diff -ruN smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd
--- smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd	2017-11-24 13:51:59.000000000 +0100
+++ smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd	2017-11-30 02:46:30.779000653 +0100
@@ -39,24 +39,43 @@
         $OUT .= "    type=transport\n";
         $OUT .= "    forceencaps=yes\n";
         $OUT .= "    right=%any\n";
-        $OUT .= "    rightsubnet=vhost:%no,%priv\n";
         $OUT .= "    rightprotoport=17/%any\n";
         $OUT .= "    # Using the magic port of \"0\" means \"any one single port\". This is\n";
         $OUT .= "    # a work around required for Apple OSX clients that use a randomly\n";
         $OUT .= "    # high port, but propose \"0\" instead of their port.\n";
         $OUT .= "    left=%defaultroute\n";
         $OUT .= "    leftprotoport=17/1701\n";
-
         $OUT .= "    # Apple iOS doesn't send delete notify so we need dead peer detection\n";
         $OUT .= "    # to detect vanishing clients\n";
 
-        my $dpddelay = $ipsecDB->get_prop( "$ipsecprop", 'dpddelay' ) || "10\n";
+        my $dpddelay = $ipsecDB->get_prop( $ipsecprop, 'dpddelay' ) || "10\n";
         $OUT .= "    dpddelay=$dpddelay\n";
 
-        my $dpdtimeout = $ipsecDB->get_prop( "$ipsecprop", 'dpdtimeout' ) || "90\n";
+        my $dpdtimeout = $ipsecDB->get_prop( $ipsecprop, 'dpdtimeout' ) || "90\n";
         $OUT .= "    dpdtimeout=$dpdtimeout\n";
 
-        my $dpdaction = $ipsecDB->get_prop( "$ipsecprop", 'dpdaction' ) || "clear\n";
+        my $dpdaction = $ipsecDB->get_prop( $ipsecprop, 'dpdaction' ) || "clear\n";
         $OUT .= "    dpdaction=$dpdaction\n";
+
+       # Some additional config entries if required
+       # For nat connections you can use "vhost:%no,%priv"
+       # Disabled for now - needs some thought
+
+       my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || '';
+       if ($rightsubnet ne '') {
+       $OUT .= "    rightsubnet=$rightsubnet\n";
+       }
+
+       my $leftsourceip = $ipsecDB->get_prop( $ipsecprop, 'leftsourceip' ) || '';
+       if ($leftsourceip ne '') {
+       $OUT .= "    leftsourceip=$leftsourceip\n";
+       }
+
+       my $leftsubnet = $ipsecDB->get_prop( $ipsecprop, 'leftsubnet' ) || '';
+       if ($leftsubnet ne '') {
+       $OUT .= "    leftsubnet=$leftsubnet\n";
+       }
+
+        
     }
 }