From 26f9c2ecc62f16ea52a09a30f37bc8c1674afdf4 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Sat, 17 Jan 2026 00:17:08 +0200
Subject: Update content for gemtext

---
 about/resources.gmi                                | 204 ++++++++---------
 ...25-05-11-f3s-kubernetes-with-freebsd-part-5.gmi | 224 ++++++++++++-------
 gemfeed/atom.xml                                   | 243 +++++++++++++--------
 index.gmi                                          |   2 +-
 uptime-stats.gmi                                   |   2 +-
 5 files changed, 398 insertions(+), 277 deletions(-)

diff --git a/about/resources.gmi b/about/resources.gmi
index 09b94014..d3a0e739 100644
--- a/about/resources.gmi
+++ b/about/resources.gmi
@@ -35,110 +35,110 @@ You won't find any links on this site because, over time, the links will break.
 
 In random order:
 
-* Higher Order Perl; Mark Dominus; Morgan Kaufmann
-* The Kubernetes Book; Nigel Poulton; Unabridged Audiobook
-* Chaos Engineering - System Resiliency in Practice; Casey Rosenthal and Nora Jones; eBook
-* Polished Ruby Programming; Jeremy Evans; Packt Publishing
+* Effective awk programming; Arnold Robbins; O'Reilly
+* Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson
 * The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton
-* Effective Java; Joshua Bloch; Addison-Wesley Professional
-* Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers
-* Site Reliability Engineering; How Google runs production systems; O'Reilly
-* 21st Century C: C Tips from the New School; Ben Klemens; O'Reilly
-* Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly
-* C++ Programming Language; Bjarne Stroustrup;
+* Funktionale Programmierung; Peter Pepper; Springer
+* Raku Recipes; J.J. Merelo; Apress
+* Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press
 * The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible
-* DNS and BIND; Cricket Liu; O'Reilly
-* The Docker Book; James Turnbull; Kindle
+* Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt 
+* Chaos Engineering - System Resiliency in Practice; Casey Rosenthal and Nora Jones; eBook
 * Programming Ruby 3.3 (5th Edition); Noel Rappin, with Dave Thomas; The Pragmatic Bookshelf
-* DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible
-* Perl New Features; Joshua McAdams, brian d foy; Perl School
-* Raku Fundamentals; Moritz Lenz; Apress
-* Systemprogrammierung in Go; Frank Müller; dpunkt
-* Java ist auch eine Insel; Christian Ullenboom; 
+* Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly
+* Effective Java; Joshua Bloch; Addison-Wesley Professional
+* C++ Programming Language; Bjarne Stroustrup;
 * The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional
-* Data Science at the Command Line; Jeroen Janssens; O'Reilly
-* Funktionale Programmierung; Peter Pepper; Springer
 * Think Raku (aka Think Perl 6); Laurent Rosenfeld, Allen B. Downey; O'Reilly
-* Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly
+* Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly
+* Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly
+* Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers 
+* Perl New Features; Joshua McAdams, brian d foy; Perl School
+* The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress
 * Modern Perl; Chromatic ; Onyx Neon Press
-* The Pragmatic Programmer; David Thomas; Addison-Wesley
-* Ultimate Go Notebook; Bill Kennedy
+* 97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly
 * 100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications
-* Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press
+* Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press
+* Pro Puppet; James Turnbull, Jeffrey McCune; Apress
+* Polished Ruby Programming; Jeremy Evans; Packt Publishing
+* The Docker Book; James Turnbull; Kindle
+* Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications
+* Raku Fundamentals; Moritz Lenz; Apress
+* 21st Century C: C Tips from the New School; Ben Klemens; O'Reilly
+* Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers
+* Systemprogrammierung in Go; Frank Müller; dpunkt
+* DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible
 * Developing Games in Java; David Brackeen and others...; New Riders
+* Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner
+* Higher Order Perl; Mark Dominus; Morgan Kaufmann
+* DNS and BIND; Cricket Liu; O'Reilly
+* Java ist auch eine Insel; Christian Ullenboom; 
+* The Pragmatic Programmer; David Thomas; Addison-Wesley
+* Terraform Cookbook; Mikael Krief; Packt Publishing
 * Concurrency in Go; Katherine Cox-Buday; O'Reilly
+* Data Science at the Command Line; Jeroen Janssens; O'Reilly
+* Ultimate Go Notebook; Bill Kennedy
 * Leanring eBPF; Liz Rice; O'Reilly
-* Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications
-* Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly
-* Effective awk programming; Arnold Robbins; O'Reilly
+* Site Reliability Engineering; How Google runs production systems; O'Reilly
 * Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly
-* Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner
-* 97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly
-* Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson
-* The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress
 * Seeking SRE: Conversations About Running Production Systems at Scale; David N. Blank-Edelman; eBook
-* Terraform Cookbook; Mikael Krief; Packt Publishing
-* Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press
-* Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt 
-* Pro Puppet; James Turnbull, Jeffrey McCune; Apress
-* Raku Recipes; J.J. Merelo; Apress
-* Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers 
+* The Kubernetes Book; Nigel Poulton; Unabridged Audiobook
 
 ## Technical references
 
 I didn't read them from the beginning to the end, but I am using them to look up things. The books are in random order:
 
-* Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley
-* BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley
 * The Linux Programming Interface; Michael Kerrisk; No Starch Press 
-* Implementing Service Level Objectives; Alex Hidalgo; O'Reilly
 * Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O'Reilly
 * Go: Design Patterns for Real-World Projects; Mat Ryer; Packt
-* Relayd and Httpd Mastery; Michael W Lucas
+* BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley
 * Groovy Kurz & Gut; Joerg Staudemeier; O'Reilly
+* Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley
+* Implementing Service Level Objectives; Alex Hidalgo; O'Reilly
+* Relayd and Httpd Mastery; Michael W Lucas
 
 ## Self-development and soft-skills books
 
 In random order:
 
-* Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press
-* Psycho-Cybernetics; Maxwell Maltz; Perigee Books
-* Eat That Frog!; Brian Tracy; Hodder Paperbacks
-* Solve for Happy; Mo Gawdat (RE-READ 1ST TIME)
-* Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion
-* The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books
-* Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook
-* Atomic Habits; James Clear; Random House Business
-* The Joy of Missing Out; Christina Crook; New Society Publishers
+* Slow Productivity; Cal Newport; Penguin Random House
+* Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing
+* Deep Work; Cal Newport; Piatkus
 * So Good They Can't Ignore You; Cal Newport; Business Plus
+* The Bullet Journal Method; Ryder Carroll; Fourth Estate
 * Soft Skills; John Sommez; Manning Publications
-* The Good Enough Job; Simone Stolzoff; Ebury Edge
-* Never Split the Difference; Chris Voss, Tahl Raz; Random House Business
-* The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd
-* Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne
+* Digital Minimalism; Cal Newport; Portofolio Penguin
+* The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select
+* The Courage to Be Disliked; Ichiro Kishimi and Fumitake Koga; Audiobook
 * The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK
-* The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook
-* The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME)
-* The Bullet Journal Method; Ryder Carroll; Fourth Estate
+* 101 Essays that change the way you think; Brianna Wiest; Audiobook
 * Ultralearning; Scott Young; Thorsons
+* Never Split the Difference; Chris Voss, Tahl Raz; Random House Business
 * The Power of Now; Eckhard Tolle; Yellow Kite
-* Meditation for Mortals, Oliver Burkeman, Audiobook
-* Slow Productivity; Cal Newport; Penguin Random House
-* The Courage to Be Disliked; Ichiro Kishimi and Fumitake Koga; Audiobook
-* Deep Work; Cal Newport; Piatkus
-* Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing
-* Digital Minimalism; Cal Newport; Portofolio Penguin
-* The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select
-* Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly
-* Coders at Work - Reflections on the craft of programming, Peter Seibel and Mitchell Dorian et al., Audiobook
-* Eat That Frog; Brian Tracy
-* Influence without Authority; A. Cohen, D. Bradford; Wiley
-* 97 Things Every Engineering Manager Should Know; Camille Fournier; Audiobook
 * Ultralearning; Anna Laurent; Self-published via Amazon
-* 101 Essays that change the way you think; Brianna Wiest; Audiobook
+* The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME)
+* The Joy of Missing Out; Christina Crook; New Society Publishers
+* Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook
+* The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook
 * Getting Things Done; David Allen
+* Coders at Work - Reflections on the craft of programming, Peter Seibel and Mitchell Dorian et al., Audiobook
+* The Good Enough Job; Simone Stolzoff; Ebury Edge
+* Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press
+* Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne
 * Stop starting, start finishing; Arne Roock; Lean-Kanban University  
+* Atomic Habits; James Clear; Random House Business
+* Meditation for Mortals, Oliver Burkeman, Audiobook
 * The Software Engineer's Guidebook: Navigating senior, tech lead, and staff engineer positions at tech companies and startups; Gergely Orosz; Audiobook 
+* Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion
+* Psycho-Cybernetics; Maxwell Maltz; Perigee Books
+* The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd
+* Eat That Frog!; Brian Tracy; Hodder Paperbacks
+* Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly
+* Influence without Authority; A. Cohen, D. Bradford; Wiley
+* 97 Things Every Engineering Manager Should Know; Camille Fournier; Audiobook
+* Solve for Happy; Mo Gawdat (RE-READ 1ST TIME)
+* The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books
+* Eat That Frog; Brian Tracy
 
 => ../notes/index.gmi Here are notes of mine for some of the books
 
@@ -146,30 +146,30 @@ In random order:
 
 Some of these were in-person with exams; others were online learning lectures only. In random order:
 
-* Structure and Interpretation of Computer Programs; Harold Abelson and more...; 
-* F5 Loadbalancers Training; 2-day on-site training; F5, Inc. 
-* Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon
+* Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online
 * Linux Security and Isolation APIs Training; Michael Kerrisk; 3-day on-site training
-* The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online
-* Developing IaC with Terraform (with Live Lessons); O'Reilly Online
 * MySQL Deep Dive Workshop; 2-day on-site training
-* AWS Immersion Day; Amazon; 1-day interactive online training 
-* Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)
-* Apache Tomcat Best Practises; 3-day on-site training
-* The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online
 * Protocol buffers; O'Reilly Online
-* Ultimate Go Programming; Bill Kennedy; O'Reilly Online
-* Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online
 * Functional programming lecture; Remote University of Hagen
+* Structure and Interpretation of Computer Programs; Harold Abelson and more...; 
+* The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online
+* The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online
+* Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon
 * Scripting Vim; Damian Conway; O'Reilly Online
+* Ultimate Go Programming; Bill Kennedy; O'Reilly Online
+* F5 Loadbalancers Training; 2-day on-site training; F5, Inc. 
+* Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)
+* Apache Tomcat Best Practises; 3-day on-site training
+* AWS Immersion Day; Amazon; 1-day interactive online training 
+* Developing IaC with Terraform (with Live Lessons); O'Reilly Online
 
 ## Technical guides
 
 These are not whole books, but guides (smaller or larger) which I found very useful. in random order:
 
 * How CPUs work at https://cpu.land
-* Raku Guide at https://raku.guide  
 * Advanced Bash-Scripting Guide 
+* Raku Guide at https://raku.guide  
 
 ## Podcasts
 
@@ -177,49 +177,49 @@ These are not whole books, but guides (smaller or larger) which I found very use
 
 In random order:
 
-* Pratical AI
-* Modern Mentor
-* Backend Banter
 * Maintainable
-* The Pragmatic Engineer Podcast
 * Fork Around And Find Out
-* Hidden Brain
-* BSD Now [BSD]
-* Deep Questions with Cal Newport
-* Cup o' Go [Golang]
 * The ProdCast (Google SRE Podcast)
 * Wednesday Wisdom
-* The Changelog Podcast(s)
-* Fallthrough [Golang]
+* Backend Banter
+* Hidden Brain
 * Dev Interrupted
+* Cup o' Go [Golang]
+* Pratical AI
+* The Pragmatic Engineer Podcast
+* Fallthrough [Golang]
+* Deep Questions with Cal Newport
+* BSD Now [BSD]
+* Modern Mentor
+* The Changelog Podcast(s)
 
 ### Podcasts I liked
 
 I liked them but am not listening to them anymore. The podcasts have either "finished" (no more episodes) or I stopped listening to them due to time constraints or a shift in my interests.
 
