Merge branch 'wifiwave2' into next

2024-05-14 08:04:19 +00:00 · 2023-08-09 18:56:29 +02:00 · 2023-08-09 18:56:29 +02:00 · 2c3e077b8e
commit 2c3e077b8e
parent c37739c2f6 92aca1aac0
36 changed files with 1341 additions and 348 deletions
--- a/20
+++ b/20
@ -2,25 +2,33 @@
 #  template scripts -> final scripts
 #  markdown files -> html files
-TEMPLATE = $(wildcard *.template.rsc)
+CAPSMAN = $(wildcard *.capsman.rsc)
-CAPSMAN = $(TEMPLATE:.template.rsc=.capsman.rsc)
+LOCAL = $(wildcard *.local.rsc)
-LOCAL = $(TEMPLATE:.template.rsc=.local.rsc)
+WIFIWAVE2 = $(wildcard *.wifiwave2.rsc)
 MARKDOWN = $(wildcard *.md doc/*.md doc/mod/*.md)
 HTML = $(MARKDOWN:.md=.html)
-all: $(CAPSMAN) $(LOCAL) $(HTML)
+all: $(CAPSMAN) $(LOCAL) $(WIFIWAVE2) $(HTML)
 %.html: %.md Makefile
 	markdown $< | sed 's/href="\([-_\./[:alnum:]]*\)\.md"/href="\1.html"/g' > $@
 %.local.rsc: %.template.rsc Makefile
-	sed -e '/\/caps-man/d' -e 's|%PATH%|interface\/wireless|' -e 's|%TEMPL%|.local|' \
+	sed -e '/\/caps-man/d' -e '/\/interface\/wifiwave2/d' -e 's|%TEMPL%|.local|' \
 		-e '/^# NOT \/interface\/wireless #$$/,/^# NOT \/interface\/wireless #$$/d' \
 		-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
 		< $< > $@
 %.capsman.rsc: %.template.rsc Makefile
-	sed -e '/\/interface\/wireless/d' -e 's|%PATH%|caps-man|' -e 's|%TEMPL%|.capsman|' \
+	sed -e '/\/interface\/wifiwave2/d' -e '/\/interface\/wireless/d' -e 's|%TEMPL%|.capsman|' \
 		-e '/^# NOT \/caps-man #$$/,/^# NOT \/caps-man #$$/d' \
 		-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
 		< $< > $@
 %.wifiwave2.rsc: %.template.rsc Makefile
 	sed -e '/\/caps-man/d' -e '/\/interface\/wireless/d' -e 's|%TEMPL%|.wifiwave2|' \
 		-e '/^# NOT \/interface\/wifiwave2 #$$/,/^# NOT \/interface\/wifiwave2 #$$/d' \
 		-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
 		< $< > $@
--- a/accesslist-duplicates.template.rsc
+++ b/accesslist-duplicates.template.rsc
@ -6,8 +6,8 @@
 # print duplicate antries in wireless access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md
 #
-# !! This is just a template! Replace '%PATH%' with 'caps-man'
+# !! This is just a template to generate the real script!
-# !! or 'interface wireless'!
+# !! Pattern '%TEMPL%' is replaced, paths are filtered.
 :local 0 "accesslist-duplicates%TEMPL%";
 :global GlobalFunctionsReady;
@ -18,8 +18,12 @@
 :local Seen ({});
 :local Shown ({});
-:foreach AccList in=[ /%PATH%/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
+:foreach AccList in=[ /caps-man/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
-  :local Mac [ /%PATH%/access-list/get $AccList mac-address ];
+:foreach AccList in=[ /interface/wifiwave2/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
 :foreach AccList in=[ /interface/wireless/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
  :local Mac [ /caps-man/access-list/get $AccList mac-address ];
  :local Mac [ /interface/wifiwave2/access-list/get $AccList mac-address ];
  :local Mac [ /interface/wireless/access-list/get $AccList mac-address ];
  :foreach SeenMac in=$Seen do={
    :if ($SeenMac = $Mac) do={
      :local Skip 0;
@ -27,14 +31,18 @@
        :if ($ShownMac = $Mac) do={ :set Skip 1; }
      }
      :if ($Skip = 0) do={
-        /%PATH%/access-list/print where mac-address=$Mac;
+        /caps-man/access-list/print where mac-address=$Mac;
        /interface/wifiwave2/access-list/print where mac-address=$Mac;
        /interface/wireless/access-list/print where mac-address=$Mac;
        :set Shown ($Shown, $Mac);
        :put "\nNumeric id to remove, any key to skip!";
        :local Remove [ :tonum [ $Read ] ];
        :if ([ :typeof $Remove ] = "num") do={
          :put ("Removing numeric id " . $Remove . "...\n");
-          /%PATH%/access-list/remove $Remove;
+          /caps-man/access-list/remove $Remove;
          /interface/wifiwave2/access-list/remove $Remove;
          /interface/wireless/access-list/remove $Remove;
        }
      }
    }
--- a/accesslist-duplicates.wifiwave2.rsc
+++ b/accesslist-duplicates.wifiwave2.rsc
@ -0,0 +1,42 @@
 #!rsc by RouterOS
 # RouterOS script: accesslist-duplicates.wifiwave2
 # Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # print duplicate antries in wireless access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "accesslist-duplicates.wifiwave2";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global Read;
 :local Seen ({});
 :local Shown ({});
 :foreach AccList in=[ /interface/wifiwave2/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
  :local Mac [ /interface/wifiwave2/access-list/get $AccList mac-address ];
  :foreach SeenMac in=$Seen do={
    :if ($SeenMac = $Mac) do={
      :local Skip 0;
      :foreach ShownMac in=$Shown do={
        :if ($ShownMac = $Mac) do={ :set Skip 1; }
      }
      :if ($Skip = 0) do={
        /interface/wifiwave2/access-list/print where mac-address=$Mac;
        :set Shown ($Shown, $Mac);
        :put "\nNumeric id to remove, any key to skip!";
        :local Remove [ :tonum [ $Read ] ];
        :if ([ :typeof $Remove ] = "num") do={
          :put ("Removing numeric id " . $Remove . "...\n");
          /interface/wifiwave2/access-list/remove $Remove;
        }
      }
    }
  }
  :set Seen ($Seen, $Mac);
 }
--- a/capsman-download-packages.capsman.rsc
+++ b/capsman-download-packages.capsman.rsc
@ -0,0 +1,89 @@
 #!rsc by RouterOS
 # RouterOS script: capsman-download-packages.capsman
 # Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # download and cleanup packages for CAP installation from CAPsMAN
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "capsman-download-packages.capsman";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global CleanFilePath;
 :global DownloadPackage;
 :global LogPrintExit2;
 :global MkDir;
 :global ScriptLock;
 :global WaitFullyConnected;
 $ScriptLock $0;
 $WaitFullyConnected;
 :local PackagePath [ $CleanFilePath [ /caps-man/manager/get package-path ] ];
 :local InstalledVersion [ /system/package/update/get installed-version ];
 :local Updated false;
 :if ([ :len $PackagePath ] = 0) do={
  $LogPrintExit2 warning $0 ("The CAPsMAN package path is not defined, can not download packages.") true;
 }
 :if ([ :len [ /file/find where name=$PackagePath type="directory" ] ] = 0) do={
  :if ([ $MkDir $PackagePath ] = false) do={
    $LogPrintExit2 warning $0 ("Creating directory at CAPsMAN package path (" . \
      $PackagePath . ") failed!") true;
  }
  $LogPrintExit2 info $0 ("Created directory at CAPsMAN package path (" . $PackagePath . \
    "). Please place your packages!") false;
 }
 :foreach Package in=[ /file/find where type=package \
      package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={
  :local File [ /file/get $Package ];
  :if ($File->"package-architecture" = "mips") do={
    :set ($File->"package-architecture") "mipsbe";
  }
  :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \
       ($File->"package-architecture") $PackagePath ] = true) do={
    :set Updated true;
    /file/remove $Package;
  }
 }
 :if ([ :len [ /system/logging/find where topics~"error" !(topics~"!error") \
     !(topics~"!caps") action=memory !disabled !invalid ] ] < 1) do={
  $LogPrintExit2 warning $0 ("Looks like error messages for 'caps' are not sent to memory. " . \
      "Probably can not download packages automatically.") false;
 } else={
  :if ($Updated = false && [ /system/resource/get uptime ] < 2m) do={
    $LogPrintExit2 info $0 ("No packages downloaded, yet. Delaying for logs.") false;
    :delay 2m;
  }
 }
 :foreach Log in=[ /log/find where topics=({"caps"; "error"}) \
    message~("upgrade status: failed, failed to download file '.*-" . $InstalledVersion . \
    "-.*\\.npk', no such file") ] do={
  :local Message [ /log/get $Log message ];
  :local Package [ :pick $Message \
    ([ :find $Message "'" ] + 1) \
    [ :find $Message ("-" . $InstalledVersion . "-") ] ];
  :local Arch [ :pick $Message \
    ([ :find $Message ("-" . $InstalledVersion . "-") ] + 2 + [ :len $InstalledVersion ]) \
    [ :find $Message ".npk" ] ];
  :if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={
    :set Updated true;
  }
 }
 :if ($Updated = true) do={
  :local Script ([ /system/script/find where source~"\n# provides: capsman-rolling-upgrade\n" ]->0);
  :if ([ :len $Script ] > 0) do={
    /system/script/run $Script;
