diff --git a/dsvpn/files/init b/dsvpn/files/init
index 1d78ed4be..ca25fd3f0 100755
--- a/dsvpn/files/init
+++ b/dsvpn/files/init
@@ -29,6 +29,16 @@ validate_section() {
 		'externalip:string:auto'
 }
 
+version_over_5_4() {
+	MAJOR_VERSION=$(uname -r | awk -F '.' '{print $1}')
+	MINOR_VERSION=$(uname -r | awk -F '.' '{print $2}')
+	if [ $MAJOR_VERSION -ge 5 ] && [ $MINOR_VERSION -gt 13 ] || [ $MAJOR_VERSION -gt 5 ] ; then
+		return 0
+	else
+		return 1
+	fi
+}
+
 start_instance() {
 	local enable key host port dev
 
@@ -58,6 +68,10 @@ start_instance() {
 
 	_log "starting ${PROG_NAME} ${1} instance $*"
 
+	if version_over_5_4; then
+		PROG="mptcpize run ${PROG}"
+	fi
+
 	procd_open_instance
 
 	procd_set_param command ${PROG} ${mode} \
diff --git a/glorytun/Makefile b/glorytun/Makefile
index 6cd00b7ae..95d7ed3aa 100644
--- a/glorytun/Makefile
+++ b/glorytun/Makefile
@@ -9,11 +9,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=glorytun
-PKG_VERSION:=0.0.35
 PKG_RELEASE:=6
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=6d58536f4232fea8eaa10fb60aace8ba11f29ed6
 PKG_SOURCE:=glorytun-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/angt/glorytun/releases/download/v$(PKG_VERSION)
-PKG_HASH:=49e4d8ea4ff2990300b37947b0bd0da3c8e0985bc6eddf29f4146306188fff64
+PKG_SOURCE_URL:=https://github.com/Ysurac/glorytun.git
+PKG_VERSION:=0.0.35-$(PKG_SOURCE_VERSION)
+
+PKG_FIXUP:=autoreconf
 
 include $(INCLUDE_DIR)/package.mk
 
diff --git a/luci-app-mptcp/luasrc/controller/mptcp.lua b/luci-app-mptcp/luasrc/controller/mptcp.lua
index 33f39fcc6..c81458f80 100644
--- a/luci-app-mptcp/luasrc/controller/mptcp.lua
+++ b/luci-app-mptcp/luasrc/controller/mptcp.lua
@@ -210,13 +210,23 @@ function mptcp_monitor_data()
 	luci.http.prepare_content("text/plain")
 	local fullmesh
 	fullmesh = io.popen("cat /proc/net/mptcp_net/snmp")
-	if fullmesh then
+	if fullmesh:read() ~= nil then
 		while true do
 			local ln = fullmesh:read("*l")
 			if not ln then break end
 			luci.http.write(ln)
 			luci.http.write("\n")
 		end
+	else
+		fullmesh = io.popen("nstat -z")
+		if fullmesh then
+			while true do
+				local ln = fullmesh:read("*l")
+				if not ln then break end
+				luci.http.write(ln)
+				luci.http.write("\n")
+			end
+		end
 	end
 	return
 end
@@ -225,7 +235,7 @@ function mptcp_connections_data()
 	luci.http.prepare_content("text/plain")
 	local connections
 	connections = io.popen("multipath -c")
-	if connections then
+	if connections:read() ~= nil then
 		while true do
 			local ln = connections:read("*l")
 			if not ln then break end
diff --git a/luci-app-mptcp/luasrc/model/cbi/mptcp.lua b/luci-app-mptcp/luasrc/model/cbi/mptcp.lua
index 4b3bdb2b7..b9e7d0630 100644
--- a/luci-app-mptcp/luasrc/model/cbi/mptcp.lua
+++ b/luci-app-mptcp/luasrc/model/cbi/mptcp.lua
@@ -21,56 +21,74 @@ o:value(0, translate("disable"))
 o = s:option(ListValue, "mptcp_path_manager", translate("Multipath TCP path-manager"), translate("Default is fullmesh"))
 o:value("default", translate("default"))
 o:value("fullmesh", "fullmesh")
-o:value("ndiffports", "ndiffports")
-o:value("binder", "binder")
-if uname.release:sub(1,4) ~= "4.14" then
+if uname.release:sub(1,4) ~= "5.14" then
+    o:value("ndiffports", "ndiffports")
+    o:value("binder", "binder")
+    if uname.release:sub(1,4) ~= "4.14" then
 	o:value("netlink", translate("Netlink"))
+    end
 end
 o = s:option(ListValue, "mptcp_scheduler", translate("Multipath TCP scheduler"))
 o:value("default", translate("default"))
-o:value("roundrobin", "round-robin")
-o:value("redundant", "redundant")
-if uname.release:sub(1,4) ~= "4.14" then
+if uname.release:sub(1,4) ~= "5.14" then
+    o:value("roundrobin", "round-robin")
+    o:value("redundant", "redundant")
+    if uname.release:sub(1,4) ~= "4.14" then
 	o:value("blest", "BLEST")
 	o:value("ecf", "ECF")
+    end
+end
+if uname.release:sub(1,4) ~= "5.14" then
+    o = s:option(Value, "mptcp_syn_retries", translate("Multipath TCP SYN retries"))
+    o.datatype = "uinteger"
+    o.rmempty = false
 end
-o = s:option(Value, "mptcp_syn_retries", translate("Multipath TCP SYN retries"))
-o.datatype = "uinteger"
-o.rmempty = false
 o = s:option(ListValue, "congestion", translate("Congestion Control"),translate("Default is cubic"))
 local availablecong = sys.exec("sysctl -n net.ipv4.tcp_available_congestion_control | xargs -n1 | sort | xargs")
 for cong in string.gmatch(availablecong, "[^%s]+") do
 	o:value(cong, translate(cong))
 end
 
