diff --git a/salt-pillar/cpe/aps.sls b/salt-pillar/cpe/aps.sls
index c2d4232..94c3ff8 100644
--- a/salt-pillar/cpe/aps.sls
+++ b/salt-pillar/cpe/aps.sls
@@ -816,6 +816,21 @@ cpe:
               a0A+Ovk=
               =PUn+
               -----END PGP MESSAGE-----
+          'Studio 01127':
+            net: priv41
+            psk: |
+              -----BEGIN PGP MESSAGE-----
+              
+              hQEMA2PKcvDMvlKLAQf/elPEfqf0K9X50RnXYz4JBxDb/4ZX4+tBLxWB//akmsJe
+              L7ocV3Dp43Q14DGXTsIa54DI1heQq6JBMxc2CkNtmYSawSvXAU+z85UK4K1ZpLPP
+              AZSmZSHhxfSKvzPMm9k3wZwVBbm5IcUt8101ijxrt7v2y6FTrPA7QIaGJuxs7nOi
+              gvzmWd9ArOJmd2IKPF7DyOMjYQgedkJduJU3nUPTAEye3va7YDt7obg5cbhzyqWV
+              EaOVPDbIPzEVBHTWn3Y0jGuLuyjJFN9/446T4cYs3tncY3q9ohPuebMu6Rubph2J
+              jNkI9BvP5FrujRBZP6aoE9FX5mJoQ5xUsjPeCuedFtJNAR4wtJMNgUwRnyJRWfkE
+              gDDD/3L1JgFX3+AGnBvyuOagDsTuYTq8pWyPAnLOX6jkpEmsm2e4rxD/eCaIwXRq
+              un34NOXo6ZZkIGGNN7U=
+              =EKPi
+              -----END PGP MESSAGE-----
 
   ap21:
     password: |
diff --git a/salt-pillar/dhcp/init.sls b/salt-pillar/dhcp/init.sls
index a814559..9aa5f91 100644
--- a/salt-pillar/dhcp/init.sls
+++ b/salt-pillar/dhcp/init.sls
@@ -511,3 +511,15 @@ dhcp:
       routers: priv40-gw.priv40
     string-opts:
       domain-name: priv40.zentralwerk.dn42
+
+  priv41:
+    start: 172.20.77.194
+    end: 172.20.77.206
+    time: 120
+    max-time: 86400
+    opts:
+      domain-name-servers: "172.20.73.8, 9.9.9.9"
+    host-opts:
+      routers: priv41-gw.priv41
+    string-opts:
+      domain-name: priv41.zentralwerk.dn42
diff --git a/salt-pillar/hosts/init.sls b/salt-pillar/hosts/init.sls
index 4eb3f73..017e371 100644
--- a/salt-pillar/hosts/init.sls
+++ b/salt-pillar/hosts/init.sls
@@ -159,6 +159,7 @@ hosts-inet:
     yggdrasil: 172.20.72.62
     c3d2-gw2: 172.20.72.63
     c3d2-gw3: 172.20.72.64
+    priv41-gw: 172.20.72.65
 
   pub:
     pub-gw: 172.20.78.1
@@ -294,6 +295,8 @@ hosts-inet:
     priv39-gw: 172.20.77.129
   priv40:
     priv40-gw: 172.20.77.65
+  priv41:
+    priv41-gw: 172.20.77.193
 
   cluster:
     cls-gw: 172.20.77.1
@@ -447,6 +450,7 @@ hosts-inet6:
       priv38-gw: fd23:42:c3d2:581::c:25
       priv39-gw: fd23:42:c3d2:581::c:26
       priv40-gw: fd23:42:c3d2:581::c:27
+      priv41-gw: fd23:42:c3d2:581::c:28
 
       freifunk: fd23:42:c3d2:581:8000::1
       yggdrasil: fd23:42:c3d2:581:9000::1
@@ -544,6 +548,8 @@ hosts-inet6:
       priv39-gw: fd23:42:c3d2:5e6::1
     priv40:
       priv40-gw: fd23:42:c3d2:5e7::1
+    priv41:
+      priv41-gw: fd23:42:c3d2:5e8::1
 
