{
    use strict;
    use warnings;
    use esmith::ConfigDB;

    my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
    my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections') or die("cant connect to ipsec database");
    
    my $ipsecDBkey  = "ipsec";
    my $xl2tpdDBkey = "xl2tpd";
    my $ipsecprop   = "L2TPD-PSK";

    if ( $configDB->get_prop( $ipsecDBkey, 'status' ) ne 'enabled' ) {
        $OUT .= "# ipsec is disabled\n";
    }

    elsif ( $configDB->get_prop( $xl2tpdDBkey, 'status' ) ne 'enabled' ) {
        $OUT .= "# xl2tpd is disabled\n";
    }

    elsif ( $ipsecDB->get_prop( $ipsecprop, 'status' ) ne 'enabled' ) {
        $OUT .= "# l2tpd connection is disabled\n";
    }
    else {
        my $InternalIP = $configDB->get_prop( "InternalInterface", 'IPAddress' );
        my $DNS        = $configDB->get_prop( "xl2tpd",            'DNS' ) || '';
        my $debug      = $configDB->get_prop( "xl2tpd",            'debug' ) || 'disabled';
        my $mtu        = $configDB->get_prop( "xl2tpd",            'mtu' ) || '1400';

        $OUT .= "#x2ltpd\n";
        $OUT .= "login\n";

        if ( $debug eq 'enabled' ) {
            $OUT .= "debug\n";
        }

        if ( $InternalIP ne '' ) {
            $OUT .= "ms-dns $InternalIP\n";
        }

        my @DNSArray = split( /,/, $DNS );

        foreach my $IP (@DNSArray) {
            $OUT .= "ms-dns $IP\n";
        }

        $OUT .= "ipparam xl2tpd\n";
        $OUT .= "auth\n";
        $OUT .= "mtu $mtu\n";
        $OUT .= "mru $mtu\n";
        $OUT .= "hide-password\n";
        $OUT .= "name l2tpd\n";
        $OUT .= "proxyarp\n";
        $OUT .= "lcp-echo-interval 30\n";
        $OUT .= "lcp-echo-failure 4\n";
        $OUT .= "plugin radius.so\n";
        $OUT .= "radius-config-file /etc/radiusclient-ng/radiusclient.conf\n";
        $OUT .= "refuse-pap\n";
        $OUT .= "refuse-chap\n";
        $OUT .= "refuse-mschap\n";
        $OUT .= "require-mschap-v2 # Need MSCHAP-v2 to initialise encryption key\n";
    }
}
