/files/lib/gluon/mesh-vpn-tunneldigger/iptables.rules
@@ -0,0 +1,3 @@
+*nat
+-I OUTPUT -m owner --gid-owner gluon-tunneldigger -o lo -d 127.0.0.1 -p udp --dport 53 -j DNAT --to-destination :54
+COMMIT
diff --git a/package/gluon-mesh-vpn-tunneldigger/luasrc/lib/gluon/upgrade/400-mesh-vpn-tunneldigger b/package/gluon-mesh-vpn-tunneldigger/luasrc/lib/gluon/upgrade/400-mesh-vpn-tunneldigger
new file mode 100755
index 00000000..68ea88a0
--- /dev/null
+++ b/package/gluon-mesh-vpn-tunneldigger/luasrc/lib/gluon/upgrade/400-mesh-vpn-tunneldigger
@@ -0,0 +1,61 @@
+#!/usr/bin/lua
+
+local site = require 'gluon.site_config'
+local users = require 'gluon.users'
+local util = require 'gluon.util'
+
+local uci = require('simple-uci').cursor()
+
+
+-- Group for iptables rule
+users.add_group('gluon-tunneldigger', 900)
+
+local enabled = uci:get('tunneldigger', 'mesh_vpn', 'enabled')
+if enabled == nil then
+	enabled = uci:get_first('tunneldigger', 'broker', 'enabled')
+end
+if enabled == nil then
+	enabled = site.tunneldigger_mesh_vpn.enabled or false
+end
+
+-- Delete old broker config section       
+if not uci:get('tunneldigger', 'mesh_vpn') then
+	uci:delete_all('tunneldigger', 'broker')
+end
+
+uci:section('tunneldigger', 'broker', 'mesh_vpn',
+	{
+		enabled = enabled,
+		uuid = util.node_id(),
+		interface = 'mesh-vpn',
+		bind_interface = 'br-wan',
+		group = 'gluon-tunneldigger',
+		broker_selection = 'usage',
+		address = site.tunneldigger_mesh_vpn.brokers,
+	}
+)
+
+uci:save('tunneldigger')
+
+uci:section('network', 'interface', 'mesh_vpn',
+	{
+		ifname = 'mesh-vpn',
+		proto = 'gluon_mesh',
+		fixed_mtu = '1',
+		transitive = '1',
+		mtu = site.tunneldigger_mesh_vpn.mtu,
+	}
+)
+
+uci:save('network')
+
+
+uci:section('firewall', 'include', 'mesh_vpn_dns',
+	{
+		type = 'restore',
+		path = '/lib/gluon/mesh-vpn-tunneldigger/iptables.rules',
+		family = 'ipv4',
+	}
+)
+
+uci:save('firewall')
diff --git a/package/gluon-mesh-vpn-tunneldigger/luasrc/lib/gluon/upgrade/420-mesh-vpn-tunneldigger-simple-tc b/package/gluon-mesh-vpn-tunneldigger/luasrc/lib/gluon/upgrade/420-mesh-vpn-tunneldigger-simple-tc
new file mode 100755
index 00000000..a8464cac
--- /dev/null
+++ b/package/gluon-mesh-vpn-tunneldigger/luasrc/lib/gluon/upgrade/420-mesh-vpn-tunneldigger-simple-tc
@@ -0,0 +1,31 @@
+#!/usr/bin/lua
+
+local site = require 'gluon.site_config'
+local uci = require('simple-uci').cursor()
+local fs = require 'nixio.fs'
+
+
+if fs.access('/etc/config/gluon-simple-tc') then
+	os.rename('/etc/config/gluon-simple-tc', '/etc/config/simple-tc')
+end
+
+
+if not uci:get('simple-tc', 'mesh_vpn') then
+	local config = {
+		ifname = 'mesh-vpn',
+		enabled = false,
+	}
+
+
+	if site.tunneldigger_mesh_vpn.bandwidth_limit then
+		if site.tunneldigger_mesh_vpn.bandwidth_limit.enabled then
+			config.enabled = true
+		end
+
+		config.limit_ingress = site.tunneldigger_mesh_vpn.bandwidth_limit.ingress
+		config.limit_egress = site.tunneldigger_mesh_vpn.bandwidth_limit.egress
+	end
+
+	uci:section('simple-tc', 'interface', 'mesh_vpn', config)
+	uci:save('simple-tc')
+end
diff --git a/package/gluon-migrate-vpn/Makefile b/package/gluon-migrate-vpn/Makefile
new file mode 100644
index 00000000..79d01634
--- /dev/null
+++ b/package/gluon-migrate-vpn/Makefile
@@ -0,0 +1,39 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-migrate-vpn
+PKG_VERSION:=1
+
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+
+include ../gluon.mk
+
+define Package/gluon-migrate-vpn
+  SECTION:=gluon
+  CATEGORY:=Gluon
+  TITLE:=Enables either fastd or tunneldigger if the opposite was active before upgrading
+  DEPENDS:=+gluon-core
+endef
+
+define Package/gluon-migrate-vpn/description
+	Gluon community wifi mesh firmware framework: VPN service migration script
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+	$(call GluonSrcDiet,./luasrc,$(PKG_BUILD_DIR)/luadest/)
+endef
+
+define Package/gluon-migrate-vpn/install
+	$(CP) $(PKG_BUILD_DIR)/luadest/* $(1)/
+endef
+
+define Package/gluon-migrate-vpn/postinst
+endef
+
+$(eval $(call BuildPackage,gluon-migrate-vpn))
diff --git a/package/gluon-migrate-vpn/luasrc/lib/gluon/upgrade/499-migrate-vpn b/package/gluon-migrate-vpn/luasrc/lib/gluon/upgrade/499-migrate-vpn
new file mode 100755
index 00000000..fd7e0a5e
--- /dev/null
+++ b/package/gluon-migrate-vpn/luasrc/lib/gluon/upgrade/499-migrate-vpn
@@ -0,0 +1,21 @@
+#!/usr/bin/lua
+
+local fs = require 'nixio.fs'
+local uci = require("simple-uci").cursor()
+
+local tunneldigger_enabled = uci:get_bool("tunneldigger", "mesh_vpn", "enabled")
+local fastd_enabled = uci:get_bool("fastd", "mesh_vpn", "enabled")
+
+local enabled = false
+
+if (tunneldigger_enabled or fastd_enabled) then
+	enabled = true
+end
+
+if (enabled and fs.access("/usr/bin/tunneldigger") and not fs.access("/usr/bin/fastd")) then
+	uci:set("tunneldigger", "mesh_vpn", "enabled", enabled)
+	uci:save("tunneldigger")
+elseif (enabled and not fs.access("/usr/bin/tunneldigger") and fs.access("/usr/bin/fastd")) then
+	uci:set("fastd", "mesh_vpn", "enabled", enabled)
+	uci:save("fastd")
+end