diff --git a/debian/wit-network-config.postinst b/debian/wit-network-config.postinst
index 8cf4c9e..d704a64 100755
--- a/debian/wit-network-config.postinst
+++ b/debian/wit-network-config.postinst
@@ -301,6 +301,8 @@ case "$1" in
       # set ipsec config
         sed -i \
                 -e "s/FQHOSTNAME/${HOSTNAME}/" \
+                -e "s/LOOPBACKv4/${LOOPBACKv4}\/32/" \
+                -e "s/LOOPBACKv6/${LOOPBACKv6}\/128/" \
                 -e "s/IPSEC_IPV4_SUBNETS/$IPSEC_IPV4_SUBNETS/" \
                 -e "s/IPSEC_IPV6_SUBNETS/$IPSEC_IPV6_SUBNETS/" \
                 $IPSECCONFIG
diff --git a/files/ipsec.conf.wit b/files/ipsec.conf.wit
index 553ff5a..1dfdf35 100644
--- a/files/ipsec.conf.wit
+++ b/files/ipsec.conf.wit
@@ -27,14 +27,14 @@ conn %default
 
 conn loopback4
     leftsourceip=%config4
-    leftsubnet=IPSEC_IPV4_SUBNETS
+    leftsubnet=LOOPBACKv4
     rightsubnet=IPSEC_IPV4_SUBNETS
     right=%any4
 
 
 conn loopback6
     leftsourceip=%config6
-    leftsubnet=IPSEC_IPV6_SUBNETS
+    leftsubnet=LOOPBACKv6
     rightsubnet=IPSEC_IPV6_SUBNETS
     right=%any6