-o = s:option(Value, "mptcp_fullmesh_num_subflows", translate("Fullmesh subflows for each pair of IP addresses"))
-o.datatype = "uinteger"
-o.rmempty = false
-o.default = 1
---o:depends("mptcp_path_manager","fullmesh")
+if uname.release:sub(1,4) == "5.14" then
+    o = s:option(Value, "mptcp_subflows", translate("specifies the maximum number of additional subflows allowed for each MPTCP connection"))
+    o.datatype = "uinteger"
+    o.rmempty = false
+    o.default = 3
+    
+    o = s:option(Value, "mptcp_add_addr_accepted", translate("specifies the maximum number of ADD_ADDR suboptions accepted for each MPTCP connection"))
+    o.datatype = "uinteger"
+    o.rmempty = false
+    o.default = 1
+else
+    o = s:option(Value, "mptcp_fullmesh_num_subflows", translate("Fullmesh subflows for each pair of IP addresses"))
+    o.datatype = "uinteger"
+    o.rmempty = false
+    o.default = 1
+    --o:depends("mptcp_path_manager","fullmesh")
 
-o = s:option(ListValue, "mptcp_fullmesh_create_on_err", translate("Re-create fullmesh subflows after a timeout"))
-o:value(1, translate("enable"))
-o:value(0, translate("disable"))
---o:depends("mptcp_path_manager","fullmesh")
+    o = s:option(ListValue, "mptcp_fullmesh_create_on_err", translate("Re-create fullmesh subflows after a timeout"))
+    o:value(1, translate("enable"))
+    o:value(0, translate("disable"))
+    --o:depends("mptcp_path_manager","fullmesh")
 
-o = s:option(Value, "mptcp_ndiffports_num_subflows", translate("ndiffports subflows number"))
-o.datatype = "uinteger"
-o.rmempty = false
-o.default = 1
---o:depends("mptcp_path_manager","ndiffports")
+    o = s:option(Value, "mptcp_ndiffports_num_subflows", translate("ndiffports subflows number"))
+    o.datatype = "uinteger"
+    o.rmempty = false
+    o.default = 1
+    --o:depends("mptcp_path_manager","ndiffports")
 
-o = s:option(ListValue, "mptcp_rr_cwnd_limited", translate("Fill the congestion window on all subflows for round robin"))
-o:value("Y", translate("enable"))
-o:value("N", translate("disable"))
-o.default = "Y"
---o:depends("mptcp_scheduler","roundrobin")
+    o = s:option(ListValue, "mptcp_rr_cwnd_limited", translate("Fill the congestion window on all subflows for round robin"))
+    o:value("Y", translate("enable"))
+    o:value("N", translate("disable"))
+    o.default = "Y"
+    --o:depends("mptcp_scheduler","roundrobin")
 
