From 6b64f2eeb192ee1133d3f90be2ae2854a0c00ddc Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Wed, 29 Jun 2022 19:16:53 +0200
Subject: xml: streamline interface definition filenames, drop _

Some files that described the CLI used underscores to split CLI levels, some
others did not. This commit removes all underscores from the filename and only
makes use of a hyphen.
---
 interface-definitions/intel_qat.xml.in             |   21 -
 .../service-conntrack-sync.xml.in                  |  173 +++
 .../service-console-server.xml.in                  |   92 ++
 interface-definitions/service-ipoe-server.xml.in   |  224 ++++
 interface-definitions/service-mdns-repeater.xml.in |   30 +
 .../service-monitoring-telegraf.xml.in             |  308 ++++++
 interface-definitions/service-pppoe-server.xml.in  |  356 ++++++
 interface-definitions/service-router-advert.xml.in |  327 ++++++
 interface-definitions/service-sla.xml.in           |   36 +
 interface-definitions/service-upnp.xml.in          |  224 ++++
 interface-definitions/service-webproxy.xml.in      |  636 +++++++++++
 .../service_conntrack-sync.xml.in                  |  173 ---
 .../service_console-server.xml.in                  |   92 --
 interface-definitions/service_ipoe-server.xml.in   |  224 ----
 interface-definitions/service_mdns-repeater.xml.in |   30 -
 .../service_monitoring_telegraf.xml.in             |  308 ------
 interface-definitions/service_pppoe-server.xml.in  |  356 ------
 interface-definitions/service_router-advert.xml.in |  327 ------
 interface-definitions/service_sla.xml.in           |   36 -
 interface-definitions/service_upnp.xml.in          |  224 ----
 interface-definitions/service_webproxy.xml.in      |  636 -----------
 .../system-acceleration-qat.xml.in                 |   21 +
 interface-definitions/vpn-ipsec.xml.in             | 1169 ++++++++++++++++++++
 interface-definitions/vpn-l2tp.xml.in              |  282 +++++
 interface-definitions/vpn-openconnect.xml.in       |  274 +++++
 interface-definitions/vpn-pptp.xml.in              |  121 ++
 interface-definitions/vpn-sstp.xml.in              |   69 ++
 interface-definitions/vpn_ipsec.xml.in             | 1169 --------------------
 interface-definitions/vpn_l2tp.xml.in              |  282 -----
 interface-definitions/vpn_openconnect.xml.in       |  274 -----
 interface-definitions/vpn_pptp.xml.in              |  121 --
 interface-definitions/vpn_sstp.xml.in              |   69 --
 32 files changed, 4342 insertions(+), 4342 deletions(-)
 delete mode 100644 interface-definitions/intel_qat.xml.in
 create mode 100644 interface-definitions/service-conntrack-sync.xml.in
 create mode 100644 interface-definitions/service-console-server.xml.in
 create mode 100644 interface-definitions/service-ipoe-server.xml.in
 create mode 100644 interface-definitions/service-mdns-repeater.xml.in
 create mode 100644 interface-definitions/service-monitoring-telegraf.xml.in
 create mode 100644 interface-definitions/service-pppoe-server.xml.in
 create mode 100644 interface-definitions/service-router-advert.xml.in
 create mode 100644 interface-definitions/service-sla.xml.in
 create mode 100644 interface-definitions/service-upnp.xml.in
 create mode 100644 interface-definitions/service-webproxy.xml.in
 delete mode 100644 interface-definitions/service_conntrack-sync.xml.in
 delete mode 100644 interface-definitions/service_console-server.xml.in
 delete mode 100644 interface-definitions/service_ipoe-server.xml.in
 delete mode 100644 interface-definitions/service_mdns-repeater.xml.in
 delete mode 100644 interface-definitions/service_monitoring_telegraf.xml.in
 delete mode 100644 interface-definitions/service_pppoe-server.xml.in
 delete mode 100644 interface-definitions/service_router-advert.xml.in
 delete mode 100644 interface-definitions/service_sla.xml.in
 delete mode 100644 interface-definitions/service_upnp.xml.in
 delete mode 100644 interface-definitions/service_webproxy.xml.in
 create mode 100644 interface-definitions/system-acceleration-qat.xml.in
 create mode 100644 interface-definitions/vpn-ipsec.xml.in
 create mode 100644 interface-definitions/vpn-l2tp.xml.in
 create mode 100644 interface-definitions/vpn-openconnect.xml.in
 create mode 100644 interface-definitions/vpn-pptp.xml.in
 create mode 100644 interface-definitions/vpn-sstp.xml.in
 delete mode 100644 interface-definitions/vpn_ipsec.xml.in
 delete mode 100644 interface-definitions/vpn_l2tp.xml.in
 delete mode 100644 interface-definitions/vpn_openconnect.xml.in
 delete mode 100644 interface-definitions/vpn_pptp.xml.in
 delete mode 100644 interface-definitions/vpn_sstp.xml.in

(limited to 'interface-definitions')

diff --git a/interface-definitions/intel_qat.xml.in b/interface-definitions/intel_qat.xml.in
deleted file mode 100644
index 812484184..000000000
--- a/interface-definitions/intel_qat.xml.in
+++ /dev/null
@@ -1,21 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="system">
-    <children>
-      <node name="acceleration" owner="${vyos_conf_scripts_dir}/intel_qat.py">
-        <properties>
-          <help>Acceleration components</help>
-          <priority>50</priority>
-        </properties>
-        <children>
-        <leafNode name="qat">
-          <properties>
-            <help>Enable Intel QAT (Quick Assist Technology) for cryptographic acceleration</help>
-            <valueless/>
-          </properties>
-        </leafNode>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/service-conntrack-sync.xml.in b/interface-definitions/service-conntrack-sync.xml.in
new file mode 100644
index 000000000..6fa6fc5f9
--- /dev/null
+++ b/interface-definitions/service-conntrack-sync.xml.in
@@ -0,0 +1,173 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="service">
+    <children>
+      <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/conntrack_sync.py">
+        <properties>
+          <help>Connection tracking synchronization</help>
+          <!-- before VRRP / HA -->
+          <priority>799</priority>
+        </properties>
+        <children>
+          <leafNode name="accept-protocol">
+            <properties>
+              <help>Protocols for which local conntrack entries will be synced</help>
+              <completionHelp>
+                <list>tcp udp icmp icmp6 sctp dccp</list>
+              </completionHelp>
+              <valueHelp>
+                <format>tcp</format>
+                <description>Sync Transmission Control Protocol entries</description>
+              </valueHelp>
+              <valueHelp>
+                <format>udp</format>
+                <description>Sync User Datagram Protocol entries</description>
+              </valueHelp>
+              <valueHelp>
+                <format>icmp</format>
+                <description>Sync Internet Control Message Protocol entries</description>
+              </valueHelp>
+              <valueHelp>
+                <format>icmp6</format>
+                <description>Sync IPv6 Internet Control Message Protocol entries</description>
+              </valueHelp>
+              <valueHelp>
+                <format>sctp</format>
+                <description>Sync Stream Control Transmission Protocol entries</description>
+              </valueHelp>
+              <valueHelp>
+                <format>dccp</format>
+                <description>Sync Datagram Congestion Control Protocol entries</description>
+              </valueHelp>
+              <constraint>
+                <regex>(tcp|udp|icmp|icmp6|sctp|dccp)</regex>
+              </constraint>
+              <constraintErrorMessage>Allowed protocols: tcp udp icmp or sctp</constraintErrorMessage>
+              <multi/>
+            </properties>
+          </leafNode>
+          <leafNode name="disable-external-cache">
+            <properties>
+              <help>Directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall.</help>
+              <valueless/>
+            </properties>
+          </leafNode>
+          <leafNode name="event-listen-queue-size">
+            <properties>
+              <help>Queue size for local conntrack events</help>
+              <valueHelp>
+                <format>u32</format>
+                <description>Queue size in MB</description>
+              </valueHelp>
+            </properties>
+            <defaultValue>8</defaultValue>
+          </leafNode>
+          <leafNode name="expect-sync">
+            <properties>
+              <help>Protocol for which expect entries need to be synchronized</help>
+              <completionHelp>
+                <list>all ftp sip h323 nfs sqlnet</list>
+              </completionHelp>
+              <constraint>
+                <regex>(all|ftp|sip|h323|nfs|sqlnet)</regex>
+              </constraint>
+              <constraintErrorMessage>Invalid protocol</constraintErrorMessage>
+              <multi/>
+            </properties>
+          </leafNode>
+          <node name="failover-mechanism">
+            <properties>
+              <help>Failover mechanism to use for conntrack-sync</help>
+            </properties>
+            <children>
+              <node name="vrrp">
+                <properties>
+                  <help>VRRP as failover-mechanism to use for conntrack-sync</help>
+                </properties>
+                <children>
+                  <leafNode name="sync-group">
+                    <properties>
+                      <help>VRRP sync group</help>
+                      <completionHelp>
+                        <path>high-availability vrrp sync-group</path>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+            </children>
+          </node>
+          <leafNode name="ignore-address">
+            <properties>
+              <help>IP addresses for which local conntrack entries will not be synced</help>
+              <valueHelp>
+                <format>ipv4</format>
+                <description>IPv4 address to ignore</description>
+              </valueHelp>
+              <valueHelp>
+                <format>ipv4net</format>
+                <description>IPv4 prefix to ignore</description>
+              </valueHelp>
+              <valueHelp>
+                <format>ipv6</format>
+                <description>IPv6 address to ignore</description>
+              </valueHelp>
+              <valueHelp>
+                <format>ipv6net</format>
+                <description>IPv6 prefix to ignore</description>
+              </valueHelp>
+              <constraint>
+                <validator name="ipv4"/>
+                <validator name="ipv6"/>
+              </constraint>
+              <multi/>
+            </properties>
+          </leafNode>
+          <tagNode name="interface">
+            <properties>
+              <help>Interface to use for syncing conntrack entries</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces.py --bridgeable</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="peer">
+                <properties>
+                  <help>IP address of the peer to send the UDP conntrack info too. This disable multicast.</help>
+                  <valueHelp>
+                    <format>ipv4</format>
+                    <description>IP address to listen for incoming connections</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ipv4-address"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              #include <include/port-number.xml.i>
+            </children>
+          </tagNode>
+          #include <include/listen-address-ipv4.xml.i>
+          <leafNode name="mcast-group">
+            <properties>
+              <help>Multicast group to use for syncing conntrack entries</help>
+              <constraint>
+                <validator name="ipv4-multicast"/>
+              </constraint>
+            </properties>
+            <defaultValue>225.0.0.50</defaultValue>
+          </leafNode>
+          <leafNode name="sync-queue-size">
+            <properties>
+              <help>Queue size for syncing conntrack entries</help>
+              <valueHelp>
+                <format>u32</format>
+                <description>Queue size in MB</description>
+              </valueHelp>
+            </properties>
+            <defaultValue>1</defaultValue>
+          </leafNode>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/service-console-server.xml.in b/interface-definitions/service-console-server.xml.in
new file mode 100644
index 000000000..e9591ad87
--- /dev/null
+++ b/interface-definitions/service-console-server.xml.in
@@ -0,0 +1,92 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="service">
+    <children>
+      <node name="console-server" owner="${vyos_conf_scripts_dir}/service_console-server.py">
+        <properties>
+          <help>Serial Console Server</help>
+        </properties>
+        <children>
+          <tagNode name="device">
+            <properties>
+              <help>System serial interface name (ttyS or ttyUSB)</help>
+              <completionHelp>
+                <script>ls -1 /dev | grep ttyS</script>
+                <script>if [ -d /dev/serial/by-bus ]; then ls -1 /dev/serial/by-bus; fi</script>
+              </completionHelp>
+              <valueHelp>
+                <format>ttySxxx</format>
+                <description>Regular serial interface</description>
+              </valueHelp>
+              <valueHelp>
+                <format>usbxbxpx</format>
+                <description>USB based serial interface</description>
+              </valueHelp>
+              <constraint>
+                <regex>(ttyS\d+|usb\d+b.*p.*)</regex>
+              </constraint>
+            </properties>
+            <children>
+              #include <include/interface/description.xml.i>
+              <leafNode name="speed">
+                <properties>
+                  <help>Serial port baud rate</help>
+                  <completionHelp>
+                    <list>300 1200 2400 4800 9600 19200 38400 57600 115200</list>
+                  </completionHelp>
+                  <constraint>
+                    <regex>(300|1200|2400|4800|9600|19200|38400|57600|115200)</regex>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="data-bits">
+                <properties>
+                  <help>Serial port data bits</help>
+                  <completionHelp>
+                    <list>7 8</list>
+                  </completionHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 7-8"/>
+                  </constraint>
+                </properties>
+                <defaultValue>8</defaultValue>
+              </leafNode>
+              <leafNode name="stop-bits">
+                <properties>
+                  <help>Serial port stop bits</help>
+                  <completionHelp>
+                    <list>1 2</list>
+                  </completionHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-2"/>
+                  </constraint>
+                </properties>
+                <defaultValue>1</defaultValue>
+              </leafNode>
+              <leafNode name="parity">
+                <properties>
+                  <help>Parity setting</help>
+                  <completionHelp>
+                    <list>even odd none</list>
+                  </completionHelp>
+                  <constraint>
+                    <regex>(even|odd|none)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>none</defaultValue>
+              </leafNode>
+              <node name="ssh">
+                <properties>
+                  <help>SSH remote access to this console</help>
+                </properties>
+                <children>
+                  #include <include/port-number.xml.i>
+                </children>
+              </node>
+            </children>
+          </tagNode>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/service-ipoe-server.xml.in b/interface-definitions/service-ipoe-server.xml.in
new file mode 100644
index 000000000..e222467b1
--- /dev/null
+++ b/interface-definitions/service-ipoe-server.xml.in
@@ -0,0 +1,224 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="service">
+    <children>
+      <node name="ipoe-server" owner="${vyos_conf_scripts_dir}/service_ipoe-server.py">
+        <properties>
+          <help>Internet Protocol over Ethernet (IPoE) Server</help>
+          <priority>900</priority>
+        </properties>
+        <children>
+          <tagNode name="interface">
+            <properties>
+              <help>Network interface to server IPoE</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces.py</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="network-mode">
+                <properties>
+                  <help>Network Layer IPoE serves on</help>
+                  <completionHelp>
+                    <list>L2 L3</list>
+                  </completionHelp>
+                  <constraint>
+                    <regex>(L2|L3)</regex>
+                  </constraint>
+                  <valueHelp>
+                    <format>L2</format>
+                    <description>client share the same subnet</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>L3</format>
+                    <description>clients are behind this router</description>
+                  </valueHelp>
+                </properties>
+              </leafNode>
+              <leafNode name="network">
+                <properties>
+                  <help>Enables clients to share the same network or each client has its own vlan</help>
+                  <completionHelp>
+                    <list>shared vlan</list>
+                  </completionHelp>
+                  <constraint>
+                    <regex>(shared|vlan)</regex>
+                  </constraint>
+                  <valueHelp>
+                    <format>shared</format>
+                    <description>Multiple clients share the same network</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>vlan</format>
+                    <description>One VLAN per client</description>
+                  </valueHelp>
+                </properties>
+              </leafNode>
+              <leafNode name="client-subnet">
+                <properties>
+                  <help>Client address pool</help>
+                  <valueHelp>
+                    <format>ipv4net</format>
+                    <description>IPv4 address and prefix length</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ipv4-prefix"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <node name="external-dhcp">
+                <properties>
+                  <help>DHCP requests will be forwarded</help>
+                </properties>
+                <children>
+                  <leafNode name="dhcp-relay">
+                    <properties>
+                      <help>DHCP Server the request will be redirected to.</help>
+                      <valueHelp>
+                        <format>ipv4</format>
+                        <description>IPv4 address of the DHCP Server</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-address"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="giaddr">
+                    <properties>
+                      <help>address of the relay agent (Relay Agent IP Address)</help>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <leafNode name="vlan-id">
+                <properties>
+                  <help>VLAN monitor for the automatic creation of vlans (user per vlan)</help>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-4096"/>
+                  </constraint>
+                  <constraintErrorMessage>VLAN ID needs to be between 1 and 4096</constraintErrorMessage>
+                  <multi/>
+                </properties>
+              </leafNode>
+              <leafNode name="vlan-range">
+                <properties>
+                  <help>VLAN monitor for the automatic creation of vlans (user per vlan)</help>
+                  <constraint>
+                    <regex>(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})-(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})</regex>
+                  </constraint>
+                  <multi/>
+                </properties>
+              </leafNode>
+            </children>
+          </tagNode>
+          #include <include/name-server-ipv4-ipv6.xml.i>
+          <node name="client-ip-pool">
+            <properties>
+              <help>Client IP pools and gateway setting</help>
+            </properties>
+            <children>
+              <tagNode name="name">
+                <properties>
+                  <help>Pool name</help>
+                </properties>
+                <children>
+                  #include <include/accel-ppp/gateway-address.xml.i>
+                  #include <include/accel-ppp/client-ip-pool-subnet-single.xml.i>
+                </children>
+              </tagNode>
+            </children>
+          </node>
+          #include <include/accel-ppp/client-ipv6-pool.xml.i>
+          <node name="authentication">
+            <properties>
+              <help>Client authentication methods</help>
+            </properties>
+            <children>
+              <leafNode name="mode">
+                <properties>
+                  <help>Authetication mode</help>
+                  <completionHelp>
+                    <list>local radius noauth</list>
+                  </completionHelp>
+                  <constraint>
+                    <regex>(local|radius|noauth)</regex>
+                  </constraint>
+                  <valueHelp>
+                    <format>local</format>
+                    <description>Authentication based on local definition</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>radius</format>
+                    <description>Authentication based on a RADIUS server</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>noauth</format>
+                    <description>Authentication disabled</description>
+                  </valueHelp>
+                </properties>
+              </leafNode>
+              <tagNode name="interface">
+                <properties>
+                  <help>Network interface the client mac will appear on</help>
+                  <completionHelp>
+                    <script>${vyos_completion_dir}/list_interfaces.py</script>
+                  </completionHelp>
+                </properties>
+                <children>
+                  <tagNode name="mac-address">
+                    <properties>
+                      <help>Client mac address allowed to receive an IP address</help>
+                      <valueHelp>
+                        <format>macaddr</format>
+                        <description>Hardware (MAC) address</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="mac-address"/>
+                      </constraint>
+                    </properties>
+                    <children>
+                      <node name="rate-limit">
+                        <properties>
+                          <help>Upload/Download speed limits</help>
+                        </properties>
+                        <children>
+                          <leafNode name="upload">
+                            <properties>
+                              <help>Upload bandwidth limit in kbits/sec</help>
+                              <constraint>
+                                <validator name="numeric" argument="--range 1-65535"/>
+                              </constraint>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="download">
+                            <properties>
+                              <help>Download bandwidth limit in kbits/sec</help>
+                              <constraint>
+                                <validator name="numeric" argument="--range 1-65535"/>
+                              </constraint>
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </node>
+                      <leafNode name="vlan-id">
+                        <properties>
+                          <help>VLAN-ID of the client network</help>
+                          <constraint>
+                            <validator name="numeric" argument="--range 1-4096"/>
+                          </constraint>
+                          <constraintErrorMessage>VLAN ID needs to be between 1 and 4096</constraintErrorMessage>
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </tagNode>
+                </children>
+              </tagNode>
+              #include <include/radius-server-ipv4.xml.i>
+              #include <include/accel-ppp/radius-additions.xml.i>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/service-mdns-repeater.xml.in b/interface-definitions/service-mdns-repeater.xml.in
new file mode 100644
index 000000000..9a94f1488
--- /dev/null
+++ b/interface-definitions/service-mdns-repeater.xml.in
@@ -0,0 +1,30 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="service">
+    <children>
+      <node name="mdns">
+        <properties>
+          <help>Multicast DNS (mDNS) parameters</help>
+        </properties>
+        <children>
+          <node name="repeater" owner="${vyos_conf_scripts_dir}/service_mdns-repeater.py">
+            <properties>
+              <help>mDNS repeater configuration</help>
+              <priority>990</priority>
+            </properties>
+            <children>
+              #include <include/generic-disable-node.xml.i>
+              #include <include/generic-interface-multi.xml.i>
+              <leafNode name="vrrp-disable">
+                <properties>
+                  <help>Disables mDNS repeater on VRRP interfaces not in MASTER state</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/service-monitoring-telegraf.xml.in b/interface-definitions/service-monitoring-telegraf.xml.in
new file mode 100644
index 000000000..d0d9202c1
--- /dev/null
+++ b/interface-definitions/service-monitoring-telegraf.xml.in
@@ -0,0 +1,308 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="service">
+    <children>
+      <node name="monitoring">
+        <properties>
+          <help>Monitoring services</help>
+          <priority>1280</priority>
+        </properties>
+        <children>
+          <node name="telegraf" owner="${vyos_conf_scripts_dir}/service_monitoring_telegraf.py">
+            <properties>
+              <help>Telegraf monitoring</help>
+            </properties>
+            <children>
+              <node name="authentication">
+                <properties>
+                  <help>Authentication parameters</help>
+                </properties>
+                <children>
+                  <leafNode name="organization">
+                    <properties>
+                      <help>Authentication organization for InfluxDB v2</help>
+                      <constraint>
+                        <regex>[a-zA-Z][1-9a-zA-Z@_\-.]{2,50}</regex>
+                      </constraint>
+                      <constraintErrorMessage>Organization name must be alphanumeric and can contain hyphens, underscores and at symbol.</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="token">
+                    <properties>
+                      <help>Authentication token for InfluxDB v2</help>
+                      <valueHelp>
+                        <format>txt</format>
+                        <description>Authentication token</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>[a-zA-Z0-9-_]{86}==</regex>
+                      </constraint>
+                      <constraintErrorMessage>Token must be 88 characters long and must contain only [a-zA-Z0-9-_] and '==' characters.</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <node name="azure-data-explorer">
+                <properties>
+                  <help>Output plugin Azure Data Explorer</help>
+                </properties>
+                <children>
+                  <node name="authentication">
+                    <properties>
+                      <help>Authentication parameters</help>
+                    </properties>
+                    <children>
+                      <leafNode name="client-id">
+                        <properties>
+                          <help>Application client id</help>
+                          <constraint>
+                            <regex>[-_a-zA-Z0-9]+</regex>
+                          </constraint>
+                          <constraintErrorMessage>Client-id is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="client-secret">
+                        <properties>
+                          <help>Application client secret</help>
+                          <constraint>
+                            <regex>[-_a-zA-Z0-9]+</regex>
+                          </constraint>
+                          <constraintErrorMessage>Client-secret is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="tenant-id">
+                        <properties>
+                          <help>Set tenant id</help>
+                          <constraint>
+                            <regex>[-_a-zA-Z0-9]+</regex>
+                          </constraint>
+                          <constraintErrorMessage>Tenant-id is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </node>
+                  <leafNode name="database">
+                    <properties>
+                      <help>Remote database name</help>
+                      <valueHelp>
+                        <format>txt</format>
+                        <description>Remote database name</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>[-_a-zA-Z0-9]+</regex>
+                      </constraint>
+                      <constraintErrorMessage>Database is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="group-metrics">
+                    <properties>
+                      <help>Type of metrics grouping when push to Azure Data Explorer</help>
+                      <completionHelp>
+                        <list>single-table table-per-metric</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>single-table</format>
+                        <description>Metrics stores in one table</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>table-per-metric</format>
+                        <description>One table per gorups of metric by the metric name</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(single-table|table-per-metric)</regex>
+                      </constraint>
+                    </properties>
+                    <defaultValue>table-per-metric</defaultValue>
+                  </leafNode>
+                  <leafNode name="table">
+                    <properties>
+                      <help>Name of the single table [Only if set group-metrics single-table]</help>
+                      <valueHelp>
+                        <format>txt</format>
+                        <description>Table name</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>[-_a-zA-Z0-9]+</regex>
+                      </constraint>
+                      <constraintErrorMessage>Table is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                  #include <include/monitoring/url.xml.i>
+                </children>
+              </node>
+              <leafNode name="bucket">
+                <properties>
+                  <help>Remote bucket</help>
+                </properties>
+                <defaultValue>main</defaultValue>
+              </leafNode>
+              <leafNode name="source">
+                <properties>
+                  <help>Source parameters for monitoring</help>
+                  <completionHelp>
+                    <list>all hardware-utilization logs network system telegraf</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>all</format>
+                    <description>All parameters</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>hardware-utilization</format>
+                    <description>Hardware-utilization parameters (CPU, disk, memory)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>logs</format>
+                    <description>Logs parameters</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>network</format>
+                    <description>Network parameters (net, netstat, nftables)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>system</format>
+                    <description>System parameters (system, processes, interrupts)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>telegraf</format>
+                    <description>Telegraf internal statistics</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(all|hardware-utilization|logs|network|system|telegraf)</regex>
+                  </constraint>
+                  <multi/>
+                </properties>
+                <defaultValue>all</defaultValue>
+              </leafNode>
+              <node name="prometheus-client">
+                <properties>
+                  <help>Output plugin Prometheus client</help>
+                </properties>
+                <children>
+                  <node name="authentication">
+                    <properties>
+                      <help>HTTP basic authentication parameters</help>
+                    </properties>
+                    <children>
+                      <leafNode name="username">
+                        <properties>
+                          <help>Authentication username</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="password">
+                        <properties>
+                          <help>Authentication password</help>
+                          <valueHelp>
+                            <format>txt</format>
+                            <description>Authentication password</description>
+                          </valueHelp>
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </node>
+                  <leafNode name="allow-from">
+                    <properties>
+                      <help>Networks allowed to query this server</help>
+                      <valueHelp>
+                        <format>ipv4net</format>
+                        <description>IP address and prefix length</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ipv6net</format>
+                        <description>IPv6 address and prefix length</description>
+                      </valueHelp>
+                      <multi/>
+                      <constraint>
+                        <validator name="ip-prefix"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="listen-address">
+                    <properties>
+                      <help>Local IP addresses to listen on</help>
+                      <completionHelp>
+                        <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>ipv4</format>
+                        <description>IPv4 address to listen for incoming connections</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ipv6</format>
+                        <description>IPv6 address to listen for incoming connections</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-address"/>
+                        <validator name="ipv6-address"/>
+                        <validator name="ipv6-link-local"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="metric-version">
+                    <properties>
+                      <help>Metric version control mapping from Telegraf to Prometheus format</help>
+                      <valueHelp>
+                        <format>u32:1-2</format>
+                        <description>Metric version (default: 2)</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-2"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>2</defaultValue>
+                  </leafNode>
+                  #include <include/port-number.xml.i>
+                  <leafNode name="port">
+                    <defaultValue>9273</defaultValue>
+                  </leafNode>
+                </children>
+              </node>
+              <node name="splunk">
+                <properties>
+                  <help>Output plugin Splunk</help>
+                </properties>
+                <children>