-* CRE: Chaosradio Express [german]
-* FLOSS weekly
 * Java Pub House
 * Ship It (predecessor of Fork Around And Find Out)
-* Go Time (predecessor of fallthrough)
 * Modern Mentor
+* Go Time (predecessor of fallthrough)
+* FLOSS weekly
+* CRE: Chaosradio Express [german]
 
 ## Newsletters I like
 
 This is a mix of tech and non-tech newsletters I am subscribed to. In random order:
 
-* Register Spill
-* The Pragmatic Engineer
-* Golang Weekly
-* Applied Go Weekly Newsletter
-* byteSizeGo
-* Changelog News
-* Andreas Brandhorst Newsletter (Sci-Fi author)
-* Ruby Weekly
 * The Imperfectionist
+* Ruby Weekly
+* The Pragmatic Engineer
+* Register Spill
 * VK Newsletter
+* byteSizeGo
 * Monospace Mentor
+* Andreas Brandhorst Newsletter (Sci-Fi author)
+* Applied Go Weekly Newsletter
+* Changelog News
 * The Valuable Dev
+* Golang Weekly
 
 ## Magazines I like(d)
 
diff --git a/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.gmi b/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.gmi
index 7b0fd9fe..989eb03a 100644
--- a/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.gmi
+++ b/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.gmi
@@ -54,13 +54,9 @@ Let's begin...
 * ⇢ ⇢ ⇢ Manual OpenBSD interface configuration
 * ⇢ ⇢ ⇢ Verifying dual-stack connectivity
 * ⇢ ⇢ ⇢ Benefits of dual-stack
-* ⇢ ⇢ Manual gateway failover for roaming clients
-* ⇢ ⇢ ⇢ Configuration files for pixel7pro (phone)
-* ⇢ ⇢ ⇢ Configuration files for earth (laptop)
-* ⇢ ⇢ ⇢ Using manual failover on Android
-* ⇢ ⇢ ⇢ Using manual failover on Linux
 * ⇢ ⇢ Happy WireGuard-ing
 * ⇢ ⇢ Managing Roaming Client Tunnels
+* ⇢ ⇢ ⇢ Manual gateway failover configuration
 * ⇢ ⇢ ⇢ Starting and stopping on earth (Fedora laptop)
 * ⇢ ⇢ ⇢ Starting and stopping on pixel7pro (Android phone)
 * ⇢ ⇢ ⇢ Verifying connectivity
@@ -517,9 +513,40 @@ hosts:
     exclude_peers:
       - earth
       - pixel7pro
-  # f1 and f2 similarly configured with exclude_peers for roaming clients
-  # (full config omitted for brevity)
-  ...
+  f1:
+    os: FreeBSD
+    ssh:
+      user: paul
+      conf_dir: /usr/local/etc/wireguard
+      sudo_cmd: doas
+      reload_cmd: service wireguard reload
+    lan:
+      domain: 'lan.buetow.org'
+      ip: '192.168.1.131'
+    wg0:
+      domain: 'wg0.wan.buetow.org'
+      ip: '192.168.2.131'
+      ipv6: 'fd42:beef:cafe:2::131'
+    exclude_peers:
+      - earth
+      - pixel7pro
+  f2:
+    os: FreeBSD
+    ssh:
+      user: paul
+      conf_dir: /usr/local/etc/wireguard
+      sudo_cmd: doas
+      reload_cmd: service wireguard reload
+    lan:
+      domain: 'lan.buetow.org'
+      ip: '192.168.1.132'
+    wg0:
+      domain: 'wg0.wan.buetow.org'
+      ip: '192.168.2.132'
+      ipv6: 'fd42:beef:cafe:2::132'
+    exclude_peers:
+      - earth
+      - pixel7pro
   r0:
     os: Linux
     ssh:
@@ -537,8 +564,40 @@ hosts:
     exclude_peers:
       - earth
       - pixel7pro
-  # r1 and r2 similarly configured
-  ...
+  r1:
+    os: Linux
+    ssh:
+      user: root
+      conf_dir: /etc/wireguard
+      sudo_cmd:
+      reload_cmd: systemctl reload wg-quick@wg0.service
+    lan:
+      domain: 'lan.buetow.org'
+      ip: '192.168.1.121'
+    wg0:
+      domain: 'wg0.wan.buetow.org'
+      ip: '192.168.2.121'
+      ipv6: 'fd42:beef:cafe:2::121'
+    exclude_peers:
+      - earth
+      - pixel7pro
+  r2:
+    os: Linux
+    ssh:
+      user: root
+      conf_dir: /etc/wireguard
+      sudo_cmd:
+      reload_cmd: systemctl reload wg-quick@wg0.service
+    lan:
+      domain: 'lan.buetow.org'
+      ip: '192.168.1.122'
+    wg0:
+      domain: 'wg0.wan.buetow.org'
+      ip: '192.168.2.122'
+      ipv6: 'fd42:beef:cafe:2::122'
+    exclude_peers:
+      - earth
+      - pixel7pro
   blowfish:
     os: OpenBSD
     ssh:
@@ -1012,7 +1071,7 @@ up
 !/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf
 ```
 
-**Important**: The IPv6 address must be specified before the `up` directive. This ensures the interface has both addresses configured before WireGuard peers are loaded.
+Important: The IPv6 address must be specified before the `up` directive. This ensures the interface has both addresses configured before WireGuard peers are loaded.
 
 Apply the configuration:
 
@@ -1047,61 +1106,10 @@ The dual-stack configuration is backward compatible—hosts without the `ipv6` f
 
 Adding IPv6 to the mesh network provides:
 
-* **Future-proofing**: Ready for IPv6-only services and networks
-* **Compatibility**: Dual-stack maintains full IPv4 compatibility
-* **Learning**: Hands-on experience with IPv6 networking
-* **Flexibility**: Roaming clients can access both IPv4 and IPv6 internet resources
-
-## Manual gateway failover for roaming clients
-
-WireGuard doesn't automatically failover between multiple peers with identical `AllowedIPs` routes. When both gateways (blowfish and fishfinger) are configured with `AllowedIPs = 0.0.0.0/0, ::/0`, WireGuard uses the first peer with a recent handshake. If that gateway goes down, traffic won't automatically switch to the backup.
-
-To enable manual failover, separate configuration files have been created for roaming clients (earth laptop and pixel7pro phone), each containing only a single gateway peer.
-
-### Configuration files for pixel7pro (phone)
-
-Two separate configs in `/home/paul/git/wireguardmeshgenerator/dist/pixel7pro/etc/wireguard/`:
