diff --git a/feeds/ucentral/radius-gw-proxy/src/main.c b/feeds/ucentral/radius-gw-proxy/src/main.c
index d7511d856..b834f147a 100644
--- a/feeds/ucentral/radius-gw-proxy/src/main.c
+++ b/feeds/ucentral/radius-gw-proxy/src/main.c
@@ -23,6 +23,7 @@
 
 #define RAD_PROX_BUFLEN		(4 * 1024)
 
+#define TLV_NAS_IP		4
 #define TLV_PROXY_STATE		33
 
 struct radius_socket {
@@ -57,6 +58,7 @@ struct radius_proxy_state {
 
 static struct radius_socket *sock_auth;
 static struct radius_socket *sock_acct;
+static struct radius_socket *sock_dae;
 
 static int
 avl_memcmp(const void *k1, const void *k2, void *ptr)
@@ -134,6 +136,9 @@ radius_forward_gw(char *buf, enum socket_type type)
 	case RADIUS_ACCT:
 		blobmsg_add_string(&b, "radius", "acct");
 		break;
+	case RADIUS_DAS:
+		blobmsg_add_string(&b, "radius", "coa");
+		break;
 	default:
 		return;
 	}
@@ -154,6 +159,7 @@ radius_parse(char *buf, int len, int port, enum socket_type type, int tx)
 	char proxy_state_str[256] = {};
 	void *avp = hdr->avp;
 	int len_orig = ntohs(hdr->len);
+	uint8_t localhost[] = { 0x7f, 0, 0, 1 };
 
 	if (len_orig != len) {
 		ULOG_ERR("invalid header length, %d %d\n", len_orig, len);
@@ -175,11 +181,32 @@ radius_parse(char *buf, int len, int port, enum socket_type type, int tx)
 		if (tlv->id == TLV_PROXY_STATE)
 			proxy_state = tlv;
 
+		if (type == RADIUS_DAS && tlv->id == TLV_NAS_IP && tlv->len == 6)
+			memcpy(tlv->data, &localhost, 4);
+
 		printf("\tID:%d, len:%d\n", tlv->id, tlv->len);
 		avp += tlv->len;
 		len -= tlv->len;
 	}
 
+	if (type == RADIUS_DAS) {
+		if (tx) {
+			radius_forward_gw(buf, type);
+		} else {
+			struct sockaddr_in dest;
+
+			memset(&dest, 0, sizeof(dest));
+			dest.sin_family = AF_INET;
+			dest.sin_port = htons(3799);
+			inet_pton(AF_INET, "127.0.0.1", &(dest.sin_addr.s_addr));
+
+			if (sendto(sock_dae->fd.fd, buf, len_orig,
+				   MSG_DONTWAIT, (struct sockaddr*)&dest, sizeof(dest)) < 0)
+				ULOG_ERR("failed to deliver DAS frame to localhost\n");
+		}
+		return 0;
+	}
+
 	if (!proxy_state) {
 		ULOG_ERR("no proxy_state found\n");
 		return -1;
@@ -326,6 +353,7 @@ int main(int argc, char **argv)
 
 	sock_auth = sock_open("1812", RADIUS_AUTH);
 	sock_acct = sock_open("1813", RADIUS_ACCT);
+	sock_dae = sock_open("1814", RADIUS_DAS);
 
 	uloop_run();
 	uloop_end();
diff --git a/feeds/ucentral/radius-gw-proxy/src/ubus.c b/feeds/ucentral/radius-gw-proxy/src/ubus.c
index 020324cb8..14f1906b9 100644
--- a/feeds/ucentral/radius-gw-proxy/src/ubus.c
+++ b/feeds/ucentral/radius-gw-proxy/src/ubus.c
@@ -40,6 +40,8 @@ static int ubus_frame_cb(struct ubus_context *ctx,
 		type = RADIUS_AUTH;
 	else if (!strcmp(radius, "acct"))
 		type = RADIUS_ACCT;
+	else if (!strcmp(radius, "coa"))
+		type = RADIUS_DAS;
 	else
 		return UBUS_STATUS_INVALID_ARGUMENT;
 