+                  <node name="authentication">
+                    <properties>
+                      <help>HTTP basic authentication parameters</help>
+                    </properties>
+                    <children>
+                      <leafNode name="token">
+                        <properties>
+                          <help>Authorization token</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="insecure">
+                        <properties>
+                          <help>Use TLS but skip host validation</help>
+                          <valueless/>
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </node>
+                  <leafNode name="url">
+                    <properties>
+                      <help>Remote URL</help>
+                      <valueHelp>
+                        <format>url</format>
+                        <description>Remote URL to Splunk collector</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>^(http(s?):\/\/.*):(\d*)\/?(.*)</regex>
+                      </constraint>
+                      <constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              #include <include/monitoring/url.xml.i>
+              #include <include/port-number.xml.i>
+              <leafNode name="port">
+                <defaultValue>8086</defaultValue>
+              </leafNode>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/service-pppoe-server.xml.in b/interface-definitions/service-pppoe-server.xml.in
new file mode 100644
index 000000000..50f42849b
--- /dev/null
+++ b/interface-definitions/service-pppoe-server.xml.in
@@ -0,0 +1,356 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="service">
+    <children>
+      <node name="pppoe-server" owner="${vyos_conf_scripts_dir}/service_pppoe-server.py">
+        <properties>
+          <help>Point to Point over Ethernet (PPPoE) Server</help>
+          <priority>900</priority>
+        </properties>
+        <children>
+          #include <include/pppoe-access-concentrator.xml.i>
+          <leafNode name="access-concentrator">
+            <defaultValue>vyos-ac</defaultValue>
+          </leafNode>
+          <node name="authentication">
+            <properties>
+              <help>Authentication for remote access PPPoE Server</help>
+            </properties>
+            <children>
+              #include <include/accel-ppp/auth-local-users.xml.i>
+              #include <include/accel-ppp/auth-mode.xml.i>
+              #include <include/accel-ppp/auth-protocols.xml.i>
+              #include <include/radius-server-ipv4.xml.i>
+              #include <include/accel-ppp/radius-additions.xml.i>
+              <node name="radius">
+                <children>
+                  #include <include/accel-ppp/radius-additions-rate-limit.xml.i>
+                  <leafNode name="called-sid-format">
+                    <properties>
+                      <help>Format of Called-Station-Id attribute</help>
+                      <completionHelp>
+                        <list>ifname ifname:mac</list>
+                      </completionHelp>
+                      <constraint>
+                        <regex>(ifname|ifname:mac)</regex>
+                      </constraint>
+                      <constraintErrorMessage>Invalid Called-Station-Id format</constraintErrorMessage>
+                      <valueHelp>
+                        <format>ifname</format>
+                        <description>NAS-Port-Id - should contain root interface name (NAS-Port-Id=eth1)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ifname:mac</format>
+                        <description>NAS-Port-Id - should contain root interface name and mac address (NAS-Port-Id=eth1:00:00:00:00:00:00)</description>
+                      </valueHelp>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+            </children>
+          </node>
+          <node name="client-ip-pool">
+            <properties>
+              <help>Pool of client IP addresses (must be within a /24)</help>
+            </properties>
+            <children>
+              #include <include/accel-ppp/client-ip-pool-start-stop.xml.i>
+              #include <include/accel-ppp/client-ip-pool-subnet.xml.i>
+            </children>
+          </node>
+          #include <include/accel-ppp/client-ipv6-pool.xml.i>
+          #include <include/name-server-ipv4-ipv6.xml.i>
+          <tagNode name="interface">
+            <properties>
+              <help>interface(s) to listen on</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces.py</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="vlan-id">
+                <properties>
+                  <help>VLAN monitor for the automatic creation of single vlan</help>
+                  <valueHelp>
+                    <format>u32:1-4094</format>
+                    <description>VLAN monitor for the automatic creation of single vlan</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-4094"/>
+                  </constraint>
+                  <constraintErrorMessage>VLAN ID needs to be between 1 and 4094</constraintErrorMessage>
+                  <multi/>
+                </properties>
+              </leafNode>
+              <leafNode name="vlan-range">
+                <properties>
+                  <help>VLAN monitor for the automatic creation of vlans range</help>
+                  <valueHelp>
+                    <format>start-end</format>
+                    <description>VLAN monitor range for the automatic creation of vlans (e.g. 1-4094)</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="range" argument="--min=1 --max=4094"/>
+                  </constraint>
+                  <multi/>
+                </properties>
+              </leafNode>
+            </children>
+          </tagNode>
+          #include <include/accel-ppp/gateway-address.xml.i>
+          #include <include/accel-ppp/mtu-128-16384.xml.i>
+          <node name="limits">
+            <properties>
+              <help>Limits the connection rate from a single source</help>
+            </properties>
+            <children>
+              <leafNode name="connection-limit">
+                <properties>
+                  <help>Acceptable rate of connections (e.g. 1/min, 60/sec)</help>
+                  <constraint>
+                    <regex>[0-9]+\/(min|sec)</regex>
+                  </constraint>
+                  <constraintErrorMessage>illegal value</constraintErrorMessage>
+                </properties>
+              </leafNode>
+              <leafNode name="burst">
+                <properties>
+                  <help>Burst count</help>
+                </properties>
+              </leafNode>
+              <leafNode name="timeout">
+                <properties>
+                  <help>Timeout in seconds</help>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+          <leafNode name="service-name">
+            <properties>
+              <help>Service name</help>
+              <constraint>
+                <regex>[a-zA-Z0-9\-]{1,100}</regex>
+              </constraint>
+              <constraintErrorMessage>Service-name can contain aplhanumerical characters and dashes only (max. 100)</constraintErrorMessage>
+              <multi/>
+            </properties>
+          </leafNode>
+          #include <include/accel-ppp/wins-server.xml.i>
+          <node name="ppp-options">
+            <properties>
+              <help>Advanced protocol options</help>
+            </properties>
+            <children>
+              <leafNode name="min-mtu">
+                <properties>
+                  <help>Minimum acceptable MTU (68-65535)</help>
+                  <constraint>
+                    <validator name="numeric" argument="--range 68-65535"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="mru">
+                <properties>
+                  <help>Preferred MRU (68-65535)</help>
+                  <constraint>
+                    <validator name="numeric" argument="--range 68-65535"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="ccp">
+                <properties>
+                  <help>CCP negotiation (default disabled)</help>
+                  <valueless />
+                </properties>
+              </leafNode>
+              #include <include/accel-ppp/ppp-mppe.xml.i>
+              #include <include/accel-ppp/lcp-echo-interval-failure.xml.i>
+              #include <include/accel-ppp/lcp-echo-timeout.xml.i>
+              #include <include/accel-ppp/ppp-interface-cache.xml.i>
+              <leafNode name="ipv4">
+                <properties>
+                  <help>IPv4 (IPCP) negotiation algorithm</help>
+                  <constraint>
+                    <regex>(deny|allow|prefer|require)</regex>
+                  </constraint>
+                  <constraintErrorMessage>invalid value</constraintErrorMessage>
+                  <valueHelp>
+                    <format>deny</format>
+                    <description>Do not negotiate IPv4</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>allow</format>
+                    <description>Negotiate IPv4 only if client requests</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>prefer</format>
+                    <description>Ask client for IPv4 negotiation, do not fail if it rejects</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>require</format>
+                    <description>Require IPv4 negotiation</description>
+                  </valueHelp>
+                  <completionHelp>
+                    <list>deny allow prefer require</list>
+                  </completionHelp>
+                </properties>
+              </leafNode>
+              #include <include/accel-ppp/ppp-options-ipv6.xml.i>
+              <leafNode name="ipv6-intf-id">
+                <properties>
+                  <help>Fixed or random interface identifier for IPv6</help>
+                  <completionHelp>
+                    <list>random</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>random</format>
+                    <description>Random interface identifier for IPv6</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>x:x:x:x</format>
+                    <description>specify interface identifier for IPv6</description>
+                  </valueHelp>
+                </properties>
+              </leafNode>
+              <leafNode name="ipv6-peer-intf-id">
+                <properties>
+                  <help>Peer interface identifier for IPv6</help>
+                  <completionHelp>
+                    <list>random calling-sid ipv4</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>x:x:x:x</format>
+                    <description>Interface identifier for IPv6</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>random</format>
+                    <description>Use a random interface identifier for IPv6</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ipv4</format>
+                    <description>Calculate interface identifier from IPv4 address, for example 192:168:0:1</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>calling-sid</format>
+                    <description>Calculate interface identifier from calling-station-id</description>
+                  </valueHelp>
+                </properties>
+              </leafNode>
+              <leafNode name="ipv6-accept-peer-intf-id">
+                <properties>
+                  <help>Accept peer interface identifier</help>
+                  <valueless />
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+          <tagNode name="pado-delay">
+            <properties>
+              <help>PADO delays</help>
+              <valueHelp>
+                <format>u32:1-999999</format>
+                <description>Number in ms</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-999999"/>
+              </constraint>
+              <constraintErrorMessage>Invalid PADO delay</constraintErrorMessage>
+            </properties>
+            <children>
+              <leafNode name="sessions">
+                <properties>
+                  <help>Number of sessions</help>
+                  <valueHelp>
+                    <format>u32:1-999999</format>
+                    <description>Number of sessions</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-999999"/>
+                  </constraint>
+                  <constraintErrorMessage>Invalid number of delayed sessions</constraintErrorMessage>
+                </properties>
+              </leafNode>
+            </children>
+          </tagNode>
+          <leafNode name="session-control">
+            <properties>
+              <help>control sessions count</help>
+              <constraint>
+                <regex>(deny|disable|replace)</regex>
+              </constraint>
+              <constraintErrorMessage>Invalid value</constraintErrorMessage>
+              <valueHelp>
+                <format>disable</format>
+                <description>Disables session control</description>
+              </valueHelp>
+              <valueHelp>
+                <format>deny</format>
+                <description>Deny second session authorization</description>
+              </valueHelp>
+              <valueHelp>
+                <format>replace</format>
+                <description>Terminate first session when second is authorized</description>
+              </valueHelp>
+              <completionHelp>
+                <list>deny disable replace</list>
+              </completionHelp>
+            </properties>
+            <defaultValue>replace</defaultValue>
+          </leafNode>
+          <node name="snmp">
+            <properties>
+              <help>Enable SNMP</help>
+            </properties>
+            <children>
+              <leafNode name="master-agent">
+                <properties>
+                  <help>enable SNMP master agent mode</help>
+                  <valueless />
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+          <node name="extended-scripts">
+            <properties>
+              <help>Extended script execution</help>
+            </properties>
+            <children>
+              <leafNode name="on-pre-up">
+                <properties>
+                  <help>Script to run before PPPoE session interface comes up</help>
+                    <constraint>
+                      <validator name="script"/>
+                    </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="on-up">
+                <properties>
+                  <help>Script to run when PPPoE session interface is completely configured and started</help>
+                    <constraint>
+                      <validator name="script"/>
+                    </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="on-down">
+                <properties>
+                  <help>Script to run when PPPoE session interface going to terminate</help>
+                    <constraint>
+                      <validator name="script"/>
+                    </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="on-change">
+                <properties>
+                  <help>Script to run when PPPoE session interface changed by RADIUS CoA handling</help>
+                    <constraint>
+                      <validator name="script"/>
+                    </constraint>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/service-router-advert.xml.in b/interface-definitions/service-router-advert.xml.in
new file mode 100644
index 000000000..40dac23ca
--- /dev/null
+++ b/interface-definitions/service-router-advert.xml.in
@@ -0,0 +1,327 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="service">
+    <children>
+      <node name="router-advert" owner="${vyos_conf_scripts_dir}/service_router-advert.py">
+        <properties>
+          <help>IPv6 Router Advertisements (RAs) service</help>
+          <priority>900</priority>
+        </properties>
+        <children>
+          <tagNode name="interface">
+            <properties>
+              <help>Interface to send RA on</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces.py</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="hop-limit">
+                <properties>
+                  <help>Set Hop Count field of the IP header for outgoing packets</help>
+                  <valueHelp>
+                    <format>u32:0</format>
+                    <description>Unspecified (by this router)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>u32:1-255</format>
+                    <description>Value should represent current diameter of the Internet</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 0-255"/>
+                  </constraint>
+                  <constraintErrorMessage>Hop count must be between 0 and 255</constraintErrorMessage>
+                </properties>
+                <defaultValue>64</defaultValue>
+              </leafNode>
+              <leafNode name="default-lifetime">
+                <properties>
+                  <help>Lifetime associated with the default router in units of seconds</help>
+                  <valueHelp>
+                    <format>u32:4-9000</format>
+                    <description>Router Lifetime in seconds</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>0</format>
+                    <description>Not a default router</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 0-0 --range 4-9000"/>
+                  </constraint>
+                  <constraintErrorMessage>Default router livetime bust be 0 or between 4 and 9000</constraintErrorMessage>
+                </properties>
+              </leafNode>
+              <leafNode name="default-preference">
+                <properties>
+                  <help>Preference associated with the default router,</help>
+                  <completionHelp>
+                    <list>low medium high</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>low</format>
+                    <description>Default router has low preference</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>medium</format>
+                    <description>Default router has medium preference</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>high</format>
+                    <description>Default router has high preference</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(low|medium|high)</regex>
+                  </constraint>
+                  <constraintErrorMessage>Default preference must be low, medium or high</constraintErrorMessage>
+                </properties>
+                <defaultValue>medium</defaultValue>
+              </leafNode>
+              <leafNode name="dnssl">
+                <properties>
+                  <help>DNS search list</help>
+                  <multi/>
+                </properties>
+              </leafNode>
+              <leafNode name="link-mtu">
+                <properties>
+                  <help>Link MTU value placed in RAs, exluded in RAs if unset</help>
+                  <valueHelp>
+                    <format>u32:1280-9000</format>
+                    <description>Link MTU value in RAs</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1280-9000"/>
+                  </constraint>
+                  <constraintErrorMessage>Link MTU must be between 1280 and 9000</constraintErrorMessage>
+                </properties>
+              </leafNode>
+              <leafNode name="managed-flag">
+                <properties>
+                  <help>Hosts use the administered (stateful) protocol for address autoconfiguration in addition to any addresses autoconfigured using SLAAC</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+              <node name="interval">
+                <properties>
+                  <help>Set interval between unsolicited multicast RAs</help>
+                </properties>
+                <children>
+                  <leafNode name="max">
+                    <properties>
+                      <help>Maximum interval between unsolicited multicast RAs</help>
+                      <valueHelp>
+                        <format>u32:4-1800</format>
+                        <description>Maximum interval in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 4-1800"/>
+                      </constraint>
+                      <constraintErrorMessage>Maximum interval must be between 4 and 1800 seconds</constraintErrorMessage>
+                    </properties>
+                    <defaultValue>600</defaultValue>
+                  </leafNode>
+                  <leafNode name="min">
+                    <properties>
+                      <help>Minimum interval between unsolicited multicast RAs</help>
+                      <valueHelp>
+                        <format>u32:3-1350</format>
+                        <description>Minimum interval in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 3-1350"/>
+                      </constraint>
+                      <constraintErrorMessage>Minimum interval must be between 3 and 1350 seconds</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              #include <include/name-server-ipv6.xml.i>
+              <leafNode name="other-config-flag">
+                <properties>
+                  <help>Hosts use the administered (stateful) protocol for autoconfiguration of other (non-address) information</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+              <tagNode name="route">
+                <properties>
+                  <help>IPv6 route to be advertised in Router Advertisements (RAs)</help>
+                  <valueHelp>
+                    <format>ipv6net</format>
+                    <description>IPv6 route to be advertized</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ipv6-prefix"/>
+                  </constraint>
+                </properties>
+                <children>
+                  <leafNode name="valid-lifetime">
+                    <properties>
+                      <help>Time in seconds that the route will remain valid</help>
+                      <completionHelp>
+                        <list>infinity</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>u32:1-4294967295</format>
+                        <description>Time in seconds that the route will remain valid</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>infinity</format>
+                        <description>Route will remain preferred forever</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 0-4294967295"/>
+                        <regex>(infinity)</regex>
+                      </constraint>
+                    </properties>
+                    <defaultValue>1800</defaultValue>
+                  </leafNode>
+                  <leafNode name="route-preference">
+                    <properties>
+                      <help>Preference associated with the route,</help>
+                      <completionHelp>
+                        <list>low medium high</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>low</format>
+                        <description>Route has low preference</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>medium</format>
+                        <description>Route has medium preference</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>high</format>
+                        <description>Route has high preference</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(low|medium|high)</regex>
+                      </constraint>
+                      <constraintErrorMessage>Route preference must be low, medium or high</constraintErrorMessage>
+                    </properties>
+                    <defaultValue>medium</defaultValue>
+                  </leafNode>
+                  <leafNode name="no-remove-route">
+                    <properties>
+                      <help>Do not announce this route with a zero second lifetime upon shutdown</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                </children>
+              </tagNode>
+              <tagNode name="prefix">
+                <properties>
+                  <help>IPv6 prefix to be advertised in Router Advertisements (RAs)</help>
+                  <valueHelp>
+                    <format>ipv6net</format>
+                    <description>IPv6 prefix to be advertized</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ipv6-prefix"/>
+                  </constraint>
+                </properties>
+                <children>
+                  <leafNode name="no-autonomous-flag">
+                    <properties>
+                      <help>Prefix can not be used for stateless address auto-configuration</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="no-on-link-flag">
+                    <properties>
+                      <help>Prefix can not be used for on-link determination</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="preferred-lifetime">
+                    <properties>
+                      <help>Time in seconds that the prefix will remain preferred</help>
+                      <completionHelp>
+                        <list>infinity</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>u32</format>
+                        <description>Time in seconds that the prefix will remain preferred</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>infinity</format>
+                        <description>Prefix will remain preferred forever</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 0-4294967295"/>
+                        <regex>(infinity)</regex>
+                      </constraint>
+                    </properties>
+                    <defaultValue>14400</defaultValue>
+                  </leafNode>
+                  <leafNode name="valid-lifetime">
+                    <properties>
+                      <help>Time in seconds that the prefix will remain valid</help>
+                      <completionHelp>
+                        <list>infinity</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>u32:1-4294967295</format>
+                        <description>Time in seconds that the prefix will remain valid</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>infinity</format>
+                        <description>Prefix will remain preferred forever</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 0-4294967295"/>
+                        <regex>(infinity)</regex>
+                      </constraint>
+                    </properties>
+                    <defaultValue>2592000</defaultValue>
+                  </leafNode>
+                </children>
+              </tagNode>
+              <leafNode name="reachable-time">
+                <properties>
+                  <help>Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation</help>
+                  <valueHelp>
+                    <format>u32:0</format>
+                    <description>Reachable Time unspecified by this router</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>u32:1-3600000</format>
+                    <description>Reachable Time value in RAs (in milliseconds)</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 0-0 --range 1-3600000"/>
+                  </constraint>
+                  <constraintErrorMessage>Reachable time must be 0 or between 1 and 3600000 milliseconds</constraintErrorMessage>
+                </properties>
+                <defaultValue>0</defaultValue>
+              </leafNode>
+              <leafNode name="retrans-timer">
+                <properties>
+                  <help>Time in milliseconds between retransmitted Neighbor Solicitation messages</help>
+                  <valueHelp>
+                    <format>u32:0</format>
+                    <description>Time, in milliseconds, between retransmitted Neighbor Solicitation messages</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>u32:1-4294967295</format>
+                    <description>Minimum interval in milliseconds</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 0-0 --range 1-4294967295"/>
+                  </constraint>
+                  <constraintErrorMessage>Retransmit interval must be 0 or between 1 and 4294967295 milliseconds</constraintErrorMessage>
+                </properties>
+                <defaultValue>0</defaultValue>
+              </leafNode>
+              <leafNode name="no-send-advert">
+                <properties>
+                  <help>Do not send router adverts</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+            </children>
+          </tagNode>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/service-sla.xml.in b/interface-definitions/service-sla.xml.in
new file mode 100644
index 000000000..0c4f8a591
--- /dev/null
+++ b/interface-definitions/service-sla.xml.in
@@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="service">
+    <children>
+      <node name="sla" owner="${vyos_conf_scripts_dir}/service_sla.py">
+        <properties>
+          <help>Service level agreement (SLA)</help>
+        </properties>
+        <children>
+          <node name="owamp-server">
+            <properties>
+              <help>One-way active measurement protocol (OWAMP) server</help>
+            </properties>
+            <children>
+              #include <include/port-number.xml.i>
+              <leafNode name="port">
+                <defaultValue>861</defaultValue>
+              </leafNode>
+            </children>
+          </node>
+          <node name="twamp-server">
+            <properties>
+              <help>Two-way active measurement protocol (TWAMP) server</help>
+            </properties>
+            <children>
+              #include <include/port-number.xml.i>
+              <leafNode name="port">
+                <defaultValue>862</defaultValue>
+              </leafNode>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/service-upnp.xml.in b/interface-definitions/service-upnp.xml.in
new file mode 100644
index 000000000..a129b7260
--- /dev/null
+++ b/interface-definitions/service-upnp.xml.in
@@ -0,0 +1,224 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="service">
+    <children>
+      <node name="upnp" owner="${vyos_conf_scripts_dir}/service_upnp.py">
+        <properties>
+          <help>Universal Plug and Play (UPnP) service</help>
+          <priority>900</priority>
+        </properties>
+        <children>
+          <leafNode name="friendly-name">
+            <properties>
+              <help>Name of this service</help>
+              <valueHelp>
+                <format>txt</format>
+                <description>Friendly name</description>
+              </valueHelp>
+            </properties>
+          </leafNode>
+          <leafNode name="wan-interface">
+            <properties>
+              <help>WAN network interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces.py</script>
+              </completionHelp>
+              <constraint>
+                <validator name="interface-name" />
+              </constraint>
+            </properties>
+          </leafNode>
+          <leafNode name="wan-ip">
+            <properties>
+              <help>WAN network IP</help>
+              <valueHelp>
+                <format>ipv4</format>
+                <description>IPv4 address</description>
+              </valueHelp>
+              <valueHelp>
+                <format>ipv6</format>
+                <description>IPv6 address</description>
+              </valueHelp>
+              <constraint>
+                <validator name="ipv4-address" />
+                <validator name="ipv6-address" />
+              </constraint>
+              <multi/>
+            </properties>
+          </leafNode>
+          <leafNode name="nat-pmp">
+            <properties>
+              <help>Enable NAT-PMP support</help>
+              <valueless />
+            </properties>
+          </leafNode>
+          <leafNode name="secure-mode">
+            <properties>
+              <help>Enable Secure Mode</help>
+              <valueless />
+            </properties>
+          </leafNode>
+          <leafNode name="presentation-url">
+            <properties>
+              <help>Presentation Url</help>
+              <valueHelp>
+                <format>txt</format>
+                <description>Presentation Url</description>
+              </valueHelp>
+            </properties>
+          </leafNode>
+          <node name="pcp-lifetime">
+            <properties>
+              <help>PCP-base lifetime Option</help>
+            </properties>
+            <children>
+              <leafNode name="max">
+                <properties>
+                  <help>Max lifetime time</help>
+                  <constraint>
+                    <validator name="numeric" />
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="min">
+                <properties>
+                  <help>Min lifetime time</help>
+                  <constraint>
+                    <validator name="numeric" />
+                  </constraint>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+          <leafNode name="listen">
+            <properties>
+              <help>Local IP addresses for service to listen on</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
+                <script>${vyos_completion_dir}/list_interfaces.py</script>
+              </completionHelp>
+              <valueHelp>
+                <format>&lt;interface&gt;</format>
+                <description>Monitor interface address</description>
+              </valueHelp>
+              <valueHelp>
+                <format>ipv4</format>
+                <description>IP address to listen for incoming connections</description>
+              </valueHelp>
+              <valueHelp>
+                <format>ipv4-prefix</format>
+                <description>IP prefix to listen for incoming connections</description>
+              </valueHelp>
+              <valueHelp>
+                <format>ipv6</format>
+                <description>IP address to listen for incoming connections</description>
+              </valueHelp>
+              <valueHelp>
+                <format>ipv6-prefix</format>
+                <description>IP prefix to listen for incoming connections</description>
+              </valueHelp>
+              <multi/>
+              <constraint>
+                <validator name="interface-name" />
+                <validator name="ipv4-address"/>
+                <validator name="ipv4-prefix"/>
+                <validator name="ipv6-address"/>
+                <validator name="ipv6-prefix"/>
+              </constraint>
+            </properties>
+          </leafNode>
+          <node name="stun">
+            <properties>
+              <help>Enable STUN probe support (can be used with NAT 1:1 support for WAN interfaces)</help>
+            </properties>
+            <children>
+              <leafNode name="host">
+                <properties>
+                  <help>The STUN server address</help>
+                  <valueHelp>
+                    <format>txt</format>
+                    <description>The STUN server host address</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="fqdn"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              #include <include/port-number.xml.i>
+            </children>
+          </node>
+          <tagNode name="rule">
+            <properties>
+              <help>UPnP Rule</help>
+              <valueHelp>
+                <format>u32:0-65535</format>
+                <description>Rule number</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 0-65535"/>
+              </constraint>
+            </properties>
+            <children>
+              #include <include/generic-disable-node.xml.i>
+              <leafNode name="external-port-range">
+                <properties>
+                  <help>Port range (REQUIRE)</help>
+                  <valueHelp>
+                    <format>&lt;port&gt;</format>