  } else={
    /caps-man/remote-cap/upgrade [ find where version!=$InstalledVersion ];
  }
 }
--- a/capsman-download-packages.rsc
+++ b/capsman-download-packages.rsc
@ -1,86 +1,3 @@
 #!rsc by RouterOS
 # RouterOS script: capsman-download-packages
 # Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
-# download and cleanup packages for CAP installation from CAPsMAN
+# dummy for migration
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md
 :local 0 "capsman-download-packages";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global CleanFilePath;
 :global DownloadPackage;
 :global LogPrintExit2;
 :global MkDir;
 :global ScriptLock;
 :global WaitFullyConnected;
 $ScriptLock $0;
 $WaitFullyConnected;
 :local PackagePath [ $CleanFilePath [ /caps-man/manager/get package-path ] ];
 :local InstalledVersion [ /system/package/update/get installed-version ];
 :local Updated false;
 :if ([ :len $PackagePath ] = 0) do={
  $LogPrintExit2 warning $0 ("The CAPsMAN package path is not defined, can not download packages.") true;
 }
 :if ([ :len [ /file/find where name=$PackagePath type="directory" ] ] = 0) do={
  :if ([ $MkDir $PackagePath ] = false) do={
    $LogPrintExit2 warning $0 ("Creating directory at CAPsMAN package path (" . \
      $PackagePath . ") failed!") true;
  }
  $LogPrintExit2 info $0 ("Created directory at CAPsMAN package path (" . $PackagePath . \
    "). Please place your packages!") false;
 }
 :foreach Package in=[ /file/find where type=package \
      package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={
  :local File [ /file/get $Package ];
  :if ($File->"package-architecture" = "mips") do={
    :set ($File->"package-architecture") "mipsbe";
  }
  :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \
       ($File->"package-architecture") $PackagePath ] = true) do={
    :set Updated true;
    /file/remove $Package;
  }
 }
 :if ([ :len [ /system/logging/find where topics~"error" !(topics~"!error") \
     !(topics~"!caps") action=memory !disabled !invalid ] ] < 1) do={
  $LogPrintExit2 warning $0 ("Looks like error messages for 'caps' are not sent to memory. " . \
      "Probably can not download packages automatically.") false;
 } else={
  :if ($Updated = false && [ /system/resource/get uptime ] < 2m) do={
    $LogPrintExit2 info $0 ("No packages downloaded, yet. Delaying for logs.") false;
    :delay 2m;
  }
 }
 :foreach Log in=[ /log/find where topics=({"caps"; "error"}) \
    message~("upgrade status: failed, failed to download file '.*-" . $InstalledVersion . \
    "-.*\\.npk', no such file") ] do={
  :local Message [ /log/get $Log message ];
  :local Package [ :pick $Message \
    ([ :find $Message "'" ] + 1) \
    [ :find $Message ("-" . $InstalledVersion . "-") ] ];
  :local Arch [ :pick $Message \
    ([ :find $Message ("-" . $InstalledVersion . "-") ] + 2 + [ :len $InstalledVersion ]) \
    [ :find $Message ".npk" ] ];
  :if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={
    :set Updated true;
  }
 }
 :if ($Updated = true) do={
  :if ([ :len [ /system/script/find where name="capsman-rolling-upgrade" ] ] > 0) do={
    /system/script/run capsman-rolling-upgrade;
  } else={
    /caps-man/remote-cap/upgrade [ find where version!=$InstalledVersion ];
  }
 }
--- a/capsman-download-packages.template.rsc
+++ b/capsman-download-packages.template.rsc
@ -0,0 +1,106 @@
 #!rsc by RouterOS
 # RouterOS script: capsman-download-packages%TEMPL%
 # Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # download and cleanup packages for CAP installation from CAPsMAN
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md
 #
 # !! This is just a template! Replace '%PATH%' with 'caps-man',
 # !! 'interface/wireless' or 'interface/wifiwave2'!
 :local 0 "capsman-download-packages%TEMPL%";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global CleanFilePath;
 :global DownloadPackage;
 :global LogPrintExit2;
 :global MkDir;
 :global ScriptLock;
 :global WaitFullyConnected;
 $ScriptLock $0;
 $WaitFullyConnected;
 :local PackagePath [ $CleanFilePath [ /caps-man/manager/get package-path ] ];
 :local PackagePath [ $CleanFilePath [ /interface/wifiwave2/capsman/get package-path ] ];
 :local InstalledVersion [ /system/package/update/get installed-version ];
 :local Updated false;
 :if ([ :len $PackagePath ] = 0) do={
  $LogPrintExit2 warning $0 ("The CAPsMAN package path is not defined, can not download packages.") true;
 }
 :if ([ :len [ /file/find where name=$PackagePath type="directory" ] ] = 0) do={
  :if ([ $MkDir $PackagePath ] = false) do={
    $LogPrintExit2 warning $0 ("Creating directory at CAPsMAN package path (" . \
      $PackagePath . ") failed!") true;
  }
  $LogPrintExit2 info $0 ("Created directory at CAPsMAN package path (" . $PackagePath . \
    "). Please place your packages!") false;
 }
 :foreach Package in=[ /file/find where type=package \
      package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={
  :local File [ /file/get $Package ];
  :if ($File->"package-architecture" = "mips") do={
    :set ($File->"package-architecture") "mipsbe";
  }
  :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \
       ($File->"package-architecture") $PackagePath ] = true) do={
    :set Updated true;
    /file/remove $Package;
  }
 }
 # NOT /interface/wifiwave2 #
 :if ([ :len [ /system/logging/find where topics~"error" !(topics~"!error") \
     !(topics~"!caps") action=memory !disabled !invalid ] ] < 1) do={
  $LogPrintExit2 warning $0 ("Looks like error messages for 'caps' are not sent to memory. " . \
      "Probably can not download packages automatically.") false;
 } else={
  :if ($Updated = false && [ /system/resource/get uptime ] < 2m) do={
    $LogPrintExit2 info $0 ("No packages downloaded, yet. Delaying for logs.") false;
    :delay 2m;
  }
 }
 :foreach Log in=[ /log/find where topics=({"caps"; "error"}) \
    message~("upgrade status: failed, failed to download file '.*-" . $InstalledVersion . \
    "-.*\\.npk', no such file") ] do={
  :local Message [ /log/get $Log message ];
  :local Package [ :pick $Message \
    ([ :find $Message "'" ] + 1) \
    [ :find $Message ("-" . $InstalledVersion . "-") ] ];
  :local Arch [ :pick $Message \
    ([ :find $Message ("-" . $InstalledVersion . "-") ] + 2 + [ :len $InstalledVersion ]) \
    [ :find $Message ".npk" ] ];
  :if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={
    :set Updated true;
  }
 }
 # NOT /interface/wifiwave2 #
 # NOT /caps-man #
 :if ([ :len [ /file/find where type=package name~("^" . $PackagePath) ] ] = 0) do={
  $LogPrintExit2 info $0 ("No packages available, downloading default set.") false;
  :foreach Arch in={ "arm"; "arm64" } do={
    :foreach Package in={ "routeros"; "wifiwave2" } do={
      :if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={
        :set Updated true;
      }
    }
  }
 }
 # NOT /caps-man #
 :if ($Updated = true) do={
  :local Script ([ /system/script/find where source~"\n# provides: capsman-rolling-upgrade\n" ]->0);
  :if ([ :len $Script ] > 0) do={
    /system/script/run $Script;
  } else={
    /caps-man/remote-cap/upgrade [ find where version!=$InstalledVersion ];
    /interface/wifiwave2/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ];
  }
 }
--- a/capsman-download-packages.wifiwave2.rsc
+++ b/capsman-download-packages.wifiwave2.rsc
@ -0,0 +1,74 @@
 #!rsc by RouterOS
 # RouterOS script: capsman-download-packages.wifiwave2
 # Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # download and cleanup packages for CAP installation from CAPsMAN
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "capsman-download-packages.wifiwave2";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global CleanFilePath;
 :global DownloadPackage;
 :global LogPrintExit2;
 :global MkDir;
 :global ScriptLock;
 :global WaitFullyConnected;
 $ScriptLock $0;
 $WaitFullyConnected;
 :local PackagePath [ $CleanFilePath [ /interface/wifiwave2/capsman/get package-path ] ];
 :local InstalledVersion [ /system/package/update/get installed-version ];
 :local Updated false;
 :if ([ :len $PackagePath ] = 0) do={
  $LogPrintExit2 warning $0 ("The CAPsMAN package path is not defined, can not download packages.") true;
 }
 :if ([ :len [ /file/find where name=$PackagePath type="directory" ] ] = 0) do={
  :if ([ $MkDir $PackagePath ] = false) do={