-o = s:option(Value, "mptcp_rr_num_segments", translate("Consecutive segments that should be sent for round robin"))
-o.datatype = "uinteger"
-o.rmempty = false
-o.default = 1
---o:depends("mptcp_scheduler","roundrobin")
+    o = s:option(Value, "mptcp_rr_num_segments", translate("Consecutive segments that should be sent for round robin"))
+    o.datatype = "uinteger"
+    o.rmempty = false
+    o.default = 1
+    --o:depends("mptcp_scheduler","roundrobin")
+end
 
 s = m:section(TypedSection, "interface", translate("Interfaces Settings"))
 o = s:option(ListValue, "multipath", translate("Multipath TCP"), translate("One interface must be set as master"))
diff --git a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua
index a0999557d..da45601df 100644
--- a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua
+++ b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua
@@ -284,6 +284,7 @@ function wizard_add()
 		local sqmenabled = luci.http.formvalue("cbid.sqm.%s.enabled" % intf) or "0"
 		local multipath = luci.http.formvalue("cbid.network.%s.multipath" % intf) or "on"
 		local lan = luci.http.formvalue("cbid.network.%s.lan" % intf) or "0"
+		local ttl = luci.http.formvalue("cbid.network.%s.ttl" % intf) or ""
 		if typeintf ~= "" then
 			if typeintf == "normal" then
 				typeintf = ""
@@ -338,6 +339,13 @@ function wizard_add()
 		if proto ~= "other" then
 			ucic:set("network",intf,"proto",proto)
 		end
+
+		uci_device = uci_device_from_interface(intf)
+		if uci_device == "" then
+			uci_device = intf .. "_dev"
+		end
+		ucic:set("network",uci_device,"ttl",ttl)
+
 		ucic:set("network",intf,"apn",apn)
 		ucic:set("network",intf,"pincode",pincode)
 		ucic:set("network",intf,"delay",delay)
diff --git a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm
index c6db8b9e5..3ee2b29b4 100644
--- a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm
+++ b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm
@@ -893,6 +893,16 @@
 		<%
 		    end
 		%>
+		<div class="cbi-value" data-index="14">
+		    <label class="cbi-value-title"><%:Force TTL%></label>
+		    <div class="cbi-value-field">
+			<input type="text" name="cbid.network.<%=ifname%>.ttl" class="cbi-input-text" value="<%=ttl%>" data-type="uinteger">
+			<br />
+			<div class="cbi-value-description">
+			    <%:You can force a TTL. Some LTE provider detect tethering by inpecting packet TTL value, setting it to 65 often solve the issue.%>
+			</div>
+		    </div>
+		</div>
 
 		<%
 			local download = "0"
@@ -909,7 +919,7 @@
 			--	end
 			--end
 		%>
-		<div class="cbi-value" data-index="14">
+		<div class="cbi-value" data-index="15">
 		    <label class="cbi-value-title"><%:MPTCP over VPN%></label>
 		    <div class="cbi-value-field">
 			<input class="cbi-input-checkbox" type="checkbox" name="multipathvpn.<%=ifname%>.enabled" value="1" <% if uci:get("openmptcprouter",ifname,"multipathvpn") == "1" then %>checked<% end %> />
@@ -919,7 +929,7 @@
 			</div>
 		    </div>
 		</div>
-		<div class="cbi-value" data-index="15">
+		<div class="cbi-value" data-index="16">
 		    <label class="cbi-value-title"><%:Enable SQM%></label>
 		    <div class="cbi-value-field">
 			<input class="cbi-input-checkbox" type="checkbox" name="cbid.sqm.<%=ifname%>.enabled" value="1" <% if uci:get("sqm",ifname,"enabled") == "1" then %>checked<% end %> />
@@ -929,7 +939,7 @@
 			</div>
 		    </div>
 		</div>
-		<div class="cbi-value" data-index="16">
+		<div class="cbi-value" data-index="17">
 		    <label class="cbi-value-title"><%:Download speed (Kb/s)%></label>
 		    <div class="cbi-value-field">
 			<input type="text" name="cbid.sqm.<%=ifname%>.download" class="cbi-input-text" value="<%=download%>" data-type="uinteger">
@@ -945,7 +955,7 @@
 			-->
 		    </div>
 		</div>
-		<div class="cbi-value" data-index="17">
+		<div class="cbi-value" data-index="18">
 		    <label class="cbi-value-title"><%:Upload speed (Kb/s)%></label>
 		    <div class="cbi-value-field">
 			<input type="text" name="cbid.sqm.<%=ifname%>.upload" class="cbi-input-text" value="<%=upload%>" data-type="uinteger">
diff --git a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter
index 74543d056..8ebf2905b 100755
--- a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter
+++ b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter
@@ -824,7 +824,7 @@ function interfaces_status()
 				if mArray.openmptcprouter["external_check"] ~= false then
 					mArray.openmptcprouter["proxy_addr"] = ut.trim(sys.exec("curl -s -4 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m " .. timeout .. " " .. check_ipv4_website))
 					if mArray.openmptcprouter["proxy_addr"] == "" then
-						mArray.openmptcprouter["proxy_addr"] = ut.trim(sys.exec("curl -s -4 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m " .. timeout .. " ifconfig.co"))
+						mArray.openmptcprouter["proxy_addr"] = ut.trim(sys.exec("curl -s -4 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m " .. timeout .. " ifconfig.me"))
 					end
 					--mArray.openmptcprouter["ss_addr6"] = sys.exec("curl -s -6 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m 3 http://ipv6.openmptcprouter.com")
 				end
diff --git a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/10_router.js b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/10_router.js
index ad9278c53..cf69d4d0e 100644
--- a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/10_router.js
+++ b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/10_router.js
@@ -371,7 +371,7 @@ return baseclass.extend({
 