+                    <description>single port</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>&lt;portN&gt;-&lt;portM&gt;</format>
+                    <description>Port range (use '-' as delimiter)</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="port-range"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="internal-port-range">
+                <properties>
+                  <help>Port range (REQUIRE)</help>
+                  <valueHelp>
+                    <format>&lt;port&gt;</format>
+                    <description>single port</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>&lt;portN&gt;-&lt;portM&gt;</format>
+                    <description>Port range (use '-' as delimiter)</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="port-range"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="ip">
+                <properties>
+                  <help>The IP to which this rule applies (REQUIRE)</help>
+                  <valueHelp>
+                    <format>ipv4</format>
+                    <description>The IPv4 to which this rule applies</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ipv4-address" />
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="action">
+                <properties>
+                  <help>Actions against the rule (REQUIRE)</help>
+                  <completionHelp>
+                    <list>allow deny</list>
+                  </completionHelp>
+                  <constraint>
+                    <regex>(allow|deny)</regex>
+                  </constraint>
+                </properties>
+              </leafNode>
+            </children>
+          </tagNode>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/service-webproxy.xml.in b/interface-definitions/service-webproxy.xml.in
new file mode 100644
index 000000000..e4609b699
--- /dev/null
+++ b/interface-definitions/service-webproxy.xml.in
@@ -0,0 +1,636 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="service">
+    <children>
+      <node name="webproxy" owner="${vyos_conf_scripts_dir}/service_webproxy.py">
+        <properties>
+          <help>Webproxy service settings</help>
+          <priority>500</priority>
+        </properties>
+        <children>
+          <leafNode name="append-domain">
+            <properties>
+              <help>Default domain name</help>
+              <valueHelp>
+                <format>domain</format>
+                <description>Domain to use for urls that do not contain a '.'</description>
+              </valueHelp>
+              <constraint>
+                <regex>[.][A-Za-z0-9][-.A-Za-z0-9]*</regex>
+              </constraint>
+              <constraintErrorMessage>Must start append-domain with a '.'</constraintErrorMessage>
+            </properties>
+          </leafNode>
+          <node name="authentication">
+            <properties>
+              <help>Proxy Authentication Settings</help>
+            </properties>
+            <children>
+              <leafNode name="children">
+                <properties>
+                  <help>Number of authentication helper processes</help>
+                  <valueHelp>
+                    <format>n</format>
+                    <description>Number of authentication helper processes</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-500"/>
+                  </constraint>
+                </properties>
+                <defaultValue>5</defaultValue>
+              </leafNode>
+              <leafNode name="credentials-ttl">
+                <properties>
+                  <help>Authenticated session time to live in minutes</help>
+                  <valueHelp>
+                    <format>n</format>
+                    <description>Authenticated session timeout</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-600"/>
+                  </constraint>
+                </properties>
+                <defaultValue>60</defaultValue>
+              </leafNode>
+              <node name="ldap">
+                <properties>
+                  <help>LDAP authentication settings</help>
+                </properties>
+                <children>
+                  <leafNode name="base-dn">
+                    <properties>
+                      <help>LDAP Base DN to search</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="bind-dn">
+                    <properties>
+                      <help>LDAP DN used to bind to server</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="filter-expression">
+                    <properties>
+                      <help>Filter expression to perform LDAP search with</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="password">
+                    <properties>
+                      <help>LDAP password to bind with</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="persistent-connection">
+                    <properties>
+                      <help>Use persistent LDAP connection</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                  #include <include/port-number.xml.i>
+                  <leafNode name="port">
+                    <defaultValue>389</defaultValue>
+                  </leafNode>
+                  <leafNode name="server">
+                    <properties>
+                      <help>LDAP server to use</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="use-ssl">
+                    <properties>
+                      <help>Use SSL/TLS for LDAP connection</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="username-attribute">
+                    <properties>
+                      <help>LDAP username attribute</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="version">
+                    <properties>
+                      <help>LDAP protocol version</help>
+                      <completionHelp>
+                          <list>2 3</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>2</format>
+                        <description>LDAP protocol version 2</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>3</format>
+                        <description>LDAP protocol version 2</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 2-3"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>3</defaultValue>
+                  </leafNode>
+                </children>
+              </node>
+              <leafNode name="method">
+                <properties>
+                  <help>Authentication Method</help>
+                  <completionHelp>
+                    <list>ldap</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>ldap</format>
+                    <description>Lightweight Directory Access Protocol</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(ldap)</regex>
+                  </constraint>
+                  <constraintErrorMessage>The only supported method currently is LDAP</constraintErrorMessage>
+                </properties>
+              </leafNode>
+              <leafNode name="realm">
+                <properties>
+                  <help>Name of authentication realm (e.g. "My Company proxy server")</help>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+          <tagNode name="cache-peer">
+            <properties>
+              <help>Specify other caches in a hierarchy</help>
+              <valueHelp>
+                <format>hostname</format>
+                <description>Cache peers FQDN</description>
+              </valueHelp>
+            </properties>
+            <children>
+              <leafNode name="address">
+                <properties>
+                  <help>Hostname or IP address of peer</help>
+                  <valueHelp>
+                    <format>ipv4</format>
+                    <description>Squid cache-peer IPv4 address</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>hostname</format>
+                    <description>Squid cache-peer hostname</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ip-address"/>
+                    <validator name="fqdn"/>
+                  </constraint>
+                  <constraintErrorMessage>Invalid FQDN or IP address</constraintErrorMessage>
+                </properties>
+              </leafNode>
+              <leafNode name="http-port">
+                <properties>
+                  <help>Default Proxy Port</help>
+                  <valueHelp>
+                    <format>u32:1025-65535</format>
+                    <description>Default port number</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1025-65535"/>
+                  </constraint>
+                </properties>
+                <defaultValue>3128</defaultValue>
+              </leafNode>
+               <leafNode name="icp-port">
+                <properties>
+                  <help>Cache peer ICP port</help>
+                  <valueHelp>
+                    <format>u32:0</format>
+                    <description>Cache peer disabled</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>u32:1-65535</format>
+                    <description>Cache peer ICP port</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-65535"/>
+                  </constraint>
+                </properties>
+                <defaultValue>0</defaultValue>
+              </leafNode>
+              <leafNode name="options">
+                <properties>
+                  <help>Cache peer options</help>
+                  <valueHelp>
+                    <format>txt</format>
+                    <description>Cache peer options</description>
+                  </valueHelp>
+                </properties>
+                <defaultValue>no-query default</defaultValue>
+              </leafNode>
+              <leafNode name="type">
+                <properties>
+                  <help>Squid peer type (default parent)</help>
+                  <completionHelp>
+                    <list>parent sibling multicast</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>parent</format>
+                    <description>Peer is a parent</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>sibling</format>
+                    <description>Peer is a sibling</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>multicast</format>
+                    <description>Peer is a member of a multicast group</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(parent|sibling|multicast)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>parent</defaultValue>
+              </leafNode>
+            </children>
+          </tagNode>
+          <leafNode name="cache-size">
+            <properties>
+              <help>Disk cache size in MB</help>
+               <valueHelp>
+                <format>u32</format>
+                <description>Disk cache size in MB</description>
+              </valueHelp>
+               <valueHelp>
+                <format>0</format>
+                <description>Disable disk caching</description>
+              </valueHelp>
+            </properties>
+            <defaultValue>100</defaultValue>
+          </leafNode>
+          <leafNode name="default-port">
+            <properties>
+              <help>Default Proxy Port</help>
+              <valueHelp>
+                <format>u32:1025-65535</format>
+                <description>Default port number</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1025-65535"/>
+              </constraint>
+            </properties>
+            <defaultValue>3128</defaultValue>
+          </leafNode>
+          <leafNode name="disable-access-log">
+            <properties>
+              <help>Disable logging of HTTP accesses</help>
+              <valueless/>
+            </properties>
+          </leafNode>
+          <leafNode name="domain-block">
+            <properties>
+              <help>Domain name to block</help>
+              <multi/>
+            </properties>
+          </leafNode>
+          <leafNode name="domain-noncache">
+            <properties>
+              <help>Domain name to access without caching</help>
+              <multi/>
+            </properties>
+          </leafNode>
+          <tagNode name="listen-address">
+            <properties>
+              <help>IPv4 listen-address for WebProxy</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script>
+              </completionHelp>
+              <valueHelp>
+                <format>ipv4</format>
+                <description>IPv4 address listen on</description>
+              </valueHelp>
+            </properties>
+            <children>
+              <leafNode name="port">
+                <properties>
+                  <help>Default Proxy Port</help>
+                  <valueHelp>
+                    <format>u32:1025-65535</format>
+                    <description>Default port number</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1025-65535"/>
+                  </constraint>
+                </properties>
+                <!-- no defaultValue specified as there is default-port -->
+              </leafNode>
+              <leafNode name="disable-transparent">
+                <properties>
+                  <help>Disable transparent mode</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+            </children>
+          </tagNode>
+          <leafNode name="maximum-object-size">
+            <properties>
+              <help>Maximum size of object to be stored in cache in kilobytes</help>
+              <valueHelp>
+                <format>u32</format>
+                <description>Object size in KB</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-100000"/>
+              </constraint>
+            </properties>
+          </leafNode>
+          <leafNode name="mem-cache-size">
+            <properties>
+              <help>Memory cache size in MB</help>
+              <valueHelp>
+                <format>u32</format>
+                <description>Memory cache size in MB </description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-100000"/>
+              </constraint>
+            </properties>
+            <defaultValue>20</defaultValue>
+          </leafNode>
+          <leafNode name="minimum-object-size">
+            <properties>
+              <help>Maximum size of object to be stored in cache in kilobytes</help>
+              <valueHelp>
+                <format>u32</format>
+                <description>Object size in KB</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-100000"/>
+              </constraint>
+            </properties>
+          </leafNode>
+          <leafNode name="outgoing-address">
+            <properties>
+              <help>Outgoing IP address for webproxy</help>
+            </properties>
+          </leafNode>
+          <leafNode name="reply-block-mime">
+            <properties>
+              <help>MIME type to block</help>
+              <completionHelp>
+                <list>image/gif www/mime application/macbinary application/oda application/octet-stream application/pdf application/postscript application/postscript application/postscript text/rtf application/octet-stream application/octet-stream application/x-tar application/x-csh application/x-dvi application/x-hdf application/x-latex text/plain application/x-netcdf application/x-netcdf application/x-sh application/x-tcl application/x-tex application/x-texinfo application/x-texinfo application/x-troff application/x-troff application/x-troff application/x-troff-man application/x-troff-me application/x-troff-ms application/x-wais-source application/zip application/x-bcpio application/x-cpio application/x-gtar application/x-rpm application/x-shar application/x-sv4cpio application/x-sv4crc application/x-tar application/x-ustar audio/basic audio/basic audio/mpeg audio/mpeg audio/mpeg audio/x-aiff audio/x-aiff audio/x-aiff audio/x-wav image/bmp image/ief image/jpeg image/jpeg image/jpeg image/tiff image/tiff image/x-cmu-raster image/x-portable-anymap image/x-portable-bitmap image/x-portable-graymap image/x-portable-pixmap image/x-rgb image/x-xbitmap image/x-xpixmap image/x-xwindowdump text/html text/html text/css application/x-javascript text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/richtext text/tab-separated-values text/x-setext video/mpeg video/mpeg video/mpeg video/quicktime video/quicktime video/x-msvideo video/x-sgi-movie application/mac-compactpro application/mac-binhex40 application/macwriteii application/msword application/msword application/vnd.ms-excel application/vnd.ms-powerpoint application/vnd.lotus-1-2-3 application/vnd.mif application/x-stuffit application/pict application/pict application/x-arj-compressed application/x-lha-compressed application/x-lha-compressed application/x-deflate text/plain application/octet-stream application/octet-stream image/png application/octet-stream application/x-xpinstall application/octet-stream text/plain application/x-director application/x-director application/x-director image/vnd.djvu image/vnd.djvu application/octet-stream application/octet-stream application/andrew-inset x-conference/x-cooltalk model/iges model/iges audio/midi audio/midi audio/midi model/mesh model/mesh video/vnd.mpegurl chemical/x-pdb application/x-chess-pgn audio/x-realaudio audio/x-pn-realaudio audio/x-pn-realaudio text/sgml text/sgml application/x-koan application/x-koan application/x-koan application/x-koan application/smil application/smil application/octet-stream application/x-futuresplash application/x-shockwave-flash application/x-cdlink model/vrml image/vnd.wap.wbmp application/vnd.wap.wbxml application/vnd.wap.wmlc application/vnd.wap.wmlscriptc application/vnd.wap.wmlscript application/xhtml application/xhtml text/xml text/xml chemical/x-xyz text/plain</list>
+              </completionHelp>
+              <constraint>
+                <regex>(image/gif|www/mime|application/macbinary|application/oda|application/octet-stream|application/pdf|application/postscript|application/postscript|application/postscript|text/rtf|application/octet-stream|application/octet-stream|application/x-tar|application/x-csh|application/x-dvi|application/x-hdf|application/x-latex|text/plain|application/x-netcdf|application/x-netcdf|application/x-sh|application/x-tcl|application/x-tex|application/x-texinfo|application/x-texinfo|application/x-troff|application/x-troff|application/x-troff|application/x-troff-man|application/x-troff-me|application/x-troff-ms|application/x-wais-source|application/zip|application/x-bcpio|application/x-cpio|application/x-gtar|application/x-rpm|application/x-shar|application/x-sv4cpio|application/x-sv4crc|application/x-tar|application/x-ustar|audio/basic|audio/basic|audio/mpeg|audio/mpeg|audio/mpeg|audio/x-aiff|audio/x-aiff|audio/x-aiff|audio/x-wav|image/bmp|image/ief|image/jpeg|image/jpeg|image/jpeg|image/tiff|image/tiff|image/x-cmu-raster|image/x-portable-anymap|image/x-portable-bitmap|image/x-portable-graymap|image/x-portable-pixmap|image/x-rgb|image/x-xbitmap|image/x-xpixmap|image/x-xwindowdump|text/html|text/html|text/css|application/x-javascript|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/richtext|text/tab-separated-values|text/x-setext|video/mpeg|video/mpeg|video/mpeg|video/quicktime|video/quicktime|video/x-msvideo|video/x-sgi-movie|application/mac-compactpro|application/mac-binhex40|application/macwriteii|application/msword|application/msword|application/vnd.ms-excel|application/vnd.ms-powerpoint|application/vnd.lotus-1-2-3|application/vnd.mif|application/x-stuffit|application/pict|application/pict|application/x-arj-compressed|application/x-lha-compressed|application/x-lha-compressed|application/x-deflate|text/plain|application/octet-stream|application/octet-stream|image/png|application/octet-stream|application/x-xpinstall|application/octet-stream|text/plain|application/x-director|application/x-director|application/x-director|image/vnd.djvu|image/vnd.djvu|application/octet-stream|application/octet-stream|application/andrew-inset|x-conference/x-cooltalk|model/iges|model/iges|audio/midi|audio/midi|audio/midi|model/mesh|model/mesh|video/vnd.mpegurl|chemical/x-pdb|application/x-chess-pgn|audio/x-realaudio|audio/x-pn-realaudio|audio/x-pn-realaudio|text/sgml|text/sgml|application/x-koan|application/x-koan|application/x-koan|application/x-koan|application/smil|application/smil|application/octet-stream|application/x-futuresplash|application/x-shockwave-flash|application/x-cdlink|model/vrml|image/vnd.wap.wbmp|application/vnd.wap.wbxml|application/vnd.wap.wmlc|application/vnd.wap.wmlscriptc|application/vnd.wap.wmlscript|application/xhtml|application/xhtml|text/xml|text/xml|chemical/x-xyz|text/plain)</regex>
+              </constraint>
+              <multi/>
+            </properties>
+          </leafNode>
+          <leafNode name="reply-body-max-size">
+            <properties>
+              <help>Maximum reply body size in KB</help>
+              <valueHelp>
+                <format>u32</format>
+                <description>Reply size in KB</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-100000"/>
+              </constraint>
+            </properties>
+          </leafNode>
+          <node name="url-filtering">
+            <properties>
+              <help>URL filtering settings</help>
+            </properties>
+            <children>
+              #include <include/generic-disable-node.xml.i>
+              <node name="squidguard">
+                <properties>
+                  <help>URL filtering via squidGuard redirector</help>
+                </properties>
+                <children>
+                  #include <include/webproxy-url-filtering.xml.i>
+                  <node name="auto-update">
+                    <properties>
+                      <help>Auto update settings</help>
+                    </properties>
+                    <children>
+                      <leafNode name="update-hour">
+                        <properties>
+                          <help>Hour of day for database update</help>
+                          <valueHelp>
+                            <format>u32:0-23</format>
+                            <description>Hour for database update</description>
+                          </valueHelp>
+                          <constraint>
+                            <validator name="numeric" argument="--range 0-23"/>
+                          </constraint>
+                        </properties>
+                        <defaultValue>0</defaultValue>
+                      </leafNode>
+                    </children>
+                  </node>
+                  <leafNode name="redirect-url">
+                    <properties>
+                      <help>Redirect URL for filtered websites</help>
+                      <valueHelp>
+                        <format>url</format>
+                        <description>URL for redirect</description>
+                      </valueHelp>
+                    </properties>
+                    <defaultValue>block.vyos.net</defaultValue>
+                  </leafNode>
+                  <tagNode name="rule">
+                    <properties>
+                      <help>URL filter rule for a source-group</help>
+                      <valueHelp>
+                        <format>u32:1-1024</format>
+                        <description>Rule Number</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-1024"/>
+                      </constraint>
+                      <constraintErrorMessage>SquidGuard rule must between 1-1024</constraintErrorMessage>
+                    </properties>
+                    <children>
+                      #include <include/webproxy-url-filtering.xml.i>
+                      <leafNode name="redirect-url">
+                        <properties>
+                          <help>Redirect URL for filtered websites</help>
+                          <valueHelp>
+                            <format>url</format>
+                            <description>URL for redirect</description>
+                          </valueHelp>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="source-group">
+                        <properties>
+                          <help>Source-group for this rule</help>
+                          <valueHelp>
+                            <format>group</format>
+                            <description>Source group identifier for this rule</description>
+                          </valueHelp>
+                          <completionHelp>
+                            <path>service webproxy url-filtering squidguard source-group</path>
+                          </completionHelp>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="time-period">
+                        <properties>
+                          <help>Time-period for this rule</help>
+                          <valueHelp>
+                            <format>period</format>
+                            <description>Time period for this rule</description>
+                          </valueHelp>
+                          <completionHelp>
+                            <path>service webproxy url-filtering squidguard time-period</path>
+                          </completionHelp>
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </tagNode>
+                  <tagNode name="source-group">
+                    <properties>
+                      <help>Source group name</help>
+                      <valueHelp>
+                        <format>name</format>
+                        <description>Name of source group</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>[^0-9][a-zA-Z_][a-zA-Z0-9][\w\-\.]*</regex>
+                      </constraint>
+                      <constraintErrorMessage>URL-filter source-group cannot start with a number!</constraintErrorMessage>
+                    </properties>
+                    <children>
+                      <leafNode name="address">
+                        <properties>
+                          <help>Address for source-group</help>
+                          <valueHelp>
+                            <format>ipv4</format>
+                            <description>IPv4 address to match</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>ipv4net</format>
+                            <description>IPv4 prefix to match</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>ipv4range</format>
+                            <description>IPv4 address range to match</description>
+                          </valueHelp>
+                          <constraint>
+                            <validator name="ipv4-address"/>
+                            <validator name="ipv4-prefix"/>
+                            <validator name="ipv4-range"/>
+                          </constraint>
+                          <multi/>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="description">
+                        <properties>
+                          <help>Description for source-group</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="domain">
+                        <properties>
+                          <help>Domain for source-group</help>
+                          <valueHelp>
+                            <format>domain</format>
+                            <description>Domain name for the source-group</description>
+                          </valueHelp>
+                          <multi/>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="ldap-ip-search">
+                        <properties>
+                          <help>LDAP search expression for an IP address list</help>
+                          <multi/>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="ldap-user-search">
+                        <properties>
+                          <help>LDAP search expression for a user group</help>
+                          <multi/>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="user">
+                        <properties>
+                          <help>List of user names</help>
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </tagNode>
+                  <tagNode name="time-period">
+                    <properties>
+                      <help>Time period name</help>
+                    </properties>
+                    <children>
+                      <tagNode name="days">
+                        <properties>
+                          <help>Time-period days</help>
+                          <completionHelp>
+                            <list>Sun Mon Tue Wed Thu Fri Sat weekdays weekend all</list>
+                          </completionHelp>
+                          <valueHelp>
+                            <format>Sun</format>
+                            <description>Sunday</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>Mon</format>
+                            <description>Monday</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>Tue</format>
+                            <description>Tuesday</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>Wed</format>
+                            <description>Wednesday</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>Thu</format>
+                            <description>Thursday</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>Fri</format>
+                            <description>Friday</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>Sat</format>
+                            <description>Saturday</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>weekdays</format>
+                            <description>Monday through Friday</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>weekend</format>
+                            <description>Saturday and Sunday</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>all</format>
+                            <description>All days of the week</description>
+                          </valueHelp>
+                          <constraint>
+                            <regex>(Sun|Mon|Tue|Wed|Thu|Fri|Sat|weekdays|weekend|all)</regex>
+                          </constraint>
+                        </properties>
+                        <children>
+                          <leafNode name="time">
+                            <properties>
+                              <help>Time for time-period</help>
+                              <valueHelp>
+                                <format>&lt;hh:mm - hh:mm&gt;</format>
+                                <description>Time range in 24hr time</description>
+                              </valueHelp>
+                              <constraint>
+                                <!-- time range example: 12:00-13:00 -->
+                                <regex>(\d\d:\d\d)-(\d\d:\d\d)</regex>
+                              </constraint>
+                              <constraintErrorMessage>Expected time format hh:mm - hh:mm in 24hr time</constraintErrorMessage>
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </tagNode>
+                      <leafNode name="description">
+                        <properties>
+                          <help>Time-period description</help>
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </tagNode>
+                </children>
+              </node>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/service_conntrack-sync.xml.in b/interface-definitions/service_conntrack-sync.xml.in
deleted file mode 100644
index 6fa6fc5f9..000000000
--- a/interface-definitions/service_conntrack-sync.xml.in
+++ /dev/null
@@ -1,173 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="service">
-    <children>
-      <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/conntrack_sync.py">
-        <properties>
-          <help>Connection tracking synchronization</help>
-          <!-- before VRRP / HA -->
-          <priority>799</priority>
-        </properties>
-        <children>
-          <leafNode name="accept-protocol">
-            <properties>
-              <help>Protocols for which local conntrack entries will be synced</help>
-              <completionHelp>
-                <list>tcp udp icmp icmp6 sctp dccp</list>
-              </completionHelp>
-              <valueHelp>
-                <format>tcp</format>
-                <description>Sync Transmission Control Protocol entries</description>
-              </valueHelp>
-              <valueHelp>
-                <format>udp</format>
-                <description>Sync User Datagram Protocol entries</description>
-              </valueHelp>
-              <valueHelp>
-                <format>icmp</format>
-                <description>Sync Internet Control Message Protocol entries</description>
-              </valueHelp>
-              <valueHelp>
-                <format>icmp6</format>
-                <description>Sync IPv6 Internet Control Message Protocol entries</description>
-              </valueHelp>
-              <valueHelp>
-                <format>sctp</format>
-                <description>Sync Stream Control Transmission Protocol entries</description>
-              </valueHelp>
-              <valueHelp>
-                <format>dccp</format>
-                <description>Sync Datagram Congestion Control Protocol entries</description>
-              </valueHelp>
-              <constraint>
-                <regex>(tcp|udp|icmp|icmp6|sctp|dccp)</regex>
-              </constraint>
-              <constraintErrorMessage>Allowed protocols: tcp udp icmp or sctp</constraintErrorMessage>
-              <multi/>
-            </properties>
-          </leafNode>
-          <leafNode name="disable-external-cache">
-            <properties>
-              <help>Directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall.</help>
-              <valueless/>
-            </properties>
-          </leafNode>
-          <leafNode name="event-listen-queue-size">
-            <properties>
-              <help>Queue size for local conntrack events</help>
-              <valueHelp>
-                <format>u32</format>
-                <description>Queue size in MB</description>
-              </valueHelp>
-            </properties>
-            <defaultValue>8</defaultValue>
-          </leafNode>
-          <leafNode name="expect-sync">
-            <properties>
-              <help>Protocol for which expect entries need to be synchronized</help>
-              <completionHelp>
-                <list>all ftp sip h323 nfs sqlnet</list>
-              </completionHelp>
-              <constraint>
-                <regex>(all|ftp|sip|h323|nfs|sqlnet)</regex>
-              </constraint>
-              <constraintErrorMessage>Invalid protocol</constraintErrorMessage>
-              <multi/>
-            </properties>
-          </leafNode>
-          <node name="failover-mechanism">
-            <properties>
-              <help>Failover mechanism to use for conntrack-sync</help>
-            </properties>
-            <children>
-              <node name="vrrp">
-                <properties>
-                  <help>VRRP as failover-mechanism to use for conntrack-sync</help>
-                </properties>
-                <children>
-                  <leafNode name="sync-group">
-                    <properties>
-                      <help>VRRP sync group</help>
-                      <completionHelp>
-                        <path>high-availability vrrp sync-group</path>
-                      </completionHelp>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-            </children>
-          </node>
-          <leafNode name="ignore-address">
-            <properties>
-              <help>IP addresses for which local conntrack entries will not be synced</help>
-              <valueHelp>
-                <format>ipv4</format>
-                <description>IPv4 address to ignore</description>
-              </valueHelp>
-              <valueHelp>
-                <format>ipv4net</format>
-                <description>IPv4 prefix to ignore</description>
-              </valueHelp>
-              <valueHelp>
-                <format>ipv6</format>
-                <description>IPv6 address to ignore</description>