-
-* **wg0-blowfish.conf** - Routes all traffic through blowfish gateway (23.88.35.144)
-* **wg0-fishfinger.conf** - Routes all traffic through fishfinger gateway (46.23.94.99)
-
-### Configuration files for earth (laptop)
-
-Two separate configs in `/home/paul/git/wireguardmeshgenerator/dist/earth/etc/wireguard/`:
-
-* **wg0-blowfish.conf** - Routes all traffic through blowfish gateway
-* **wg0-fishfinger.conf** - Routes all traffic through fishfinger gateway
-
-### Using manual failover on Android
-
-On the pixel7pro phone, import both QR codes using the WireGuard app to create two separate tunnel profiles:
-
-```sh
-# Generate QR codes
-qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg0-blowfish.conf
-qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg0-fishfinger.conf
-```
-
-In the WireGuard app, you can then manually enable/disable each tunnel to select which gateway to use. Only enable one tunnel at a time.
-
-### Using manual failover on Linux
-
-On the earth laptop, copy both configs and use systemd to switch between them:
-
-```sh
-# Install both configurations
-sudo cp dist/earth/etc/wireguard/wg0-blowfish.conf /etc/wireguard/
-sudo cp dist/earth/etc/wireguard/wg0-fishfinger.conf /etc/wireguard/
-
-# Start with blowfish gateway
-sudo systemctl start wg-quick@wg0-blowfish.service
-
-# To switch to fishfinger gateway
-sudo systemctl stop wg-quick@wg0-blowfish.service
-sudo systemctl start wg-quick@wg0-fishfinger.service
-```
-
-This approach provides explicit control over which gateway handles roaming client traffic, useful when one gateway needs maintenance or experiences connectivity issues.
+* Future-proofing: Ready for IPv6-only services and networks
+* Compatibility: Dual-stack maintains full IPv4 compatibility
+* Learning: Hands-on experience with IPv6 networking
+* Flexibility: Roaming clients can access both IPv4 and IPv6 internet resources
 
 ## Happy WireGuard-ing
 
@@ -1283,14 +1291,58 @@ peer: 2htXdNcxzpI2FdPDJy4T4VGtm1wpMEQu1AkQHjNY6F8=
 
 ## Managing Roaming Client Tunnels
 
-Since roaming clients like `earth` and `pixel7pro` connect on-demand rather than being always-on like the infrastructure hosts, it's useful to know how to start and stop the WireGuard tunnels.
+Since roaming clients like `earth` and `pixel7pro` connect on-demand rather than being always-on like the infrastructure hosts, it's useful to know how to configure and manage the WireGuard tunnels.
+
+### Manual gateway failover configuration
+
+The default configuration for roaming clients includes both gateways (blowfish and fishfinger) with `AllowedIPs = 0.0.0.0/0, ::/0`. However, WireGuard doesn't automatically failover between multiple peers with identical `AllowedIPs` routes. When both gateways are configured this way, WireGuard uses the first peer with a recent handshake. If that gateway goes down, traffic won't automatically switch to the backup gateway.
+
+To enable manual failover, separate configuration files can be created for roaming clients (earth laptop and pixel7pro phone), each containing only a single gateway peer. This provides explicit control over which gateway handles traffic.
+
+Configuration files for pixel7pro (phone):
+
+Two separate configs in `/home/paul/git/wireguardmeshgenerator/dist/pixel7pro/etc/wireguard/`:
+
+* wg0-blowfish.conf - Routes all traffic through blowfish gateway (23.88.35.144)
+* wg0-fishfinger.conf - Routes all traffic through fishfinger gateway (46.23.94.99)
+
+Generate QR codes for importing into the WireGuard Android app:
+
+```sh
+qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg0-blowfish.conf
+qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg0-fishfinger.conf
+```
+
+Import both QR codes using the WireGuard app to create two separate tunnel profiles. You can then manually enable/disable each tunnel to select which gateway to use. Only enable one tunnel at a time.
+
+Configuration files for earth (laptop):
+
+Two separate configs in `/home/paul/git/wireguardmeshgenerator/dist/earth/etc/wireguard/`:
+
+* wg0-blowfish.conf - Routes all traffic through blowfish gateway
+* wg0-fishfinger.conf - Routes all traffic through fishfinger gateway
+
+Install both configurations:
+
+```sh
+sudo cp dist/earth/etc/wireguard/wg0-blowfish.conf /etc/wireguard/
+sudo cp dist/earth/etc/wireguard/wg0-fishfinger.conf /etc/wireguard/
+```
+
+This approach provides explicit control over which gateway handles roaming client traffic, useful when one gateway needs maintenance or experiences connectivity issues.
 
 ### Starting and stopping on earth (Fedora laptop)
 
-On the Fedora laptop, WireGuard is managed via systemd. Starting the tunnel:
+On the Fedora laptop, WireGuard is managed via systemd. Using the separate gateway configs:
 
 ```sh
-earth$ sudo systemctl start wg-quick@wg0.service
+# Start with blowfish gateway
+earth$ sudo systemctl start wg-quick@wg0-blowfish.service
+
+# Or start with fishfinger gateway
+earth$ sudo systemctl start wg-quick@wg0-fishfinger.service
+
+# Check tunnel status
 earth$ sudo wg show
 interface: wg0
   public key: Mc1CpSS3rbLN9A2w9c75XugQyXUkGPHKI2iCGbh8DRo=
@@ -1315,36 +1367,38 @@ peer: Xow+d3qVXgUMk4pcRSQ6Fe+vhYBa3VDyHX/4jrGoKns=
   persistent keepalive: every 25 seconds
 ```
 
-Stoppint the tunnel:
+Stopping the tunnel:
 