 			release: {
 				title: _('Firmware Version'),
-				value: (typeof boardinfo.release.description !== "undefined") ? boardinfo.release.description : null
+				value: (typeof boardinfo.release !== "undefined") ? ((typeof boardinfo.release.description !== "undefined") ? boardinfo.release.description : null) : null
 			}
 		};
 
diff --git a/luci-mod-network/htdocs/luci-static/resources/tools/network.js b/luci-mod-network/htdocs/luci-static/resources/tools/network.js
index 8efbd89d4..b08f84058 100644
--- a/luci-mod-network/htdocs/luci-static/resources/tools/network.js
+++ b/luci-mod-network/htdocs/luci-static/resources/tools/network.js
@@ -662,6 +662,10 @@ return baseclass.extend({
 		o.placeholder = '0';
 		o.datatype = 'uinteger';
 
+		o = this.replaceOption(s, 'devadvanced', form.Value, 'ttl', _('Force TTL'), _('Some LTE providers detect tethering by inspecting packet TTL values'));
+		o.placeholder = '65';
+		o.datatype = 'uinteger';
+
 		o = this.replaceOption(s, 'devgeneral', form.Flag, 'ipv6', _('Enable IPv6'));
 		o.migrate = false;
 		o.default = o.enabled;
diff --git a/mptcp/files/etc/init.d/mptcp b/mptcp/files/etc/init.d/mptcp
index 64bb51d51..7dd629733 100755
--- a/mptcp/files/etc/init.d/mptcp
+++ b/mptcp/files/etc/init.d/mptcp
@@ -16,6 +16,9 @@ global_multipath_settings() {
 	config_get multipath globals multipath
 	config_get mptcp_path_manager globals mptcp_path_manager
 	config_get mptcp_scheduler globals mptcp_scheduler
+	config_get mptcp_subflows globals mptcp_subflows "3"
+	config_get mptcp_add_addr_accepted globals mptcp_add_addr_accepted "1"
+	config_get mptcp_add_addr_timeout globals mptcp_add_addr_timeout "120"
 	config_get mptcp_debug globals mptcp_debug
 	config_get congestion globals congestion
 	config_get mptcp_checksum globals mptcp_checksum
@@ -29,18 +32,25 @@ global_multipath_settings() {
 	[ "$multipath" = "enable" ] && multipath_status=1
 