-              </valueHelp>
-              <valueHelp>
-                <format>ipv6net</format>
-                <description>IPv6 prefix to ignore</description>
-              </valueHelp>
-              <constraint>
-                <validator name="ipv4"/>
-                <validator name="ipv6"/>
-              </constraint>
-              <multi/>
-            </properties>
-          </leafNode>
-          <tagNode name="interface">
-            <properties>
-              <help>Interface to use for syncing conntrack entries</help>
-              <completionHelp>
-                <script>${vyos_completion_dir}/list_interfaces.py --bridgeable</script>
-              </completionHelp>
-            </properties>
-            <children>
-              <leafNode name="peer">
-                <properties>
-                  <help>IP address of the peer to send the UDP conntrack info too. This disable multicast.</help>
-                  <valueHelp>
-                    <format>ipv4</format>
-                    <description>IP address to listen for incoming connections</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ipv4-address"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              #include <include/port-number.xml.i>
-            </children>
-          </tagNode>
-          #include <include/listen-address-ipv4.xml.i>
-          <leafNode name="mcast-group">
-            <properties>
-              <help>Multicast group to use for syncing conntrack entries</help>
-              <constraint>
-                <validator name="ipv4-multicast"/>
-              </constraint>
-            </properties>
-            <defaultValue>225.0.0.50</defaultValue>
-          </leafNode>
-          <leafNode name="sync-queue-size">
-            <properties>
-              <help>Queue size for syncing conntrack entries</help>
-              <valueHelp>
-                <format>u32</format>
-                <description>Queue size in MB</description>
-              </valueHelp>
-            </properties>
-            <defaultValue>1</defaultValue>
-          </leafNode>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/service_console-server.xml.in b/interface-definitions/service_console-server.xml.in
deleted file mode 100644
index e9591ad87..000000000
--- a/interface-definitions/service_console-server.xml.in
+++ /dev/null
@@ -1,92 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="service">
-    <children>
-      <node name="console-server" owner="${vyos_conf_scripts_dir}/service_console-server.py">
-        <properties>
-          <help>Serial Console Server</help>
-        </properties>
-        <children>
-          <tagNode name="device">
-            <properties>
-              <help>System serial interface name (ttyS or ttyUSB)</help>
-              <completionHelp>
-                <script>ls -1 /dev | grep ttyS</script>
-                <script>if [ -d /dev/serial/by-bus ]; then ls -1 /dev/serial/by-bus; fi</script>
-              </completionHelp>
-              <valueHelp>
-                <format>ttySxxx</format>
-                <description>Regular serial interface</description>
-              </valueHelp>
-              <valueHelp>
-                <format>usbxbxpx</format>
-                <description>USB based serial interface</description>
-              </valueHelp>
-              <constraint>
-                <regex>(ttyS\d+|usb\d+b.*p.*)</regex>
-              </constraint>
-            </properties>
-            <children>
-              #include <include/interface/description.xml.i>
-              <leafNode name="speed">
-                <properties>
-                  <help>Serial port baud rate</help>
-                  <completionHelp>
-                    <list>300 1200 2400 4800 9600 19200 38400 57600 115200</list>
-                  </completionHelp>
-                  <constraint>
-                    <regex>(300|1200|2400|4800|9600|19200|38400|57600|115200)</regex>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="data-bits">
-                <properties>
-                  <help>Serial port data bits</help>
-                  <completionHelp>
-                    <list>7 8</list>
-                  </completionHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 7-8"/>
-                  </constraint>
-                </properties>
-                <defaultValue>8</defaultValue>
-              </leafNode>
-              <leafNode name="stop-bits">
-                <properties>
-                  <help>Serial port stop bits</help>
-                  <completionHelp>
-                    <list>1 2</list>
-                  </completionHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1-2"/>
-                  </constraint>
-                </properties>
-                <defaultValue>1</defaultValue>
-              </leafNode>
-              <leafNode name="parity">
-                <properties>
-                  <help>Parity setting</help>
-                  <completionHelp>
-                    <list>even odd none</list>
-                  </completionHelp>
-                  <constraint>
-                    <regex>(even|odd|none)</regex>
-                  </constraint>
-                </properties>
-                <defaultValue>none</defaultValue>
-              </leafNode>
-              <node name="ssh">
-                <properties>
-                  <help>SSH remote access to this console</help>
-                </properties>
-                <children>
-                  #include <include/port-number.xml.i>
-                </children>
-              </node>
-            </children>
-          </tagNode>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in
deleted file mode 100644
index e222467b1..000000000
--- a/interface-definitions/service_ipoe-server.xml.in
+++ /dev/null
@@ -1,224 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="service">
-    <children>
-      <node name="ipoe-server" owner="${vyos_conf_scripts_dir}/service_ipoe-server.py">
-        <properties>
-          <help>Internet Protocol over Ethernet (IPoE) Server</help>
-          <priority>900</priority>
-        </properties>
-        <children>
-          <tagNode name="interface">
-            <properties>
-              <help>Network interface to server IPoE</help>
-              <completionHelp>
-                <script>${vyos_completion_dir}/list_interfaces.py</script>
-              </completionHelp>
-            </properties>
-            <children>
-              <leafNode name="network-mode">
-                <properties>
-                  <help>Network Layer IPoE serves on</help>
-                  <completionHelp>
-                    <list>L2 L3</list>
-                  </completionHelp>
-                  <constraint>
-                    <regex>(L2|L3)</regex>
-                  </constraint>
-                  <valueHelp>
-                    <format>L2</format>
-                    <description>client share the same subnet</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>L3</format>
-                    <description>clients are behind this router</description>
-                  </valueHelp>
-                </properties>
-              </leafNode>
-              <leafNode name="network">
-                <properties>
-                  <help>Enables clients to share the same network or each client has its own vlan</help>
-                  <completionHelp>
-                    <list>shared vlan</list>
-                  </completionHelp>
-                  <constraint>
-                    <regex>(shared|vlan)</regex>
-                  </constraint>
-                  <valueHelp>
-                    <format>shared</format>
-                    <description>Multiple clients share the same network</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>vlan</format>
-                    <description>One VLAN per client</description>
-                  </valueHelp>
-                </properties>
-              </leafNode>
-              <leafNode name="client-subnet">
-                <properties>
-                  <help>Client address pool</help>
-                  <valueHelp>
-                    <format>ipv4net</format>
-                    <description>IPv4 address and prefix length</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ipv4-prefix"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <node name="external-dhcp">
-                <properties>
-                  <help>DHCP requests will be forwarded</help>
-                </properties>
-                <children>
-                  <leafNode name="dhcp-relay">
-                    <properties>
-                      <help>DHCP Server the request will be redirected to.</help>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>IPv4 address of the DHCP Server</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-address"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="giaddr">
-                    <properties>
-                      <help>address of the relay agent (Relay Agent IP Address)</help>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-              <leafNode name="vlan-id">
-                <properties>
-                  <help>VLAN monitor for the automatic creation of vlans (user per vlan)</help>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1-4096"/>
-                  </constraint>
-                  <constraintErrorMessage>VLAN ID needs to be between 1 and 4096</constraintErrorMessage>
-                  <multi/>
-                </properties>
-              </leafNode>
-              <leafNode name="vlan-range">
-                <properties>
-                  <help>VLAN monitor for the automatic creation of vlans (user per vlan)</help>
-                  <constraint>
-                    <regex>(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})-(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})</regex>
-                  </constraint>
-                  <multi/>
-                </properties>
-              </leafNode>
-            </children>
-          </tagNode>
-          #include <include/name-server-ipv4-ipv6.xml.i>
-          <node name="client-ip-pool">
-            <properties>
-              <help>Client IP pools and gateway setting</help>
-            </properties>
-            <children>
-              <tagNode name="name">
-                <properties>
-                  <help>Pool name</help>
-                </properties>
-                <children>
-                  #include <include/accel-ppp/gateway-address.xml.i>
-                  #include <include/accel-ppp/client-ip-pool-subnet-single.xml.i>
-                </children>
-              </tagNode>
-            </children>
-          </node>
-          #include <include/accel-ppp/client-ipv6-pool.xml.i>
-          <node name="authentication">
-            <properties>
-              <help>Client authentication methods</help>
-            </properties>
-            <children>
-              <leafNode name="mode">
-                <properties>
-                  <help>Authetication mode</help>
-                  <completionHelp>
-                    <list>local radius noauth</list>
-                  </completionHelp>
-                  <constraint>
-                    <regex>(local|radius|noauth)</regex>
-                  </constraint>
-                  <valueHelp>
-                    <format>local</format>
-                    <description>Authentication based on local definition</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>radius</format>
-                    <description>Authentication based on a RADIUS server</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>noauth</format>
-                    <description>Authentication disabled</description>
-                  </valueHelp>
-                </properties>
-              </leafNode>
-              <tagNode name="interface">
-                <properties>
-                  <help>Network interface the client mac will appear on</help>
-                  <completionHelp>
-                    <script>${vyos_completion_dir}/list_interfaces.py</script>
-                  </completionHelp>
-                </properties>
-                <children>
-                  <tagNode name="mac-address">
-                    <properties>
-                      <help>Client mac address allowed to receive an IP address</help>
-                      <valueHelp>
-                        <format>macaddr</format>
-                        <description>Hardware (MAC) address</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="mac-address"/>
-                      </constraint>
-                    </properties>
-                    <children>
-                      <node name="rate-limit">
-                        <properties>
-                          <help>Upload/Download speed limits</help>
-                        </properties>
-                        <children>
-                          <leafNode name="upload">
-                            <properties>
-                              <help>Upload bandwidth limit in kbits/sec</help>
-                              <constraint>
-                                <validator name="numeric" argument="--range 1-65535"/>
-                              </constraint>
-                            </properties>
-                          </leafNode>
-                          <leafNode name="download">
-                            <properties>
-                              <help>Download bandwidth limit in kbits/sec</help>
-                              <constraint>
-                                <validator name="numeric" argument="--range 1-65535"/>
-                              </constraint>
-                            </properties>
-                          </leafNode>
-                        </children>
-                      </node>
-                      <leafNode name="vlan-id">
-                        <properties>
-                          <help>VLAN-ID of the client network</help>
-                          <constraint>
-                            <validator name="numeric" argument="--range 1-4096"/>
-                          </constraint>
-                          <constraintErrorMessage>VLAN ID needs to be between 1 and 4096</constraintErrorMessage>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </tagNode>
-                </children>
-              </tagNode>
-              #include <include/radius-server-ipv4.xml.i>
-              #include <include/accel-ppp/radius-additions.xml.i>
-            </children>
-          </node>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/service_mdns-repeater.xml.in b/interface-definitions/service_mdns-repeater.xml.in
deleted file mode 100644
index 9a94f1488..000000000
--- a/interface-definitions/service_mdns-repeater.xml.in
+++ /dev/null
@@ -1,30 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="service">
-    <children>
-      <node name="mdns">
-        <properties>
-          <help>Multicast DNS (mDNS) parameters</help>
-        </properties>
-        <children>
-          <node name="repeater" owner="${vyos_conf_scripts_dir}/service_mdns-repeater.py">
-            <properties>
-              <help>mDNS repeater configuration</help>
-              <priority>990</priority>
-            </properties>
-            <children>
-              #include <include/generic-disable-node.xml.i>
-              #include <include/generic-interface-multi.xml.i>
-              <leafNode name="vrrp-disable">
-                <properties>
-                  <help>Disables mDNS repeater on VRRP interfaces not in MASTER state</help>
-                  <valueless/>
-                </properties>
-              </leafNode>
-            </children>
-          </node>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/service_monitoring_telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in
deleted file mode 100644
index d0d9202c1..000000000
--- a/interface-definitions/service_monitoring_telegraf.xml.in
+++ /dev/null
@@ -1,308 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="service">
-    <children>
-      <node name="monitoring">
-        <properties>
-          <help>Monitoring services</help>
-          <priority>1280</priority>
-        </properties>
-        <children>
-          <node name="telegraf" owner="${vyos_conf_scripts_dir}/service_monitoring_telegraf.py">
-            <properties>
-              <help>Telegraf monitoring</help>
-            </properties>
-            <children>
-              <node name="authentication">
-                <properties>
-                  <help>Authentication parameters</help>
-                </properties>
-                <children>
-                  <leafNode name="organization">
-                    <properties>
-                      <help>Authentication organization for InfluxDB v2</help>
-                      <constraint>
-                        <regex>[a-zA-Z][1-9a-zA-Z@_\-.]{2,50}</regex>
-                      </constraint>
-                      <constraintErrorMessage>Organization name must be alphanumeric and can contain hyphens, underscores and at symbol.</constraintErrorMessage>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="token">
-                    <properties>
-                      <help>Authentication token for InfluxDB v2</help>
-                      <valueHelp>
-                        <format>txt</format>
-                        <description>Authentication token</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>[a-zA-Z0-9-_]{86}==</regex>
-                      </constraint>
-                      <constraintErrorMessage>Token must be 88 characters long and must contain only [a-zA-Z0-9-_] and '==' characters.</constraintErrorMessage>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-              <node name="azure-data-explorer">
-                <properties>
-                  <help>Output plugin Azure Data Explorer</help>
-                </properties>
-                <children>
-                  <node name="authentication">
-                    <properties>
-                      <help>Authentication parameters</help>
-                    </properties>
-                    <children>
-                      <leafNode name="client-id">
-                        <properties>
-                          <help>Application client id</help>
-                          <constraint>
-                            <regex>[-_a-zA-Z0-9]+</regex>
-                          </constraint>
-                          <constraintErrorMessage>Client-id is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="client-secret">
-                        <properties>
-                          <help>Application client secret</help>
-                          <constraint>
-                            <regex>[-_a-zA-Z0-9]+</regex>
-                          </constraint>
-                          <constraintErrorMessage>Client-secret is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="tenant-id">
-                        <properties>
-                          <help>Set tenant id</help>
-                          <constraint>
-                            <regex>[-_a-zA-Z0-9]+</regex>
-                          </constraint>
-                          <constraintErrorMessage>Tenant-id is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </node>
-                  <leafNode name="database">
-                    <properties>
-                      <help>Remote database name</help>
-                      <valueHelp>
-                        <format>txt</format>
-                        <description>Remote database name</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>[-_a-zA-Z0-9]+</regex>
-                      </constraint>
-                      <constraintErrorMessage>Database is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="group-metrics">
-                    <properties>
-                      <help>Type of metrics grouping when push to Azure Data Explorer</help>
-                      <completionHelp>
-                        <list>single-table table-per-metric</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>single-table</format>
-                        <description>Metrics stores in one table</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>table-per-metric</format>
-                        <description>One table per gorups of metric by the metric name</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>(single-table|table-per-metric)</regex>
-                      </constraint>
-                    </properties>
-                    <defaultValue>table-per-metric</defaultValue>
-                  </leafNode>
-                  <leafNode name="table">
-                    <properties>
-                      <help>Name of the single table [Only if set group-metrics single-table]</help>
-                      <valueHelp>
-                        <format>txt</format>
-                        <description>Table name</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>[-_a-zA-Z0-9]+</regex>
-                      </constraint>
-                      <constraintErrorMessage>Table is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
-                    </properties>
-                  </leafNode>
-                  #include <include/monitoring/url.xml.i>
-                </children>
-              </node>
-              <leafNode name="bucket">
-                <properties>
-                  <help>Remote bucket</help>
-                </properties>
-                <defaultValue>main</defaultValue>
-              </leafNode>
-              <leafNode name="source">
-                <properties>
-                  <help>Source parameters for monitoring</help>
-                  <completionHelp>
-                    <list>all hardware-utilization logs network system telegraf</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>all</format>
-                    <description>All parameters</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>hardware-utilization</format>
-                    <description>Hardware-utilization parameters (CPU, disk, memory)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>logs</format>
-                    <description>Logs parameters</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>network</format>
-                    <description>Network parameters (net, netstat, nftables)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>system</format>
-                    <description>System parameters (system, processes, interrupts)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>telegraf</format>
-                    <description>Telegraf internal statistics</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(all|hardware-utilization|logs|network|system|telegraf)</regex>
-                  </constraint>
-                  <multi/>
-                </properties>
-                <defaultValue>all</defaultValue>
-              </leafNode>
-              <node name="prometheus-client">
-                <properties>
-                  <help>Output plugin Prometheus client</help>
-                </properties>
-                <children>
-                  <node name="authentication">
-                    <properties>
-                      <help>HTTP basic authentication parameters</help>
-                    </properties>
-                    <children>
-                      <leafNode name="username">
-                        <properties>
-                          <help>Authentication username</help>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="password">
-                        <properties>
-                          <help>Authentication password</help>
-                          <valueHelp>
-                            <format>txt</format>
-                            <description>Authentication password</description>
-                          </valueHelp>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </node>
-                  <leafNode name="allow-from">
-                    <properties>
-                      <help>Networks allowed to query this server</help>
-                      <valueHelp>
-                        <format>ipv4net</format>
-                        <description>IP address and prefix length</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>ipv6net</format>
-                        <description>IPv6 address and prefix length</description>
-                      </valueHelp>
-                      <multi/>
-                      <constraint>
-                        <validator name="ip-prefix"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="listen-address">
-                    <properties>
-                      <help>Local IP addresses to listen on</help>
-                      <completionHelp>
-                        <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>IPv4 address to listen for incoming connections</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>ipv6</format>
-                        <description>IPv6 address to listen for incoming connections</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-address"/>
-                        <validator name="ipv6-address"/>
-                        <validator name="ipv6-link-local"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="metric-version">
-                    <properties>
-                      <help>Metric version control mapping from Telegraf to Prometheus format</help>
-                      <valueHelp>
-                        <format>u32:1-2</format>
-                        <description>Metric version (default: 2)</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-2"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>2</defaultValue>
-                  </leafNode>
-                  #include <include/port-number.xml.i>
-                  <leafNode name="port">
-                    <defaultValue>9273</defaultValue>
-                  </leafNode>
-                </children>
-              </node>
-              <node name="splunk">
-                <properties>
-                  <help>Output plugin Splunk</help>
-                </properties>
-                <children>
-                  <node name="authentication">
-                    <properties>
-                      <help>HTTP basic authentication parameters</help>
-                    </properties>
-                    <children>
-                      <leafNode name="token">
-                        <properties>
-                          <help>Authorization token</help>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="insecure">
-                        <properties>
-                          <help>Use TLS but skip host validation</help>
-                          <valueless/>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </node>
-                  <leafNode name="url">
-                    <properties>
-                      <help>Remote URL</help>
-                      <valueHelp>
-                        <format>url</format>
-                        <description>Remote URL to Splunk collector</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>^(http(s?):\/\/.*):(\d*)\/?(.*)</regex>
-                      </constraint>
-                      <constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-              #include <include/monitoring/url.xml.i>
-              #include <include/port-number.xml.i>
-              <leafNode name="port">
-                <defaultValue>8086</defaultValue>
-              </leafNode>
-            </children>
-          </node>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in
deleted file mode 100644
index 50f42849b..000000000
--- a/interface-definitions/service_pppoe-server.xml.in
+++ /dev/null
@@ -1,356 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="service">
-    <children>
-      <node name="pppoe-server" owner="${vyos_conf_scripts_dir}/service_pppoe-server.py">
-        <properties>
-          <help>Point to Point over Ethernet (PPPoE) Server</help>
-          <priority>900</priority>
-        </properties>
-        <children>
-          #include <include/pppoe-access-concentrator.xml.i>
-          <leafNode name="access-concentrator">
-            <defaultValue>vyos-ac</defaultValue>
-          </leafNode>
-          <node name="authentication">
-            <properties>
-              <help>Authentication for remote access PPPoE Server</help>
-            </properties>
-            <children>
-              #include <include/accel-ppp/auth-local-users.xml.i>
-              #include <include/accel-ppp/auth-mode.xml.i>
-              #include <include/accel-ppp/auth-protocols.xml.i>
-              #include <include/radius-server-ipv4.xml.i>
-              #include <include/accel-ppp/radius-additions.xml.i>
-              <node name="radius">
-                <children>
-                  #include <include/accel-ppp/radius-additions-rate-limit.xml.i>
-                  <leafNode name="called-sid-format">
-                    <properties>
-                      <help>Format of Called-Station-Id attribute</help>
-                      <completionHelp>
-                        <list>ifname ifname:mac</list>
-                      </completionHelp>
-                      <constraint>
-                        <regex>(ifname|ifname:mac)</regex>
-                      </constraint>
-                      <constraintErrorMessage>Invalid Called-Station-Id format</constraintErrorMessage>
-                      <valueHelp>
-                        <format>ifname</format>
-                        <description>NAS-Port-Id - should contain root interface name (NAS-Port-Id=eth1)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>ifname:mac</format>
-                        <description>NAS-Port-Id - should contain root interface name and mac address (NAS-Port-Id=eth1:00:00:00:00:00:00)</description>
-                      </valueHelp>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-            </children>
-          </node>
-          <node name="client-ip-pool">
-            <properties>
-              <help>Pool of client IP addresses (must be within a /24)</help>
-            </properties>
-            <children>
-              #include <include/accel-ppp/client-ip-pool-start-stop.xml.i>
-              #include <include/accel-ppp/client-ip-pool-subnet.xml.i>
-            </children>
-          </node>
-          #include <include/accel-ppp/client-ipv6-pool.xml.i>
-          #include <include/name-server-ipv4-ipv6.xml.i>
-          <tagNode name="interface">
-            <properties>
-              <help>interface(s) to listen on</help>
-              <completionHelp>
-                <script>${vyos_completion_dir}/list_interfaces.py</script>
-              </completionHelp>
-            </properties>
-            <children>
-              <leafNode name="vlan-id">
-                <properties>
-                  <help>VLAN monitor for the automatic creation of single vlan</help>
-                  <valueHelp>
-                    <format>u32:1-4094</format>
-                    <description>VLAN monitor for the automatic creation of single vlan</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1-4094"/>
-                  </constraint>
-                  <constraintErrorMessage>VLAN ID needs to be between 1 and 4094</constraintErrorMessage>
-                  <multi/>
-                </properties>
-              </leafNode>
-              <leafNode name="vlan-range">
-                <properties>
-                  <help>VLAN monitor for the automatic creation of vlans range</help>
-                  <valueHelp>
-                    <format>start-end</format>
-                    <description>VLAN monitor range for the automatic creation of vlans (e.g. 1-4094)</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="range" argument="--min=1 --max=4094"/>
-                  </constraint>
-                  <multi/>
-                </properties>
-              </leafNode>
-            </children>
-          </tagNode>
-          #include <include/accel-ppp/gateway-address.xml.i>
-          #include <include/accel-ppp/mtu-128-16384.xml.i>
-          <node name="limits">
-            <properties>
-              <help>Limits the connection rate from a single source</help>
-            </properties>
-            <children>
-              <leafNode name="connection-limit">
-                <properties>
-                  <help>Acceptable rate of connections (e.g. 1/min, 60/sec)</help>
-                  <constraint>
-                    <regex>[0-9]+\/(min|sec)</regex>
-                  </constraint>
-                  <constraintErrorMessage>illegal value</constraintErrorMessage>
-                </properties>
-              </leafNode>
-              <leafNode name="burst">
-                <properties>
-                  <help>Burst count</help>
-                </properties>
-              </leafNode>
-              <leafNode name="timeout">
-                <properties>
-                  <help>Timeout in seconds</help>
-                </properties>
-              </leafNode>
-            </children>
-          </node>
-          <leafNode name="service-name">
-            <properties>
-              <help>Service name</help>
-              <constraint>
-                <regex>[a-zA-Z0-9\-]{1,100}</regex>
-              </constraint>
-              <constraintErrorMessage>Service-name can contain aplhanumerical characters and dashes only (max. 100)</constraintErrorMessage>
-              <multi/>
-            </properties>
-          </leafNode>
-          #include <include/accel-ppp/wins-server.xml.i>
-          <node name="ppp-options">
-            <properties>
-              <help>Advanced protocol options</help>
-            </properties>
-            <children>
-              <leafNode name="min-mtu">
-                <properties>
-                  <help>Minimum acceptable MTU (68-65535)</help>
-                  <constraint>
-                    <validator name="numeric" argument="--range 68-65535"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="mru">
-                <properties>
-                  <help>Preferred MRU (68-65535)</help>
-                  <constraint>
-                    <validator name="numeric" argument="--range 68-65535"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="ccp">
-                <properties>
-                  <help>CCP negotiation (default disabled)</help>
-                  <valueless />
-                </properties>
-              </leafNode>
-              #include <include/accel-ppp/ppp-mppe.xml.i>
-              #include <include/accel-ppp/lcp-echo-interval-failure.xml.i>
-              #include <include/accel-ppp/lcp-echo-timeout.xml.i>
-              #include <include/accel-ppp/ppp-interface-cache.xml.i>
-              <leafNode name="ipv4">
-                <properties>
-                  <help>IPv4 (IPCP) negotiation algorithm</help>
-                  <constraint>
-                    <regex>(deny|allow|prefer|require)</regex>
-                  </constraint>
-                  <constraintErrorMessage>invalid value</constraintErrorMessage>
-                  <valueHelp>
-                    <format>deny</format>
-                    <description>Do not negotiate IPv4</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>allow</format>
-                    <description>Negotiate IPv4 only if client requests</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>prefer</format>
-                    <description>Ask client for IPv4 negotiation, do not fail if it rejects</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>require</format>
-                    <description>Require IPv4 negotiation</description>
-                  </valueHelp>
-                  <completionHelp>
-                    <list>deny allow prefer require</list>