diff --git a/feeds/ucentral/ucentral-schema/Makefile b/feeds/ucentral/ucentral-schema/Makefile
index 2a5b7b350..4b370bc09 100644
--- a/feeds/ucentral/ucentral-schema/Makefile
+++ b/feeds/ucentral/ucentral-schema/Makefile
@@ -4,10 +4,10 @@ PKG_NAME:=ucentral-schema
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-schema.git
-PKG_MIRROR_HASH:=7ec098910bf4969da8ceb0f04aacd8af1cb0657dfb105bc8a499b98407a2c406
+PKG_MIRROR_HASH:=3603ddd26026d3a5b0febe7fbae22fd28fd6d7370793ecf979561d8886be2af4
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2022-05-29
-PKG_SOURCE_VERSION:=fc8fdcfed71e31e6def4d57d57acb2fa38d70253
+PKG_SOURCE_VERSION:=9691cc6860c25ba7d62142846da44bd09c17acc0
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause
diff --git a/feeds/wifi-ax/hostapd/files/hostapd.sh b/feeds/wifi-ax/hostapd/files/hostapd.sh
index 9a517cf40..ba9cf8b64 100644
--- a/feeds/wifi-ax/hostapd/files/hostapd.sh
+++ b/feeds/wifi-ax/hostapd/files/hostapd.sh
@@ -355,6 +355,7 @@ hostapd_common_add_bss_config() {
 	config_add_int sae_pwe
 
 	config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
+	config_add_string owe_transition_ifname
 
 	config_add_boolean iw_enabled iw_internet iw_asra iw_esr iw_uesa
 	config_add_int iw_access_network_type iw_venue_group iw_venue_type
@@ -718,10 +719,11 @@ hostapd_set_bss_options() {
 
 	case "$auth_type" in
 		none|owe)
-			json_get_vars owe_transition_bssid owe_transition_ssid
+			json_get_vars owe_transition_bssid owe_transition_ssid owe_transition_ifname
 
 			[ -n "$owe_transition_ssid" ] && append bss_conf "owe_transition_ssid=\"$owe_transition_ssid\"" "$N"
 			[ -n "$owe_transition_bssid" ] && append bss_conf "owe_transition_bssid=$owe_transition_bssid" "$N"
+			[ -n "$owe_transition_ifname" ] && append bss_conf "owe_transition_ifname=$owe_transition_ifname" "$N"
 