 	# Global MPTCP configuration
-	sysctl -qw net.mptcp.mptcp_enabled="$multipath_status"
-	[ -z "$mptcp_path_manager" ] || sysctl -qw net.mptcp.mptcp_path_manager="$mptcp_path_manager"
-	[ -z "$mptcp_scheduler" ] || sysctl -qw net.mptcp.mptcp_scheduler="$mptcp_scheduler"
+	if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
+		sysctl -qw net.mptcp.mptcp_enabled="$multipath_status"
+		[ -z "$mptcp_path_manager" ] || sysctl -qw net.mptcp.mptcp_path_manager="$mptcp_path_manager"
+		[ -z "$mptcp_scheduler" ] || sysctl -qw net.mptcp.mptcp_scheduler="$mptcp_scheduler"
+		[ -z "$mptcp_checksum" ] || sysctl -qw net.mptcp.mptcp_checksum="$mptcp_checksum"
+		[ -z "$mptcp_debug" ] || sysctl -qw net.mptcp.mptcp_debug="$mptcp_debug"
+		[ -z "$mptcp_syn_retries" ] || sysctl -qw net.mptcp.mptcp_syn_retries="$mptcp_syn_retries"
+		[ -z "$mptcp_fullmesh_num_subflows" ] || sysctl -qw /sys/module/mptcp_fullmesh/parameters/num_subflows="$mptcp_fullmesh_num_subflows"
+		[ -z "$mptcp_fullmesh_create_on_err" ] || sysctl -qw /sys/module/mptcp_fullmesh/parameters/create_on_err="$mptcp_fullmesh_create_on_err"
+		[ -z "$mptcp_ndiffports_num_subflows" ] || sysctl -qw /sys/module/mptcp_ndiffports/parameters/num_subflows="$mptcp_ndiffports_num_subflows"
+		[ -z "$mptcp_rr_cwnd_limited" ] || sysctl -qw /sys/module/mptcp_rr/parameters/cwnd_limited="$mptcp_rr_cwnd_limited"
+		[ -z "$mptcp_rr_num_segments" ] || sysctl -qw /sys/module/mptcp_rr/parameters/num_segments="$mptcp_rr_num_segments"
+	else
+		sysctl -qw net.mptcp.enabled="$multipath_status"
+		ip mptcp limits set add_addr_accepted $mptcp_add_addr_accepted subflows $mptcp_subflows 2>&1 >/dev/null
+		[ -z "$mptcp_add_addr_timeout" ] || sysctl -qw net.mptcp.add_addr_timeout="$mptcp_add_addr_timeout"
+		[ -z "$mptcp_checksum" ] || sysctl -qw net.mptcp.checksum_enabled="$mptcp_checksum"
+	fi
 	[ -z "$congestion" ] || sysctl -qw net.ipv4.tcp_congestion_control="$congestion"
-	[ -z "$mptcp_checksum" ] || sysctl -qw net.mptcp.mptcp_checksum="$mptcp_checksum"
-	[ -z "$mptcp_debug" ] || sysctl -qw net.mptcp.mptcp_debug="$mptcp_debug"
-	[ -z "$mptcp_syn_retries" ] || sysctl -qw net.mptcp.mptcp_syn_retries="$mptcp_syn_retries"
-	[ -z "$mptcp_fullmesh_num_subflows" ] || sysctl -qw /sys/module/mptcp_fullmesh/parameters/num_subflows="$mptcp_fullmesh_num_subflows"
-	[ -z "$mptcp_fullmesh_create_on_err" ] || sysctl -qw /sys/module/mptcp_fullmesh/parameters/create_on_err="$mptcp_fullmesh_create_on_err"
-	[ -z "$mptcp_ndiffports_num_subflows" ] || sysctl -qw /sys/module/mptcp_ndiffports/parameters/num_subflows="$mptcp_ndiffports_num_subflows"
-	[ -z "$mptcp_rr_cwnd_limited" ] || sysctl -qw /sys/module/mptcp_rr/parameters/cwnd_limited="$mptcp_rr_cwnd_limited"
-	[ -z "$mptcp_rr_num_segments" ] || sysctl -qw /sys/module/mptcp_rr/parameters/num_segments="$mptcp_rr_num_segments"
 }
 
 interface_macaddr_count() {
diff --git a/mptcp/files/usr/bin/multipath b/mptcp/files/usr/bin/multipath
index 896b169d2..62e029da5 100755
--- a/mptcp/files/usr/bin/multipath
+++ b/mptcp/files/usr/bin/multipath
@@ -12,8 +12,6 @@ if [ -d "/proc/sys/net/mptcp" ]; then
         fi
 else
         echo "Your device don't support multipath-TCP."
-        echo "You have to install the pached kernel to use MPTCP."
-        echo "See http://multipath-tcp.org/ for details"
         exit 1
 fi
 