    $LogPrintExit2 warning $0 ("Creating directory at CAPsMAN package path (" . \
      $PackagePath . ") failed!") true;
  }
  $LogPrintExit2 info $0 ("Created directory at CAPsMAN package path (" . $PackagePath . \
    "). Please place your packages!") false;
 }
 :foreach Package in=[ /file/find where type=package \
      package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={
  :local File [ /file/get $Package ];
  :if ($File->"package-architecture" = "mips") do={
    :set ($File->"package-architecture") "mipsbe";
  }
  :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \
       ($File->"package-architecture") $PackagePath ] = true) do={
    :set Updated true;
    /file/remove $Package;
  }
 }
 :if ([ :len [ /file/find where type=package name~("^" . $PackagePath) ] ] = 0) do={
  $LogPrintExit2 info $0 ("No packages available, downloading default set.") false;
  :foreach Arch in={ "arm"; "arm64" } do={
    :foreach Package in={ "routeros"; "wifiwave2" } do={
      :if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={
        :set Updated true;
      }
    }
  }
 }
 :if ($Updated = true) do={
  :local Script ([ /system/script/find where source~"\n# provides: capsman-rolling-upgrade\n" ]->0);
  :if ([ :len $Script ] > 0) do={
    /system/script/run $Script;
  } else={
    /interface/wifiwave2/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ];
  }
 }
--- a/capsman-rolling-upgrade.capsman.rsc
+++ b/capsman-rolling-upgrade.capsman.rsc
@ -0,0 +1,40 @@
 #!rsc by RouterOS
 # RouterOS script: capsman-rolling-upgrade.capsman
 # Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: capsman-rolling-upgrade
 #
 # upgrade CAPs one after another
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "capsman-rolling-upgrade.capsman";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global LogPrintExit2;
 :global ScriptLock;
 $ScriptLock $0;
 :local InstalledVersion [ /system/package/update/get installed-version ];
 :local RemoteCapCount [ :len [ /caps-man/remote-cap/find ] ];
 :if ($RemoteCapCount > 0) do={
  :local Delay (600 / $RemoteCapCount);
  :if ($Delay > 120) do={ :set Delay 120; }
  :foreach RemoteCap in=[ /caps-man/remote-cap/find where version!=$InstalledVersion ] do={
    :local RemoteCapVal [ /caps-man/remote-cap/get $RemoteCap ];
    :if ([ :len $RemoteCapVal ] > 1) do={
      $LogPrintExit2 info $0 ("Starting upgrade for " . $RemoteCapVal->"name" . \
        " (" . $RemoteCapVal->"identity" . ")...") false;
      /caps-man/remote-cap/upgrade $RemoteCap;
    } else={
      $LogPrintExit2 warning $0 ("Remote CAP vanished, skipping upgrade.") false;
    }
    :delay ($Delay . "s");
  }
 }
--- a/capsman-rolling-upgrade.rsc
+++ b/capsman-rolling-upgrade.rsc
@ -1,36 +1,3 @@
 #!rsc by RouterOS
 # RouterOS script: capsman-rolling-upgrade
 # Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
-# upgrade CAPs one after another
+# dummy for migration
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md
 :local 0 "capsman-rolling-upgrade";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global LogPrintExit2;
 :global ScriptLock;
 $ScriptLock $0;
 :local InstalledVersion [ /system/package/update/get installed-version ];
 :local RemoteCapCount [ :len [ /caps-man/remote-cap/find ] ];
 :if ($RemoteCapCount > 0) do={
  :local Delay (600 / $RemoteCapCount);
  :if ($Delay > 120) do={ :set Delay 120; }
  :foreach RemoteCap in=[ /caps-man/remote-cap/find where version!=$InstalledVersion ] do={
    :local RemoteCapVal [ /caps-man/remote-cap/get $RemoteCap ];
    :if ([ :len $RemoteCapVal ] > 1) do={
      $LogPrintExit2 info $0 ("Starting upgrade for " . $RemoteCapVal->"name" . \
        " (" . $RemoteCapVal->"identity" . ")...") false;
      /caps-man/remote-cap/upgrade $RemoteCap;
    } else={
      $LogPrintExit2 warning $0 ("Remote CAP vanished, skipping upgrade.") false;
    }
    :delay ($Delay . "s");
  }
 }
--- a/capsman-rolling-upgrade.template.rsc
+++ b/capsman-rolling-upgrade.template.rsc
@ -0,0 +1,48 @@
 #!rsc by RouterOS
 # RouterOS script: capsman-rolling-upgrade%TEMPL%
 # Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: capsman-rolling-upgrade
 #
 # upgrade CAPs one after another
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md
 #
 # !! This is just a template! Replace '%PATH%' with 'caps-man',
 # !! 'interface/wireless' or 'interface/wifiwave2'!
 :local 0 "capsman-rolling-upgrade%TEMPL%";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global LogPrintExit2;
 :global ScriptLock;
 $ScriptLock $0;
 :local InstalledVersion [ /system/package/update/get installed-version ];
 :local RemoteCapCount [ :len [ /caps-man/remote-cap/find ] ];
 :local RemoteCapCount [ :len [ /interface/wifiwave2/capsman/remote-cap/find ] ];
 :if ($RemoteCapCount > 0) do={
  :local Delay (600 / $RemoteCapCount);
  :if ($Delay > 120) do={ :set Delay 120; }
  :foreach RemoteCap in=[ /caps-man/remote-cap/find where version!=$InstalledVersion ] do={
  :foreach RemoteCap in=[ /interface/wifiwave2/capsman/remote-cap/find where version!=$InstalledVersion ] do={
    :local RemoteCapVal [ /caps-man/remote-cap/get $RemoteCap ];
    :local RemoteCapVal [ /interface/wifiwave2/capsman/remote-cap/get $RemoteCap ];
    :if ([ :len $RemoteCapVal ] > 1) do={
 # NOT /caps-man #
      :set ($RemoteCapVal->"name") ($RemoteCapVal->"common-name");
 # NOT /caps-man #
      $LogPrintExit2 info $0 ("Starting upgrade for " . $RemoteCapVal->"name" . \
        " (" . $RemoteCapVal->"identity" . ")...") false;
      /caps-man/remote-cap/upgrade $RemoteCap;
      /interface/wifiwave2/capsman/remote-cap/upgrade $RemoteCap;
    } else={
      $LogPrintExit2 warning $0 ("Remote CAP vanished, skipping upgrade.") false;
    }
    :delay ($Delay . "s");
  }
 }
--- a/capsman-rolling-upgrade.wifiwave2.rsc
+++ b/capsman-rolling-upgrade.wifiwave2.rsc
@ -0,0 +1,41 @@
 #!rsc by RouterOS
 # RouterOS script: capsman-rolling-upgrade.wifiwave2
 # Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: capsman-rolling-upgrade
 #
 # upgrade CAPs one after another
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "capsman-rolling-upgrade.wifiwave2";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global LogPrintExit2;
 :global ScriptLock;
 $ScriptLock $0;
 :local InstalledVersion [ /system/package/update/get installed-version ];
 :local RemoteCapCount [ :len [ /interface/wifiwave2/capsman/remote-cap/find ] ];
 :if ($RemoteCapCount > 0) do={
  :local Delay (600 / $RemoteCapCount);
  :if ($Delay > 120) do={ :set Delay 120; }
  :foreach RemoteCap in=[ /interface/wifiwave2/capsman/remote-cap/find where version!=$InstalledVersion ] do={
    :local RemoteCapVal [ /interface/wifiwave2/capsman/remote-cap/get $RemoteCap ];
    :if ([ :len $RemoteCapVal ] > 1) do={
      :set ($RemoteCapVal->"name") ($RemoteCapVal->"common-name");
      $LogPrintExit2 info $0 ("Starting upgrade for " . $RemoteCapVal->"name" . \
        " (" . $RemoteCapVal->"identity" . ")...") false;
      /interface/wifiwave2/capsman/remote-cap/upgrade $RemoteCap;
    } else={
      $LogPrintExit2 warning $0 ("Remote CAP vanished, skipping upgrade.") false;
    }
    :delay ($Delay . "s");
  }
 }
--- a/collect-wireless-mac.capsman.rsc
+++ b/collect-wireless-mac.capsman.rsc
@ -3,11 +3,11 @@
 # Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=40
 #
 # collect wireless mac adresses in access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
 #
 # provides: lease-script, order=40
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "collect-wireless-mac.capsman";
--- a/collect-wireless-mac.local.rsc
+++ b/collect-wireless-mac.local.rsc
@ -3,11 +3,11 @@
 # Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=40
 #
 # collect wireless mac adresses in access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
 #
 # provides: lease-script, order=40
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "collect-wireless-mac.local";
--- a/collect-wireless-mac.template.rsc
+++ b/collect-wireless-mac.template.rsc
@ -3,13 +3,13 @@
 # Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=40
 #
 # collect wireless mac adresses in access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
 #
-# provides: lease-script, order=40
+# !! This is just a template to generate the real script!
-#
+# !! Pattern '%TEMPL%' is replaced, paths are filtered.
