diff --git a/config/rootfiles/core/119/filelists/files b/config/rootfiles/core/119/filelists/files
index 053cb1278..c8f6cc13b 100644
--- a/config/rootfiles/core/119/filelists/files
+++ b/config/rootfiles/core/119/filelists/files
@@ -5,4 +5,5 @@ etc/rc.d/init.d/unbound
 srv/web/ipfire/cgi-bin/index.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/proxy.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
 var/ipfire/langs
diff --git a/config/rootfiles/core/119/update.sh b/config/rootfiles/core/119/update.sh
index e4c7a77eb..1231a4941 100644
--- a/config/rootfiles/core/119/update.sh
+++ b/config/rootfiles/core/119/update.sh
@@ -73,8 +73,14 @@ rm -vf \
 
 # Start services
 
-# This update need a reboot...
-#touch /var/run/need_reboot
+# Regenerate IPsec configuration
+sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
+if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
+	/etc/init.d/ipsec restart
+fi
+
+# This update needs a reboot...
+touch /var/run/need_reboot
 
 # Finish
 /etc/init.d/fireinfo start
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 17873d62b..2a0351ea0 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -436,6 +436,12 @@ sub writeipsecfiles {
 			if ($start_action eq 'route' && $inactivity_timeout > 0) {
 				print CONF "\tinactivity=$inactivity_timeout\n";
 			}
+
+			# Restart the connection immediately when it has gone down
+			# unexpectedly
+			if ($start_action eq 'start') {
+				print CONF "\tcloseaction=restart\n";
+			}
 		}
 
 		# Fragmentation