@@ -22,7 +20,11 @@ case $1 in
         echo "          Multipath-TCP configuration tool"
         echo "show/update flags:"
         echo "  multipath [device]"
-        echo "  multipath device {on | off | backup | handover}"
+        if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
+                echo "  multipath device {on | off | backup }"
+        else
+                echo "  multipath device {on | off | signal | backup }"
+        fi
         echo
         echo "show established conections: -c"
         echo "show fullmesh info: -f"
@@ -32,14 +34,21 @@ case $1 in
         echo "will allow a subflow to be established across this interface, but only be used"
         echo "as backup. Handover-flag indicates that his interface is not used at all (even "
         echo "no subflow being established), as long as there are other interfaces available."
-        echo "See http://multipath-tcp.org/ for details"
         echo
         exit 0 ;;
    "-c")
-        cat /proc/net/mptcp_net/mptcp
+        if [ -f /proc/net/mptcp_net/mptcp ]; then
+            cat /proc/net/mptcp_net/mptcp
+        else
+            ss -M
+        fi
         exit 0;;
    "-f")
-        cat /proc/net/mptcp_fullmesh
+        if [ -f /proc/net/mptcp_fullmesh ]; then
+            cat /proc/net/mptcp_fullmesh
+        else
+            ip mptcp endpoint | grep fullmesh
+        fi
         exit 0;;
    "-k")
         if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
@@ -65,7 +74,6 @@ case $1 in
             echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
         fi
         echo
-        echo See http://multipath-tcp.org/ for details
         exit 0 ;;
    "")
         for ifpath in /sys/class/net/*; do
@@ -128,7 +136,8 @@ else
                         exit 0;;
                 "signal")
                         [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
-                        ip mptcp endpoint add $IP dev $DEVICE signal subflow fullmesh
+                        #ip mptcp endpoint add $IP dev $DEVICE signal subflow fullmesh
+                        ip mptcp endpoint add $IP dev $DEVICE signal
                         exit 0;;
                 "backup")
                         [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
diff --git a/openmptcprouter-full/Makefile b/openmptcprouter-full/Makefile
index 4432da893..022951ded 100644
--- a/openmptcprouter-full/Makefile
+++ b/openmptcprouter-full/Makefile
@@ -28,7 +28,7 @@ MY_DEPENDS := \
     iperf3-ssl luci-app-iperf \
     arptables \
     bind-dig \
-    libnetfilter-conntrack ebtables ebtables-utils ip-full \
+    libnetfilter-conntrack ebtables ebtables-utils ip-full nstat \
     iptables-mod-iface iptables-mod-ipmark iptables-mod-hashlimit iptables-mod-condition iptables-mod-trace iptables-mod-conntrack-extra iptables-mod-account \
     kmod-nf-nat kmod-nf-nathelper kmod-nf-nathelper-extra iptables-mod-extra conntrack \
     iptables-mod-ipsec kmod-crypto-authenc kmod-ipsec kmod-ipsec4 kmod-ipsec6 kmod-ipt-ipsec \
diff --git a/openmptcprouter/files/bin/blocklanfw b/openmptcprouter/files/bin/blocklanfw
index cf507eba4..a35694dac 100755
--- a/openmptcprouter/files/bin/blocklanfw
+++ b/openmptcprouter/files/bin/blocklanfw
@@ -1,6 +1,6 @@
 #!/bin/sh
 ss_rules_fw_drop() {
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@@ -8,18 +8,18 @@ ss_rules_fw_drop() {
 			fw=$((fw+1))
 		fi
 	done
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
 	done
 }
 
 ss_rules6_fw_drop() {
-	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@@ -27,18 +27,18 @@ ss_rules6_fw_drop() {
 			fw=$((fw+1))
 		fi
 	done
-	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+			eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
 	done
 }
 
 v2r_rules_fw_drop() {
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@@ -46,33 +46,35 @@ v2r_rules_fw_drop() {
 			fw=$((fw+1))
 		fi
 	done
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "iptables -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
+			eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
 	done
 }
 
 v2ray_rules6_fw_drop() {
-	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
 			eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 		fi
 	done
-	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "ip6tables -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
+			eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 		fi
 	done
 }
 