 # !! This is just a template! Replace '%PATH%' with 'caps-man'
 # !! or 'interface wireless'!
 :local 0 "collect-wireless-mac%TEMPL%";
 :global GlobalFunctionsReady;
@ -27,25 +27,39 @@
 $ScriptLock $0 false 10;
-:if ([ :len [ /%PATH%/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
+:if ([ :len [ /caps-man/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
-  /%PATH%/access-list/add comment="--- collected above ---" disabled=yes;
+:if ([ :len [ /interface/wifiwave2/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
 :if ([ :len [ /interface/wireless/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
  /caps-man/access-list/add comment="--- collected above ---" disabled=yes;
  /interface/wifiwave2/access-list/add comment="--- collected above ---" disabled=yes;
  /interface/wireless/access-list/add comment="--- collected above ---" disabled=yes;
  $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- collected above ---'.") false;
 }
-:local PlaceBefore ([ /%PATH%/access-list/find where comment="--- collected above ---" disabled ]->0);
+:local PlaceBefore ([ /caps-man/access-list/find where comment="--- collected above ---" disabled ]->0);
 :local PlaceBefore ([ /interface/wifiwave2/access-list/find where comment="--- collected above ---" disabled ]->0);
 :local PlaceBefore ([ /interface/wireless/access-list/find where comment="--- collected above ---" disabled ]->0);
-:foreach Reg in=[ /%PATH%/registration-table/find ] do={
+:foreach Reg in=[ /caps-man/registration-table/find ] do={
 :foreach Reg in=[ /interface/wifiwave2/registration-table/find ] do={
 :foreach Reg in=[ /interface/wireless/registration-table/find ] do={
  :local RegVal;
  :do {
-    :set RegVal [ /%PATH%/registration-table/get $Reg ];
+    :set RegVal [ /caps-man/registration-table/get $Reg ];
    :set RegVal [ /interface/wifiwave2/registration-table/get $Reg ];
    :set RegVal [ /interface/wireless/registration-table/get $Reg ];
  } on-error={
    $LogPrintExit2 debug $0 ("Device already gone... Ignoring.") false;
  }
  :if ([ :len ($RegVal->"mac-address") ] > 0) do={
-    :local AccessList ([ /%PATH%/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
+    :local AccessList ([ /caps-man/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
    :local AccessList ([ /interface/wifiwave2/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
    :local AccessList ([ /interface/wireless/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
    :if ([ :len $AccessList ] > 0) do={
      $LogPrintExit2 debug $0 ("MAC address " . $RegVal->"mac-address" . " already known: " . \
-        [ /%PATH%/access-list/get $AccessList comment ]) false;
+        [ /caps-man/access-list/get $AccessList comment ]) false;
        [ /interface/wifiwave2/access-list/get $AccessList comment ]) false;
        [ /interface/wireless/access-list/get $AccessList comment ]) false;
    }
    :if ([ :len $AccessList ] = 0) do={
@ -68,7 +82,9 @@ $ScriptLock $0 false 10;
      :local Message ("MAC address " . $RegVal->"mac-address" . " (" . $Vendor . ", " . $HostName . ") " . \
        "first seen on " . $DateTime . " connected to SSID " . $RegVal->"ssid" . ", interface " . $RegVal->"interface");
      $LogPrintExit2 info $0 $Message false;
-      /%PATH%/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
+      /caps-man/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
      /interface/wifiwave2/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
      /interface/wireless/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
      $SendNotification2 ({ origin=$0; \
        subject=([ $SymbolForNotification "mobile-phone" ] . $RegVal->"mac-address" . " connected to " . $RegVal->"ssid"); \
        message=("A device with unknown MAC address connected to " . $RegVal->"ssid" . " on " . $Identity . ".\n\n" . \
--- a/collect-wireless-mac.wifiwave2.rsc
+++ b/collect-wireless-mac.wifiwave2.rsc
@ -0,0 +1,86 @@
 #!rsc by RouterOS
 # RouterOS script: collect-wireless-mac.wifiwave2
 # Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=40
 #
 # collect wireless mac adresses in access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "collect-wireless-mac.wifiwave2";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global Identity;
 :global EitherOr;
 :global FormatLine;
 :global GetMacVendor;
 :global LogPrintExit2;
 :global ScriptLock;
 :global SendNotification2;
 :global SymbolForNotification;
 $ScriptLock $0 false 10;
 :if ([ :len [ /interface/wifiwave2/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
  /interface/wifiwave2/access-list/add comment="--- collected above ---" disabled=yes;
  $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- collected above ---'.") false;
 }
 :local PlaceBefore ([ /interface/wifiwave2/access-list/find where comment="--- collected above ---" disabled ]->0);
 :foreach Reg in=[ /interface/wifiwave2/registration-table/find ] do={
  :local RegVal;
  :do {
    :set RegVal [ /interface/wifiwave2/registration-table/get $Reg ];
  } on-error={
    $LogPrintExit2 debug $0 ("Device already gone... Ignoring.") false;
  }
  :if ([ :len ($RegVal->"mac-address") ] > 0) do={
    :local AccessList ([ /interface/wifiwave2/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
    :if ([ :len $AccessList ] > 0) do={
      $LogPrintExit2 debug $0 ("MAC address " . $RegVal->"mac-address" . " already known: " . \
        [ /interface/wifiwave2/access-list/get $AccessList comment ]) false;
    }
    :if ([ :len $AccessList ] = 0) do={
      :local Address "no dhcp lease";
      :local DnsName "no dhcp lease";
      :local HostName "no dhcp lease";
      :local Lease ([ /ip/dhcp-server/lease/find where active-mac-address=($RegVal->"mac-address") dynamic=yes status=bound ]->0);
      :if ([ :len $Lease ] > 0) do={
        :set Address [ /ip/dhcp-server/lease/get $Lease active-address ];
        :set HostName [ $EitherOr [ /ip/dhcp-server/lease/get $Lease host-name ] "no hostname" ];
        :set DnsName "no dns name";
        :local DnsRec ([ /ip/dns/static/find where address=$Address ]->0);
        :if ([ :len $DnsRec ] > 0) do={
          :set DnsName [ /ip/dns/static/get $DnsRec name ];
        }
      }
      :local DateTime ([ /system/clock/get date ] . " " . [ /system/clock/get time ]);
      :local Vendor [ $GetMacVendor ($RegVal->"mac-address") ];
      :local Message ("MAC address " . $RegVal->"mac-address" . " (" . $Vendor . ", " . $HostName . ") " . \
        "first seen on " . $DateTime . " connected to SSID " . $RegVal->"ssid" . ", interface " . $RegVal->"interface");
      $LogPrintExit2 info $0 $Message false;
      /interface/wifiwave2/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
      $SendNotification2 ({ origin=$0; \
        subject=([ $SymbolForNotification "mobile-phone" ] . $RegVal->"mac-address" . " connected to " . $RegVal->"ssid"); \
        message=("A device with unknown MAC address connected to " . $RegVal->"ssid" . " on " . $Identity . ".\n\n" . \
          [ $FormatLine "Controller" $Identity ] . "\n" . \
          [ $FormatLine "Interface" ($RegVal->"interface") ] . "\n" . \
          [ $FormatLine "SSID" ($RegVal->"ssid") ] . "\n" . \
          [ $FormatLine "MAC" ($RegVal->"mac-address") ] . "\n" . \
          [ $FormatLine "Vendor" $Vendor ] . "\n" . \
          [ $FormatLine "Hostname" $HostName ] . "\n" . \
          [ $FormatLine "Address" $Address ] . "\n" . \
          [ $FormatLine "DNS name" $DnsName ] . "\n" . \
          [ $FormatLine "Date" $DateTime ]) });
    }
  } else={
    $LogPrintExit2 debug $0 ("No mac address available... Ignoring.") false;
  }
 }
--- a/daily-psk.template.rsc
+++ b/daily-psk.template.rsc
@ -7,8 +7,8 @@
 # update daily PSK (pre shared key)
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md
 #
-# !! This is just a template! Replace '%PATH%' with 'caps-man'
+# !! This is just a template to generate the real script!
-# !! or 'interface wireless'!
+# !! Pattern '%TEMPL%' is replaced, paths are filtered.
 :local 0 "daily-psk%TEMPL%";
 :global GlobalFunctionsReady;
@ -55,24 +55,32 @@ $WaitFullyConnected;
 :local Date [ /system/clock/get date ];
 :local NewPsk [ $GeneratePSK $Date ];
-:foreach AccList in=[ /%PATH%/access-list/find where comment~$DailyPskMatchComment ] do={
+:foreach AccList in=[ /caps-man/access-list/find where comment~$DailyPskMatchComment ] do={
 :foreach AccList in=[ /interface/wifiwave2/access-list/find where comment~$DailyPskMatchComment ] do={
 :foreach AccList in=[ /interface/wireless/access-list/find where comment~$DailyPskMatchComment ] do={
  :local SsidRegExp [ /caps-man/access-list/get $AccList ssid-regexp ];
  :local SsidRegExp [ /interface/wifiwave2/access-list/get $AccList ssid-regexp ];
  :local Configuration ([ /caps-man/configuration/find where ssid~$SsidRegExp ]->0);
  :local Configuration ([ /interface/wifiwave2/configuration/find where ssid~$SsidRegExp ]->0);
  :local Ssid [ /caps-man/configuration/get $Configuration ssid ];
  :local Ssid [ /interface/wifiwave2/configuration/get $Configuration ssid ];
  :local OldPsk [ /caps-man/access-list/get $AccList private-passphrase ];
  :local OldPsk [ /interface/wifiwave2/access-list/get $AccList passphrase ];
  # /caps-man /interface/wifiwave2 above - /interface/wireless below
  :local IntName [ /interface/wireless/access-list/get $AccList interface ];
  :local Ssid [ /interface/wireless/get $IntName ssid ];
  :local OldPsk [ /interface/wireless/access-list/get $AccList private-pre-shared-key ];
  # /interface/wireless above - /caps-man below
  :local SsidRegExp [ /caps-man/access-list/get $AccList ssid-regexp ];
  :local Configuration ([ /caps-man/configuration/find where ssid~$SsidRegExp ]->0);
  :local Ssid [ /caps-man/configuration/get $Configuration ssid ];
  :local OldPsk [ /caps-man/access-list/get $AccList private-passphrase ];
  :local Skip 0;
  :if ($NewPsk != $OldPsk) do={
    $LogPrintExit2 info $0 ("Updating daily PSK for " . $Ssid . " to " . $NewPsk . " (was " . $OldPsk . ")") false;
    /interface/wireless/access-list/set $AccList private-pre-shared-key=$NewPsk;
    /caps-man/access-list/set $AccList private-passphrase=$NewPsk;
