diff --git a/config/rootfiles/core/53/filelists/apache2 b/config/rootfiles/core/53/filelists/apache2
new file mode 120000
index 000000000..eef95efa7
--- /dev/null
+++ b/config/rootfiles/core/53/filelists/apache2
@@ -0,0 +1 @@
+../../../common/apache2
\ No newline at end of file
diff --git a/config/rootfiles/core/53/filelists/files b/config/rootfiles/core/53/filelists/files
index cdd78c2c1..2d47486a7 100644
--- a/config/rootfiles/core/53/filelists/files
+++ b/config/rootfiles/core/53/filelists/files
@@ -13,15 +13,13 @@ srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
 srv/web/ipfire/cgi-bin/routing.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
-var/ipfire/langs/de.pl
-var/ipfire/langs/en.pl
-var/ipfire/langs/es.pl
-var/ipfire/langs/fr.pl
-var/ipfire/langs/pl.pl
+srv/web/ipfire/cgi-bin/logs.cgi/log.dat
+var/ipfire/langs/
 usr/local/bin/ipsecctrl
 usr/local/bin/openvpnctrl
 usr/local/bin/vpn-watch
 usr/local/bin/rebuildroutes
+usr/local/sbin/setup
 var/ipfire/main/routing
 var/ipfire/menu.d/30-network.menu
 opt/pakfire/etc/pakfire.conf
diff --git a/config/rootfiles/core/53/update.sh b/config/rootfiles/core/53/update.sh
index 10b45b98e..fbf19954a 100644
--- a/config/rootfiles/core/53/update.sh
+++ b/config/rootfiles/core/53/update.sh
@@ -36,6 +36,7 @@ done
 #Stop services
 
 /etc/init.d/ipsec stop
+/etc/init.d/apache stop
 
 #
 # Remove old strongswan libs
@@ -65,6 +66,7 @@ sed -i -e "s|^options cfg80211 ieee80211_regdom=EU|#options cfg80211 ieee80211_r
 #
 #Start services
 
+/etc/init.d/apache start
 if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
 	/etc/init.d/ipsec start
 fi
diff --git a/html/cgi-bin/logs.cgi/log.dat b/html/cgi-bin/logs.cgi/log.dat
index c0da266f1..e2d02447d 100644
--- a/html/cgi-bin/logs.cgi/log.dat
+++ b/html/cgi-bin/logs.cgi/log.dat
@@ -61,7 +61,7 @@ my %sections = (
         'auth' => '(\w+\(pam_unix\)\[.*\]: )',
         'kernel' => '(kernel: (?!DROP_))',
         'ipsec' => '(ipsec_[\w_]+: |pluto\[.*\]: |charon: |vpnwatch: )',
-        'openvpn' => '(openvpnserver)\[.*\]: ',
+        'openvpn' => '(openvpnserver\[.*\]: |.*n2n\[.*\]: )',
         'pakfire' => '(pakfire:) ',
         'wireless' => '(hostapd:|kernel: ath.*:|kernel: wifi[0-9]:) '
 	 );
diff --git a/lfs/apache2 b/lfs/apache2
index c5fd75429..f548271c5 100644
--- a/lfs/apache2
+++ b/lfs/apache2
@@ -25,7 +25,7 @@
 
 include Config
 
-VER        = 2.2.20
+VER        = 2.2.21
 
 THISAPP    = httpd-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -47,7 +47,7 @@ objects = $(DL_FILE) \
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 httpd-2.2.2-config-1.patch = $(DL_FROM)/httpd-2.2.2-config-1.patch
 
-$(DL_FILE)_MD5 = 1ac251431c8c4285f6b085c1d156bb56
+$(DL_FILE)_MD5 = 1696ae62cd879ab1d4dd9ff021a470f2
 httpd-2.2.2-config-1.patch_MD5 = e02a3ec5925eb9e111400b9aa229f822
 
 install : $(TARGET)
diff --git a/lfs/strongswan b/lfs/strongswan
index 1efd283bb..cb97bf7e4 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -71,7 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
 
