1 files changed, 68 insertions, 8 deletions
diff --git a/JOURNAL.md b/JOURNAL.md
index 8792e4d..56de686 100644
--- a/JOURNAL.md
+++ b/JOURNAL.md
@@ -182,8 +182,6 @@ Detailed work :
     - New
         - Action : create dynamic enabled
         - Master Configuration : default-config
-- Add new dynamic cap1 interface to bridge
-(Same as above shown in first wifi configs on 2025-03-07)
 - Make the other VLANs show up through their respective wifi
     - Wireless -> CAPsMAN -> Datapaths
     - New
@@ -200,11 +198,73 @@ Detailed work :
     - default-config
         - slave configurations : user-config, guest-config
 
-unformatted gabble gooble that will be properly formated later i am too tiered :
 
-sign into the ap and reboot it
-enabled save channel selection to save time when ap reboots
-aksi ebavke bridge management of vlans setting thingy 
-if the ssids dont show immediatly thats okay btw, the mAP lite is a tiny device and it does frequency scanning for all ssids which takes quiete a while. had to wait like 5-10 minutes until all were there consistently
+## 2025-03-14
+Summary :  
+Spent alot of time figuring out why my site to site VPN wasnt working on my already present infra.
+Then spent some time actually getting the 
 
-test if it works and stuff
-\ No newline at end of file
+### Work done on MT RouterOS on hEX s board
+
+
+- Created two new WireGuard interfaces
+    - Interfaces -> WireGuard
+    - New
+        - Name : wg-v6
+        - Comment : reserved for future IPv6 testing
+    - New
+        - Name : wg-site-to-site
+        - Comment : site-to-site VPN interface
+        - Listen Port : 13331
+        - Private Key : <autogenerated>
+    - IP -> Addresses
+        - New
+            - Address : 10.99.99.4/24
+            - Interface : wg-site-to-site
+- Added wg-site-to-site interface to LAN interface list
+    - Interfaces -> Interface List
+    - New
+        - List : LAN
+        - Interface : wg-site-to-site
+- Added Peer for Main Site VPN Gateway
+    - Interfaces -> WireGuard -> Peers
+    - New
+        - Interface : wg-site-to-site
+        - Public Key : <public key of main sites interface>
+        - Allowed Address :
+            - 10.99.99.1/32
+            - 10.201.0.0/24
+            - 10.201.1.0/24
+        - Persistent Keepalive : 25
+- Added static routes to access main site VLANs
+    - IP -> Routes
+    - New
+        - Dst. Address : 10.0.0.0/8
+        - Gateway : 10.99.99.1
+
+### Work done on MT RouterOS on Main Site Router  
+
+
+- Added Peer for hEX S
+    - Interfaces -> WireGuard -> Peers
+    - New
+        - Interface : wg-site-to-site
+        - Public Key : <public key of remote branch>
+        - Allowed Address :
+            - 10.99.99.4/32
+            - 10.201.0.0/16
+            - 10.33.0.0/16
+            - 10.43.0.0/16
+            - (Add additional allowed networks here if needed)
+        - Persistent Keepalive : 25
+- Added static route to access it
+    - IP -> Routes
+    - New
+        - Dst. Address : 10.201.0.0/16
+        - Gateway : 10.99.99.4
+
+- End of Lesson
+    - Goals next lesson :
+        - Finish IPv6 WG Tunnel
+        - Firewall rules to block Guest to other Nets finally
+        - (Optional, maybe later) Captive Portal for Guest wifi
+\ No newline at end of file