diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup	2020-02-14 19:31:04.604042908 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup	2020-02-14 19:32:08.184131330 +0100
@@ -72,22 +72,27 @@
             }
         }    # End foreach
 
+        $virtual_private .= "    virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,";
+
         unless ( @subnetArr == 0 ) {
-            $OUT .= "    virtual_private=";
 
+            # For NAT and vhost:%priv seting exclude any right subnets
             foreach my $subnet (@subnetArr) {
-                $virtual_private .= "%v4:$subnet,";
+                $virtual_private .= "%v4:!$subnet,";
             }
 
             # Remove last character ','
             chop($virtual_private);
             $OUT .= "$virtual_private\n";
             $OUT .= "\n";
-            $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
 
         }    #end unless
-    }    # End else
 
-    # End
+        # I think that this is all we really need. as long as we don't have complex subnets etc
+        # $OUT .= "    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12";
+        $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
+
+    }    # End else
+         # End
 }
 
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection	2020-02-14 19:31:04.600042715 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection	2020-02-14 19:32:08.183131286 +0100
@@ -148,13 +148,13 @@
                            $ipsecDB->get_prop( $ipsecprop, 'forceencaps' )
                         || $configDB->get_prop( $dbKey, 'forceencaps' )
                         || 'no';
-                    
+
                     $OUT .= "    encapsulation=$forceencaps\n";
 
                     my $keyingtries =
                            $ipsecDB->get_prop( $ipsecprop, 'keyingtries' )
                         || $configDB->get_prop( $dbKey, 'keyingtries' )
-                        || '0';
+                        || '%forever';
                     $OUT .= "    keyingtries=$keyingtries\n";
 
                     # Following come from ipsecDB or configDB or hardcoded
@@ -243,13 +243,12 @@
 
                     my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || '';
                     $OUT .= "    rightsubnet=$rightsubnet\n";
-                    
+
                     my $reauth = $ipsecDB->get_prop( $ipsecprop, 'reauth' ) || '';
                     if ($reauth eq 'y' || $reauth eq '1' ) {
                         $OUT .= "    reauth=yes\n";
                     }
 
-
                 }    # End If
                 else {
                     $OUT .= "# conn $ipsecprop disabled\n";