    /interface/wifiwave2/access-list/set $AccList passphrase=$NewPsk;
    /interface/wireless/access-list/set $AccList private-pre-shared-key=$NewPsk;
    :if ([ :len [ /interface/wireless/find where name=$IntName !disabled ] ] = 1) do={
    :if ([ :len [ /caps-man/actual-interface-configuration/find where configuration.ssid=$Ssid !disabled ] ] > 0) do={
    :if ([ :len [ /interface/wifiwave2/actual-configuration/find where configuration.ssid=$Ssid ] ] > 0) do={
    :if ([ :len [ /interface/wireless/find where name=$IntName !disabled ] ] = 1) do={
      :foreach SeenSsid in=$Seen do={
        :if ($SeenSsid = $Ssid) do={
          $LogPrintExit2 debug $0 ("Already sent a mail for SSID " . $Ssid . ", skipping.") false;
--- a/daily-psk.wifiwave2.rsc
+++ b/daily-psk.wifiwave2.rsc
@ -0,0 +1,90 @@
 #!rsc by RouterOS
 # RouterOS script: daily-psk.wifiwave2
 # Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # update daily PSK (pre shared key)
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "daily-psk.wifiwave2";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global DailyPskMatchComment;
 :global DailyPskQrCodeUrl;
 :global Identity;
 :global FormatLine;
 :global LogPrintExit2;
 :global ScriptLock;
 :global SendNotification2;
 :global SymbolForNotification;
 :global UrlEncode;
 :global WaitForFile;
 :global WaitFullyConnected;
 $ScriptLock $0;
 $WaitFullyConnected;
 # return pseudo-random string for PSK
 :local GeneratePSK do={
  :local Date [ :tostr $1 ];
  :global DailyPskSecrets;
  :global ParseDate;
  :set Date [ $ParseDate $Date ];
  :local A ((14 - ($Date->"month")) / 12);
  :local B (($Date->"year") - $A);
  :local C (($Date->"month") + 12 * $A - 2);
  :local WeekDay (7000 + ($Date->"day") + $B + ($B / 4) - ($B / 100) + ($B / 400) + ((31 * $C) / 12));
  :set WeekDay ($WeekDay - (($WeekDay / 7) * 7));
  :return (($DailyPskSecrets->0->(($Date->"day") - 1)) . \
    ($DailyPskSecrets->1->(($Date->"month") - 1)) . \
    ($DailyPskSecrets->2->$WeekDay));
 }
 :local Seen ({});
 :local Date [ /system/clock/get date ];
 :local NewPsk [ $GeneratePSK $Date ];
 :foreach AccList in=[ /interface/wifiwave2/access-list/find where comment~$DailyPskMatchComment ] do={
  :local SsidRegExp [ /interface/wifiwave2/access-list/get $AccList ssid-regexp ];
  :local Configuration ([ /interface/wifiwave2/configuration/find where ssid~$SsidRegExp ]->0);
  :local Ssid [ /interface/wifiwave2/configuration/get $Configuration ssid ];
  :local OldPsk [ /interface/wifiwave2/access-list/get $AccList passphrase ];
  :local Skip 0;
  :if ($NewPsk != $OldPsk) do={
    $LogPrintExit2 info $0 ("Updating daily PSK for " . $Ssid . " to " . $NewPsk . " (was " . $OldPsk . ")") false;
    /interface/wifiwave2/access-list/set $AccList passphrase=$NewPsk;
    :if ([ :len [ /interface/wifiwave2/actual-configuration/find where configuration.ssid=$Ssid ] ] > 0) do={
      :foreach SeenSsid in=$Seen do={
        :if ($SeenSsid = $Ssid) do={
          $LogPrintExit2 debug $0 ("Already sent a mail for SSID " . $Ssid . ", skipping.") false;
          :set Skip 1;
        }
      }
      :if ($Skip = 0) do={
        :set Seen ($Seen, $Ssid);
        :local Link ($DailyPskQrCodeUrl . \
            "?scale=8&level=1&ssid=" . [ $UrlEncode $Ssid ] . "&pass=" . [ $UrlEncode $NewPsk ]);
        $SendNotification2 ({ origin=$0; \
          subject=([ $SymbolForNotification "calendar" ] . "daily PSK " . $Ssid); \
          message=("This is the daily PSK on " . $Identity . ":\n\n" . \
            [ $FormatLine "SSID" $Ssid ] . "\n" . \
            [ $FormatLine "PSK" $NewPsk ] . "\n" . \
            [ $FormatLine "Date" $Date ] . "\n\n" . \
            "A client device specific rule must not exist!"); link=$Link });
      }
    }
  }
 }
--- a/dhcp-lease-comment.template.rsc
+++ b/dhcp-lease-comment.template.rsc
@ -8,8 +8,8 @@
 # update dhcp-server lease comment with infos from access-list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md
 #
-# !! This is just a template! Replace '%PATH%' with 'caps-man'
+# !! This is just a template to generate the real script!
-# !! or 'interface wireless'!
+# !! Pattern '%TEMPL%' is replaced, paths are filtered.
 :local 0 "dhcp-lease-comment%TEMPL%";
 :global GlobalFunctionsReady;
@ -23,9 +23,13 @@ $ScriptLock $0;
 :foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic=yes status=bound ] do={
  :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
  :local NewComment;
-  :local AccessList ([ /%PATH%/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
+  :local AccessList ([ /caps-man/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
  :local AccessList ([ /interface/wifiwave2/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
  :local AccessList ([ /interface/wireless/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
  :if ([ :len $AccessList ] > 0) do={
-    :set NewComment [ /%PATH%/access-list/get $AccessList comment ];
+    :set NewComment [ /caps-man/access-list/get $AccessList comment ];
    :set NewComment [ /interface/wifiwave2/access-list/get $AccessList comment ];
    :set NewComment [ /interface/wireless/access-list/get $AccessList comment ];
  }
  :if ([ :len $NewComment ] != 0 && $LeaseVal->"comment" != $NewComment) do={
    $LogPrintExit2 info $0 ("Updating comment for DHCP lease " . $LeaseVal->"active-mac-address" . ": " . $NewComment) false;
--- a/dhcp-lease-comment.wifiwave2.rsc
+++ b/dhcp-lease-comment.wifiwave2.rsc
@ -0,0 +1,33 @@
 #!rsc by RouterOS
 # RouterOS script: dhcp-lease-comment.wifiwave2
 # Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=60
 #
 # update dhcp-server lease comment with infos from access-list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "dhcp-lease-comment.wifiwave2";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global LogPrintExit2;
 :global ScriptLock;
 $ScriptLock $0;
 :foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic=yes status=bound ] do={
  :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
  :local NewComment;
  :local AccessList ([ /interface/wifiwave2/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
  :if ([ :len $AccessList ] > 0) do={
    :set NewComment [ /interface/wifiwave2/access-list/get $AccessList comment ];
  }
  :if ([ :len $NewComment ] != 0 && $LeaseVal->"comment" != $NewComment) do={
    $LogPrintExit2 info $0 ("Updating comment for DHCP lease " . $LeaseVal->"active-mac-address" . ": " . $NewComment) false;
    /ip/dhcp-server/lease/set comment=$NewComment $Lease;
  }
 }
--- a/doc/accesslist-duplicates.md
+++ b/doc/accesslist-duplicates.md
@ -15,14 +15,19 @@ entries in wireless access list.
 Requirements and installation
 -----------------------------
-Depending on whether you use CAPsMAN (`/caps-man`) or local wireless
+Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`)
-interface (`/interface/wireless`) you need to install a different script.
+or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface
 (`/interface/wireless`) you need to install a different script.
-For CAPsMAN:
+For `wifiwave2`:
    $ScriptInstallUpdate accesslist-duplicates.wifiwave2;
 For legacy CAPsMAN:
    $ScriptInstallUpdate accesslist-duplicates.capsman;
-For local interface:
+For legacy local interface:
    $ScriptInstallUpdate accesslist-duplicates.local;
--- a/doc/capsman-download-packages.md
+++ b/doc/capsman-download-packages.md
@ -18,24 +18,39 @@ This script automatically downloads these packages.
 Requirements and installation
 -----------------------------
-Just install the script on CAPsMAN device:
+Just install the script on CAPsMAN device. Depending on whether you use
 `wifiwave2` package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN
 (`/caps-man`) you need to install a different script.
-    $ScriptInstallUpdate capsman-download-packages;
+For `wifiwave2`:
-Optionally add a scheduler to run after startup:
+    $ScriptInstallUpdate capsman-download-packages.wifiwave2;
-    /system/scheduler/add name=capsman-download-packages on-event="/system/script/run capsman-download-packages;" start-time=startup;
+For legacy CAPsMAN:
    $ScriptInstallUpdate capsman-download-packages.capsman;
 Optionally add a scheduler to run after startup. For `wifiwave2`:
    /system/scheduler/add name=capsman-download-packages on-event="/system/script/run capsman-download-packages.wifiwave2;" start-time=startup;
 For legacy CAPsMAN:
    /system/scheduler/add name=capsman-download-packages on-event="/system/script/run capsman-download-packages.capsman;" start-time=startup;
 Packages available in local storage in older version are downloaded
-unconditionally. The script tries to download missing packages by guessing
+unconditionally.
-from system log.
+
 If no packages are found the script tries to download missing packages for
 legacy CAPsMAN by guessing from system log. For `wifiwave2` a default set
 of packages (`routeros` and `wifiwave2` for *arm* and *arm64*) is downloaded.
 Usage and invocation
 --------------------
 Run the script manually:
-    /system/script/run capsman-download-packages;
+    /system/script/run capsman-download-packages.wifiwave2;
 ... or from scheduler.
--- a/doc/capsman-rolling-upgrade.md
+++ b/doc/capsman-rolling-upgrade.md
@ -20,9 +20,17 @@ parallel.
 Requirements and installation
 -----------------------------
-Just install the script:
+Just install the script on CAPsMAN device. Depending on whether you use
 `wifiwave2` package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN
 (`/caps-man`) you need to install a different script.
-    $ScriptInstallUpdate capsman-rolling-upgrade;
+For `wifiwave2`:
    $ScriptInstallUpdate capsman-rolling-upgrade.wifiwave2;
 For legacy CAPsMAN:
    $ScriptInstallUpdate capsman-rolling-upgrade.capsman;
 Usage and invocation
 --------------------
@ -33,7 +41,7 @@ that script when required.
 Alternatively run it manually:
-    /system/script/run capsman-rolling-upgrade;
+    /system/script/run capsman-rolling-upgrade.wifiwave2;
 See also
 --------
--- a/doc/collect-wireless-mac.md
+++ b/doc/collect-wireless-mac.md
@ -22,14 +22,19 @@ and modify it to your needs.