+[ -n "$(pgrep blocklanfw)" ] && exit 0
+[ -z "$(iptables-save | grep zone_lan)" ] && exit 0
 fw=0
 if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then
 	ss_rules6_fw_drop
@@ -81,7 +83,7 @@ elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then
 	v2r_rules_fw_drop
 	v2ray_rules6_fw_drop
 fi
-rule=$(fw3 -4 print | grep 'A PREROUTING' | grep zone_lan_prerouting | sed 's/-A PREROUTING/-D PREROUTING/')
+rule=$(timeout 1 fw3 -4 print | grep 'A PREROUTING' | grep zone_lan_prerouting | sed 's/-A PREROUTING/-D PREROUTING/')
 eval "$rule 2>&1 >/dev/null"
 newrule=$(echo "$rule" | sed 's/-D PREROUTING/-I PREROUTING 1/')
 eval "$newrule 2>&1 >/dev/null"
diff --git a/openmptcprouter/files/etc/firewall.ttl b/openmptcprouter/files/etc/firewall.ttl
new file mode 100644
index 000000000..e241dbfca
--- /dev/null
+++ b/openmptcprouter/files/etc/firewall.ttl
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+_set_ttl() {
+	device=$(uci -q get network.$1.name)
+	ttl=$(uci -q get network.$1.ttl)
+	if [ -n "$ttl" ] && [ -z "$(iptables-save | grep TTL | grep $device)" ]; then
+		iptables -w -t mangle -I POSTROUTING -o $device -j TTL --ttl-set $ttl 2>&1 >/dev/null
+	fi
+}
+
+config_load network
+config_foreach _set_ttl device
\ No newline at end of file
diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps
index 3104f2f74..2206fe064 100755
--- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps
+++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps
@@ -221,6 +221,8 @@ _get_ss_redir() {
 	[ "$cf_fast_open" = "1" ] && fast_open="true"
 	config_get cf_no_delay $1 no_delay
 	[ "$cf_no_delay" = "1" ] && no_delay="true"
+	config_get cf_mptcp $1 mptcp
+	[ "$cf_mptcp" = "1" ] && mptcp="true"
 }
 
 _get_ss_server() {
@@ -253,10 +255,12 @@ _set_ss_server_vps() {
 	current_obfs_type="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs_type')"
 	current_fast_open="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.fast_open')"
 	current_no_delay="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.no_delay')"
+	current_mptcp="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.mptcp')"
 	
 	ebpf="false"
 	fast_open="false"
 	no_delay="false"
+	mptcp="false"
 	obfs="false"
 	obfs_plugin="v2ray"
 	obfs_type="http"
@@ -264,9 +268,9 @@ _set_ss_server_vps() {
 	config_foreach _get_ss_redir ss_redir
 	config_foreach _get_ss_server server
 
