diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt
index 1f0e231c2..cc882d5be 100644
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@@ -4,6 +4,8 @@ Changes in 4.0.1
 
 2)  Fix uninstallers.
 
+3)  Correct handling of 'ipsec' option in the hosts file.
+
 Changes in 4.0.0 Final
 
 1)  Fix lite install.sh manpage problem.
diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt
index 4b46fd23e..14fd64512 100644
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@@ -43,6 +43,10 @@ Problems corrected in 4.0.1.
     two products from clearing the firewall configuration established
     by the other one.
 
+4)   The 'ipsec' OPTION in /etc/shorewall/hosts was ignored by
+     Shorewall-perl. If the zone type was changed to 'ipsec' or
+     'ipsec4', the configuration worked properly.
+
 Other changes in Shorewall 4.0.1.
 
 1)  A new EXPAND_POLICIES option is added to shorewall.conf. The
diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm
index 872a9142f..2c127a8d4 100644
--- a/Shorewall-perl/Shorewall/Zones.pm
+++ b/Shorewall-perl/Shorewall/Zones.pm
@@ -880,7 +880,7 @@ sub validate_hosts_file()
 	    for my $option ( @options )
 	    {
 		if ( $option eq 'ipsec' ) {
-		    $type = 'ipsec';
+		    $type = 'ipsec4';
 		    $zoneref->{options}{complex} = 1;
 		    $ipsec = 1;
 		} elsif ( $validoptions{$option}) {