diff --git a/entrypoint-openvpn.sh b/entrypoint-openvpn.sh
index 9036062..a0f9328 100755
--- a/entrypoint-openvpn.sh
+++ b/entrypoint-openvpn.sh
@@ -3,10 +3,5 @@ sleep 10
 set -e
 $@
 AUTHORITY=$3
-echo "Client config:"
-cat /etc/certidude/client.conf
-echo
-echo "Generated VPN config:"
-cat /etc/openvpn/$AUTHORITY.conf
-echo
+test -f /etc/certidude/authority/ca5.dev.lan/host_cert.pem
 openvpn --config /etc/openvpn/$AUTHORITY.conf
diff --git a/entrypoint-strongswan.sh b/entrypoint-strongswan.sh
index 5fa945e..a66918a 100755
--- a/entrypoint-strongswan.sh
+++ b/entrypoint-strongswan.sh
@@ -3,10 +3,5 @@ sleep 10
 set -e
 $@
 AUTHORITY=$3
-echo "Client config:"
-cat /etc/certidude/client.conf
-echo
-echo "Generated VPN config:"
-cat /etc/ipsec.conf
-echo
+test -f /etc/certidude/authority/ca5.dev.lan/host_cert.pem
 /usr/sbin/ipsec start --nofork
diff --git a/pinecrypt/client/cli.py b/pinecrypt/client/cli.py
index eec2fc4..62eb1d2 100644
--- a/pinecrypt/client/cli.py
+++ b/pinecrypt/client/cli.py
@@ -378,7 +378,6 @@ def certidude_enroll(fork, no_wait, kerberos):
         # OpenVPN set up with initscripts
         if method == "init/openvpn":
             openvpn_config_path = "/etc/openvpn/%s.conf" % endpoint
-            print(bootstrap)
             with open(openvpn_config_path + ".part", "w") as fh:
                 fh.write("client\n")
                 fh.write("nobind\n")
@@ -425,16 +424,17 @@ def certidude_enroll(fork, no_wait, kerberos):
             config["conn", endpoint]["keyingtries"] = "%forever"
             config["conn", endpoint]["dpdaction"] = "restart"
             config["conn", endpoint]["closeaction"] = "restart"
+            config["conn", endpoint]["rightsubnet"] = "0.0.0.0/0"
             config["conn", endpoint]["ike"] = "%s!" % bootstrap["strongswan"]["ike"]
             config["conn", endpoint]["esp"] = "%s!" % bootstrap["strongswan"]["esp"]
-            config["conn", endpoint]["left"] = "%defaultroute"
+            config["conn", endpoint]["leftsourceip"] = "%config"
             config["conn", endpoint]["leftcert"] = certificate_path
 #    leftca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"
 #    rightca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"
 
 
             with open(strongswan_secrets_path + ".part", "w") as fh:
-                fh.write(": %s %s`n" % (
+                fh.write(": %s %s\n" % (
                   "ECDSA" if authority_public_key.algorithm == "ec" else "RSA",
                   key_path
                 ))