--- openl2tp-1.8/plugins/ipsec.c.orig	2010-01-18 10:00:08.000000000 +0100
+++ openl2tp-1.8/plugins/ipsec.c	2011-11-26 17:34:54.000000000 +0100
@@ -31,8 +31,9 @@
 #include "usl.h"
 #include "l2tp_private.h"
 
-#define IPSEC_SETKEY_CMD	"/sbin/setkey"
-#define IPSEC_SETKEY_FILE	"/tmp/openl2tpd-tmp"
+#define IPSEC_SETKEY_CMD	"/usr/sbin/setkey"
+// not in /tmp to prevent symlink attack
+#define IPSEC_SETKEY_FILE	"/var/run/openl2tp/setkey-tmp"
 #define IPSEC_SETKEY_ACTION	IPSEC_SETKEY_CMD " -f " IPSEC_SETKEY_FILE
 
 /* We keep a list of every SPD entry that we install */