-	if [ "$current_obfs_plugin" != "$obfs_plugin" ] || [ "$current_obfs_type" != "$obfs_type" ] || [ "$current_port" != "$port" ] || [ "$current_method" != "$method" ] || [ "$current_key" != "$key" ] || [ "$current_ebpf" != "$ebpf" ] || [ "$current_obfs" != "$obfs" ] || [ "$current_fast_open" != "$fast_open" ] || [ "$current_no_delay" != "$no_delay" ]; then
+	if [ "$current_mptcp" != "$mptcp" ] || [ "$current_obfs_plugin" != "$obfs_plugin" ] || [ "$current_obfs_type" != "$obfs_type" ] || [ "$current_port" != "$port" ] || [ "$current_method" != "$method" ] || [ "$current_key" != "$key" ] || [ "$current_ebpf" != "$ebpf" ] || [ "$current_obfs" != "$obfs" ] || [ "$current_fast_open" != "$fast_open" ] || [ "$current_no_delay" != "$no_delay" ]; then
 		local settings
-		settings='{"port": '$port',"method":"'$method'","fast_open":'$fast_open',"reuse_port":true,"no_delay":'$no_delay',"mptcp":true,"key":"'$key'","ebpf":'$ebpf',"obfs":'$obfs',"obfs_plugin":"'$obfs_plugin'","obfs_type":"'$obfs_type'"}'
+		settings='{"port": '$port',"method":"'$method'","fast_open":'$fast_open',"reuse_port":true,"no_delay":'$no_delay',"mptcp":'$mptcp',"key":"'$key'","ebpf":'$ebpf',"obfs":'$obfs',"obfs_plugin":"'$obfs_plugin'","obfs_type":"'$obfs_type'"}'
 		_set_json "shadowsocks" "$settings"
 	fi
 }
@@ -736,7 +740,7 @@ _set_mptcp_vps() {
 	syn_retries="$(uci -q get network.globals.mptcp_syn_retries)"
 	congestion="$(uci -q get network.globals.congestion)"
 	[ -z "$congestion" ] && congestion="bbr"
-	if [ "$mptcp_enabled_current" != "$mptcp_enabled" ] || [ "$checksum_current" != "$checksum" ] || [ "$path_manager_current" != "$path_manager" ] || [ "$scheduler_current" != "$scheduler" ] || [ "$syn_retries_current" != "$syn_retries" ] || [ "$congestion_control_current" != "$congestion" ]; then
+	if [ "$mptcp_enabled_current" != "$mptcp_enabled" ] || [ "$checksum_current" != "$checksum" ] || ([ "$path_manager_current" != "" ] && [ "$path_manager_current" != "$path_manager" ]) || ([ "$scheduler_current" != "" ] && [ "$scheduler_current" != "$scheduler" ]) || ([ "$syn_retries_current" != "" ] && [ "$syn_retries_current" != "$syn_retries" ]) || [ "$congestion_control_current" != "$congestion" ]; then
 		settings='{"enabled" : "'$mptcp_enabled'", "checksum": "'$checksum'","path_manager": "'$path_manager'","scheduler": "'$scheduler'","syn_retries": "'$syn_retries'","congestion_control": "'$congestion'"}'
 		echo $(_set_json "mptcp" "$settings")
 	else
@@ -1542,13 +1546,18 @@ _set_config_from_vps() {
 	congestion="$(echo "$vps_config" | jsonfilter -q -e '@.network.congestion_control')"
 	uci -q batch <<-EOF >/dev/null
 		set network.globals.multipath=$mptcp_enabled
-		set network.globals.mptcp_path_manager=$mptcp_path_manager
-		set network.globals.mptcp_scheduler=$mptcp_scheduler
 		set network.globals.mptcp_checksum=$mptcp_checksum
-		set network.globals.mptcp_syn_retries=$mptcp_syn_retries
 		set network.globals.congestion=$congestion
 		commit network
 	EOF
+	if [ "$mptcp_path_manager" != "" ] && [ "$mptcp_scheduler" != "" ] && [ "$mptcp_syn_retries" != "" ]; then
+		uci -q batch <<-EOF >/dev/null
+			set network.globals.mptcp_path_manager=$mptcp_path_manager
+			set network.globals.mptcp_scheduler=$mptcp_scheduler
+			set network.globals.mptcp_syn_retries=$mptcp_syn_retries
+			commit network
+		EOF
+	fi
 
 	# Check if server get an IPv6, if not disable IPv6 on OMR
 	vps_ipv6_addr="$(echo "$vps_config" | jsonfilter -q -e '@.network.ipv6')"
diff --git a/openmptcprouter/files/etc/uci-defaults/1920-omr-network b/openmptcprouter/files/etc/uci-defaults/1920-omr-network
index 869ac62dd..8e27a8332 100755
--- a/openmptcprouter/files/etc/uci-defaults/1920-omr-network
+++ b/openmptcprouter/files/etc/uci-defaults/1920-omr-network
@@ -62,8 +62,8 @@ _setup_wan_interface() {
 	set network.$1.ip4table=wan
 	set network.$1.multipath=$3
 	set network.$1.defaultroute=0
-	set network.$1_dev=device
-	set network.$1_dev.name=$2
+	set network.${1}_dev=device
+	set network.${1}_dev.name=$2
 	commit network
 	add_list firewall.@zone[1].network=$1
 	commit firewall
diff --git a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
index 9fb334602..fe0cbdf61 100755
--- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
+++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
@@ -150,6 +150,14 @@ if [ "$(uci -q get firewall.gre_tunnel)" = "" ]; then
 		commit firewall
 	EOF
 fi
+if [ "$(uci -q get firewall.ttl)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set firewall.ttl=include
+		set firewall.ttl.path=/etc/firewall.ttl
+		set firewall.ttl.reload=1
+		commit firewall
+	EOF
+fi
 if [ "$(uci -q get firewall.fwlantovpn)" = "" ]; then
 	uci -q batch <<-EOF >/dev/null
 		set firewall.zone_lan.auto_helper='0'