-                  </completionHelp>
-                </properties>
-              </leafNode>
-              #include <include/accel-ppp/ppp-options-ipv6.xml.i>
-              <leafNode name="ipv6-intf-id">
-                <properties>
-                  <help>Fixed or random interface identifier for IPv6</help>
-                  <completionHelp>
-                    <list>random</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>random</format>
-                    <description>Random interface identifier for IPv6</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>x:x:x:x</format>
-                    <description>specify interface identifier for IPv6</description>
-                  </valueHelp>
-                </properties>
-              </leafNode>
-              <leafNode name="ipv6-peer-intf-id">
-                <properties>
-                  <help>Peer interface identifier for IPv6</help>
-                  <completionHelp>
-                    <list>random calling-sid ipv4</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>x:x:x:x</format>
-                    <description>Interface identifier for IPv6</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>random</format>
-                    <description>Use a random interface identifier for IPv6</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>ipv4</format>
-                    <description>Calculate interface identifier from IPv4 address, for example 192:168:0:1</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>calling-sid</format>
-                    <description>Calculate interface identifier from calling-station-id</description>
-                  </valueHelp>
-                </properties>
-              </leafNode>
-              <leafNode name="ipv6-accept-peer-intf-id">
-                <properties>
-                  <help>Accept peer interface identifier</help>
-                  <valueless />
-                </properties>
-              </leafNode>
-            </children>
-          </node>
-          <tagNode name="pado-delay">
-            <properties>
-              <help>PADO delays</help>
-              <valueHelp>
-                <format>u32:1-999999</format>
-                <description>Number in ms</description>
-              </valueHelp>
-              <constraint>
-                <validator name="numeric" argument="--range 1-999999"/>
-              </constraint>
-              <constraintErrorMessage>Invalid PADO delay</constraintErrorMessage>
-            </properties>
-            <children>
-              <leafNode name="sessions">
-                <properties>
-                  <help>Number of sessions</help>
-                  <valueHelp>
-                    <format>u32:1-999999</format>
-                    <description>Number of sessions</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1-999999"/>
-                  </constraint>
-                  <constraintErrorMessage>Invalid number of delayed sessions</constraintErrorMessage>
-                </properties>
-              </leafNode>
-            </children>
-          </tagNode>
-          <leafNode name="session-control">
-            <properties>
-              <help>control sessions count</help>
-              <constraint>
-                <regex>(deny|disable|replace)</regex>
-              </constraint>
-              <constraintErrorMessage>Invalid value</constraintErrorMessage>
-              <valueHelp>
-                <format>disable</format>
-                <description>Disables session control</description>
-              </valueHelp>
-              <valueHelp>
-                <format>deny</format>
-                <description>Deny second session authorization</description>
-              </valueHelp>
-              <valueHelp>
-                <format>replace</format>
-                <description>Terminate first session when second is authorized</description>
-              </valueHelp>
-              <completionHelp>
-                <list>deny disable replace</list>
-              </completionHelp>
-            </properties>
-            <defaultValue>replace</defaultValue>
-          </leafNode>
-          <node name="snmp">
-            <properties>
-              <help>Enable SNMP</help>
-            </properties>
-            <children>
-              <leafNode name="master-agent">
-                <properties>
-                  <help>enable SNMP master agent mode</help>
-                  <valueless />
-                </properties>
-              </leafNode>
-            </children>
-          </node>
-          <node name="extended-scripts">
-            <properties>
-              <help>Extended script execution</help>
-            </properties>
-            <children>
-              <leafNode name="on-pre-up">
-                <properties>
-                  <help>Script to run before PPPoE session interface comes up</help>
-                    <constraint>
-                      <validator name="script"/>
-                    </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="on-up">
-                <properties>
-                  <help>Script to run when PPPoE session interface is completely configured and started</help>
-                    <constraint>
-                      <validator name="script"/>
-                    </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="on-down">
-                <properties>
-                  <help>Script to run when PPPoE session interface going to terminate</help>
-                    <constraint>
-                      <validator name="script"/>
-                    </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="on-change">
-                <properties>
-                  <help>Script to run when PPPoE session interface changed by RADIUS CoA handling</help>
-                    <constraint>
-                      <validator name="script"/>
-                    </constraint>
-                </properties>
-              </leafNode>
-            </children>
-          </node>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in
deleted file mode 100644
index 40dac23ca..000000000
--- a/interface-definitions/service_router-advert.xml.in
+++ /dev/null
@@ -1,327 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="service">
-    <children>
-      <node name="router-advert" owner="${vyos_conf_scripts_dir}/service_router-advert.py">
-        <properties>
-          <help>IPv6 Router Advertisements (RAs) service</help>
-          <priority>900</priority>
-        </properties>
-        <children>
-          <tagNode name="interface">
-            <properties>
-              <help>Interface to send RA on</help>
-              <completionHelp>
-                <script>${vyos_completion_dir}/list_interfaces.py</script>
-              </completionHelp>
-            </properties>
-            <children>
-              <leafNode name="hop-limit">
-                <properties>
-                  <help>Set Hop Count field of the IP header for outgoing packets</help>
-                  <valueHelp>
-                    <format>u32:0</format>
-                    <description>Unspecified (by this router)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>u32:1-255</format>
-                    <description>Value should represent current diameter of the Internet</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 0-255"/>
-                  </constraint>
-                  <constraintErrorMessage>Hop count must be between 0 and 255</constraintErrorMessage>
-                </properties>
-                <defaultValue>64</defaultValue>
-              </leafNode>
-              <leafNode name="default-lifetime">
-                <properties>
-                  <help>Lifetime associated with the default router in units of seconds</help>
-                  <valueHelp>
-                    <format>u32:4-9000</format>
-                    <description>Router Lifetime in seconds</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>0</format>
-                    <description>Not a default router</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 0-0 --range 4-9000"/>
-                  </constraint>
-                  <constraintErrorMessage>Default router livetime bust be 0 or between 4 and 9000</constraintErrorMessage>
-                </properties>
-              </leafNode>
-              <leafNode name="default-preference">
-                <properties>
-                  <help>Preference associated with the default router,</help>
-                  <completionHelp>
-                    <list>low medium high</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>low</format>
-                    <description>Default router has low preference</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>medium</format>
-                    <description>Default router has medium preference</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>high</format>
-                    <description>Default router has high preference</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(low|medium|high)</regex>
-                  </constraint>
-                  <constraintErrorMessage>Default preference must be low, medium or high</constraintErrorMessage>
-                </properties>
-                <defaultValue>medium</defaultValue>
-              </leafNode>
-              <leafNode name="dnssl">
-                <properties>
-                  <help>DNS search list</help>
-                  <multi/>
-                </properties>
-              </leafNode>
-              <leafNode name="link-mtu">
-                <properties>
-                  <help>Link MTU value placed in RAs, exluded in RAs if unset</help>
-                  <valueHelp>
-                    <format>u32:1280-9000</format>
-                    <description>Link MTU value in RAs</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1280-9000"/>
-                  </constraint>
-                  <constraintErrorMessage>Link MTU must be between 1280 and 9000</constraintErrorMessage>
-                </properties>
-              </leafNode>
-              <leafNode name="managed-flag">
-                <properties>
-                  <help>Hosts use the administered (stateful) protocol for address autoconfiguration in addition to any addresses autoconfigured using SLAAC</help>
-                  <valueless/>
-                </properties>
-              </leafNode>
-              <node name="interval">
-                <properties>
-                  <help>Set interval between unsolicited multicast RAs</help>
-                </properties>
-                <children>
-                  <leafNode name="max">
-                    <properties>
-                      <help>Maximum interval between unsolicited multicast RAs</help>
-                      <valueHelp>
-                        <format>u32:4-1800</format>
-                        <description>Maximum interval in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 4-1800"/>
-                      </constraint>
-                      <constraintErrorMessage>Maximum interval must be between 4 and 1800 seconds</constraintErrorMessage>
-                    </properties>
-                    <defaultValue>600</defaultValue>
-                  </leafNode>
-                  <leafNode name="min">
-                    <properties>
-                      <help>Minimum interval between unsolicited multicast RAs</help>
-                      <valueHelp>
-                        <format>u32:3-1350</format>
-                        <description>Minimum interval in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 3-1350"/>
-                      </constraint>
-                      <constraintErrorMessage>Minimum interval must be between 3 and 1350 seconds</constraintErrorMessage>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-              #include <include/name-server-ipv6.xml.i>
-              <leafNode name="other-config-flag">
-                <properties>
-                  <help>Hosts use the administered (stateful) protocol for autoconfiguration of other (non-address) information</help>
-                  <valueless/>
-                </properties>
-              </leafNode>
-              <tagNode name="route">
-                <properties>
-                  <help>IPv6 route to be advertised in Router Advertisements (RAs)</help>
-                  <valueHelp>
-                    <format>ipv6net</format>
-                    <description>IPv6 route to be advertized</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ipv6-prefix"/>
-                  </constraint>
-                </properties>
-                <children>
-                  <leafNode name="valid-lifetime">
-                    <properties>
-                      <help>Time in seconds that the route will remain valid</help>
-                      <completionHelp>
-                        <list>infinity</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>u32:1-4294967295</format>
-                        <description>Time in seconds that the route will remain valid</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>infinity</format>
-                        <description>Route will remain preferred forever</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 0-4294967295"/>
-                        <regex>(infinity)</regex>
-                      </constraint>
-                    </properties>
-                    <defaultValue>1800</defaultValue>
-                  </leafNode>
-                  <leafNode name="route-preference">
-                    <properties>
-                      <help>Preference associated with the route,</help>
-                      <completionHelp>
-                        <list>low medium high</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>low</format>
-                        <description>Route has low preference</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>medium</format>
-                        <description>Route has medium preference</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>high</format>
-                        <description>Route has high preference</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>(low|medium|high)</regex>
-                      </constraint>
-                      <constraintErrorMessage>Route preference must be low, medium or high</constraintErrorMessage>
-                    </properties>
-                    <defaultValue>medium</defaultValue>
-                  </leafNode>
-                  <leafNode name="no-remove-route">
-                    <properties>
-                      <help>Do not announce this route with a zero second lifetime upon shutdown</help>
-                      <valueless/>
-                    </properties>
-                  </leafNode>
-                </children>
-              </tagNode>
-              <tagNode name="prefix">
-                <properties>
-                  <help>IPv6 prefix to be advertised in Router Advertisements (RAs)</help>
-                  <valueHelp>
-                    <format>ipv6net</format>
-                    <description>IPv6 prefix to be advertized</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ipv6-prefix"/>
-                  </constraint>
-                </properties>
-                <children>
-                  <leafNode name="no-autonomous-flag">
-                    <properties>
-                      <help>Prefix can not be used for stateless address auto-configuration</help>
-                      <valueless/>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="no-on-link-flag">
-                    <properties>
-                      <help>Prefix can not be used for on-link determination</help>
-                      <valueless/>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="preferred-lifetime">
-                    <properties>
-                      <help>Time in seconds that the prefix will remain preferred</help>
-                      <completionHelp>
-                        <list>infinity</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>u32</format>
-                        <description>Time in seconds that the prefix will remain preferred</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>infinity</format>
-                        <description>Prefix will remain preferred forever</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 0-4294967295"/>
-                        <regex>(infinity)</regex>
-                      </constraint>
-                    </properties>
-                    <defaultValue>14400</defaultValue>
-                  </leafNode>
-                  <leafNode name="valid-lifetime">
-                    <properties>
-                      <help>Time in seconds that the prefix will remain valid</help>
-                      <completionHelp>
-                        <list>infinity</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>u32:1-4294967295</format>
-                        <description>Time in seconds that the prefix will remain valid</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>infinity</format>
-                        <description>Prefix will remain preferred forever</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 0-4294967295"/>
-                        <regex>(infinity)</regex>
-                      </constraint>
-                    </properties>
-                    <defaultValue>2592000</defaultValue>
-                  </leafNode>
-                </children>
-              </tagNode>
-              <leafNode name="reachable-time">
-                <properties>
-                  <help>Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation</help>
-                  <valueHelp>
-                    <format>u32:0</format>
-                    <description>Reachable Time unspecified by this router</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>u32:1-3600000</format>
-                    <description>Reachable Time value in RAs (in milliseconds)</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 0-0 --range 1-3600000"/>
-                  </constraint>
-                  <constraintErrorMessage>Reachable time must be 0 or between 1 and 3600000 milliseconds</constraintErrorMessage>
-                </properties>
-                <defaultValue>0</defaultValue>
-              </leafNode>
-              <leafNode name="retrans-timer">
-                <properties>
-                  <help>Time in milliseconds between retransmitted Neighbor Solicitation messages</help>
-                  <valueHelp>
-                    <format>u32:0</format>
-                    <description>Time, in milliseconds, between retransmitted Neighbor Solicitation messages</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>u32:1-4294967295</format>
-                    <description>Minimum interval in milliseconds</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 0-0 --range 1-4294967295"/>
-                  </constraint>
-                  <constraintErrorMessage>Retransmit interval must be 0 or between 1 and 4294967295 milliseconds</constraintErrorMessage>
-                </properties>
-                <defaultValue>0</defaultValue>
-              </leafNode>
-              <leafNode name="no-send-advert">
-                <properties>
-                  <help>Do not send router adverts</help>
-                  <valueless/>
-                </properties>
-              </leafNode>
-            </children>
-          </tagNode>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/service_sla.xml.in b/interface-definitions/service_sla.xml.in
deleted file mode 100644
index 0c4f8a591..000000000
--- a/interface-definitions/service_sla.xml.in
+++ /dev/null
@@ -1,36 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="service">
-    <children>
-      <node name="sla" owner="${vyos_conf_scripts_dir}/service_sla.py">
-        <properties>
-          <help>Service level agreement (SLA)</help>
-        </properties>
-        <children>
-          <node name="owamp-server">
-            <properties>
-              <help>One-way active measurement protocol (OWAMP) server</help>
-            </properties>
-            <children>
-              #include <include/port-number.xml.i>
-              <leafNode name="port">
-                <defaultValue>861</defaultValue>
-              </leafNode>
-            </children>
-          </node>
-          <node name="twamp-server">
-            <properties>
-              <help>Two-way active measurement protocol (TWAMP) server</help>
-            </properties>
-            <children>
-              #include <include/port-number.xml.i>
-              <leafNode name="port">
-                <defaultValue>862</defaultValue>
-              </leafNode>
-            </children>
-          </node>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/service_upnp.xml.in b/interface-definitions/service_upnp.xml.in
deleted file mode 100644
index a129b7260..000000000
--- a/interface-definitions/service_upnp.xml.in
+++ /dev/null
@@ -1,224 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="service">
-    <children>
-      <node name="upnp" owner="${vyos_conf_scripts_dir}/service_upnp.py">
-        <properties>
-          <help>Universal Plug and Play (UPnP) service</help>
-          <priority>900</priority>
-        </properties>
-        <children>
-          <leafNode name="friendly-name">
-            <properties>
-              <help>Name of this service</help>
-              <valueHelp>
-                <format>txt</format>
-                <description>Friendly name</description>
-              </valueHelp>
-            </properties>
-          </leafNode>
-          <leafNode name="wan-interface">
-            <properties>
-              <help>WAN network interface</help>
-              <completionHelp>
-                <script>${vyos_completion_dir}/list_interfaces.py</script>
-              </completionHelp>
-              <constraint>
-                <validator name="interface-name" />
-              </constraint>
-            </properties>
-          </leafNode>
-          <leafNode name="wan-ip">
-            <properties>
-              <help>WAN network IP</help>
-              <valueHelp>
-                <format>ipv4</format>
-                <description>IPv4 address</description>
-              </valueHelp>
-              <valueHelp>
-                <format>ipv6</format>
-                <description>IPv6 address</description>
-              </valueHelp>
-              <constraint>
-                <validator name="ipv4-address" />
-                <validator name="ipv6-address" />
-              </constraint>
-              <multi/>
-            </properties>
-          </leafNode>
-          <leafNode name="nat-pmp">
-            <properties>
-              <help>Enable NAT-PMP support</help>
-              <valueless />
-            </properties>
-          </leafNode>
-          <leafNode name="secure-mode">
-            <properties>
-              <help>Enable Secure Mode</help>
-              <valueless />
-            </properties>
-          </leafNode>
-          <leafNode name="presentation-url">
-            <properties>
-              <help>Presentation Url</help>
-              <valueHelp>
-                <format>txt</format>
-                <description>Presentation Url</description>
-              </valueHelp>
-            </properties>
-          </leafNode>
-          <node name="pcp-lifetime">
-            <properties>
-              <help>PCP-base lifetime Option</help>
-            </properties>
-            <children>
-              <leafNode name="max">
-                <properties>
-                  <help>Max lifetime time</help>
-                  <constraint>
-                    <validator name="numeric" />
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="min">
-                <properties>
-                  <help>Min lifetime time</help>
-                  <constraint>
-                    <validator name="numeric" />
-                  </constraint>
-                </properties>
-              </leafNode>
-            </children>
-          </node>
-          <leafNode name="listen">
-            <properties>
-              <help>Local IP addresses for service to listen on</help>
-              <completionHelp>
-                <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
-                <script>${vyos_completion_dir}/list_interfaces.py</script>
-              </completionHelp>
-              <valueHelp>
-                <format>&lt;interface&gt;</format>
-                <description>Monitor interface address</description>
-              </valueHelp>
-              <valueHelp>
-                <format>ipv4</format>
-                <description>IP address to listen for incoming connections</description>
-              </valueHelp>
-              <valueHelp>
-                <format>ipv4-prefix</format>
-                <description>IP prefix to listen for incoming connections</description>
-              </valueHelp>
-              <valueHelp>
-                <format>ipv6</format>
-                <description>IP address to listen for incoming connections</description>
-              </valueHelp>
-              <valueHelp>
-                <format>ipv6-prefix</format>
-                <description>IP prefix to listen for incoming connections</description>
-              </valueHelp>
-              <multi/>
-              <constraint>
-                <validator name="interface-name" />
-                <validator name="ipv4-address"/>
-                <validator name="ipv4-prefix"/>
-                <validator name="ipv6-address"/>
-                <validator name="ipv6-prefix"/>
-              </constraint>
-            </properties>
-          </leafNode>
-          <node name="stun">
-            <properties>
-              <help>Enable STUN probe support (can be used with NAT 1:1 support for WAN interfaces)</help>
-            </properties>
-            <children>
-              <leafNode name="host">
-                <properties>
-                  <help>The STUN server address</help>
-                  <valueHelp>
-                    <format>txt</format>
-                    <description>The STUN server host address</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="fqdn"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              #include <include/port-number.xml.i>
-            </children>
-          </node>
-          <tagNode name="rule">
-            <properties>
-              <help>UPnP Rule</help>
-              <valueHelp>
-                <format>u32:0-65535</format>
-                <description>Rule number</description>
-              </valueHelp>
-              <constraint>
-                <validator name="numeric" argument="--range 0-65535"/>
-              </constraint>
-            </properties>
-            <children>
-              #include <include/generic-disable-node.xml.i>
-              <leafNode name="external-port-range">
-                <properties>
-                  <help>Port range (REQUIRE)</help>
-                  <valueHelp>
-                    <format>&lt;port&gt;</format>
-                    <description>single port</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>&lt;portN&gt;-&lt;portM&gt;</format>
-                    <description>Port range (use '-' as delimiter)</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="port-range"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="internal-port-range">
-                <properties>
-                  <help>Port range (REQUIRE)</help>
-                  <valueHelp>
-                    <format>&lt;port&gt;</format>
-                    <description>single port</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>&lt;portN&gt;-&lt;portM&gt;</format>
-                    <description>Port range (use '-' as delimiter)</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="port-range"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="ip">
-                <properties>
-                  <help>The IP to which this rule applies (REQUIRE)</help>
-                  <valueHelp>
-                    <format>ipv4</format>
-                    <description>The IPv4 to which this rule applies</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ipv4-address" />
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="action">
-                <properties>
-                  <help>Actions against the rule (REQUIRE)</help>
-                  <completionHelp>
-                    <list>allow deny</list>
-                  </completionHelp>
-                  <constraint>
-                    <regex>(allow|deny)</regex>
-                  </constraint>
-                </properties>
-              </leafNode>
-            </children>
-          </tagNode>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/service_webproxy.xml.in b/interface-definitions/service_webproxy.xml.in
deleted file mode 100644
index e4609b699..000000000
--- a/interface-definitions/service_webproxy.xml.in
+++ /dev/null
@@ -1,636 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="service">
-    <children>
-      <node name="webproxy" owner="${vyos_conf_scripts_dir}/service_webproxy.py">
-        <properties>
-          <help>Webproxy service settings</help>
-          <priority>500</priority>
-        </properties>
-        <children>
-          <leafNode name="append-domain">
-            <properties>
-              <help>Default domain name</help>
-              <valueHelp>
-                <format>domain</format>
-                <description>Domain to use for urls that do not contain a '.'</description>
-              </valueHelp>
-              <constraint>
-                <regex>[.][A-Za-z0-9][-.A-Za-z0-9]*</regex>
-              </constraint>
-              <constraintErrorMessage>Must start append-domain with a '.'</constraintErrorMessage>
-            </properties>
-          </leafNode>
-          <node name="authentication">
-            <properties>
-              <help>Proxy Authentication Settings</help>
-            </properties>
-            <children>
-              <leafNode name="children">
-                <properties>
-                  <help>Number of authentication helper processes</help>
-                  <valueHelp>
-                    <format>n</format>
-                    <description>Number of authentication helper processes</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1-500"/>
-                  </constraint>
-                </properties>
-                <defaultValue>5</defaultValue>
-              </leafNode>
-              <leafNode name="credentials-ttl">
-                <properties>
-                  <help>Authenticated session time to live in minutes</help>
-                  <valueHelp>
-                    <format>n</format>
-                    <description>Authenticated session timeout</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1-600"/>
-                  </constraint>
-                </properties>
-                <defaultValue>60</defaultValue>
-              </leafNode>
-              <node name="ldap">
-                <properties>
-                  <help>LDAP authentication settings</help>
-                </properties>
-                <children>
-                  <leafNode name="base-dn">
-                    <properties>
-                      <help>LDAP Base DN to search</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="bind-dn">
-                    <properties>
-                      <help>LDAP DN used to bind to server</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="filter-expression">
-                    <properties>
-                      <help>Filter expression to perform LDAP search with</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="password">
-                    <properties>
-                      <help>LDAP password to bind with</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="persistent-connection">
-                    <properties>
-                      <help>Use persistent LDAP connection</help>
-                      <valueless/>
-                    </properties>
-                  </leafNode>
-                  #include <include/port-number.xml.i>
-                  <leafNode name="port">
-                    <defaultValue>389</defaultValue>
-                  </leafNode>
-                  <leafNode name="server">
-                    <properties>
-                      <help>LDAP server to use</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="use-ssl">
-                    <properties>
-                      <help>Use SSL/TLS for LDAP connection</help>
-                      <valueless/>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="username-attribute">
-                    <properties>
-                      <help>LDAP username attribute</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="version">
-                    <properties>
-                      <help>LDAP protocol version</help>
-                      <completionHelp>
-                          <list>2 3</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>2</format>
-                        <description>LDAP protocol version 2</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>3</format>
-                        <description>LDAP protocol version 2</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 2-3"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>3</defaultValue>
-                  </leafNode>
-                </children>
-              </node>
-              <leafNode name="method">
-                <properties>
-                  <help>Authentication Method</help>
-                  <completionHelp>
-                    <list>ldap</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>ldap</format>
-                    <description>Lightweight Directory Access Protocol</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(ldap)</regex>
-                  </constraint>
-                  <constraintErrorMessage>The only supported method currently is LDAP</constraintErrorMessage>
-                </properties>
-              </leafNode>
-              <leafNode name="realm">
-                <properties>
-                  <help>Name of authentication realm (e.g. "My Company proxy server")</help>
-                </properties>
-              </leafNode>
-            </children>
-          </node>
-          <tagNode name="cache-peer">
-            <properties>
-              <help>Specify other caches in a hierarchy</help>
-              <valueHelp>
-                <format>hostname</format>
-                <description>Cache peers FQDN</description>
-              </valueHelp>
-            </properties>
-            <children>
-              <leafNode name="address">
-                <properties>
-                  <help>Hostname or IP address of peer</help>
-                  <valueHelp>
-                    <format>ipv4</format>
-                    <description>Squid cache-peer IPv4 address</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>hostname</format>
-                    <description>Squid cache-peer hostname</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ip-address"/>
-                    <validator name="fqdn"/>
-                  </constraint>
-                  <constraintErrorMessage>Invalid FQDN or IP address</constraintErrorMessage>
-                </properties>
-              </leafNode>
-              <leafNode name="http-port">
-                <properties>
-                  <help>Default Proxy Port</help>
-                  <valueHelp>
-                    <format>u32:1025-65535</format>
-                    <description>Default port number</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1025-65535"/>
-                  </constraint>
-                </properties>