 Requirements and installation
 -----------------------------
-Depending on whether you use CAPsMAN (`/caps-man`) or local wireless
+Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`)
-interface (`/interface/wireless`) you need to install a different script.
+or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface
 (`/interface/wireless`) you need to install a different script.
-For CAPsMAN:
+For `wifiwave2`:
    $ScriptInstallUpdate collect-wireless-mac.capsman.wifiwave2;
 For legacy CAPsMAN:
    $ScriptInstallUpdate collect-wireless-mac.capsman;
-For local interface:
+For legacy local interface:
    $ScriptInstallUpdate collect-wireless-mac.local;
--- a/doc/daily-psk.md
+++ b/doc/daily-psk.md
@ -21,17 +21,24 @@ Requirements and installation
 Just install this script.
-Depending on whether you use CAPsMAN (`/caps-man`) or local wireless
+Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`)
-interface (`/interface/wireless`) you need to install a different script
+or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface
-and add schedulers to run the script:
+(`/interface/wireless`) you need to install a different script and add
 schedulers to run the script:
-For CAPsMAN:
+For `wifiwave2`:
    $ScriptInstallUpdate daily-psk.wifiwave2;
    /system/scheduler/add interval=1d name=daily-psk on-event="/system/script/run daily-psk.wifiwave2;" start-time=03:00:00;
    /system/scheduler/add name=daily-psk@startup on-event="/system/script/run daily-psk.wifiwave2;" start-time=startup;
 For legacy CAPsMAN:
    $ScriptInstallUpdate daily-psk.capsman;
    /system/scheduler/add interval=1d name=daily-psk on-event="/system/script/run daily-psk.capsman;" start-time=03:00:00;
    /system/scheduler/add name=daily-psk@startup on-event="/system/script/run daily-psk.capsman;" start-time=startup;
-For local interface:
+For legacy local interface:
    $ScriptInstallUpdate daily-psk.local;
    /system/scheduler/add interval=1d name=daily-psk on-event="/system/script/run daily-psk.local;" start-time=03:00:00;
@ -51,11 +58,15 @@ The configuration goes to `global-config-overlay`, these are the parameters:
 > [`global-config`](../global-config.rsc) (the one without `-overlay`) to
 > your local `global-config-overlay` and modify it to your specific needs.
-Then add an access list entry. For CAPsMAN:
+Then add an access list entry. For `wifiwave2`:
    /interface/wifiwave2/access-list/add comment="Daily PSK" ssid-regexp="-guest\$" passphrase="ToBeChangedDaily";
 For legacy CAPsMAN:
    /caps-man/access-list/add comment="Daily PSK" ssid-regexp="-guest\$" private-passphrase="ToBeChangedDaily";
-For local interface:
+For legacy local interface:
    /interface/wireless/access-list/add comment="Daily PSK" interface=wl-daily private-pre-shared-key="ToBeChangedDaily";
--- a/doc/dhcp-lease-comment.md
+++ b/doc/dhcp-lease-comment.md
@ -15,14 +15,19 @@ from wireless access list.
 Requirements and installation
 -----------------------------
-Depending on whether you use CAPsMAN (`/caps-man`) or local wireless
+Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`)
-interface (`/interface/wireless`) you need to install a different script.
+or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface
 (`/interface/wireless`) you need to install a different script.
-For CAPsMAN:
+For `wifiwave2`:
    $ScriptInstallUpdate dhcp-lease-comment.wifiwave2;
 For legacy CAPsMAN:
    $ScriptInstallUpdate dhcp-lease-comment.capsman;
-For local interface:
+For legacy local interface:
    $ScriptInstallUpdate dhcp-lease-comment.local;
--- a/doc/hotspot-to-wpa.md
+++ b/doc/hotspot-to-wpa.md
@ -19,24 +19,35 @@ Requirements and installation
 You need a properly configured hotspot on one (open) SSID and a WP2 enabled
 SSID with suffix "`-wpa`".
-Then install the script:
+Then install the script. Depending on whether you use `wifiwave2` package
 (`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`) you need
 to install a different script and set it as `on-login` script in hotspot.
-    $ScriptInstallUpdate hotspot-to-wpa;
+For `wifiwave2`:
-Configure your hotspot to use this script as `on-login` script:
+    $ScriptInstallUpdate hotspot-to-wpa.wifiwave2;
    /ip/hotspot/user/profile/set on-login="hotspot-to-wpa.wifiwave2" [ find ];
-    /ip/hotspot/user/profile/set on-login=hotspot-to-wpa [ find ];
+For legacy CAPsMAN:
    $ScriptInstallUpdate hotspot-to-wpa.capsman;
    /ip/hotspot/user/profile/set on-login="hotspot-to-wpa.capsman" [ find ];
 ### Automatic cleanup
 With just `hotspot-to-wpa` installed the mac addresses will last in the
-access list forever. Install the optional script for automatic cleanup:
+access list forever. Install the optional script for automatic cleanup
 and add a scheduler.
-    $ScriptInstallUpdate hotspot-to-wpa-cleanup,lease-script;
+For `wifiwave2`:
-Create a scheduler:
+    $ScriptInstallUpdate hotspot-to-wpa-cleanup.wifiwave2,lease-script;
    /system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup.wifiwave2;" start-time=startup;
-    /system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup;" start-time=startup;
+For legacy CAPsMAN:
    $ScriptInstallUpdate hotspot-to-wpa-cleanup.capsman,lease-script;
    /system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup.capsman;" start-time=startup;
 And add the lease script and matcher comment to your wpa interfaces' dhcp
 server. You can add more information to the comment, separated by comma. In
@ -74,7 +85,12 @@ Additionally templates can be created to give more options for access list:
 * `vlan-id`: connect device to specific VLAN
 * `vlan-mode`: set the VLAN mode for device
-For a hotspot called `example` the template could look like this:
+For a hotspot called `example` the template could look like this. For
 `wifiwave2`:
    /interface/wifiwave2/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10;
 For legacy CAPsMAN:
    /caps-man/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10 vlan-mode=use-tag;
--- a/global-functions.rsc
+++ b/global-functions.rsc
@ -12,7 +12,7 @@
 :local 0 "global-functions";
 # expected configuration version
-:global ExpectedConfigVersion 103;
+:global ExpectedConfigVersion 104;
 # global variables not to be changed by user
 :global GlobalFunctionsReady false;
--- a/hotspot-to-wpa-cleanup.capsman.rsc
+++ b/hotspot-to-wpa-cleanup.capsman.rsc
@ -0,0 +1,68 @@
 #!rsc by RouterOS
 # RouterOS script: hotspot-to-wpa-cleanup.capsman
 # Copyright (c) 2021-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=80
 #
 # manage and clean up private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "hotspot-to-wpa-cleanup.capsman";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global EitherOr;
 :global LogPrintExit2;
 :global ParseKeyValueStore;
 :global ScriptLock;
 $ScriptLock $0 false 10;
 :local DHCPServers ({});
 :foreach Server in=[ /ip/dhcp-server/find where comment~"hotspot-to-wpa" ] do={
  :local ServerVal [ /ip/dhcp-server/get $Server ]
  :local ServerInfo [ $ParseKeyValueStore ($ServerVal->"comment") ];
  :if (($ServerInfo->"hotspot-to-wpa") = "wpa") do={
    :set ($DHCPServers->($ServerVal->"name")) \
      [ :totime [ $EitherOr ($ServerInfo->"timeout") 4w ] ];
  }
 }
 :foreach Client in=[ /caps-man/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
  :local ClientVal [ /caps-man/registration-table/get $Client ];
  :foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \
      mac-address=($ClientVal->"mac-address") ] do={
    :if (($DHCPServers->[ /ip/dhcp-server/lease/get $Lease server ]) > 0s) do={
      $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
        " connected to WPA, making lease static.") false;
      /ip/dhcp-server/lease/make-static $Lease;
      /ip/dhcp-server/lease/set comment=($ClientVal->"comment") $Lease;
    }
  }
 }
 :foreach Client in=[ /caps-man/access-list/find where comment~"^hotspot-to-wpa:" \
    !(comment~[ /system/clock/get date ]) ] do={
  :local ClientVal [ /caps-man/access-list/get $Client ];
  :if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \
       mac-address=($ClientVal->"mac-address") ] ] = 0) do={
    $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
      " did not connect to WPA, removing from access list.") false;
    /caps-man/access-list/remove $Client;
  }
 }
 :foreach Server,Timeout in=$DHCPServers do={
  :foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \
      server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={
    :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
    $LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
      " was not seen for " . $Timeout . ", removing.") false;
    /caps-man/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
      mac-address=($LeaseVal->"mac-address") ];
    /ip/dhcp-server/lease/remove $Lease;
  }
 }
--- a/hotspot-to-wpa-cleanup.rsc
+++ b/hotspot-to-wpa-cleanup.rsc
@ -1,66 +1,3 @@
 #!rsc by RouterOS
 # RouterOS script: hotspot-to-wpa-cleanup
 # Copyright (c) 2021-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
-# provides: lease-script, order=80
+# dummy for migration
 #
 # manage and clean up private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 :local 0 "hotspot-to-wpa-cleanup";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global EitherOr;
 :global LogPrintExit2;
 :global ParseKeyValueStore;
 :global ScriptLock;
 $ScriptLock $0 false 10;
 :local DHCPServers ({});
 :foreach Server in=[ /ip/dhcp-server/find where comment~"hotspot-to-wpa" ] do={
  :local ServerVal [ /ip/dhcp-server/get $Server ]
  :local ServerInfo [ $ParseKeyValueStore ($ServerVal->"comment") ];
  :if (($ServerInfo->"hotspot-to-wpa") = "wpa") do={
    :set ($DHCPServers->($ServerVal->"name")) \
      [ :totime [ $EitherOr ($ServerInfo->"timeout") 4w ] ];
  }
 }
 :foreach Client in=[ /caps-man/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
  :local ClientVal [ /caps-man/registration-table/get $Client ];
  :foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \
      mac-address=($ClientVal->"mac-address") ] do={
    :if (($DHCPServers->[ /ip/dhcp-server/lease/get $Lease server ]) > 0s) do={
      $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
        " connected to WPA, making lease static.") false;
      /ip/dhcp-server/lease/make-static $Lease;
      /ip/dhcp-server/lease/set comment=($ClientVal->"comment") $Lease;
    }
  }
 }
 :foreach Client in=[ /caps-man/access-list/find where comment~"^hotspot-to-wpa:" \
    !(comment~[ /system/clock/get date ]) ] do={
  :local ClientVal [ /caps-man/access-list/get $Client ];
  :if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \
       mac-address=($ClientVal->"mac-address") ] ] = 0) do={
    $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
      " did not connect to WPA, removing from access list.") false;
    /caps-man/access-list/remove $Client;
  }
 }
 :foreach Server,Timeout in=$DHCPServers do={
  :foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \
      server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={
    :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
    $LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
      " was not seen for " . $Timeout . ", removing.") false;
    /caps-man/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
      mac-address=($LeaseVal->"mac-address") ];
    /ip/dhcp-server/lease/remove $Lease;