 ```sh
-earth$ sudo systemctl stop wg-quick@wg0.service
+earth$ sudo systemctl stop wg-quick@wg0-blowfish.service
+# Or if using fishfinger:
+earth$ sudo systemctl stop wg-quick@wg0-fishfinger.service
+
 earth$ sudo wg show
 # No output - WireGuard interface is down
 ```
 
-Checking the tunnel status:
+Switching between gateways:
 
 ```sh
-earth$ sudo systemctl status wg-quick@wg0.service
-● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
-     Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; disabled)
-     Active: active (exited) since Sun 2026-01-11 22:45:00 EET
+# Switch from blowfish to fishfinger
+earth$ sudo systemctl stop wg-quick@wg0-blowfish.service
+earth$ sudo systemctl start wg-quick@wg0-fishfinger.service
 ```
 
-The service remains `disabled` to prevent auto-start on boot, allowing manual control of when the VPN is active.
+The services remain `disabled` to prevent auto-start on boot, allowing manual control of when the VPN is active and which gateway to use.
 
 ### Starting and stopping on pixel7pro (Android phone)
 
-On Android using the official WireGuard app, tunnel management is like this:
+On Android using the official WireGuard app, you now have two tunnel profiles (wg0-blowfish and wg0-fishfinger) after importing the QR codes:
 
-Starting the tunnel:
+Starting a tunnel:
 
 * 1. Open the WireGuard app
-* 2. Tap the toggle switch next to the `pixel7pro` tunnel configuration
+* 2. Tap the toggle switch next to either `wg0-blowfish` or `wg0-fishfinger` tunnel configuration
 * 3. The switch turns blue/green and shows "Active"
 * 4. A key icon appears in the notification bar indicating VPN is active
-* 5. All traffic now routes through the VPN
+* 5. All traffic now routes through the selected gateway
 
 Stopping the tunnel:
 
@@ -1354,6 +1408,12 @@ Stopping the tunnel:
 * 4. The notification bar key icon disappears
 * 5. Normal internet routing resumes
 
+Switching between gateways:
+
+* 1. Disable the currently active tunnel (e.g., wg0-blowfish)
+* 2. Enable the other tunnel (e.g., wg0-fishfinger)
+* Only enable one tunnel at a time
+
 Quick toggling from notification:
 
 * Pull down the notification shade
@@ -1378,7 +1438,7 @@ earth$ ping -c2 fishfinger.wg0
 earth$ curl https://ifconfig.me  # Should show gateway's public IP
 ```
 
-Check which gateway is active: The device will typically prefer one gateway (usually the first one with a successful handshake). To see which gateway is actively routing traffic, check the transfer statistics with `sudo wg show` on earth, or observe which gateway shows recent handshakes and increasing transfer bytes.
+Check which gateway is active: Check the transfer statistics with `sudo wg show` on earth to see which peer shows recent handshakes and increasing transfer bytes. On Android, the WireGuard app shows the active tunnel with data transfer statistics.
 