     cluster:
       cls-gw: fd23:42:c3d2:586::1
@@ -616,6 +622,7 @@ hosts-inet6:
       priv38-gw: 2a00:8180:2c00:281::c:25
       priv39-gw: 2a00:8180:2c00:281::c:26
       priv40-gw: 2a00:8180:2c00:281::c:27
+      priv41-gw: 2a00:8180:2c00:281::c:28
 
       freifunk: 2a00:8180:2c00:281:8000::1
       yggdrasil: 2a00:8180:2c00:281:9000::1
@@ -726,3 +733,5 @@ hosts-inet6:
       priv39-gw: 2a00:8180:2c00:2e5::1
     priv40:
       priv40-gw: 2a00:8180:2c00:2e6::1
+    priv41:
+      priv41-gw: 2a00:8180:2c00:2e7::1
diff --git a/salt-pillar/lxc-containers/server1.sls b/salt-pillar/lxc-containers/server1.sls
index 8c1456e..ed83124 100644
--- a/salt-pillar/lxc-containers/server1.sls
+++ b/salt-pillar/lxc-containers/server1.sls
@@ -472,6 +472,15 @@ containers:
         type: phys
         hwaddr: 0A:14:48:01:2A:4D
 
+  priv41-gw:
+    interfaces:
+      core:
+        type: veth
+        hwaddr: 0A:14:48:01:2A:4E
+      priv41:
+        type: phys
+        hwaddr: 0A:14:48:01:2A:4F
+
   upstream1:
     interfaces:
       core:
diff --git a/salt-pillar/subnets/init.sls b/salt-pillar/subnets/init.sls
index 1be0555..830def7 100644
--- a/salt-pillar/subnets/init.sls
+++ b/salt-pillar/subnets/init.sls
@@ -41,6 +41,7 @@ subnets-inet:
   priv38: 172.20.76.192/28
   priv39: 172.20.77.128/28
   priv40: 172.20.77.64/28
+  priv41: 172.20.77.192/28
   c3d2: 172.22.99.0/24
   mgmt: 10.0.0.0/24
   priv17: 172.20.73.128/27
@@ -93,6 +94,7 @@ subnets-inet6:
     priv38: fd23:42:c3d2:5e5::/64
     priv39: fd23:42:c3d2:5e6::/64
     priv40: fd23:42:c3d2:5e7::/64
+    priv41: fd23:42:c3d2:5e8::/64
     c3d2: fd23:42:c3d2:523::/64
   up4:
     c3d2: 2a00:8180:2c00:223::/64
@@ -139,3 +141,4 @@ subnets-inet6:
     priv38: 2a00:8180:2c00:2e5::/64
     priv39: 2a00:8180:2c00:2e6::/64
     priv40: 2a00:8180:2c00:2e7::/64
+    priv41: 2a00:8180:2c00:2e8::/64
diff --git a/salt-pillar/switches/init.sls b/salt-pillar/switches/init.sls
index a2b2f6b..86c04cf 100644
--- a/salt-pillar/switches/init.sls
+++ b/salt-pillar/switches/init.sls
@@ -116,6 +116,7 @@ switches:
           - priv34
           - priv36
           - priv37
+          - priv41
           - iso1
           - iso2
           - iso3
@@ -213,6 +214,7 @@ switches:
           - priv38
           - priv39
           - priv40
+          - priv41
       server2:
         mode: bond
         group: 1
@@ -603,6 +605,7 @@ switches:
           - priv34
           - priv36
           - priv37
+          - priv41
       up1:
         mode: access
         ports: '1'
@@ -678,6 +681,7 @@ switches:
           - mgmt
           - pub
           - priv26
+          - priv41
       ap26:
         mode: trunk
         ports: 18
diff --git a/subnets.md b/subnets.md
index b47966a..4e8de81 100644
--- a/subnets.md
+++ b/subnets.md
@@ -51,6 +51,7 @@ Machine-readable here: [salt-pillar/subnets](./salt-pillar/subnets/init.sls)
   * 172.20.77.0-172.20.77.31/27 CLUSTER
   * 172.20.77.64-172.20.77.79/28 PRIV40
   * 172.20.77.128-172.20.77.143/28 PRIV39
+  * 172.20.77.192-172.20.77.207/28 PRIV41
 * 172.20.78.0-172.20.79.255/23 PUBLIC
 
 ## RFC 1918: non-routed