 			wps_possible=1
 			# Here we make the assumption that if we're in open mode
diff --git a/feeds/wifi-ax/hostapd/patches/900-coa.patch b/feeds/wifi-ax/hostapd/patches/900-coa.patch
new file mode 100644
index 000000000..a46ec8212
--- /dev/null
+++ b/feeds/wifi-ax/hostapd/patches/900-coa.patch
@@ -0,0 +1,24 @@
+Index: hostapd-2021-02-20-59e9794c/src/radius/radius_das.c
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius_das.c
++++ hostapd-2021-02-20-59e9794c/src/radius/radius_das.c
+@@ -48,6 +48,8 @@ static struct radius_msg * radius_das_di
+ 		RADIUS_ATTR_EVENT_TIMESTAMP,
+ 		RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
+ 		RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
++		RADIUS_ATTR_VENDOR_SPECIFIC,
++		RADIUS_ATTR_CALLED_STATION_ID,
+ #ifdef CONFIG_IPV6
+ 		RADIUS_ATTR_NAS_IPV6_ADDRESS,
+ #endif /* CONFIG_IPV6 */
+@@ -205,9 +207,8 @@ static struct radius_msg * radius_das_co
+ 		RADIUS_ATTR_EVENT_TIMESTAMP,
+ 		RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
+ 		RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
+-#ifdef CONFIG_HS20
+ 		RADIUS_ATTR_VENDOR_SPECIFIC,
+-#endif /* CONFIG_HS20 */
++		RADIUS_ATTR_CALLED_STATION_ID,
+ #ifdef CONFIG_IPV6
+ 		RADIUS_ATTR_NAS_IPV6_ADDRESS,
+ #endif /* CONFIG_IPV6 */
diff --git a/patches/backports/0034-hostapd-add-owe_transition_ifname.patch b/patches/backports/0034-hostapd-add-owe_transition_ifname.patch
new file mode 100644
index 000000000..edb1177a4
--- /dev/null
+++ b/patches/backports/0034-hostapd-add-owe_transition_ifname.patch
@@ -0,0 +1,66 @@
+From 574539ee2cdbb3dd54086423c6dfdd19bb1c06a6 Mon Sep 17 00:00:00 2001
+From: David Bauer <mail@david-bauer.net>
+Date: Thu, 16 Jun 2022 01:55:26 +0200
+Subject: [PATCH] hostapd: add owe_transition_ifname
+
+Add the owe_transition_ifname config option to wifi-ifaces.
+
+This allows to configure OWE transition VAPs without adding SSID / BSSID
+to the uci conifg but instead autodiscovering these parameters from
+other networks on the same PHY.
+
+The following configuration creates a OWE transition mode network
+constellation.
+
+config wifi-iface 'open0'
+	option device 'radio0'
+	option ifname 'open0'
+	option network 'lan'
+	option mode 'ap'
+	option ssid 'FreeNet'
+	option encryption 'none'
+	option owe_transition_ifname 'owe0'
+
+config wifi-iface 'owe0'
+	option device 'radio0'
+	option ifname 'owe0'
+	option network 'lan'
+	option mode 'ap'
+	option ssid 'owe_tm.FreeNet'
+	option encryption 'owe'
+	option hidden '1'
+	option owe_transition_ifname 'open0'
+
+Signed-off-by: David Bauer <mail@david-bauer.net>
+---
+ package/network/services/hostapd/files/hostapd.sh | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
+index e5f816a55b..fa344bd2dd 100644
+--- a/package/network/services/hostapd/files/hostapd.sh
++++ b/package/network/services/hostapd/files/hostapd.sh
+@@ -335,6 +335,7 @@ hostapd_common_add_bss_config() {
+ 	config_add_int sae_pwe
+ 
+ 	config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
++	config_add_string owe_transition_ifname
+ 
+ 	config_add_boolean iw_enabled iw_internet iw_asra iw_esr iw_uesa
+ 	config_add_int iw_access_network_type iw_venue_group iw_venue_type
+@@ -635,10 +636,11 @@ hostapd_set_bss_options() {
+ 
+ 	case "$auth_type" in
+ 		none|owe)
+-			json_get_vars owe_transition_bssid owe_transition_ssid
++			json_get_vars owe_transition_bssid owe_transition_ssid owe_transition_ifname
+ 
+ 			[ -n "$owe_transition_ssid" ] && append bss_conf "owe_transition_ssid=\"$owe_transition_ssid\"" "$N"
+ 			[ -n "$owe_transition_bssid" ] && append bss_conf "owe_transition_bssid=$owe_transition_bssid" "$N"
++			[ -n "$owe_transition_ifname" ] && append bss_conf "owe_transition_ifname=$owe_transition_ifname" "$N"
+ 
+ 			wps_possible=1
+ 			# Here we make the assumption that if we're in open mode
+-- 
+2.25.1
+
diff --git a/profiles/ucentral-ap.yml b/profiles/ucentral-ap.yml
index 3d68801cd..7887dcc50 100644
--- a/profiles/ucentral-ap.yml
+++ b/profiles/ucentral-ap.yml
@@ -17,6 +17,7 @@ packages:
   - atfpolicy
   - kmod-batman-adv
   - batctl-default
+  - bind-dig
   - cJSON
   - curl
   - dnsmasq-full
@@ -52,6 +53,7 @@ packages:
   - libustream-openssl
   - udevmand
   - umdns
+  - oping
   - vxlan
   - wpad-openssl
 diffconfig: |