diff --git a/html/cgi-bin/remote.cgi b/html/cgi-bin/remote.cgi
index c7b44bf79..a8daf1d2b 100644
--- a/html/cgi-bin/remote.cgi
+++ b/html/cgi-bin/remote.cgi
@@ -22,6 +22,7 @@ require "${General::swroot}/header.pl";
 my %remotesettings=();
 my %checked=();
 my $errormessage='';
+my $counter = 0;
 
 &Header::showhttpheaders();
 
@@ -63,13 +64,16 @@ if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTI
 	{
 		&General::log($Lang::tr{'ssh1 disabled'});
 	}
-if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ){
-	system('/usr/local/bin/sshctrl','tempstart','900') == 0
-		or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
- }
-elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
-	system('/usr/local/bin/sshctrl','tempstart','1800') == 0
-		or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
+if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
+	if ($remotesettings{'ENABLE_SSH'} eq 'off')
+	{
+			system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
+			system('/usr/local/bin/sshctrl');
+	}
+  if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;}
+  elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;}
+ 
+  system("/usr/local/bin/sshctrl tempstart $counter >/dev/null");
  }
 else {
 	system('/usr/local/bin/sshctrl') == 0
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 524673769..fe41cc72b 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1462,8 +1462,8 @@
 'ssh no auth' => 'Sie haben keinerlei Authentifizierungverfahren zugelassen; dies wird Ihre Anmeldung verhindern',
 'ssh passwords' => 'Passwortbasierte Authentifizierung zulassen',
 'ssh portfw' => 'TCP-Weiterleitung zulassen',
-'ssh tempstart15' => 'SSH-Zugriff für 15 Minuten',
-'ssh tempstart30' => 'SSH-Zugriff für 30 Minuten',
+'ssh tempstart15' => 'SSH-Deamon in 15 Minuten beenden',
+'ssh tempstart30' => 'SSH-Deamon in 30 Minuten beenden',
 'ssh1 disabled' => 'SSHv1 ist deaktiviert, ein Client der Version 2 wird benötigt.',
 'ssh1 enabled' => 'SSHv1 ist aktiviert, Clients mit alten Versionen werden unterstützt.',
 'ssh1 support' => 'Unterstützung für Version 1 des SSH-Protokolls (wird nur für alte Clients benötigt)',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index d80330b66..4c836c178 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1494,8 +1494,8 @@
 'ssh no auth' => 'You have not allowed any authentication methods; this will stop you logging in',
 'ssh passwords' => 'Allow password based authentication',
 'ssh portfw' => 'Allow TCP Forwarding',
-'ssh tempstart15' => 'SSH Access for 15 Minutes',
-'ssh tempstart30' => 'SSH Access for 30 Minutes',
+'ssh tempstart15' => 'Stop SSH deamon in 15 minutes',
+'ssh tempstart30' => 'Stop SSH deamon in 30 minutes',
 'ssh1 disabled' => 'SSHv1 is disabled, a version 2 client will be required.',
 'ssh1 enabled' => 'SSHv1 is enabled, old clients will be supported.',
 'ssh1 support' => 'Support SSH protocol version 1 (required only for old clients)',
diff --git a/lfs/openswan b/lfs/openswan
index 9b48a88cc..e1f92a56f 100644
--- a/lfs/openswan
+++ b/lfs/openswan
@@ -91,6 +91,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	ln -sf $(CONFIG_ROOT)/crls  /etc/ipsec.d/crls
 	
 	cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-startklips-1.patch
+	cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-realsetup-1.patch
 	
 	#@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
diff --git a/src/misc-progs/sshctrl.c b/src/misc-progs/sshctrl.c
index d0799730f..52515ea8e 100644
--- a/src/misc-progs/sshctrl.c
+++ b/src/misc-progs/sshctrl.c
@@ -130,6 +130,7 @@ int main(int argc, char *argv[])
 				sleep(5);
 				unlink("/var/ipfire/remote/enablessh");
 				safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
+        safe_system("chown nobody.nobody /var/ipfire/remote/settings");
 				snprintf(command, BUFFER_SIZE-1, "sleep %s && /usr/local/bin/sshctrl &", argv[2]);
 				safe_system(command);
 	}
diff --git a/src/misc-progs/syslogdctrl.c b/src/misc-progs/syslogdctrl.c
index da1774b3a..aee7c7a38 100644
--- a/src/misc-progs/syslogdctrl.c
+++ b/src/misc-progs/syslogdctrl.c
@@ -112,7 +112,7 @@ int main(void)
    else
       snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+@.\\+\\)$/#\\1/' /etc/syslog.conf >&%d", config_fd );
       
-      snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/*.\\/var\\/log\\/messages/%s \\/var\\/log\\/messages/' /etc/syslog.conf >&%d", varmessages, config_fd );
+      snprintf(buffer, STRING_SIZE - 1, "/bin/sed 's/*.\\/var\\/log\\/messages/%s           \\/var\\/log\\/messages/' /etc/syslog.conf >&%d", varmessages, config_fd );
 
    /* if the return code isn't 0 failsafe */
    if ((rc = unpriv_system(buffer,99,99)) != 0)
diff --git a/src/patches/openswan-2.4.9-realsetup-1.patch b/src/patches/openswan-2.4.9-realsetup-1.patch
new file mode 100644
index 000000000..a5e6314c2
--- /dev/null
+++ b/src/patches/openswan-2.4.9-realsetup-1.patch
@@ -0,0 +1,10 @@
+--- programs/_realsetup/_realsetup.in
++++ programs/_realsetup/_realsetup.in
+@@ -193,8 +193,8 @@
+ 
+ 	# preliminaries
+ 	perform rm -f $lock
+-	mkdir -p rundir > /dev/null 2>/dev/null
+-	mkdir -p subsysdir > /dev/null 2>/dev/null
++	mkdir -p $rundir > /dev/null 2>/dev/null
++	mkdir -p $subsysdir > /dev/null 2>/dev/null