-                <defaultValue>3128</defaultValue>
-              </leafNode>
-               <leafNode name="icp-port">
-                <properties>
-                  <help>Cache peer ICP port</help>
-                  <valueHelp>
-                    <format>u32:0</format>
-                    <description>Cache peer disabled</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>u32:1-65535</format>
-                    <description>Cache peer ICP port</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1-65535"/>
-                  </constraint>
-                </properties>
-                <defaultValue>0</defaultValue>
-              </leafNode>
-              <leafNode name="options">
-                <properties>
-                  <help>Cache peer options</help>
-                  <valueHelp>
-                    <format>txt</format>
-                    <description>Cache peer options</description>
-                  </valueHelp>
-                </properties>
-                <defaultValue>no-query default</defaultValue>
-              </leafNode>
-              <leafNode name="type">
-                <properties>
-                  <help>Squid peer type (default parent)</help>
-                  <completionHelp>
-                    <list>parent sibling multicast</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>parent</format>
-                    <description>Peer is a parent</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>sibling</format>
-                    <description>Peer is a sibling</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>multicast</format>
-                    <description>Peer is a member of a multicast group</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(parent|sibling|multicast)</regex>
-                  </constraint>
-                </properties>
-                <defaultValue>parent</defaultValue>
-              </leafNode>
-            </children>
-          </tagNode>
-          <leafNode name="cache-size">
-            <properties>
-              <help>Disk cache size in MB</help>
-               <valueHelp>
-                <format>u32</format>
-                <description>Disk cache size in MB</description>
-              </valueHelp>
-               <valueHelp>
-                <format>0</format>
-                <description>Disable disk caching</description>
-              </valueHelp>
-            </properties>
-            <defaultValue>100</defaultValue>
-          </leafNode>
-          <leafNode name="default-port">
-            <properties>
-              <help>Default Proxy Port</help>
-              <valueHelp>
-                <format>u32:1025-65535</format>
-                <description>Default port number</description>
-              </valueHelp>
-              <constraint>
-                <validator name="numeric" argument="--range 1025-65535"/>
-              </constraint>
-            </properties>
-            <defaultValue>3128</defaultValue>
-          </leafNode>
-          <leafNode name="disable-access-log">
-            <properties>
-              <help>Disable logging of HTTP accesses</help>
-              <valueless/>
-            </properties>
-          </leafNode>
-          <leafNode name="domain-block">
-            <properties>
-              <help>Domain name to block</help>
-              <multi/>
-            </properties>
-          </leafNode>
-          <leafNode name="domain-noncache">
-            <properties>
-              <help>Domain name to access without caching</help>
-              <multi/>
-            </properties>
-          </leafNode>
-          <tagNode name="listen-address">
-            <properties>
-              <help>IPv4 listen-address for WebProxy</help>
-              <completionHelp>
-                <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script>
-              </completionHelp>
-              <valueHelp>
-                <format>ipv4</format>
-                <description>IPv4 address listen on</description>
-              </valueHelp>
-            </properties>
-            <children>
-              <leafNode name="port">
-                <properties>
-                  <help>Default Proxy Port</help>
-                  <valueHelp>
-                    <format>u32:1025-65535</format>
-                    <description>Default port number</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1025-65535"/>
-                  </constraint>
-                </properties>
-                <!-- no defaultValue specified as there is default-port -->
-              </leafNode>
-              <leafNode name="disable-transparent">
-                <properties>
-                  <help>Disable transparent mode</help>
-                  <valueless/>
-                </properties>
-              </leafNode>
-            </children>
-          </tagNode>
-          <leafNode name="maximum-object-size">
-            <properties>
-              <help>Maximum size of object to be stored in cache in kilobytes</help>
-              <valueHelp>
-                <format>u32</format>
-                <description>Object size in KB</description>
-              </valueHelp>
-              <constraint>
-                <validator name="numeric" argument="--range 1-100000"/>
-              </constraint>
-            </properties>
-          </leafNode>
-          <leafNode name="mem-cache-size">
-            <properties>
-              <help>Memory cache size in MB</help>
-              <valueHelp>
-                <format>u32</format>
-                <description>Memory cache size in MB </description>
-              </valueHelp>
-              <constraint>
-                <validator name="numeric" argument="--range 1-100000"/>
-              </constraint>
-            </properties>
-            <defaultValue>20</defaultValue>
-          </leafNode>
-          <leafNode name="minimum-object-size">
-            <properties>
-              <help>Maximum size of object to be stored in cache in kilobytes</help>
-              <valueHelp>
-                <format>u32</format>
-                <description>Object size in KB</description>
-              </valueHelp>
-              <constraint>
-                <validator name="numeric" argument="--range 1-100000"/>
-              </constraint>
-            </properties>
-          </leafNode>
-          <leafNode name="outgoing-address">
-            <properties>
-              <help>Outgoing IP address for webproxy</help>
-            </properties>
-          </leafNode>
-          <leafNode name="reply-block-mime">
-            <properties>
-              <help>MIME type to block</help>
-              <completionHelp>
-                <list>image/gif www/mime application/macbinary application/oda application/octet-stream application/pdf application/postscript application/postscript application/postscript text/rtf application/octet-stream application/octet-stream application/x-tar application/x-csh application/x-dvi application/x-hdf application/x-latex text/plain application/x-netcdf application/x-netcdf application/x-sh application/x-tcl application/x-tex application/x-texinfo application/x-texinfo application/x-troff application/x-troff application/x-troff application/x-troff-man application/x-troff-me application/x-troff-ms application/x-wais-source application/zip application/x-bcpio application/x-cpio application/x-gtar application/x-rpm application/x-shar application/x-sv4cpio application/x-sv4crc application/x-tar application/x-ustar audio/basic audio/basic audio/mpeg audio/mpeg audio/mpeg audio/x-aiff audio/x-aiff audio/x-aiff audio/x-wav image/bmp image/ief image/jpeg image/jpeg image/jpeg image/tiff image/tiff image/x-cmu-raster image/x-portable-anymap image/x-portable-bitmap image/x-portable-graymap image/x-portable-pixmap image/x-rgb image/x-xbitmap image/x-xpixmap image/x-xwindowdump text/html text/html text/css application/x-javascript text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/richtext text/tab-separated-values text/x-setext video/mpeg video/mpeg video/mpeg video/quicktime video/quicktime video/x-msvideo video/x-sgi-movie application/mac-compactpro application/mac-binhex40 application/macwriteii application/msword application/msword application/vnd.ms-excel application/vnd.ms-powerpoint application/vnd.lotus-1-2-3 application/vnd.mif application/x-stuffit application/pict application/pict application/x-arj-compressed application/x-lha-compressed application/x-lha-compressed application/x-deflate text/plain application/octet-stream application/octet-stream image/png application/octet-stream application/x-xpinstall application/octet-stream text/plain application/x-director application/x-director application/x-director image/vnd.djvu image/vnd.djvu application/octet-stream application/octet-stream application/andrew-inset x-conference/x-cooltalk model/iges model/iges audio/midi audio/midi audio/midi model/mesh model/mesh video/vnd.mpegurl chemical/x-pdb application/x-chess-pgn audio/x-realaudio audio/x-pn-realaudio audio/x-pn-realaudio text/sgml text/sgml application/x-koan application/x-koan application/x-koan application/x-koan application/smil application/smil application/octet-stream application/x-futuresplash application/x-shockwave-flash application/x-cdlink model/vrml image/vnd.wap.wbmp application/vnd.wap.wbxml application/vnd.wap.wmlc application/vnd.wap.wmlscriptc application/vnd.wap.wmlscript application/xhtml application/xhtml text/xml text/xml chemical/x-xyz text/plain</list>
-              </completionHelp>
-              <constraint>
-                <regex>(image/gif|www/mime|application/macbinary|application/oda|application/octet-stream|application/pdf|application/postscript|application/postscript|application/postscript|text/rtf|application/octet-stream|application/octet-stream|application/x-tar|application/x-csh|application/x-dvi|application/x-hdf|application/x-latex|text/plain|application/x-netcdf|application/x-netcdf|application/x-sh|application/x-tcl|application/x-tex|application/x-texinfo|application/x-texinfo|application/x-troff|application/x-troff|application/x-troff|application/x-troff-man|application/x-troff-me|application/x-troff-ms|application/x-wais-source|application/zip|application/x-bcpio|application/x-cpio|application/x-gtar|application/x-rpm|application/x-shar|application/x-sv4cpio|application/x-sv4crc|application/x-tar|application/x-ustar|audio/basic|audio/basic|audio/mpeg|audio/mpeg|audio/mpeg|audio/x-aiff|audio/x-aiff|audio/x-aiff|audio/x-wav|image/bmp|image/ief|image/jpeg|image/jpeg|image/jpeg|image/tiff|image/tiff|image/x-cmu-raster|image/x-portable-anymap|image/x-portable-bitmap|image/x-portable-graymap|image/x-portable-pixmap|image/x-rgb|image/x-xbitmap|image/x-xpixmap|image/x-xwindowdump|text/html|text/html|text/css|application/x-javascript|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/richtext|text/tab-separated-values|text/x-setext|video/mpeg|video/mpeg|video/mpeg|video/quicktime|video/quicktime|video/x-msvideo|video/x-sgi-movie|application/mac-compactpro|application/mac-binhex40|application/macwriteii|application/msword|application/msword|application/vnd.ms-excel|application/vnd.ms-powerpoint|application/vnd.lotus-1-2-3|application/vnd.mif|application/x-stuffit|application/pict|application/pict|application/x-arj-compressed|application/x-lha-compressed|application/x-lha-compressed|application/x-deflate|text/plain|application/octet-stream|application/octet-stream|image/png|application/octet-stream|application/x-xpinstall|application/octet-stream|text/plain|application/x-director|application/x-director|application/x-director|image/vnd.djvu|image/vnd.djvu|application/octet-stream|application/octet-stream|application/andrew-inset|x-conference/x-cooltalk|model/iges|model/iges|audio/midi|audio/midi|audio/midi|model/mesh|model/mesh|video/vnd.mpegurl|chemical/x-pdb|application/x-chess-pgn|audio/x-realaudio|audio/x-pn-realaudio|audio/x-pn-realaudio|text/sgml|text/sgml|application/x-koan|application/x-koan|application/x-koan|application/x-koan|application/smil|application/smil|application/octet-stream|application/x-futuresplash|application/x-shockwave-flash|application/x-cdlink|model/vrml|image/vnd.wap.wbmp|application/vnd.wap.wbxml|application/vnd.wap.wmlc|application/vnd.wap.wmlscriptc|application/vnd.wap.wmlscript|application/xhtml|application/xhtml|text/xml|text/xml|chemical/x-xyz|text/plain)</regex>
-              </constraint>
-              <multi/>
-            </properties>
-          </leafNode>
-          <leafNode name="reply-body-max-size">
-            <properties>
-              <help>Maximum reply body size in KB</help>
-              <valueHelp>
-                <format>u32</format>
-                <description>Reply size in KB</description>
-              </valueHelp>
-              <constraint>
-                <validator name="numeric" argument="--range 1-100000"/>
-              </constraint>
-            </properties>
-          </leafNode>
-          <node name="url-filtering">
-            <properties>
-              <help>URL filtering settings</help>
-            </properties>
-            <children>
-              #include <include/generic-disable-node.xml.i>
-              <node name="squidguard">
-                <properties>
-                  <help>URL filtering via squidGuard redirector</help>
-                </properties>
-                <children>
-                  #include <include/webproxy-url-filtering.xml.i>
-                  <node name="auto-update">
-                    <properties>
-                      <help>Auto update settings</help>
-                    </properties>
-                    <children>
-                      <leafNode name="update-hour">
-                        <properties>
-                          <help>Hour of day for database update</help>
-                          <valueHelp>
-                            <format>u32:0-23</format>
-                            <description>Hour for database update</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="numeric" argument="--range 0-23"/>
-                          </constraint>
-                        </properties>
-                        <defaultValue>0</defaultValue>
-                      </leafNode>
-                    </children>
-                  </node>
-                  <leafNode name="redirect-url">
-                    <properties>
-                      <help>Redirect URL for filtered websites</help>
-                      <valueHelp>
-                        <format>url</format>
-                        <description>URL for redirect</description>
-                      </valueHelp>
-                    </properties>
-                    <defaultValue>block.vyos.net</defaultValue>
-                  </leafNode>
-                  <tagNode name="rule">
-                    <properties>
-                      <help>URL filter rule for a source-group</help>
-                      <valueHelp>
-                        <format>u32:1-1024</format>
-                        <description>Rule Number</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-1024"/>
-                      </constraint>
-                      <constraintErrorMessage>SquidGuard rule must between 1-1024</constraintErrorMessage>
-                    </properties>
-                    <children>
-                      #include <include/webproxy-url-filtering.xml.i>
-                      <leafNode name="redirect-url">
-                        <properties>
-                          <help>Redirect URL for filtered websites</help>
-                          <valueHelp>
-                            <format>url</format>
-                            <description>URL for redirect</description>
-                          </valueHelp>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="source-group">
-                        <properties>
-                          <help>Source-group for this rule</help>
-                          <valueHelp>
-                            <format>group</format>
-                            <description>Source group identifier for this rule</description>
-                          </valueHelp>
-                          <completionHelp>
-                            <path>service webproxy url-filtering squidguard source-group</path>
-                          </completionHelp>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="time-period">
-                        <properties>
-                          <help>Time-period for this rule</help>
-                          <valueHelp>
-                            <format>period</format>
-                            <description>Time period for this rule</description>
-                          </valueHelp>
-                          <completionHelp>
-                            <path>service webproxy url-filtering squidguard time-period</path>
-                          </completionHelp>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </tagNode>
-                  <tagNode name="source-group">
-                    <properties>
-                      <help>Source group name</help>
-                      <valueHelp>
-                        <format>name</format>
-                        <description>Name of source group</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>[^0-9][a-zA-Z_][a-zA-Z0-9][\w\-\.]*</regex>
-                      </constraint>
-                      <constraintErrorMessage>URL-filter source-group cannot start with a number!</constraintErrorMessage>
-                    </properties>
-                    <children>
-                      <leafNode name="address">
-                        <properties>
-                          <help>Address for source-group</help>
-                          <valueHelp>
-                            <format>ipv4</format>
-                            <description>IPv4 address to match</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>ipv4net</format>
-                            <description>IPv4 prefix to match</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>ipv4range</format>
-                            <description>IPv4 address range to match</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="ipv4-address"/>
-                            <validator name="ipv4-prefix"/>
-                            <validator name="ipv4-range"/>
-                          </constraint>
-                          <multi/>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="description">
-                        <properties>
-                          <help>Description for source-group</help>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="domain">
-                        <properties>
-                          <help>Domain for source-group</help>
-                          <valueHelp>
-                            <format>domain</format>
-                            <description>Domain name for the source-group</description>
-                          </valueHelp>
-                          <multi/>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="ldap-ip-search">
-                        <properties>
-                          <help>LDAP search expression for an IP address list</help>
-                          <multi/>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="ldap-user-search">
-                        <properties>
-                          <help>LDAP search expression for a user group</help>
-                          <multi/>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="user">
-                        <properties>
-                          <help>List of user names</help>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </tagNode>
-                  <tagNode name="time-period">
-                    <properties>
-                      <help>Time period name</help>
-                    </properties>
-                    <children>
-                      <tagNode name="days">
-                        <properties>
-                          <help>Time-period days</help>
-                          <completionHelp>
-                            <list>Sun Mon Tue Wed Thu Fri Sat weekdays weekend all</list>
-                          </completionHelp>
-                          <valueHelp>
-                            <format>Sun</format>
-                            <description>Sunday</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>Mon</format>
-                            <description>Monday</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>Tue</format>
-                            <description>Tuesday</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>Wed</format>
-                            <description>Wednesday</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>Thu</format>
-                            <description>Thursday</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>Fri</format>
-                            <description>Friday</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>Sat</format>
-                            <description>Saturday</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>weekdays</format>
-                            <description>Monday through Friday</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>weekend</format>
-                            <description>Saturday and Sunday</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>all</format>
-                            <description>All days of the week</description>
-                          </valueHelp>
-                          <constraint>
-                            <regex>(Sun|Mon|Tue|Wed|Thu|Fri|Sat|weekdays|weekend|all)</regex>
-                          </constraint>
-                        </properties>
-                        <children>
-                          <leafNode name="time">
-                            <properties>
-                              <help>Time for time-period</help>
-                              <valueHelp>
-                                <format>&lt;hh:mm - hh:mm&gt;</format>
-                                <description>Time range in 24hr time</description>
-                              </valueHelp>
-                              <constraint>
-                                <!-- time range example: 12:00-13:00 -->
-                                <regex>(\d\d:\d\d)-(\d\d:\d\d)</regex>
-                              </constraint>
-                              <constraintErrorMessage>Expected time format hh:mm - hh:mm in 24hr time</constraintErrorMessage>
-                            </properties>
-                          </leafNode>
-                        </children>
-                      </tagNode>
-                      <leafNode name="description">
-                        <properties>
-                          <help>Time-period description</help>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </tagNode>
-                </children>
-              </node>
-            </children>
-          </node>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/system-acceleration-qat.xml.in b/interface-definitions/system-acceleration-qat.xml.in
new file mode 100644
index 000000000..812484184
--- /dev/null
+++ b/interface-definitions/system-acceleration-qat.xml.in
@@ -0,0 +1,21 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="system">
+    <children>
+      <node name="acceleration" owner="${vyos_conf_scripts_dir}/intel_qat.py">
+        <properties>
+          <help>Acceleration components</help>
+          <priority>50</priority>
+        </properties>
+        <children>
+        <leafNode name="qat">
+          <properties>
+            <help>Enable Intel QAT (Quick Assist Technology) for cryptographic acceleration</help>
+            <valueless/>
+          </properties>
+        </leafNode>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/vpn-ipsec.xml.in b/interface-definitions/vpn-ipsec.xml.in
new file mode 100644
index 000000000..d36fbb024
--- /dev/null
+++ b/interface-definitions/vpn-ipsec.xml.in
@@ -0,0 +1,1169 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="vpn">
+    <properties>
+      <help>Virtual Private Network (VPN)</help>
+    </properties>
+    <children>
+      <node name="ipsec" owner="${vyos_conf_scripts_dir}/vpn_ipsec.py">
+        <properties>
+          <help>VPN IP security (IPsec) parameters</help>
+          <priority>901</priority>
+        </properties>
+        <children>
+          <leafNode name="disable-uniqreqids">
+            <properties>
+              <help>Disable requirement for unique IDs in the Security Database</help>
+              <valueless/>
+            </properties>
+          </leafNode>
+          <tagNode name="esp-group">
+            <properties>
+              <help>Encapsulating Security Payload (ESP) group name</help>
+            </properties>
+            <children>
+              <leafNode name="compression">
+                <properties>
+                  <help>ESP compression</help>
+                  <completionHelp>
+                    <list>disable enable</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>disable</format>
+                    <description>Disable ESP compression</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>enable</format>
+                    <description>Enable ESP compression</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(disable|enable)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>disable</defaultValue>
+              </leafNode>
+              <leafNode name="lifetime">
+                <properties>
+                  <help>Security Association time to expire</help>
+                  <valueHelp>
+                    <format>u32:30-86400</format>
+                    <description>SA lifetime in seconds</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 30-86400"/>
+                  </constraint>
+                </properties>
+                <defaultValue>3600</defaultValue>
+              </leafNode>
+              <leafNode name="life-bytes">
+                <properties>
+                  <help>Security Association byte count to expire</help>
+                  <valueHelp>
+                    <format>u32:1024-26843545600000</format>
+                    <description>SA life in bytes</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1024-26843545600000"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="life-packets">
+                <properties>
+                  <help>Security Association packet count to expire</help>
+                  <valueHelp>
+                    <format>u32:1000-26843545600000</format>
+                    <description>SA life in packets</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1000-26843545600000"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="mode">
+                <properties>
+                  <help>ESP mode</help>
+                  <completionHelp>
+                    <list>tunnel transport</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>tunnel</format>
+                    <description>Tunnel mode</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>transport</format>
+                    <description>Transport mode</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(tunnel|transport)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>tunnel</defaultValue>
+              </leafNode>
+              <leafNode name="pfs">
+                <properties>
+                  <help>ESP Perfect Forward Secrecy</help>
+                  <completionHelp>
+                    <list>enable dh-group1 dh-group2 dh-group5 dh-group14 dh-group15 dh-group16 dh-group17 dh-group18 dh-group19 dh-group20 dh-group21 dh-group22 dh-group23 dh-group24 dh-group25 dh-group26 dh-group27 dh-group28 dh-group29 dh-group30 dh-group31 dh-group32 disable</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>enable</format>
+                    <description>Inherit Diffie-Hellman group from the IKE group</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group1</format>
+                    <description>Use Diffie-Hellman group 1 (modp768)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group2</format>
+                    <description>Use Diffie-Hellman group 2 (modp1024)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group5</format>
+                    <description>Use Diffie-Hellman group 5 (modp1536)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group14</format>
+                    <description>Use Diffie-Hellman group 14 (modp2048)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group15</format>
+                    <description>Use Diffie-Hellman group 15 (modp3072)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group16</format>
+                    <description>Use Diffie-Hellman group 16 (modp4096)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group17</format>
+                    <description>Use Diffie-Hellman group 17 (modp6144)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group18</format>
+                    <description>Use Diffie-Hellman group 18 (modp8192)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group19</format>
+                    <description>Use Diffie-Hellman group 19 (ecp256)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group20</format>
+                    <description>Use Diffie-Hellman group 20 (ecp384)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group21</format>
+                    <description>Use Diffie-Hellman group 21 (ecp521)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group22</format>
+                    <description>Use Diffie-Hellman group 22 (modp1024s160)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group23</format>
+                    <description>Use Diffie-Hellman group 23 (modp2048s224)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group24</format>
+                    <description>Use Diffie-Hellman group 24 (modp2048s256)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group25</format>
+                    <description>Use Diffie-Hellman group 25 (ecp192)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group26</format>
+                    <description>Use Diffie-Hellman group 26 (ecp224)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group27</format>
+                    <description>Use Diffie-Hellman group 27 (ecp224bp)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group28</format>
+                    <description>Use Diffie-Hellman group 28 (ecp256bp)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group29</format>
+                    <description>Use Diffie-Hellman group 29 (ecp384bp)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group30</format>
+                    <description>Use Diffie-Hellman group 30 (ecp512bp)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group31</format>
+                    <description>Use Diffie-Hellman group 31 (curve25519)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dh-group32</format>
+                    <description>Use Diffie-Hellman group 32 (curve448)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>disable</format>
+                    <description>Disable PFS</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(enable|dh-group1|dh-group2|dh-group5|dh-group14|dh-group15|dh-group16|dh-group17|dh-group18|dh-group19|dh-group20|dh-group21|dh-group22|dh-group23|dh-group24|dh-group25|dh-group26|dh-group27|dh-group28|dh-group29|dh-group30|dh-group31|dh-group32|disable)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>enable</defaultValue>
+              </leafNode>
+              <tagNode name="proposal">
+                <properties>
+                  <help>ESP group proposal</help>
+                  <valueHelp>
+                    <format>u32:1-65535</format>
+                    <description>ESP group proposal number</description>
+                  </valueHelp>
+                </properties>
+                <children>
+                  #include <include/vpn-ipsec-encryption.xml.i>
+                  #include <include/vpn-ipsec-hash.xml.i>
+                </children>
+              </tagNode>
+            </children>
+          </tagNode>
+          <tagNode name="ike-group">
+            <properties>
+              <help>Internet Key Exchange (IKE) group name</help>
+            </properties>
+            <children>
+              <leafNode name="close-action">
+                <properties>
+                  <help>Action to take if a child SA is unexpectedly closed</help>
+                  <completionHelp>
+                    <list>none hold restart</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>none</format>
+                    <description>Do nothing</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>hold</format>
+                    <description>Attempt to re-negotiate when matching traffic is seen</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>restart</format>
+                    <description>Attempt to re-negotiate the connection immediately</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(none|hold|restart)</regex>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <node name="dead-peer-detection">
+                <properties>
+                  <help>Dead Peer Detection (DPD)</help>
+                </properties>
+                <children>
+                  <leafNode name="action">
+                    <properties>
+                      <help>Keep-alive failure action</help>
+                      <completionHelp>
+                        <list>hold clear restart</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>hold</format>
+                        <description>Attempt to re-negotiate the connection when matching traffic is seen</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>clear</format>
+                        <description>Remove the connection immediately</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>restart</format>
+                        <description>Attempt to re-negotiate the connection immediately</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(hold|clear|restart)</regex>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="interval">
+                    <properties>
+                      <help>Keep-alive interval</help>
+                      <valueHelp>
+                        <format>u32:2-86400</format>
+                        <description>Keep-alive interval in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 2-86400"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>30</defaultValue>
+                  </leafNode>
+                  <leafNode name="timeout">
+                    <properties>
+                      <help>Dead Peer Detection keep-alive timeout (IKEv1 only)</help>
+                      <valueHelp>
+                        <format>u32:2-86400</format>
+                        <description>Keep-alive timeout in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 2-86400"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>120</defaultValue>
+                  </leafNode>
+                </children>
+              </node>
+              <leafNode name="ikev2-reauth">
+                <properties>
+                  <help>Re-authentication of the remote peer during an IKE re-key (IKEv2 only)</help>
+                  <completionHelp>
+                    <list>yes no</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>yes</format>
+                    <description>Enable remote host re-authentication during an IKE rekey (currently broken due to a strongswan bug)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>no</format>
+                    <description>Disable remote host re-authenticaton during an IKE rekey</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(yes|no)</regex>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="key-exchange">
+                <properties>