  }
 }
--- a/hotspot-to-wpa-cleanup.template.rsc
+++ b/hotspot-to-wpa-cleanup.template.rsc
@ -0,0 +1,75 @@
 #!rsc by RouterOS
 # RouterOS script: hotspot-to-wpa-cleanup%TEMPL%
 # Copyright (c) 2021-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=80
 #
 # manage and clean up private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 #
 # !! This is just a template to generate the real script!
 # !! Pattern '%TEMPL%' is replaced, paths are filtered.
 :local 0 "hotspot-to-wpa-cleanup%TEMPL%";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global EitherOr;
 :global LogPrintExit2;
 :global ParseKeyValueStore;
 :global ScriptLock;
 $ScriptLock $0 false 10;
 :local DHCPServers ({});
 :foreach Server in=[ /ip/dhcp-server/find where comment~"hotspot-to-wpa" ] do={
  :local ServerVal [ /ip/dhcp-server/get $Server ]
  :local ServerInfo [ $ParseKeyValueStore ($ServerVal->"comment") ];
  :if (($ServerInfo->"hotspot-to-wpa") = "wpa") do={
    :set ($DHCPServers->($ServerVal->"name")) \
      [ :totime [ $EitherOr ($ServerInfo->"timeout") 4w ] ];
  }
 }
 :foreach Client in=[ /caps-man/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
 :foreach Client in=[ /interface/wifiwave2/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
  :local ClientVal [ /caps-man/registration-table/get $Client ];
  :local ClientVal [ /interface/wifiwave2/registration-table/get $Client ];
  :foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \
      mac-address=($ClientVal->"mac-address") ] do={
    :if (($DHCPServers->[ /ip/dhcp-server/lease/get $Lease server ]) > 0s) do={
      $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
        " connected to WPA, making lease static.") false;
      /ip/dhcp-server/lease/make-static $Lease;
      /ip/dhcp-server/lease/set comment=($ClientVal->"comment") $Lease;
    }
  }
 }
 :foreach Client in=[ /caps-man/access-list/find where comment~"^hotspot-to-wpa:" \
 :foreach Client in=[ /interface/wifiwave2/access-list/find where comment~"^hotspot-to-wpa:" \
    !(comment~[ /system/clock/get date ]) ] do={
  :local ClientVal [ /caps-man/access-list/get $Client ];
  :local ClientVal [ /interface/wifiwave2/access-list/get $Client ];
  :if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \
       mac-address=($ClientVal->"mac-address") ] ] = 0) do={
    $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
      " did not connect to WPA, removing from access list.") false;
    /caps-man/access-list/remove $Client;
    /interface/wifiwave2/access-list/remove $Client;
  }
 }
 :foreach Server,Timeout in=$DHCPServers do={
  :foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \
      server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={
    :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
    $LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
      " was not seen for " . $Timeout . ", removing.") false;
    /caps-man/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
    /interface/wifiwave2/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
      mac-address=($LeaseVal->"mac-address") ];
    /ip/dhcp-server/lease/remove $Lease;
  }
 }
--- a/hotspot-to-wpa-cleanup.wifiwave2.rsc
+++ b/hotspot-to-wpa-cleanup.wifiwave2.rsc
@ -0,0 +1,68 @@
 #!rsc by RouterOS
 # RouterOS script: hotspot-to-wpa-cleanup.wifiwave2
 # Copyright (c) 2021-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=80
 #
 # manage and clean up private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "hotspot-to-wpa-cleanup.wifiwave2";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global EitherOr;
 :global LogPrintExit2;
 :global ParseKeyValueStore;
 :global ScriptLock;
 $ScriptLock $0 false 10;
 :local DHCPServers ({});
 :foreach Server in=[ /ip/dhcp-server/find where comment~"hotspot-to-wpa" ] do={
  :local ServerVal [ /ip/dhcp-server/get $Server ]
  :local ServerInfo [ $ParseKeyValueStore ($ServerVal->"comment") ];
  :if (($ServerInfo->"hotspot-to-wpa") = "wpa") do={
    :set ($DHCPServers->($ServerVal->"name")) \
      [ :totime [ $EitherOr ($ServerInfo->"timeout") 4w ] ];
  }
 }
 :foreach Client in=[ /interface/wifiwave2/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
  :local ClientVal [ /interface/wifiwave2/registration-table/get $Client ];
  :foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \
      mac-address=($ClientVal->"mac-address") ] do={
    :if (($DHCPServers->[ /ip/dhcp-server/lease/get $Lease server ]) > 0s) do={
      $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
        " connected to WPA, making lease static.") false;
      /ip/dhcp-server/lease/make-static $Lease;
      /ip/dhcp-server/lease/set comment=($ClientVal->"comment") $Lease;
    }
  }
 }
 :foreach Client in=[ /interface/wifiwave2/access-list/find where comment~"^hotspot-to-wpa:" \
    !(comment~[ /system/clock/get date ]) ] do={
  :local ClientVal [ /interface/wifiwave2/access-list/get $Client ];
  :if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \
       mac-address=($ClientVal->"mac-address") ] ] = 0) do={
    $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
      " did not connect to WPA, removing from access list.") false;
    /interface/wifiwave2/access-list/remove $Client;
  }
 }
 :foreach Server,Timeout in=$DHCPServers do={
  :foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \
      server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={
    :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
    $LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
      " was not seen for " . $Timeout . ", removing.") false;
    /interface/wifiwave2/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
      mac-address=($LeaseVal->"mac-address") ];
    /ip/dhcp-server/lease/remove $Lease;
  }
 }
--- a/hotspot-to-wpa.capsman.rsc
+++ b/hotspot-to-wpa.capsman.rsc
@ -0,0 +1,89 @@
 #!rsc by RouterOS
 # RouterOS script: hotspot-to-wpa.capsman
 # Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # add private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "hotspot-to-wpa.capsman";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global EitherOr;
 :global LogPrintExit2;
 :global ParseKeyValueStore;
 :global ScriptLock;
 $ScriptLock $0;
 :local MacAddress $"mac-address";
 :local UserName $username;
 :if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
  $LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true;
 }
 :local Date [ /system/clock/get date ];
 :local UserVal ({});
 :if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
  :set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
 }
 :local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
 :local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
 :if ([ :len [ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
  /caps-man/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
  $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
 }
 :local PlaceBefore ([ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
 :if ([ :len [ /caps-man/access-list/find where \
    comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
  /caps-man/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
  $LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
 }
 :local Template [ /caps-man/access-list/get ([ find where \
    comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
 :if ($Template->"action" = "reject") do={
  $LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true;
 }
 # allow login page to load
 :delay 1s;
 $LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
  " (user " . $UserName . ").") false;
 /caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
 /caps-man/access-list/add private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
    mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
    action=reject place-before=$PlaceBefore;
 :local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \
    comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
 :local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
 :if ([ :len $PrivatePassphrase ] > 0) do={
  :if ($PrivatePassphrase = "ignore") do={
    /caps-man/access-list/set $Entry !private-passphrase;
  } else={
    /caps-man/access-list/set $Entry private-passphrase=$PrivatePassphrase;
  }
 }
 :local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
 :if ([ :len $SsidRegexp ] > 0) do={
  /caps-man/access-list/set $Entry ssid-regexp=$SsidRegexp;
 }
 :local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
 :if ([ :len $VlanId ] > 0) do={
  /caps-man/access-list/set $Entry vlan-id=$VlanId;
 }
 :local VlanMode [ $EitherOr ($UserInfo->"vlan-mode") ($Template->"vlan-mode") ];
 :if ([ :len $VlanMode] > 0) do={
  /caps-man/access-list/set $Entry vlan-mode=$VlanMode;
 }
 :delay 2s;
 /caps-man/access-list/set $Entry action=accept;
--- a/hotspot-to-wpa.rsc
+++ b/hotspot-to-wpa.rsc
@ -1,87 +1,3 @@
 #!rsc by RouterOS
 # RouterOS script: hotspot-to-wpa
 # Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
-# add private WPA passphrase after hotspot login
+# dummy for migration
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 :local 0 "hotspot-to-wpa";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global EitherOr;
 :global LogPrintExit2;
 :global ParseKeyValueStore;
 :global ScriptLock;
 $ScriptLock $0;
 :local MacAddress $"mac-address";
 :local UserName $username;
 :if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
  $LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true;
 }
 :local Date [ /system/clock/get date ];
 :local UserVal ({});
 :if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
  :set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
 }
 :local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
 :local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
 :if ([ :len [ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
  /caps-man/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
  $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
 }
 :local PlaceBefore ([ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
 :if ([ :len [ /caps-man/access-list/find where \
    comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
  /caps-man/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
  $LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
 }
 :local Template [ /caps-man/access-list/get ([ find where \
    comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
 :if ($Template->"action" = "reject") do={
  $LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true;
 }
 # allow login page to load
 :delay 1s;
 $LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
  " (user " . $UserName . ").") false;
 /caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
 /caps-man/access-list/add comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
    mac-address=$MacAddress private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
    action=reject place-before=$PlaceBefore;
 :local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \
    comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
 :local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
 :if ([ :len $PrivatePassphrase ] > 0) do={
  :if ($PrivatePassphrase = "ignore") do={
    /caps-man/access-list/set $Entry !private-passphrase;
  } else={
    /caps-man/access-list/set $Entry private-passphrase=$PrivatePassphrase;
  }
 }
 :local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
 :if ([ :len $SsidRegexp ] > 0) do={
  /caps-man/access-list/set $Entry ssid-regexp=$SsidRegexp;
 }
 :local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
 :if ([ :len $VlanId ] > 0) do={
  /caps-man/access-list/set $Entry vlan-id=$VlanId;
 }
 :local VlanMode [ $EitherOr ($UserInfo->"vlan-mode") ($Template->"vlan-mode") ];
 :if ([ :len $VlanMode] > 0) do={
  /caps-man/access-list/set $Entry vlan-mode=$VlanMode;
 }
 :delay 2s;
 /caps-man/access-list/set $Entry action=accept;
--- a/hotspot-to-wpa.template.rsc
+++ b/hotspot-to-wpa.template.rsc
@ -0,0 +1,110 @@
 #!rsc by RouterOS
 # RouterOS script: hotspot-to-wpa%TEMPL%
 # Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # add private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 #