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-4.4.0_ipfire.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-4.5.3_ipfire.patch
 
 	cd $(DIR_APP) && ./configure --prefix="/usr" --sysconfdir="/etc" \
 					--enable-cisco-quirks \
diff --git a/make.sh b/make.sh
index 161319db7..e39fe41f2 100755
--- a/make.sh
+++ b/make.sh
@@ -26,7 +26,7 @@ NAME="IPFire"							# Software name
 SNAME="ipfire"							# Short name
 VERSION="2.11"							# Version number
 CORE="53"							# Core Level (Filename)
-PAKFIRE_CORE="52"						# Core Level (PAKFIRE)
+PAKFIRE_CORE="53"						# Core Level (PAKFIRE)
 GIT_BRANCH=`git status | head -n1 | cut -d" " -f4`		# Git Branch
 SLOGAN="www.ipfire.org"						# Software slogan
 CONFIG_ROOT=/var/ipfire						# Configuration rootdir
diff --git a/src/patches/gcc-4.1.2-fix_linker_version_detection.patch b/src/patches/gcc-4.1.2-fix_linker_version_detection.patch
index c2f43be35..36a756cef 100644
--- a/src/patches/gcc-4.1.2-fix_linker_version_detection.patch
+++ b/src/patches/gcc-4.1.2-fix_linker_version_detection.patch
@@ -6,7 +6,7 @@ diff -Naur gcc-4.1.2.org/libstdc++-v3/configure gcc-4.1.2/libstdc++-v3/configure
  
      ldver=`$LD --version 2>/dev/null | head -1 | \
 -           sed -e 's/GNU ld version \([0-9.][0-9.]*\).*/\1/'`
-+           sed -e 's/GNU ld (GNU binutils) \([0-9.][0-9.]*\).*/\1/'`
++           sed -e 's/GNU ld .*) \([0-9.][0-9.]*\).*/\1/'`
  