+                  <help>IKE version</help>
+                  <completionHelp>
+                    <list>ikev1 ikev2</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>ikev1</format>
+                    <description>Use IKEv1 for key exchange</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ikev2</format>
+                    <description>Use IKEv2 for key exchange</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(ikev1|ikev2)</regex>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="lifetime">
+                <properties>
+                  <help>IKE lifetime</help>
+                  <valueHelp>
+                    <format>u32:30-86400</format>
+                    <description>IKE lifetime in seconds</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 30-86400"/>
+                  </constraint>
+                </properties>
+                <defaultValue>28800</defaultValue>
+              </leafNode>
+              <leafNode name="mobike">
+                <properties>
+                  <help>Enable MOBIKE Support (IKEv2 only)</help>
+                  <completionHelp>
+                    <list>enable disable</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>enable</format>
+                    <description>Enable MOBIKE</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>disable</format>
+                    <description>Disable MOBIKE</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(enable|disable)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>enable</defaultValue>
+              </leafNode>
+              <leafNode name="mode">
+                <properties>
+                  <help>IKEv1 phase 1 mode</help>
+                  <completionHelp>
+                    <list>main aggressive</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>main</format>
+                    <description>Use the main mode (recommended)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>aggressive</format>
+                    <description>Use the aggressive mode (insecure, not recommended)</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(main|aggressive)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>main</defaultValue>
+              </leafNode>
+              <tagNode name="proposal">
+                <properties>
+                  <help>IKE proposal</help>
+                  <valueHelp>
+                    <format>u32:1-65535</format>
+                    <description>IKE group proposal</description>
+                  </valueHelp>
+                </properties>
+                <children>
+                  <leafNode name="dh-group">
+                    <properties>
+                      <help>dh-grouphelp</help>
+                      <completionHelp>
+                        <list>1 2 5 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>1</format>
+                        <description>Diffie-Hellman group 1 (modp768)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>2</format>
+                        <description>Diffie-Hellman group 2 (modp1024)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>5</format>
+                        <description>Diffie-Hellman group 5 (modp1536)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>14</format>
+                        <description>Diffie-Hellman group 14 (modp2048)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>15</format>
+                        <description>Diffie-Hellman group 15 (modp3072)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>16</format>
+                        <description>Diffie-Hellman group 16 (modp4096)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>17</format>
+                        <description>Diffie-Hellman group 17 (modp6144)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>18</format>
+                        <description>Diffie-Hellman group 18 (modp8192)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>19</format>
+                        <description>Diffie-Hellman group 19 (ecp256)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>20</format>
+                        <description>Diffie-Hellman group 20 (ecp384)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>21</format>
+                        <description>Diffie-Hellman group 21 (ecp521)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>22</format>
+                        <description>Diffie-Hellman group 22 (modp1024s160)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>23</format>
+                        <description>Diffie-Hellman group 23 (modp2048s224)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>24</format>
+                        <description>Diffie-Hellman group 24 (modp2048s256)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>25</format>
+                        <description>Diffie-Hellman group 25 (ecp192)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>26</format>
+                        <description>Diffie-Hellman group 26 (ecp224)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>27</format>
+                        <description>Diffie-Hellman group 27 (ecp224bp)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>28</format>
+                        <description>Diffie-Hellman group 28 (ecp256bp)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>29</format>
+                        <description>Diffie-Hellman group 29 (ecp384bp)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>30</format>
+                        <description>Diffie-Hellman group 30 (ecp512bp)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>31</format>
+                        <description>Diffie-Hellman group 31 (curve25519)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>32</format>
+                        <description>Diffie-Hellman group 32 (curve448)</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32)</regex>
+                      </constraint>
+                    </properties>
+                    <defaultValue>2</defaultValue>
+                  </leafNode>
+                  #include <include/vpn-ipsec-encryption.xml.i>
+                  #include <include/vpn-ipsec-hash.xml.i>
+                </children>
+              </tagNode>
+            </children>
+          </tagNode>
+          <leafNode name="include-ipsec-conf">
+            <properties>
+              <help>Absolute path to specify a strongSwan config include file</help>
+            </properties>
+          </leafNode>
+          <leafNode name="include-ipsec-secrets">
+            <properties>
+              <help>Absolute path to a strongSwan secrets include file</help>
+            </properties>
+          </leafNode>
+          #include <include/generic-interface-multi.xml.i>
+          <node name="log">
+            <properties>
+              <help>IPsec logging</help>
+            </properties>
+            <children>
+              <leafNode name="level">
+                <properties>
+                  <help>Global IPsec logging Level</help>
+                  <valueHelp>
+                    <format>0</format>
+                    <description>Very basic auditing logs (e.g., SA up/SA down)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>1</format>
+                    <description>Generic control flow with errors, a good default to see whats going on</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>2</format>
+                    <description>More detailed debugging control flow</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 0-2"/>
+                  </constraint>
+                </properties>
+                <defaultValue>0</defaultValue>
+              </leafNode>
+              <leafNode name="subsystem">
+                <properties>
+                  <help>Subsystem logging levels</help>
+                  <completionHelp>
+                    <list>dmn mgr ike chd job cfg knl net asn enc lib esp tls tnc imc imv pts any</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>dmn</format>
+                    <description>Main daemon setup/cleanup/signal handling</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>mgr</format>
+                    <description>IKE_SA manager, handling synchronization for IKE_SA access</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ike</format>
+                    <description>IKE_SA/ISAKMP SA</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>chd</format>
+                    <description>CHILD_SA/IPsec SA</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>job</format>
+                    <description>Jobs queuing/processing and thread pool management</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>cfg</format>
+                    <description>Configuration management and plugins</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>knl</format>
+                    <description>IPsec/Networking kernel interface</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>net</format>
+                    <description>IKE network communication</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>asn</format>
+                    <description>Low-level encoding/decoding (ASN.1, X.509 etc.)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>enc</format>
+                    <description>Packet encoding/decoding encryption/decryption operations</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>lib</format>
+                    <description>libstrongswan library messages</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>esp</format>
+                    <description>libipsec library messages</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>tls</format>
+                    <description> libtls library messages</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>tnc</format>
+                    <description>Trusted Network Connect</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>imc</format>
+                    <description>Integrity Measurement Collector</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>imv</format>
+                    <description>Integrity Measurement Verifier</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>pts</format>
+                    <description> Platform Trust Service</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>any</format>
+                    <description>Any subsystem</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|lib|esp|tls|tnc|imc|imv|pts|any)</regex>
+                  </constraint>
+                  <multi/>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+          <node name="options">
+            <properties>
+              <help>Global IPsec settings</help>
+            </properties>
+            <children>
+              <leafNode name="disable-route-autoinstall">
+                <properties>
+                  <help>Do not automatically install routes to remote networks</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+              <leafNode name="flexvpn">
+                <properties>
+                  <help>Allow FlexVPN vendor ID payload (IKEv2 only)</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+              #include <include/generic-interface.xml.i>
+              <leafNode name="virtual-ip">
+                <properties>
+                  <help>Allow install virtual-ip addresses</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+          <tagNode name="profile">
+            <properties>
+              <help>VPN IPsec profile</help>
+            </properties>
+            <children>
+              #include <include/generic-disable-node.xml.i>
+              <node name="authentication">
+                <properties>
+                  <help>Authentication</help>
+                </properties>
+                <children>
+                  <leafNode name="mode">
+                    <properties>
+                      <help>Authentication mode</help>
+                      <completionHelp>
+                        <list>pre-shared-secret</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>pre-shared-secret</format>
+                        <description>Use a pre-shared secret key</description>
+                      </valueHelp>
+                    </properties>
+                  </leafNode>
+                  #include <include/ipsec/authentication-pre-shared-secret.xml.i>
+                </children>
+              </node>
+              <node name="bind">
+                <properties>
+                  <help>DMVPN tunnel configuration</help>
+                </properties>
+                <children>
+                  <leafNode name="tunnel">
+                    <properties>
+                      <help>Tunnel interface associated with this profile</help>
+                      <completionHelp>
+                        <path>interfaces tunnel</path>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>txt</format>
+                        <description>Associated interface to this profile</description>
+                      </valueHelp>
+                      <multi/>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              #include <include/ipsec/esp-group.xml.i>
+              #include <include/ipsec/ike-group.xml.i>
+            </children>
+          </tagNode>
+          <node name="remote-access">
+            <properties>
+              <help>IKEv2 remote access VPN</help>
+            </properties>
+            <children>
+              <tagNode name="connection">
+                <properties>
+                  <help>IKEv2 VPN connection name</help>
+                </properties>
+                <children>
+                  <node name="authentication">
+                    <properties>
+                      <help>Authentication for remote access</help>
+                    </properties>
+                    <children>
+                      #include <include/ipsec/authentication-id.xml.i>
+                      #include <include/ipsec/authentication-x509.xml.i>
+                      <leafNode name="client-mode">
+                        <properties>
+                          <help>Client authentication mode</help>
+                          <completionHelp>
+                            <list>eap-tls eap-mschapv2 eap-radius</list>
+                          </completionHelp>
+                          <valueHelp>
+                            <format>eap-tls</format>
+                            <description>Use EAP-TLS authentication</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>eap-mschapv2</format>
+                            <description>Use EAP-MSCHAPv2 authentication</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>eap-radius</format>
+                            <description>Use EAP-RADIUS authentication</description>
+                          </valueHelp>
+                          <constraint>
+                            <regex>(eap-tls|eap-mschapv2|eap-radius)</regex>
+                          </constraint>
+                        </properties>
+                        <defaultValue>eap-mschapv2</defaultValue>
+                      </leafNode>
+                      #include <include/auth-local-users.xml.i>
+                      <leafNode name="server-mode">
+                        <properties>
+                          <help>Server authentication mode</help>
+                          <completionHelp>
+                            <list>pre-shared-secret x509</list>
+                          </completionHelp>
+                          <valueHelp>
+                            <format>pre-shared-secret</format>
+                            <description>Use a pre-shared secret key</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>x509</format>
+                            <description>Use x.509 certificate</description>
+                          </valueHelp>
+                          <constraint>
+                            <regex>(pre-shared-secret|x509)</regex>
+                          </constraint>
+                        </properties>
+                        <defaultValue>x509</defaultValue>
+                      </leafNode>
+                      #include <include/ipsec/authentication-pre-shared-secret.xml.i>
+                    </children>
+                  </node>
+                  #include <include/generic-description.xml.i>
+                  #include <include/generic-disable-node.xml.i>
+                  #include <include/ipsec/esp-group.xml.i>
+                  #include <include/ipsec/ike-group.xml.i>
+                  #include <include/ipsec/local-address.xml.i>
+                  #include <include/ipsec/local-traffic-selector.xml.i>
+                  <leafNode name="timeout">
+                    <properties>
+                      <help>Timeout to close connection if no data is transmitted</help>
+                      <valueHelp>
+                        <format>u32:0</format>
+                        <description>Disable inactivity checks</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>u32:1-86400</format>
+                        <description>Timeout in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 0-86400"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>28800</defaultValue>
+                  </leafNode>
+                  <leafNode name="pool">
+                    <properties>
+                      <help>IP address pool</help>
+                      <completionHelp>
+                        <path>vpn ipsec remote-access pool</path>
+                        <list>dhcp radius</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>txt</format>
+                        <description>Predefined IP pool name</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>dhcp</format>
+                        <description>Forward requests for virtual IP addresses to a DHCP server</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>radius</format>
+                        <description>Forward requests for virtual IP addresses to a RADIUS server</description>
+                      </valueHelp>
+                      <multi/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="unique">
+                    <properties>
+                      <help>Connection uniqueness enforcement policy</help>
+                      <completionHelp>
+                        <list>never keep replace</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>never</format>
+                        <description>Never enforce connection uniqueness</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>keep</format>
+                        <description>Reject new connection attempts if the same user already has an active connection</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>replace</format>
+                        <description>Delete any existing connection if a new one for the same user gets established</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(never|keep|replace)</regex>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </tagNode>
+              <node name="dhcp">
+                <properties>
+                  <help>DHCP pool options for remote access</help>
+                </properties>
+                <children>
+                  #include <include/generic-interface.xml.i>
+                  <leafNode name="server">
+                    <properties>
+                      <help>DHCP server address</help>
+                      <valueHelp>
+                        <format>ipv4</format>
+                        <description>DHCP server IPv4 address</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-address"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <tagNode name="pool">
+                <properties>
+                  <help>IP address pool for remote access users</help>
+                </properties>
+                <children>
+                  <leafNode name="exclude">
+                    <properties>
+                      <help>Local IPv4 or IPv6 pool prefix exclusions</help>
+                      <valueHelp>
+                        <format>ipv4net</format>
+                        <description>Local IPv4 pool prefix exclusion</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ipv6net</format>
+                        <description>Local IPv6 pool prefix exclusion</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-prefix"/>
+                        <validator name="ipv6-prefix"/>
+                      </constraint>
+                      <multi/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="prefix">
+                    <properties>
+                      <help>Local IPv4 or IPv6 pool prefix</help>
+                      <valueHelp>
+                        <format>ipv4net</format>
+                        <description>Local IPv4 pool prefix</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ipv6net</format>
+                        <description>Local IPv6 pool prefix</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-prefix"/>
+                        <validator name="ipv6-prefix"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  #include <include/name-server-ipv4-ipv6.xml.i>
+                </children>
+              </tagNode>
+              #include <include/radius-server-ipv4.xml.i>
+              <node name="radius">
+                <children>
+                  #include <include/radius-nas-identifier.xml.i>
+                  <tagNode name="server">
+                    <children>
+                      #include <include/accel-ppp/radius-additions-disable-accounting.xml.i>
+                    </children>
+                 </tagNode>
+                </children>
+              </node>
+            </children>
+          </node>
+          <node name="site-to-site">
+            <properties>
+              <help>Site-to-site VPN</help>
+            </properties>
+            <children>
+              <tagNode name="peer">
+                <properties>
+                  <help>VPN peer</help>
+                  <valueHelp>
+                    <format>ipv4</format>
+                    <description>IPv4 address of the peer</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ipv6</format>
+                    <description>IPv6 address of the peer</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>txt</format>
+                    <description>Hostname of the peer</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>&lt;@text&gt;</format>
+                    <description>ID of the peer</description>
+                  </valueHelp>
+                </properties>
+                <children>
+                  #include <include/generic-disable-node.xml.i>
+                  <node name="authentication">
+                    <properties>
+                      <help>Peer authentication</help>
+                    </properties>
+                    <children>
+                      #include <include/ipsec/authentication-id.xml.i>
+                      #include <include/ipsec/authentication-rsa.xml.i>
+                      #include <include/ipsec/authentication-x509.xml.i>
+                      <leafNode name="mode">
+                        <properties>
+                          <help>Authentication mode</help>
+                          <completionHelp>
+                            <list>pre-shared-secret rsa x509</list>
+                          </completionHelp>
+                          <valueHelp>
+                            <format>pre-shared-secret</format>
+                            <description>Use pre-shared secret key</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>rsa</format>
+                            <description>Use RSA key</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>x509</format>
+                            <description>Use x.509 certificate</description>
+                          </valueHelp>
+                          <constraint>
+                            <regex>(pre-shared-secret|rsa|x509)</regex>
+                          </constraint>
+                        </properties>
+                      </leafNode>
+                      #include <include/ipsec/authentication-pre-shared-secret.xml.i>
+                      <leafNode name="remote-id">
+                        <properties>
+                          <help>ID for remote authentication</help>
+                          <valueHelp>
+                            <format>txt</format>
+                            <description>ID used for peer authentication</description>
+                          </valueHelp>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="use-x509-id">
+                        <properties>
+                          <help>Use certificate common name as ID</help>
+                          <valueless/>
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </node>
+                  <leafNode name="connection-type">
+                    <properties>
+                      <help>Connection type</help>
+                      <completionHelp>
+                        <list>initiate respond none</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>initiate</format>
+                        <description>Bring the connection up immediately</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>respond</format>
+                        <description>Wait for the peer to initiate the connection</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>none</format>
+                        <description>Load the connection only</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(initiate|respond|none)</regex>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="default-esp-group">
+                    <properties>
+                      <help>Defult ESP group name</help>
+                      <completionHelp>
+                        <path>vpn ipsec esp-group</path>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                  #include <include/generic-description.xml.i>
+                  #include <include/dhcp-interface.xml.i>
+                  <leafNode name="force-encapsulation">
+                    <properties>
+                      <help>Force UDP Encapsulation for ESP payloads</help>
+                      <completionHelp>
+                        <list>enable disable</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>enable</format>
+                        <description>Force UDP encapsulation</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>disable</format>
+                        <description>Do not force UDP encapsulation</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(enable|disable)</regex>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  #include <include/ipsec/ike-group.xml.i>
+                  <leafNode name="ikev2-reauth">
+                    <properties>
+                      <help>Re-authentication of the remote peer during an IKE re-key (IKEv2 only)</help>
+                      <completionHelp>
+                        <list>yes no inherit</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>yes</format>
+                        <description>Enable remote host re-autentication during an IKE re-key. Currently broken due to a strong swan bug</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>no</format>
+                        <description>Disable remote host re-authenticaton during an IKE re-key.</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>inherit</format>
+                        <description>Inherit the reauth configuration form your IKE-group</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(yes|no|inherit)</regex>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  #include <include/ipsec/local-address.xml.i>
+                  <tagNode name="tunnel">
+                    <properties>
+                      <help>Peer tunnel</help>
+                      <valueHelp>
+                        <format>u32</format>
+                        <description>Peer tunnel</description>
+                      </valueHelp>
+                    </properties>
+                    <children>
+                      #include <include/generic-disable-node.xml.i>
+                      #include <include/ipsec/esp-group.xml.i>
+                      #include <include/ipsec/local-traffic-selector.xml.i>
+                      #include <include/ip-protocol.xml.i>
+                      <leafNode name="priority">
+                        <properties>
+                          <help>Priority for IPsec policy (lowest value more preferable)</help>
+                          <valueHelp>
+                            <format>u32:1-100</format>
+                            <description>Priority for IPsec policy (lowest value more preferable)</description>
+                          </valueHelp>
+                          <constraint>
+                            <validator name="numeric" argument="--range 1-100"/>
+                          </constraint>
+                        </properties>
+                      </leafNode>
+                      <node name="remote">
+                        <properties>
+                          <help>Match remote addresses</help>
+                        </properties>
+                        <children>
+                          #include <include/port-number.xml.i>
+                          <leafNode name="prefix">
+                            <properties>
+                              <help>Remote IPv4 or IPv6 prefix</help>
+                              <valueHelp>
+                                <format>ipv4net</format>
+                                <description>Remote IPv4 prefix</description>
+                              </valueHelp>
+                              <valueHelp>
+                                <format>ipv6net</format>
+                                <description>Remote IPv6 prefix</description>
+                              </valueHelp>
+                              <constraint>
+                                <validator name="ipv4-prefix"/>
+                                <validator name="ipv6-prefix"/>
+                              </constraint>
+                              <multi/>
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </node>
+                    </children>
+                  </tagNode>
+                  <leafNode name="virtual-address">
+                    <properties>
+                      <help>Initiator request virtual-address from peer</help>
+                      <valueHelp>
+                        <format>ipv4</format>
+                        <description>Request IPv4 address from peer</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ipv6</format>
+                        <description>Request IPv6 address from peer</description>
+                      </valueHelp>
+                      <multi/>
+                    </properties>
+                  </leafNode>
+                  <node name="vti">
+                    <properties>
+                      <help>Virtual tunnel interface</help>
+                    </properties>
+                    <children>
+                      <leafNode name="bind">
+                        <properties>
+                          <help>VTI tunnel interface associated with this configuration</help>
+                          <completionHelp>
+                            <path>interfaces vti</path>
+                          </completionHelp>
+                        </properties>
+                      </leafNode>
+                      #include <include/ipsec/esp-group.xml.i>
+                    </children>
+                  </node>
+                </children>
+              </tagNode>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/vpn-l2tp.xml.in b/interface-definitions/vpn-l2tp.xml.in
new file mode 100644
index 000000000..f734283e7
--- /dev/null
+++ b/interface-definitions/vpn-l2tp.xml.in
@@ -0,0 +1,282 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="vpn">
+    <children>
+      <node name="l2tp" owner="${vyos_conf_scripts_dir}/vpn_l2tp.py">
+        <properties>
+          <help>L2TP Virtual Private Network (VPN)</help>
+          <priority>902</priority>
+        </properties>
+        <children>
+          <node name="remote-access">
+            <properties>
+              <help>Remote access L2TP VPN</help>
+            </properties>
+            <children>
+              #include <include/accel-ppp/mtu-128-16384.xml.i>
+              <leafNode name="outside-address">
+                <properties>
+                  <help>External IP address to which VPN clients will connect</help>
+                  <constraint>
+                    <validator name="ipv4-address"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              #include <include/accel-ppp/gateway-address.xml.i>
+              #include <include/name-server-ipv4-ipv6.xml.i>
+              <node name="lns">
+                <properties>
+                  <help>L2TP Network Server (LNS)</help>
+                </properties>
+                <children>
+                  <leafNode name="shared-secret">
+                    <properties>
+                      <help>Tunnel password used to authenticate the client (LAC)</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="host-name">
+                    <properties>
+                      <help>Sent to the client (LAC) in the Host-Name attribute</help>
+                      <constraint>
+                        <regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <leafNode name="ccp-disable">
+                <properties>
+                  <help>Disable Compression Control Protocol (CCP)</help>
+                  <valueless />
+                </properties>
+              </leafNode>
+              <node name="ipsec-settings">
+                <properties>
+                  <help>Internet Protocol Security (IPsec) for remote access L2TP VPN</help>
+                </properties>
+                <children>
+                  <node name="authentication">
+                    <properties>
+                      <help>IPsec authentication settings</help>
+                    </properties>
+                    <children>
+                      <leafNode name="mode">
+                        <properties>
+                          <help>Authentication mode for IPsec</help>
+                          <valueHelp>
+                            <format>pre-shared-secret</format>
+                            <description>Use pre-shared secret for IPsec authentication</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>x509</format>
+                            <description>Use X.509 certificate for IPsec authentication</description>
+                          </valueHelp>
+                          <constraint>
+                            <regex>(pre-shared-secret|x509)</regex>
+                          </constraint>
+                          <completionHelp>
+                            <list>pre-shared-secret x509</list>
+                          </completionHelp>
+                        </properties>
+                      </leafNode>
+                      #include <include/ipsec/authentication-pre-shared-secret.xml.i>
+                      #include <include/ipsec/authentication-x509.xml.i>
+                    </children>
+                  </node>
+                  <leafNode name="ike-lifetime">
+                    <properties>
+                      <help>IKE lifetime</help>
+                      <valueHelp>
+                        <format>u32:30-86400</format>
+                        <description>IKE lifetime in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 30-86400"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>3600</defaultValue>
+                  </leafNode>
+                   <leafNode name="lifetime">
+                    <properties>
+                      <help>ESP lifetime</help>
+                      <valueHelp>
+                        <format>u32:30-86400</format>