 ## Conclusion
 
diff --git a/gemfeed/atom.xml b/gemfeed/atom.xml
index 3f3cff03..1941776e 100644
--- a/gemfeed/atom.xml
+++ b/gemfeed/atom.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <feed xmlns="http://www.w3.org/2005/Atom">
-    <updated>2026-01-17T00:03:44+02:00</updated>
+    <updated>2026-01-17T00:15:15+02:00</updated>
     <title>foo.zone feed</title>
     <subtitle>To be in the .zone!</subtitle>
     <link href="gemini://foo.zone/gemfeed/atom.xml" rel="self" />
@@ -9632,13 +9632,9 @@ Jul <font color="#000000">06</font> <font color="#000000">10</font>:<font color=
 <li>⇢ ⇢ <a href='#manual-openbsd-interface-configuration'>Manual OpenBSD interface configuration</a></li>
 <li>⇢ ⇢ <a href='#verifying-dual-stack-connectivity'>Verifying dual-stack connectivity</a></li>
 <li>⇢ ⇢ <a href='#benefits-of-dual-stack'>Benefits of dual-stack</a></li>
-<li>⇢ <a href='#manual-gateway-failover-for-roaming-clients'>Manual gateway failover for roaming clients</a></li>
-<li>⇢ ⇢ <a href='#configuration-files-for-pixel7pro-phone'>Configuration files for pixel7pro (phone)</a></li>
-<li>⇢ ⇢ <a href='#configuration-files-for-earth-laptop'>Configuration files for earth (laptop)</a></li>
-<li>⇢ ⇢ <a href='#using-manual-failover-on-android'>Using manual failover on Android</a></li>
-<li>⇢ ⇢ <a href='#using-manual-failover-on-linux'>Using manual failover on Linux</a></li>
 <li>⇢ <a href='#happy-wireguard-ing'>Happy WireGuard-ing</a></li>
 <li>⇢ <a href='#managing-roaming-client-tunnels'>Managing Roaming Client Tunnels</a></li>
+<li>⇢ ⇢ <a href='#manual-gateway-failover-configuration'>Manual gateway failover configuration</a></li>
 <li>⇢ ⇢ <a href='#starting-and-stopping-on-earth-fedora-laptop'>Starting and stopping on earth (Fedora laptop)</a></li>
 <li>⇢ ⇢ <a href='#starting-and-stopping-on-pixel7pro-android-phone'>Starting and stopping on pixel7pro (Android phone)</a></li>
 <li>⇢ ⇢ <a href='#verifying-connectivity'>Verifying connectivity</a></li>
@@ -10139,9 +10135,40 @@ hosts:
     exclude_peers:
       - earth
       - pixel7pro
-  # f1 and f2 similarly configured with exclude_peers for roaming clients
-  # (full config omitted for brevity)
-  ...
+  f1:
+    os: FreeBSD
+    ssh:
+      user: paul
+      conf_dir: /usr/local/etc/wireguard
+      sudo_cmd: doas
+      reload_cmd: service wireguard reload
+    lan:
+      domain: &#39;lan.buetow.org&#39;
+      ip: &#39;192.168.1.131&#39;
+    wg0:
+      domain: &#39;wg0.wan.buetow.org&#39;
+      ip: &#39;192.168.2.131&#39;
+      ipv6: &#39;fd42:beef:cafe:2::131&#39;
+    exclude_peers:
+      - earth
+      - pixel7pro
+  f2:
+    os: FreeBSD
+    ssh:
+      user: paul
+      conf_dir: /usr/local/etc/wireguard
+      sudo_cmd: doas
+      reload_cmd: service wireguard reload
+    lan:
+      domain: &#39;lan.buetow.org&#39;
+      ip: &#39;192.168.1.132&#39;
+    wg0:
+      domain: &#39;wg0.wan.buetow.org&#39;
+      ip: &#39;192.168.2.132&#39;
+      ipv6: &#39;fd42:beef:cafe:2::132&#39;
+    exclude_peers:
+      - earth
+      - pixel7pro
   r0:
     os: Linux
     ssh:
@@ -10159,8 +10186,40 @@ hosts:
     exclude_peers:
       - earth
       - pixel7pro
-  # r1 and r2 similarly configured
-  ...
+  r1:
+    os: Linux
+    ssh:
+      user: root
+      conf_dir: /etc/wireguard
+      sudo_cmd:
+      reload_cmd: systemctl reload wg-quick@wg0.service
+    lan:
+      domain: &#39;lan.buetow.org&#39;
+      ip: &#39;192.168.1.121&#39;
+    wg0:
+      domain: &#39;wg0.wan.buetow.org&#39;
+      ip: &#39;192.168.2.121&#39;
+      ipv6: &#39;fd42:beef:cafe:2::121&#39;
+    exclude_peers:
+      - earth
+      - pixel7pro
+  r2:
+    os: Linux
+    ssh:
+      user: root
+      conf_dir: /etc/wireguard
+      sudo_cmd:
+      reload_cmd: systemctl reload wg-quick@wg0.service
+    lan:
+      domain: &#39;lan.buetow.org&#39;
+      ip: &#39;192.168.1.122&#39;
+    wg0:
+      domain: &#39;wg0.wan.buetow.org&#39;
+      ip: &#39;192.168.2.122&#39;
+      ipv6: &#39;fd42:beef:cafe:2::122&#39;
+    exclude_peers:
+      - earth
+      - pixel7pro
   blowfish:
     os: OpenBSD
     ssh:
@@ -10669,7 +10728,7 @@ up
 !/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf
 </pre>
 <br />
-<span>**Important**: The IPv6 address must be specified before the <span class='inlinecode'>up</span> directive. This ensures the interface has both addresses configured before WireGuard peers are loaded.</span><br />
+<span>Important: The IPv6 address must be specified before the <span class='inlinecode'>up</span> directive. This ensures the interface has both addresses configured before WireGuard peers are loaded.</span><br />
 <br />
 <span>Apply the configuration:</span><br />
 <br />
@@ -10711,70 +10770,11 @@ root@r0:~ <i><font color="silver"># ping6 -c 2 fd42:beef:cafe:2::130  # IPv6 to
 <span>Adding IPv6 to the mesh network provides:</span><br />
 <br />
 <ul>
-<li>**Future-proofing**: Ready for IPv6-only services and networks</li>
-<li>**Compatibility**: Dual-stack maintains full IPv4 compatibility</li>
-<li>**Learning**: Hands-on experience with IPv6 networking</li>
-<li>**Flexibility**: Roaming clients can access both IPv4 and IPv6 internet resources</li>
-</ul><br />
-<h2 style='display: inline' id='manual-gateway-failover-for-roaming-clients'>Manual gateway failover for roaming clients</h2><br />
-<br />
-<span>WireGuard doesn&#39;t automatically failover between multiple peers with identical <span class='inlinecode'>AllowedIPs</span> routes. When both gateways (blowfish and fishfinger) are configured with <span class='inlinecode'>AllowedIPs = 0.0.0.0/0, ::/0</span>, WireGuard uses the first peer with a recent handshake. If that gateway goes down, traffic won&#39;t automatically switch to the backup.</span><br />
-<br />
-<span>To enable manual failover, separate configuration files have been created for roaming clients (earth laptop and pixel7pro phone), each containing only a single gateway peer.</span><br />
-<br />
-<h3 style='display: inline' id='configuration-files-for-pixel7pro-phone'>Configuration files for pixel7pro (phone)</h3><br />
-<br />
-<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/pixel7pro/etc/wireguard/</span>:</span><br />
-<br />
-<ul>
-<li>**wg0-blowfish.conf** - Routes all traffic through blowfish gateway (23.88.35.144)</li>
