5 files changed, 33 insertions, 15 deletions
diff --git a/src/conf_mode/dhcp_relay.py b/src/conf_mode/dhcp_relay.py
index 73e0153df..a1af2575f 100755
--- a/src/conf_mode/dhcp_relay.py
+++ b/src/conf_mode/dhcp_relay.py
@@ -105,11 +105,6 @@ def verify(relay):
     if relay is None:
         return None
 
-    if len(relay['interface']) < 2:
-        # We can only issue a warning otherwise old configurations might break
-        print('WARNING: At least two interfaces are required for DHCP relay\n' \
-              'to work\n')
-
     if 'lo' in relay['interface']:
         raise ConfigError('DHCP relay does not support the loopback interface.')
 
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index 7f1ac6c31..efdc21f89 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -189,13 +189,13 @@ def apply(vxlan):
         # configure ARP cache timeout in milliseconds
         v.set_arp_cache_tmo(vxlan['ip_arp_cache_tmo'])
         # configure ARP filter configuration
-        v.set_arp_filter(bond['ip_disable_arp_filter'])
+        v.set_arp_filter(vxlan['ip_disable_arp_filter'])
         # configure ARP accept
-        v.set_arp_accept(bond['ip_enable_arp_accept'])
+        v.set_arp_accept(vxlan['ip_enable_arp_accept'])
         # configure ARP announce
-        v.set_arp_announce(bond['ip_enable_arp_announce'])
+        v.set_arp_announce(vxlan['ip_enable_arp_announce'])
         # configure ARP ignore
-        v.set_arp_ignore(bond['ip_enable_arp_ignore'])
+        v.set_arp_ignore(vxlan['ip_enable_arp_ignore'])
         # Enable proxy-arp on this interface
         v.set_proxy_arp(vxlan['ip_proxy_arp'])
 
diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py
index aab3e9734..e80c6caf0 100755
--- a/src/conf_mode/ipsec-settings.py
+++ b/src/conf_mode/ipsec-settings.py
@@ -248,7 +248,8 @@ def generate(data):
         write_ipsec_ra_conn(data)
         append_ipsec_conf(data)
     else:
-        remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_ra_conn_file)
+        if os.path.exists(ipsec_ra_conn_file):
+            remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_ra_conn_file)
         remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_secrets_flie)
         remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_flie)
 
diff --git a/src/conf_mode/protocols_bfd.py b/src/conf_mode/protocols_bfd.py
index 9ca194edd..58f5b5a0e 100755
--- a/src/conf_mode/protocols_bfd.py
+++ b/src/conf_mode/protocols_bfd.py
@@ -163,10 +163,15 @@ def verify(bfd):
     conf = Config()
 
     for peer in bfd['new_peers']:
-        # IPv6 peers require an explicit local address/interface combination
-        if vyos.validate.is_ipv6(peer['remote']):
+        # IPv6 link local peers require an explicit local address/interface
+        if vyos.validate.is_ipv6_link_local(peer['remote']):
             if not (peer['src_if'] and peer['src_addr']):
-                raise ConfigError('BFD IPv6 peers require explicit local address and interface setting')
+                raise ConfigError('BFD IPv6 link-local peers require explicit local address and interface setting')
+
+        # IPv6 peers require an explicit local address
+        if vyos.validate.is_ipv6(peer['remote']):
+            if not peer['src_addr']:
+                raise ConfigError('BFD IPv6 peers require explicit local address setting')
 
         # multihop require source address
         if peer['multihop'] and not peer['src_addr']:
diff --git a/src/conf_mode/vrrp.py b/src/conf_mode/vrrp.py
index d31be4cfb..a09e55a2f 100755
--- a/src/conf_mode/vrrp.py
+++ b/src/conf_mode/vrrp.py
@@ -27,7 +27,7 @@ import vyos.keepalived
 
 from vyos import ConfigError
 
-
+daemon_file = "/etc/default/keepalived"
 config_file = "/etc/keepalived/keepalived.conf"
 
 config_tmpl = """
@@ -37,6 +37,7 @@ config_tmpl = """
 
 global_defs {
     dynamic_interfaces
+    script_user root
 }
 
 {% for group in groups -%}
@@ -117,6 +118,10 @@ vrrp_instance {{ group.name }} {
     {% if group.fault_script -%}
         notify_fault "/usr/libexec/vyos/system/vrrp-script-wrapper.py --state fault --group {{ group.name }} --interface {{ group.interface }} {{ group.fault_script }}"
     {% endif -%}
+
+    {% if group.stop_script -%}
+        notify_stop "/usr/libexec/vyos/system/vrrp-script-wrapper.py --state stop --group {{ group.name }} --interface {{ group.interface }} {{ group.stop_script }}"
+    {% endif -%}
 }
 
 {% endfor -%}
@@ -140,6 +145,14 @@ vrrp_sync_group {{ sync_group.name }} {
 
 """
 
+daemon_tmpl = """
+# Autogenerated by VyOS
+# Options to pass to keepalived
+
+# DAEMON_ARGS are appended to the keepalived command-line
+DAEMON_ARGS="--snmp"
+"""
+
 def get_config():
     vrrp_groups = []
     sync_groups = []
@@ -178,6 +191,7 @@ def get_config():
         group["master_script"] = config.return_value("transition-script master")
         group["backup_script"] = config.return_value("transition-script backup")
         group["fault_script"] = config.return_value("transition-script fault")
+        group["stop_script"] = config.return_value("transition-script stop")
 
         if config.exists("no-preempt"):
             group["preempt"] = False
@@ -308,9 +322,12 @@ def generate(data):
 
     tmpl = jinja2.Template(config_tmpl)
     config_text = tmpl.render({"groups": vrrp_groups, "sync_groups": sync_groups})
-    
     with open(config_file, 'w') as f:
         f.write(config_text)
+
+    with open(daemon_file, 'w') as f:
+        f.write(daemon_tmpl)
+
     return None
 
 def apply(data):