      glibcxx_gnu_ld_version=`echo $ldver | \
             $AWK -F. '{ if (NF<3) $3=0; print ($1*100+$2)*100+$3 }'`
diff --git a/src/patches/strongswan-4.4.0_ipfire.patch b/src/patches/strongswan-4.5.3_ipfire.patch
similarity index 83%
rename from src/patches/strongswan-4.4.0_ipfire.patch
rename to src/patches/strongswan-4.5.3_ipfire.patch
index 298a1e3a7..2ba975b1d 100644
--- a/src/patches/strongswan-4.4.0_ipfire.patch
+++ b/src/patches/strongswan-4.5.3_ipfire.patch
@@ -1,7 +1,37 @@
-diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_updown/_updown.in
---- strongswan-4.4.0.org/src/_updown/_updown.in	2010-03-15 21:52:51.000000000 +0100
-+++ strongswan-4.4.0/src/_updown/_updown.in	2010-05-15 13:33:40.000000000 +0200
-@@ -374,12 +374,12 @@
+diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_updown/_updown.in
+--- strongswan-4.5.3.org/src/_updown/_updown.in	2010-10-22 16:33:30.000000000 +0200
++++ strongswan-4.5.3/src/_updown/_updown.in	2011-09-13 14:19:31.000000000 +0200
+@@ -183,6 +183,29 @@
+ 	;;
+ esac
+ 
++function ip_encode() {
++	local IFS=.
++
++	local int=0
++	for field in $1; do
++		int=$(( $(( $int << 8 )) | $field ))
++	done
++
++	echo $int
++}
++
++function ip_in_subnet() {
++	local netmask
++	netmask=$(_netmask $2)
++	[ $(( $(ip_encode $1) & $netmask)) = $(( $(ip_encode ${2%/*}) & $netmask )) ]
++}
++
++function _netmask() {
++	local vlsm
++	vlsm=${1#*/}
++	[ $vlsm -eq 0 ] && echo 0 || echo $(( -1 << $(( 32 - $vlsm )) ))
++}
++
+ # utility functions for route manipulation
+ # Meddling with this stuff should not be necessary and requires great care.
+ uproute() {
+@@ -387,12 +410,12 @@
  	# connection to me, with (left/right)firewall=yes, coming up
  	# This is used only by the default updown script, not by your custom
  	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -17,7 +47,7 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
  	#
  	# log IPsec host connection setup
  	if [ $VPN_LOGGING ]
-@@ -387,10 +387,10 @@
+@@ -400,10 +423,10 @@
  	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
  	  then
  	    logger -t $TAG -p $FAC_PRIO \
@@ -30,7 +60,7 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
  	  fi
  	fi
  	;;
-@@ -398,12 +398,12 @@
+@@ -411,12 +434,12 @@
  	# connection to me, with (left/right)firewall=yes, going down
  	# This is used only by the default updown script, not by your custom
  	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -46,7 +76,7 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
  	#
  	# log IPsec host connection teardown
  	if [ $VPN_LOGGING ]
-@@ -411,10 +411,10 @@
+@@ -424,10 +447,10 @@
  	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
  	  then
  	    logger -t $TAG -p $FAC_PRIO -- \
@@ -59,7 +89,7 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
  	  fi
  	fi
  	;;
-@@ -424,10 +424,10 @@
+@@ -437,10 +460,10 @@
  	# ones, so do not mess with it; see CAUTION comment up at top.
  	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
  	then
@@ -73,7 +103,7 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
  	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
  	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
  	fi
-@@ -436,12 +436,12 @@
+@@ -449,12 +472,12 @@
  	# or sometimes host access via the internal IP is needed
  	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
  	then
@@ -89,7 +119,7 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
  	fi
  	#
  	# log IPsec client connection setup
-@@ -450,12 +450,38 @@
+@@ -463,12 +486,51 @@
  	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
  	  then
  	    logger -t $TAG -p $FAC_PRIO \
@@ -120,17 +150,30 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
 +	fi
 +
 +	# Add source nat so also the gateway can access the other nets
-+	src=$(/sbin/ip route|grep $PLUTO_MY_CLIENT|(read net key_dev dev key_proto key_kernel key_scope key_link key_src src; echo $src))
-+	iptables -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
-+	logger -t $TAG -p $FAC_PRIO \
-+		"snat+ $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
++	eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
++	for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do
++		ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}"
++		if [ $? -eq 0 ]; then
++			src=${_src}
++			break
++		fi
++	done
++
++	if [ -n "${src}" ]; then
++		iptables -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
++		logger -t $TAG -p $FAC_PRIO \
++			"snat+ $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
++	else
++		logger -t $TAG -p $FAC_PRIO \
++			"Cannot create NAT rule because no IP of the IPFire does match the subnet. $PLUTO_MY_CLIENT"
++	fi
 +
 +	# Flush routing cache
 +	ip route flush cache
  	;;
  down-client:iptables)
  	# connection to client subnet, with (left/right)firewall=yes, going down
-@@ -463,11 +489,11 @@
+@@ -476,11 +538,11 @@
  	# ones, so do not mess with it; see CAUTION comment up at top.
  	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
  	then
@@ -145,7 +188,7 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
  	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
  	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
  	         $IPSEC_POLICY_IN -j ACCEPT
-@@ -477,14 +503,14 @@
+@@ -490,14 +552,14 @@
  	# or sometimes host access via the internal IP is needed
  	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
  	then
@@ -163,7 +206,7 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
  	fi
  	#
  	# log IPsec client connection teardown
-@@ -493,12 +519,38 @@
+@@ -506,12 +568,51 @@
  	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
  	  then
  	    logger -t $TAG -p $FAC_PRIO -- \
@@ -194,17 +237,30 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
 +	fi
 +
 +	# remove source nat
-+	src=$(/sbin/ip route|grep $PLUTO_MY_CLIENT|(read net key_dev dev key_proto key_kernel key_scope key_link key_src src; echo $src))
-+	iptables -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
-+	logger -t $TAG -p $FAC_PRIO \
-+		"snat- $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
++	eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
++	for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do
++		ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}"
++		if [ $? -eq 0 ]; then
++			src=${_src}
++			break
++		fi
++	done
++
++	if [ -n "${src}" ]; then
++		iptables -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
++		logger -t $TAG -p $FAC_PRIO \
++			"snat- $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
++	else
++		logger -t $TAG -p $FAC_PRIO \
++			"Cannot remove NAT rule because no IP of the IPFire does match the subnet."
++	fi
 +
 +	# Flush routing cache
 +	ip route flush cache
  	;;
  #
  # IPv6
-@@ -533,10 +585,10 @@
+@@ -546,10 +647,10 @@
  	# connection to me, with (left/right)firewall=yes, coming up
  	# This is used only by the default updown script, not by your custom
  	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -217,7 +273,7 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
  	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
  	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
  	#
-@@ -557,10 +609,10 @@
+@@ -570,10 +671,10 @@
  	# connection to me, with (left/right)firewall=yes, going down
  	# This is used only by the default updown script, not by your custom
  	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -230,7 +286,7 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
  	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
  	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
  	#
-@@ -583,10 +635,10 @@
+@@ -596,10 +697,10 @@
  	# ones, so do not mess with it; see CAUTION comment up at top.
  	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
  	then
@@ -243,7 +299,7 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
  	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
  	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
  	fi
-@@ -595,10 +647,10 @@
+@@ -608,10 +709,10 @@
  	# or sometimes host access via the internal IP is needed
  	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
  	then
@@ -256,7 +312,7 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
  	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
  	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
  	fi
-@@ -622,11 +674,11 @@
+@@ -635,11 +736,11 @@
  	# ones, so do not mess with it; see CAUTION comment up at top.
  	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
  	then
@@ -270,7 +326,7 @@ diff -Naur strongswan-4.4.0.org/src/_updown/_updown.in strongswan-4.4.0/src/_upd
  	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
  	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
  	         $IPSEC_POLICY_IN -j ACCEPT
-@@ -636,11 +688,11 @@
+@@ -649,11 +750,11 @@
  	# or sometimes host access via the internal IP is needed
  	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
  	then