-<li>**wg0-fishfinger.conf** - Routes all traffic through fishfinger gateway (46.23.94.99)</li>
+<li>Future-proofing: Ready for IPv6-only services and networks</li>
+<li>Compatibility: Dual-stack maintains full IPv4 compatibility</li>
+<li>Learning: Hands-on experience with IPv6 networking</li>
+<li>Flexibility: Roaming clients can access both IPv4 and IPv6 internet resources</li>
 </ul><br />
-<h3 style='display: inline' id='configuration-files-for-earth-laptop'>Configuration files for earth (laptop)</h3><br />
-<br />
-<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/earth/etc/wireguard/</span>:</span><br />
-<br />
-<ul>
-<li>**wg0-blowfish.conf** - Routes all traffic through blowfish gateway</li>
-<li>**wg0-fishfinger.conf** - Routes all traffic through fishfinger gateway</li>
-</ul><br />
-<h3 style='display: inline' id='using-manual-failover-on-android'>Using manual failover on Android</h3><br />
-<br />
-<span>On the pixel7pro phone, import both QR codes using the WireGuard app to create two separate tunnel profiles:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre><i><font color="silver"># Generate QR codes</font></i>
-qrencode -t ansiutf8 &lt; dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf
-qrencode -t ansiutf8 &lt; dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf
-</pre>
-<br />
-<span>In the WireGuard app, you can then manually enable/disable each tunnel to select which gateway to use. Only enable one tunnel at a time.</span><br />
-<br />
-<h3 style='display: inline' id='using-manual-failover-on-linux'>Using manual failover on Linux</h3><br />
-<br />
-<span>On the earth laptop, copy both configs and use systemd to switch between them:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre><i><font color="silver"># Install both configurations</font></i>
-sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf /etc/wireguard/
-sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf /etc/wireguard/
-
-<i><font color="silver"># Start with blowfish gateway</font></i>
-sudo systemctl start wg-quick@wg0-blowfish.service
-
-<i><font color="silver"># To switch to fishfinger gateway</font></i>
-sudo systemctl stop wg-quick@wg0-blowfish.service
-sudo systemctl start wg-quick@wg0-fishfinger.service
-</pre>
-<br />
-<span>This approach provides explicit control over which gateway handles roaming client traffic, useful when one gateway needs maintenance or experiences connectivity issues.</span><br />
-<br />
 <h2 style='display: inline' id='happy-wireguard-ing'>Happy WireGuard-ing</h2><br />
 <br />
 <span>All is set up now. E.g. on <span class='inlinecode'>f0</span>:</span><br />
@@ -10964,17 +10964,69 @@ peer: 2htXdNcxzpI2FdPDJy4T4VGtm1wpMEQu1AkQHjNY6F8=
 <br />
 <h2 style='display: inline' id='managing-roaming-client-tunnels'>Managing Roaming Client Tunnels</h2><br />
 <br />
-<span>Since roaming clients like <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span> connect on-demand rather than being always-on like the infrastructure hosts, it&#39;s useful to know how to start and stop the WireGuard tunnels.</span><br />
+<span>Since roaming clients like <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span> connect on-demand rather than being always-on like the infrastructure hosts, it&#39;s useful to know how to configure and manage the WireGuard tunnels.</span><br />
+<br />
+<h3 style='display: inline' id='manual-gateway-failover-configuration'>Manual gateway failover configuration</h3><br />
+<br />
+<span>The default configuration for roaming clients includes both gateways (blowfish and fishfinger) with <span class='inlinecode'>AllowedIPs = 0.0.0.0/0, ::/0</span>. However, WireGuard doesn&#39;t automatically failover between multiple peers with identical <span class='inlinecode'>AllowedIPs</span> routes. When both gateways are configured this way, WireGuard uses the first peer with a recent handshake. If that gateway goes down, traffic won&#39;t automatically switch to the backup gateway.</span><br />
+<br />
+<span>To enable manual failover, separate configuration files can be created for roaming clients (earth laptop and pixel7pro phone), each containing only a single gateway peer. This provides explicit control over which gateway handles traffic.</span><br />
+<br />
+<span>Configuration files for pixel7pro (phone):</span><br />
+<br />
+<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/pixel7pro/etc/wireguard/</span>:</span><br />
+<br />
+<ul>
+<li>wg0-blowfish.conf - Routes all traffic through blowfish gateway (23.88.35.144)</li>
+<li>wg0-fishfinger.conf - Routes all traffic through fishfinger gateway (46.23.94.99)</li>
+</ul><br />
+<span>Generate QR codes for importing into the WireGuard Android app:</span><br />
+<br />
+<!-- Generator: GNU source-highlight 3.1.9
+by Lorenzo Bettini
+http://www.lorenzobettini.it
+http://www.gnu.org/software/src-highlite -->
+<pre>qrencode -t ansiutf8 &lt; dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf
+qrencode -t ansiutf8 &lt; dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf
+</pre>
+<br />
+<span>Import both QR codes using the WireGuard app to create two separate tunnel profiles. You can then manually enable/disable each tunnel to select which gateway to use. Only enable one tunnel at a time.</span><br />
+<br />
+<span>Configuration files for earth (laptop):</span><br />
+<br />
+<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/earth/etc/wireguard/</span>:</span><br />
+<br />
+<ul>
+<li>wg0-blowfish.conf - Routes all traffic through blowfish gateway</li>
+<li>wg0-fishfinger.conf - Routes all traffic through fishfinger gateway</li>
+</ul><br />
+<span>Install both configurations:</span><br />
+<br />
+<!-- Generator: GNU source-highlight 3.1.9
+by Lorenzo Bettini
+http://www.lorenzobettini.it
+http://www.gnu.org/software/src-highlite -->
+<pre>sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf /etc/wireguard/
+sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf /etc/wireguard/
+</pre>
+<br />
+<span>This approach provides explicit control over which gateway handles roaming client traffic, useful when one gateway needs maintenance or experiences connectivity issues.</span><br />
 <br />
 <h3 style='display: inline' id='starting-and-stopping-on-earth-fedora-laptop'>Starting and stopping on earth (Fedora laptop)</h3><br />
