diff --git a/config/rootfiles/core/38/update.sh b/config/rootfiles/core/38/update.sh
index 68c892d78..9a95149ad 100644
--- a/config/rootfiles/core/38/update.sh
+++ b/config/rootfiles/core/38/update.sh
@@ -181,12 +181,13 @@ cat /var/ipfire/vpn/ipsec.conf.org | \
 grep -v "disablearrivalcheck=" | \
 grep -v "klipsdebug=" | \
 grep -v "leftfirewall=" | \
+grep -v "lefthostaccess=" | \
 grep -v "charonstart=" | \
 grep -v "aggrmode=" > /var/ipfire/vpn/ipsec.conf
 sed -i "s|ipsec[0-9]=||g" /var/ipfire/vpn/ipsec.conf
 sed -i "s|nat_t ||g" /var/ipfire/vpn/ipsec.conf
 sed -i "s|klips ||g" /var/ipfire/vpn/ipsec.conf
-sed -i "s|^conn [A-Za-z].*$|&\n\tleftfirewall=yes|g" /var/ipfire/vpn/ipsec.conf
+sed -i "s|^conn [A-Za-z].*$|&\n\tleftfirewall=yes\n\tlefthostaccess=yes|g" /var/ipfire/vpn/ipsec.conf
 sed -i "s|^config setup$|&\n\tcharonstart=no|g" /var/ipfire/vpn/ipsec.conf
 chown nobody:nobody /var/ipfire/vpn/ipsec.conf
 chmod 644 /var/ipfire/vpn/ipsec.conf
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 28ac30e8e..85bb713c3 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -316,6 +316,7 @@ sub writeipsecfiles {
 	print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute');
 	print CONF "\tleftsubnet=$lconfighash{$key}[8]\n";
 	print CONF "\tleftfirewall=yes\n";
+	print CONF "\tlefthostaccess=yes\n";
 
 	print CONF "\tright=$lconfighash{$key}[10]\n";
 	if ($lconfighash{$key}[3] eq 'net') {