 # !! This is just a template to generate the real script!
 # !! Pattern '%TEMPL%' is replaced, paths are filtered.
 :local 0 "hotspot-to-wpa%TEMPL%";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global EitherOr;
 :global LogPrintExit2;
 :global ParseKeyValueStore;
 :global ScriptLock;
 $ScriptLock $0;
 :local MacAddress $"mac-address";
 :local UserName $username;
 :if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
  $LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true;
 }
 :local Date [ /system/clock/get date ];
 :local UserVal ({});
 :if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
  :set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
 }
 :local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
 :local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
 :if ([ :len [ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
 :if ([ :len [ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
  /caps-man/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
  /interface/wifiwave2/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
  $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
 }
 :local PlaceBefore ([ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
 :local PlaceBefore ([ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
 :if ([ :len [ /caps-man/access-list/find where \
 :if ([ :len [ /interface/wifiwave2/access-list/find where \
    comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
  /caps-man/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
  /interface/wifiwave2/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
  $LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
 }
 :local Template [ /caps-man/access-list/get ([ find where \
 :local Template [ /interface/wifiwave2/access-list/get ([ find where \
    comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
 :if ($Template->"action" = "reject") do={
  $LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true;
 }
 # allow login page to load
 :delay 1s;
 $LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
  " (user " . $UserName . ").") false;
 /caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
 /interface/wifiwave2/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
 /caps-man/access-list/add private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
 /interface/wifiwave2/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
    mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
    action=reject place-before=$PlaceBefore;
 :local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \
 :local Entry [ /interface/wifiwave2/access-list/find where mac-address=$MacAddress \
    comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
 # NOT /caps-man #
 :set ($Template->"private-passphrase") ($Template->"passphrase");
 # NOT /caps-man #
 :local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
 :if ([ :len $PrivatePassphrase ] > 0) do={
  :if ($PrivatePassphrase = "ignore") do={
    /caps-man/access-list/set $Entry !private-passphrase;
    /interface/wifiwave2/access-list/set $Entry !passphrase;
  } else={
    /caps-man/access-list/set $Entry private-passphrase=$PrivatePassphrase;
    /interface/wifiwave2/access-list/set $Entry passphrase=$PrivatePassphrase;
  }
 }
 :local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
 :if ([ :len $SsidRegexp ] > 0) do={
  /caps-man/access-list/set $Entry ssid-regexp=$SsidRegexp;
  /interface/wifiwave2/access-list/set $Entry ssid-regexp=$SsidRegexp;
 }
 :local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
 :if ([ :len $VlanId ] > 0) do={
  /caps-man/access-list/set $Entry vlan-id=$VlanId;
  /interface/wifiwave2/access-list/set $Entry vlan-id=$VlanId;
 }
 # NOT /interface/wifiwave2 #
 :local VlanMode [ $EitherOr ($UserInfo->"vlan-mode") ($Template->"vlan-mode") ];
 :if ([ :len $VlanMode] > 0) do={
  /caps-man/access-list/set $Entry vlan-mode=$VlanMode;
  /interface/wifiwave2/access-list/set $Entry vlan-mode=$VlanMode;
 }
 # NOT /interface/wifiwave2 #
 :delay 2s;
 /caps-man/access-list/set $Entry action=accept;
 /interface/wifiwave2/access-list/set $Entry action=accept;
--- a/hotspot-to-wpa.wifiwave2.rsc
+++ b/hotspot-to-wpa.wifiwave2.rsc
@ -0,0 +1,86 @@
 #!rsc by RouterOS
 # RouterOS script: hotspot-to-wpa.wifiwave2
 # Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # add private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 #
 # !! Do not edit this file, it is generated from template!
 :local 0 "hotspot-to-wpa.wifiwave2";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 :global EitherOr;
 :global LogPrintExit2;
 :global ParseKeyValueStore;
 :global ScriptLock;
 $ScriptLock $0;
 :local MacAddress $"mac-address";
 :local UserName $username;
 :if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
  $LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true;
 }
 :local Date [ /system/clock/get date ];
 :local UserVal ({});
 :if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
  :set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
 }
 :local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
 :local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
 :if ([ :len [ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
  /interface/wifiwave2/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
  $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
 }
 :local PlaceBefore ([ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
 :if ([ :len [ /interface/wifiwave2/access-list/find where \
    comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
  /interface/wifiwave2/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
  $LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
 }
 :local Template [ /interface/wifiwave2/access-list/get ([ find where \
    comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
 :if ($Template->"action" = "reject") do={
  $LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true;
 }
 # allow login page to load
 :delay 1s;
 $LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
  " (user " . $UserName . ").") false;
 /interface/wifiwave2/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
 /interface/wifiwave2/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
    mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
    action=reject place-before=$PlaceBefore;
 :local Entry [ /interface/wifiwave2/access-list/find where mac-address=$MacAddress \
    comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
 :set ($Template->"private-passphrase") ($Template->"passphrase");
 :local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
 :if ([ :len $PrivatePassphrase ] > 0) do={
  :if ($PrivatePassphrase = "ignore") do={
    /interface/wifiwave2/access-list/set $Entry !passphrase;
  } else={
    /interface/wifiwave2/access-list/set $Entry passphrase=$PrivatePassphrase;
  }
 }
 :local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
 :if ([ :len $SsidRegexp ] > 0) do={
  /interface/wifiwave2/access-list/set $Entry ssid-regexp=$SsidRegexp;
 }
 :local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
 :if ([ :len $VlanId ] > 0) do={
  /interface/wifiwave2/access-list/set $Entry vlan-id=$VlanId;
 }
 :delay 2s;
 /interface/wifiwave2/access-list/set $Entry action=accept;
--- a/news-and-changes.rsc
+++ b/news-and-changes.rsc
@ -17,10 +17,12 @@
  101="Introduced new script 'fw-addr-lists' to download, import and update firewall address-lists.";
  102="Modified 'hotspot-to-wpa' to support non-local (radius) users.";
  103="Dropped hard-coded name and timeout from 'hotspot-to-wpa-cleanup', instead a comment is required for dhcp server now.";
  104="All relevant scripts were ported to new wifiwave2 and are available for AX devices now!";
 };
 # Migration steps to be applied on script updates
 :global GlobalConfigMigration {
  97=":local Rec [ /ip/dns/static/find where comment~\"^managed by dhcp-to-dns for \" ]; :if ([ :len \$Rec ] > 0) do={ /ip/dns/static/remove \$Rec; /system/script/run dhcp-to-dns; }";
  100=":global ScriptInstallUpdate; :if ([ :len [ /system/script/find where name=\"ssh-keys-import\" source~\"^#!rsc by RouterOS\\n\" ] ] > 0) do={ /system/script/set name=\"mod/ssh-keys-import\" ssh-keys-import; \$ScriptInstallUpdate; }";
  104=":global CharacterReplace; :global ScriptInstallUpdate; :foreach Script in={ \"capsman-download-packages\"; \"capsman-rolling-upgrade\"; \"hotspot-to-wpa\"; \"hotspot-to-wpa-cleanup\" } do={ /system/script/set name=(\$Script . \".capsman\") [ find where name=\$Script ]; :foreach Scheduler in=[ /system/scheduler/find where on-event~(\$Script . \"([^-.]|\\\$)\") ] do={ /system/scheduler/set \$Scheduler on-event=[ \$CharacterReplace [ get \$Scheduler on-event ] \$Script (\$Script . \".capsman\") ]; }; }; /ip/hotspot/user/profile/set on-login=\"hotspot-to-wpa.capsman\" [ find where on-login=\"hotspot-to-wpa\" ]; \$ScriptInstallUpdate;";
 };