 <br />
-<span>On the Fedora laptop, WireGuard is managed via systemd. Starting the tunnel:</span><br />
+<span>On the Fedora laptop, WireGuard is managed via systemd. Using the separate gateway configs:</span><br />
 <br />
 <!-- Generator: GNU source-highlight 3.1.9
 by Lorenzo Bettini
 http://www.lorenzobettini.it
 http://www.gnu.org/software/src-highlite -->
-<pre>earth$ sudo systemctl start wg-quick@wg0.service
+<pre><i><font color="silver"># Start with blowfish gateway</font></i>
+earth$ sudo systemctl start wg-quick@wg0-blowfish.service
+
+<i><font color="silver"># Or start with fishfinger gateway</font></i>
+earth$ sudo systemctl start wg-quick@wg0-fishfinger.service
+
+<i><font color="silver"># Check tunnel status</font></i>
 earth$ sudo wg show
 interface: wg0
   public key: Mc1CpSS3rbLN9A2w9c75XugQyXUkGPHKI2iCGbh8DRo=
@@ -10999,43 +11051,45 @@ peer: Xow+d3qVXgUMk4pcRSQ6Fe+vhYBa3VDyHX/4jrGoKns=
   persistent keepalive: every <font color="#000000">25</font> seconds
 </pre>
 <br />
-<span>Stoppint the tunnel:</span><br />
+<span>Stopping the tunnel:</span><br />
 <br />
 <!-- Generator: GNU source-highlight 3.1.9
 by Lorenzo Bettini
 http://www.lorenzobettini.it
 http://www.gnu.org/software/src-highlite -->
-<pre>earth$ sudo systemctl stop wg-quick@wg0.service
+<pre>earth$ sudo systemctl stop wg-quick@wg0-blowfish.service
+<i><font color="silver"># Or if using fishfinger:</font></i>
+earth$ sudo systemctl stop wg-quick@wg0-fishfinger.service
+
 earth$ sudo wg show
 <i><font color="silver"># No output - WireGuard interface is down</font></i>
 </pre>
 <br />
-<span>Checking the tunnel status:</span><br />
+<span>Switching between gateways:</span><br />
 <br />
 <!-- Generator: GNU source-highlight 3.1.9
 by Lorenzo Bettini
 http://www.lorenzobettini.it
 http://www.gnu.org/software/src-highlite -->
-<pre>earth$ sudo systemctl status wg-quick@wg0.service
-● wg-quick@wg0.service - WireGuard via wg-quick(<font color="#000000">8</font>) <b><u><font color="#000000">for</font></u></b> wg0
-     Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; disabled)
-     Active: active (exited) since Sun <font color="#000000">2026</font>-<font color="#000000">01</font>-<font color="#000000">11</font> <font color="#000000">22</font>:<font color="#000000">45</font>:<font color="#000000">00</font> EET
+<pre><i><font color="silver"># Switch from blowfish to fishfinger</font></i>
+earth$ sudo systemctl stop wg-quick@wg0-blowfish.service
+earth$ sudo systemctl start wg-quick@wg0-fishfinger.service
 </pre>
 <br />
-<span>The service remains <span class='inlinecode'>disabled</span> to prevent auto-start on boot, allowing manual control of when the VPN is active.</span><br />
+<span>The services remain <span class='inlinecode'>disabled</span> to prevent auto-start on boot, allowing manual control of when the VPN is active and which gateway to use.</span><br />
 <br />
 <h3 style='display: inline' id='starting-and-stopping-on-pixel7pro-android-phone'>Starting and stopping on pixel7pro (Android phone)</h3><br />
 <br />
-<span>On Android using the official WireGuard app, tunnel management is like this:</span><br />
+<span>On Android using the official WireGuard app, you now have two tunnel profiles (wg0-blowfish and wg0-fishfinger) after importing the QR codes:</span><br />
 <br />
-<span>Starting the tunnel:</span><br />
+<span>Starting a tunnel:</span><br />
 <br />
 <ul>
 <li>1. Open the WireGuard app</li>
-<li>2. Tap the toggle switch next to the <span class='inlinecode'>pixel7pro</span> tunnel configuration</li>
+<li>2. Tap the toggle switch next to either <span class='inlinecode'>wg0-blowfish</span> or <span class='inlinecode'>wg0-fishfinger</span> tunnel configuration</li>
 <li>3. The switch turns blue/green and shows "Active"</li>
 <li>4. A key icon appears in the notification bar indicating VPN is active</li>
-<li>5. All traffic now routes through the VPN</li>
+<li>5. All traffic now routes through the selected gateway</li>
 </ul><br />
 <span>Stopping the tunnel:</span><br />
 <br />
@@ -11046,6 +11100,13 @@ http://www.gnu.org/software/src-highlite -->
 <li>4. The notification bar key icon disappears</li>
 <li>5. Normal internet routing resumes</li>
 </ul><br />
+<span>Switching between gateways:</span><br />
+<br />
+<ul>
+<li>1. Disable the currently active tunnel (e.g., wg0-blowfish)</li>
+<li>2. Enable the other tunnel (e.g., wg0-fishfinger)</li>
+<li>Only enable one tunnel at a time</li>
+</ul><br />
 <span>Quick toggling from notification:</span><br />
 <br />
 <ul>
@@ -11075,7 +11136,7 @@ earth$ ping -c<font color="#000000">2</font> fishfinger.wg0
 earth$ curl https://ifconfig.me  <i><font color="silver"># Should show gateway's public IP</font></i>
 </pre>
 <br />
-<span>Check which gateway is active: The device will typically prefer one gateway (usually the first one with a successful handshake). To see which gateway is actively routing traffic, check the transfer statistics with <span class='inlinecode'>sudo wg show</span> on earth, or observe which gateway shows recent handshakes and increasing transfer bytes.</span><br />
+<span>Check which gateway is active: Check the transfer statistics with <span class='inlinecode'>sudo wg show</span> on earth to see which peer shows recent handshakes and increasing transfer bytes. On Android, the WireGuard app shows the active tunnel with data transfer statistics.</span><br />
 <br />
 <h2 style='display: inline' id='conclusion'>Conclusion</h2><br />
 <br />
diff --git a/index.gmi b/index.gmi
index dad505ed..109847a2 100644
--- a/index.gmi
+++ b/index.gmi
@@ -1,6 +1,6 @@
 # Hello!
 
-> This site was generated at 2026-01-17T00:03:44+02:00 by `Gemtexter`
+> This site was generated at 2026-01-17T00:15:15+02:00 by `Gemtexter`
 
 Welcome to the foo.zone!
 
diff --git a/uptime-stats.gmi b/uptime-stats.gmi
index fe548d7f..c68d8cf0 100644
--- a/uptime-stats.gmi
+++ b/uptime-stats.gmi
@@ -1,6 +1,6 @@
 # My machine uptime stats
 
-> This site was last updated at 2026-01-17T00:03:44+02:00
+> This site was last updated at 2026-01-17T00:15:15+02:00
 
 The following stats were collected via `uptimed` on all of my personal computers over many years and the output was generated by `guprecords`, the global uptime records stats analyser of mine.
 
-- 
cgit v1.2.3