+                        <description>IKE lifetime in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 30-86400"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>3600</defaultValue>
+                  </leafNode>
+                  #include <include/ipsec/esp-group.xml.i>
+                  #include <include/ipsec/ike-group.xml.i>
+                </children>
+              </node>
+              #include <include/accel-ppp/wins-server.xml.i>
+              <node name="client-ip-pool">
+                <properties>
+                  <help>Pool of client IP addresses (must be within a /24)</help>
+                </properties>
+                <children>
+                  #include <include/accel-ppp/client-ip-pool-start-stop.xml.i>
+                  #include <include/accel-ppp/client-ip-pool-subnet.xml.i>
+                </children>
+              </node>
+              #include <include/accel-ppp/client-ipv6-pool.xml.i>
+              <leafNode name="description">
+                <properties>
+                  <help>Description for L2TP remote-access settings</help>
+                </properties>
+              </leafNode>
+              #include <include/dhcp-interface.xml.i>
+              <leafNode name="idle">
+                <properties>
+                  <help>PPP idle timeout</help>
+                  <valueHelp>
+                    <format>u32:30-86400</format>
+                    <description>PPP idle timeout in seconds</description>
+                  </valueHelp>
+                    <constraint>
+                      <validator name="numeric" argument="--range 30-86400"/>
+                    </constraint>
+                </properties>
+              </leafNode>
+              <node name="authentication">
+                <properties>
+                  <help>Authentication for remote access L2TP VPN</help>
+                </properties>
+                <children>
+                  <leafNode name="require">
+                    <properties>
+                      <help>Authentication protocol for remote access peer L2TP VPN</help>
+                      <valueHelp>
+                        <format>pap</format>
+                        <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>chap</format>
+                        <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>mschap</format>
+                        <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>mschap-v2</format>
+                        <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(pap|chap|mschap|mschap-v2)</regex>
+                      </constraint>
+                      <completionHelp>
+                        <list>pap chap mschap mschap-v2</list>
+                      </completionHelp>
+                      <multi />
+                    </properties>
+                  </leafNode>
+                  #include <include/accel-ppp/ppp-mppe.xml.i>
+                  #include <include/accel-ppp/auth-mode.xml.i>
+                  #include <include/accel-ppp/auth-local-users.xml.i>
+                  #include <include/radius-server-ipv4.xml.i>
+                  <node name="radius">
+                    <children>
+                      <tagNode name="server">
+                        <children>
+                          #include <include/accel-ppp/radius-additions-disable-accounting.xml.i>
+                          <leafNode name="fail-time">
+                            <properties>
+                              <help>Mark server unavailable for N seconds on failure</help>
+                              <valueHelp>
+                                <format>u32:0-600</format>
+                                <description>Fail time penalty</description>
+                              </valueHelp>
+                              <constraint>
+                                <validator name="numeric" argument="--range 0-600"/>
+                              </constraint>
+                              <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage>
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </tagNode>
+                      <leafNode name="timeout">
+                        <properties>
+                          <help>Timeout to wait response from server (seconds)</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="acct-timeout">
+                        <properties>
+                          <help>Timeout to wait reply for Interim-Update packets</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="max-try">
+                        <properties>
+                          <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help>
+                        </properties>
+                      </leafNode>
+                      #include <include/radius-nas-identifier.xml.i>
+                      <node name="dae-server">
+                        <properties>
+                          <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help>
+                        </properties>
+                        <children>
+                          <leafNode name="ip-address">
+                            <properties>
+                              <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="port">
+                            <properties>
+                              <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="secret">
+                            <properties>
+                              <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help>
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </node>
+                      <node name="rate-limit">
+                        <properties>
+                          <help>Upload/Download speed limits</help>
+                        </properties>
+                        <children>
+                          <leafNode name="attribute">
+                            <properties>
+                              <help>Specifies which radius attribute contains rate information</help>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="vendor">
+                            <properties>
+                              <help>Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius)</help>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="enable">
+                            <properties>
+                              <help>Enables Bandwidth shaping via RADIUS</help>
+                              <valueless />
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </node>
+                    </children>
+                  </node>
+                </children>
+              </node>
+              <node name="ppp-options">
+                <properties>
+                  <help>Advanced protocol options</help>
+                </properties>
+                <children>
+                  #include <include/accel-ppp/lcp-echo-interval-failure.xml.i>
+                  #include <include/accel-ppp/ppp-options-ipv6.xml.i>
+                </children>
+              </node>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in
new file mode 100644
index 000000000..21b47125d
--- /dev/null
+++ b/interface-definitions/vpn-openconnect.xml.in
@@ -0,0 +1,274 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="vpn">
+    <children>
+      <node name="openconnect" owner="${vyos_conf_scripts_dir}/vpn_openconnect.py">
+        <properties>
+          <help>SSL VPN OpenConnect, AnyConnect compatible server</help>
+          <priority>901</priority>
+        </properties>
+        <children>
+          <node name="authentication">
+            <properties>
+              <help>Authentication for remote access SSL VPN Server</help>
+            </properties>
+            <children>
+              <node name="mode">
+                <properties>
+                  <help>Authentication mode used by this server</help>
+                </properties>
+                <children>
+                  <leafNode name="local">
+                    <properties>
+                      <help>Use local username/password configuration (OTP supported)</help>
+                      <valueHelp>
+                        <format>password</format>
+                        <description>Password-only local authentication</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>otp</format>
+                        <description>OTP-only local authentication</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>password-otp</format>
+                        <description>Password (first) + OTP local authentication</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(password|otp|password-otp)</regex>
+                      </constraint>
+                      <constraintErrorMessage>Invalid authentication mode. Must be one of: password, otp or password-otp </constraintErrorMessage>
+                      <completionHelp>
+                        <list>otp password password-otp</list>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="radius">
+                    <properties>
+                      <help>Use RADIUS server for user autentication</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              #include <include/auth-local-users.xml.i>
+              <node name="local-users">
+                <children>
+                  <tagNode name="username">
+                    <children>
+                        <node name="otp">
+                          <properties>
+                            <help>2FA OTP authentication parameters</help>
+                          </properties>
+                          <children>
+                            <leafNode name="key">
+                              <properties>
+                                <help>Token Key Secret key for the token algorithm (see RFC 4226)</help>
+                                <valueHelp>
+                                  <format>txt</format>
+                                  <description>OTP key in hex-encoded format</description>
+                                </valueHelp>
+                                <constraint>
+                                  <regex>[a-fA-F0-9]{20,10000}</regex>
+                                </constraint>
+                                <constraintErrorMessage>Key name must only include hex characters and be at least 20 characters long</constraintErrorMessage>
+                              </properties>
+                            </leafNode>
+                            <leafNode name="otp-length">
+                              <properties>
+                                <help>Number of digits in OTP code</help>
+                                <valueHelp>
+                                  <format>u32:6-8</format>
+                                  <description>Number of digits in OTP code</description>
+                                </valueHelp>
+                                <constraint>
+                                  <validator name="numeric" argument="--range 6-8"/>
+                                </constraint>
+                                <constraintErrorMessage>Number of digits in OTP code must be between 6 and 8</constraintErrorMessage>
+                              </properties>
+                              <defaultValue>6</defaultValue>
+                            </leafNode>
+                            <leafNode name="interval">
+                              <properties>
+                                <help>Time tokens interval in seconds</help>
+                                <valueHelp>
+                                  <format>u32:5-86400</format>
+                                  <description>Time tokens interval in seconds.</description>
+                                </valueHelp>
+                                <constraint>
+                                  <validator name="numeric" argument="--range 5-86400"/>
+                                </constraint>
+                                <constraintErrorMessage>Time token interval must be between 5 and 86400 seconds</constraintErrorMessage>
+                              </properties>
+                              <defaultValue>30</defaultValue>
+                            </leafNode>
+                            <leafNode name="token-type">
+                              <properties>
+                                <help>Token type</help>
+                                <valueHelp>
+                                  <format>hotp-time</format>
+                                  <description>Time-based OTP algorithm</description>
+                                </valueHelp>
+                                <valueHelp>
+                                  <format>hotp-event</format>
+                                  <description>Event-based OTP algorithm</description>
+                                </valueHelp>
+                                <constraint>
+                                  <regex>(hotp-time|hotp-event)</regex>
+                                </constraint>
+                                <completionHelp>
+                                  <list>hotp-time hotp-event</list>
+                                </completionHelp>
+                              </properties>
+                              <defaultValue>hotp-time</defaultValue>
+                            </leafNode>
+                          </children>
+                        </node>
+                    </children>
+                  </tagNode>
+                </children>
+              </node>
+              #include <include/radius-server-ipv4.xml.i>
+              <node name="radius">
+                <children>
+                  <leafNode name="timeout">
+                    <properties>
+                      <help>Session timeout</help>
+                      <valueHelp>
+                        <format>u32:1-240</format>
+                        <description>Session timeout in seconds (default: 2)</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-240"/>
+                      </constraint>
+                      <constraintErrorMessage>Timeout must be between 1 and 240 seconds</constraintErrorMessage>
+                    </properties>
+                    <defaultValue>2</defaultValue>
+                  </leafNode>
+                </children>
+              </node>
+            </children>
+          </node>
+          <node name="listen-ports">
+            <properties>
+              <help>Specify custom ports to use for client connections</help>
+            </properties>
+            <children>
+              <leafNode name="tcp">
+                <properties>
+                  <help>tcp port number to accept connections</help>
+                  <valueHelp>
+                    <format>u32:1-65535</format>
+                    <description>Numeric IP port</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-65535"/>
+                  </constraint>
+                </properties>
+                <defaultValue>443</defaultValue>
+              </leafNode>
+              <leafNode name="udp">
+                <properties>
+                  <help>udp port number to accept connections</help>
+                  <valueHelp>
+                    <format>u32:1-65535</format>
+                    <description>Numeric IP port</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-65535"/>
+                  </constraint>
+                </properties>
+                <defaultValue>443</defaultValue>
+              </leafNode>
+            </children>
+          </node>
+          <node name="ssl">
+            <properties>
+              <help>SSL Certificate, SSL Key and CA</help>
+            </properties>
+            <children>
+              #include <include/pki/ca-certificate.xml.i>
+              #include <include/pki/certificate-key.xml.i>
+            </children>
+          </node>
+          <node name="network-settings">
+            <properties>
+              <help>Network settings</help>
+            </properties>
+            <children>
+              <leafNode name="push-route">
+                <properties>
+                  <help>Route to be pushed to the client</help>
+                  <valueHelp>
+                    <format>ipv4net</format>
+                    <description>IPv4 network and prefix length</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ipv6net</format>
+                    <description>IPv6 network and prefix length</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ip-prefix"/>
+                  </constraint>
+                  <multi/>
+                </properties>
+              </leafNode>
+              <node name="client-ip-settings">
+                <properties>
+                  <help>Client IP pools settings</help>
+                </properties>
+                <children>
+                  <leafNode name="subnet">
+                    <properties>
+                      <help>Client IP subnet (CIDR notation)</help>
+                      <valueHelp>
+                        <format>ipv4net</format>
+                        <description>IPv4 address and prefix length</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-prefix"/>
+                      </constraint>
+                      <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <node name="client-ipv6-pool">
+                <properties>
+                  <help>Pool of client IPv6 addresses</help>
+                </properties>
+                <children>
+                  <leafNode name="prefix">
+                    <properties>
+                      <help>Pool of addresses used to assign to clients</help>
+                      <valueHelp>
+                        <format>ipv6net</format>
+                        <description>IPv6 address and prefix length</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv6-prefix"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="mask">
+                    <properties>
+                      <help>Prefix length used for individual client</help>
+                      <valueHelp>
+                        <format>u32:48-128</format>
+                        <description>Client prefix length</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 48-128"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>64</defaultValue>
+                  </leafNode>
+                </children>
+              </node>
+              #include <include/name-server-ipv4-ipv6.xml.i>
+            </children>
+          </node>
+      </children>
+    </node>
+  </children>
+</node>
+</interfaceDefinition>
diff --git a/interface-definitions/vpn-pptp.xml.in b/interface-definitions/vpn-pptp.xml.in
new file mode 100644
index 000000000..28a53acb9
--- /dev/null
+++ b/interface-definitions/vpn-pptp.xml.in
@@ -0,0 +1,121 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="vpn">
+    <children>
+      <node name="pptp" owner="${vyos_conf_scripts_dir}/vpn_pptp.py">
+        <properties>
+          <help>Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN)</help>
+          <priority>901</priority>
+        </properties>
+        <children>
+          <node name="remote-access">
+            <properties>
+              <help>Remote access PPTP VPN</help>
+            </properties>
+            <children>
+              #include <include/accel-ppp/mtu-128-16384.xml.i>
+              <leafNode name="outside-address">
+                <properties>
+                  <help>External IP address to which VPN clients will connect</help>
+                  <constraint>
+                    <validator name="ipv4-address"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              #include <include/name-server-ipv4.xml.i>
+              #include <include/accel-ppp/wins-server.xml.i>
+              <node name="client-ip-pool">
+                <properties>
+                  <help>Pool of client IP addresses (must be within a /24)</help>
+                </properties>
+                <children>
+                  #include <include/accel-ppp/client-ip-pool-start-stop.xml.i>
+                </children>
+              </node>
+              #include <include/accel-ppp/gateway-address.xml.i>
+              <node name="authentication">
+                <properties>
+                  <help>Authentication for remote access PPTP VPN</help>
+                </properties>
+                <children>
+                  <leafNode name="require">
+                    <properties>
+                      <help>Authentication protocol for remote access peer PPTP VPN</help>
+                      <valueHelp>
+                        <format>pap</format>
+                        <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>chap</format>
+                        <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>mschap</format>
+                        <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>mschap-v2</format>
+                        <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description>
+                      </valueHelp>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="mppe">
+                    <properties>
+                      <help>Specifies mppe negotioation preference. (default require mppe 128-bit stateless</help>
+                      <valueHelp>
+                        <format>deny</format>
+                        <description>deny mppe</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>prefer</format>
+                        <description>ask client for mppe, if it rejects do not fail</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>require</format>
+                        <description>ask client for mppe, if it rejects drop connection</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(deny|prefer|require)</regex>
+                      </constraint>
+                      <completionHelp>
+                        <list>deny prefer require</list>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                  #include <include/accel-ppp/auth-mode.xml.i>
+                  <node name="local-users">
+                    <properties>
+                      <help>Local user authentication for remote access PPTP VPN</help>
+                    </properties>
+                    <children>
+                      <tagNode name="username">
+                        <properties>
+                          <help>User name for authentication</help>
+                        </properties>
+                        <children>
+                          #include <include/generic-disable-node.xml.i>
+                          <leafNode name="password">
+                            <properties>
+                              <help>Password for authentication</help>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="static-ip">
+                            <properties>
+                              <help>Static client IP address</help>
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </tagNode>
+                    </children>
+                  </node>
+                  #include <include/radius-server-ipv4.xml.i>
+                  #include <include/accel-ppp/radius-additions.xml.i>
+                </children>
+              </node>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn-sstp.xml.in
new file mode 100644
index 000000000..195d581df
--- /dev/null
+++ b/interface-definitions/vpn-sstp.xml.in
@@ -0,0 +1,69 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="vpn">
+    <children>
+      <node name="sstp" owner="${vyos_conf_scripts_dir}/vpn_sstp.py">
+        <properties>
+          <help>Secure Socket Tunneling Protocol (SSTP) server</help>
+          <priority>901</priority>
+        </properties>
+        <children>
+          <node name="authentication">
+            <properties>
+              <help>Authentication for remote access SSTP Server</help>
+            </properties>
+            <children>
+              #include <include/accel-ppp/auth-local-users.xml.i>
+              #include <include/accel-ppp/auth-mode.xml.i>
+              #include <include/accel-ppp/auth-protocols.xml.i>
+              #include <include/radius-server-ipv4.xml.i>
+              #include <include/accel-ppp/radius-additions.xml.i>
+              <node name="radius">
+                <children>
+                  #include <include/accel-ppp/radius-additions-rate-limit.xml.i>
+                </children>
+              </node>
+            </children>
+          </node>
+          #include <include/interface/mtu-68-1500.xml.i>
+          #include <include/accel-ppp/gateway-address.xml.i>
+          #include <include/name-server-ipv4-ipv6.xml.i>
+          <node name="client-ip-pool">
+            <properties>
+              <help>Client IP pools and gateway setting</help>
+            </properties>
+            <children>
+              #include <include/accel-ppp/client-ip-pool-subnet.xml.i>
+            </children>
+          </node>
+          #include <include/accel-ppp/client-ipv6-pool.xml.i>
+          #include <include/port-number.xml.i>
+          <leafNode name="port">
+            <defaultValue>443</defaultValue>
+          </leafNode>
+          <node name="ppp-options">
+            <properties>
+              <help>PPP (Point-to-Point Protocol) settings</help>
+            </properties>
+            <children>
+              #include <include/accel-ppp/ppp-mppe.xml.i>
+              #include <include/accel-ppp/ppp-options-ipv4.xml.i>
+              #include <include/accel-ppp/ppp-options-ipv6.xml.i>
+              #include <include/accel-ppp/lcp-echo-interval-failure.xml.i>
+              #include <include/accel-ppp/lcp-echo-timeout.xml.i>
+            </children>
+          </node>
+          <node name="ssl">
+            <properties>
+              <help>SSL Certificate, SSL Key and CA</help>
+            </properties>
+            <children>
+              #include <include/pki/ca-certificate.xml.i>
+              #include <include/pki/certificate.xml.i>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
deleted file mode 100644
index d36fbb024..000000000
--- a/interface-definitions/vpn_ipsec.xml.in
+++ /dev/null
@@ -1,1169 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="vpn">
-    <properties>
-      <help>Virtual Private Network (VPN)</help>
-    </properties>
-    <children>
-      <node name="ipsec" owner="${vyos_conf_scripts_dir}/vpn_ipsec.py">
-        <properties>
-          <help>VPN IP security (IPsec) parameters</help>
-          <priority>901</priority>
-        </properties>
-        <children>
-          <leafNode name="disable-uniqreqids">
-            <properties>
-              <help>Disable requirement for unique IDs in the Security Database</help>
-              <valueless/>
-            </properties>
-          </leafNode>
-          <tagNode name="esp-group">
-            <properties>
-              <help>Encapsulating Security Payload (ESP) group name</help>
-            </properties>
-            <children>
-              <leafNode name="compression">
-                <properties>
-                  <help>ESP compression</help>
-                  <completionHelp>
-                    <list>disable enable</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>disable</format>
-                    <description>Disable ESP compression</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>enable</format>
-                    <description>Enable ESP compression</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(disable|enable)</regex>
-                  </constraint>
-                </properties>
-                <defaultValue>disable</defaultValue>
-              </leafNode>
-              <leafNode name="lifetime">
-                <properties>
-                  <help>Security Association time to expire</help>
-                  <valueHelp>
-                    <format>u32:30-86400</format>
-                    <description>SA lifetime in seconds</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 30-86400"/>
-                  </constraint>
-                </properties>
-                <defaultValue>3600</defaultValue>
-              </leafNode>
-              <leafNode name="life-bytes">
-                <properties>
-                  <help>Security Association byte count to expire</help>
-                  <valueHelp>
-                    <format>u32:1024-26843545600000</format>
-                    <description>SA life in bytes</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1024-26843545600000"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="life-packets">
-                <properties>
-                  <help>Security Association packet count to expire</help>
-                  <valueHelp>
-                    <format>u32:1000-26843545600000</format>
-                    <description>SA life in packets</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1000-26843545600000"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="mode">
-                <properties>
-                  <help>ESP mode</help>
-                  <completionHelp>
-                    <list>tunnel transport</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>tunnel</format>
-                    <description>Tunnel mode</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>transport</format>
-                    <description>Transport mode</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(tunnel|transport)</regex>
-                  </constraint>
-                </properties>
-                <defaultValue>tunnel</defaultValue>
-              </leafNode>
-              <leafNode name="pfs">
-                <properties>
-                  <help>ESP Perfect Forward Secrecy</help>
-                  <completionHelp>
-                    <list>enable dh-group1 dh-group2 dh-group5 dh-group14 dh-group15 dh-group16 dh-group17 dh-group18 dh-group19 dh-group20 dh-group21 dh-group22 dh-group23 dh-group24 dh-group25 dh-group26 dh-group27 dh-group28 dh-group29 dh-group30 dh-group31 dh-group32 disable</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>enable</format>
-                    <description>Inherit Diffie-Hellman group from the IKE group</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group1</format>
-                    <description>Use Diffie-Hellman group 1 (modp768)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group2</format>
-                    <description>Use Diffie-Hellman group 2 (modp1024)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group5</format>
-                    <description>Use Diffie-Hellman group 5 (modp1536)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group14</format>
-                    <description>Use Diffie-Hellman group 14 (modp2048)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group15</format>
-                    <description>Use Diffie-Hellman group 15 (modp3072)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group16</format>
-                    <description>Use Diffie-Hellman group 16 (modp4096)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group17</format>
-                    <description>Use Diffie-Hellman group 17 (modp6144)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group18</format>
-                    <description>Use Diffie-Hellman group 18 (modp8192)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group19</format>
-                    <description>Use Diffie-Hellman group 19 (ecp256)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group20</format>
-                    <description>Use Diffie-Hellman group 20 (ecp384)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group21</format>
-                    <description>Use Diffie-Hellman group 21 (ecp521)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group22</format>
-                    <description>Use Diffie-Hellman group 22 (modp1024s160)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group23</format>
-                    <description>Use Diffie-Hellman group 23 (modp2048s224)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group24</format>
-                    <description>Use Diffie-Hellman group 24 (modp2048s256)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group25</format>
-                    <description>Use Diffie-Hellman group 25 (ecp192)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group26</format>
-                    <description>Use Diffie-Hellman group 26 (ecp224)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group27</format>
-                    <description>Use Diffie-Hellman group 27 (ecp224bp)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group28</format>
-                    <description>Use Diffie-Hellman group 28 (ecp256bp)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group29</format>
-                    <description>Use Diffie-Hellman group 29 (ecp384bp)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group30</format>
-                    <description>Use Diffie-Hellman group 30 (ecp512bp)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group31</format>
-                    <description>Use Diffie-Hellman group 31 (curve25519)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>dh-group32</format>
-                    <description>Use Diffie-Hellman group 32 (curve448)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>disable</format>
-                    <description>Disable PFS</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(enable|dh-group1|dh-group2|dh-group5|dh-group14|dh-group15|dh-group16|dh-group17|dh-group18|dh-group19|dh-group20|dh-group21|dh-group22|dh-group23|dh-group24|dh-group25|dh-group26|dh-group27|dh-group28|dh-group29|dh-group30|dh-group31|dh-group32|disable)</regex>
-                  </constraint>
-                </properties>
-                <defaultValue>enable</defaultValue>
-              </leafNode>
-              <tagNode name="proposal">
-                <properties>
-                  <help>ESP group proposal</help>
-                  <valueHelp>
-                    <format>u32:1-65535</format>
-                    <description>ESP group proposal number</description>
-                  </valueHelp>
-                </properties>
-                <children>
-                  #include <include/vpn-ipsec-encryption.xml.i>
-                  #include <include/vpn-ipsec-hash.xml.i>
-                </children>
-              </tagNode>
-            </children>
-          </tagNode>
-          <tagNode name="ike-group">
-            <properties>
-              <help>Internet Key Exchange (IKE) group name</help>
-            </properties>
-            <children>
-              <leafNode name="close-action">
-                <properties>
-                  <help>Action to take if a child SA is unexpectedly closed</help>
-                  <completionHelp>
-                    <list>none hold restart</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>none</format>
-                    <description>Do nothing</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>hold</format>
-                    <description>Attempt to re-negotiate when matching traffic is seen</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>restart</format>
-                    <description>Attempt to re-negotiate the connection immediately</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(none|hold|restart)</regex>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <node name="dead-peer-detection">
-                <properties>
-                  <help>Dead Peer Detection (DPD)</help>
-                </properties>
-                <children>
-                  <leafNode name="action">
-                    <properties>
-                      <help>Keep-alive failure action</help>
-                      <completionHelp>
-                        <list>hold clear restart</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>hold</format>
-                        <description>Attempt to re-negotiate the connection when matching traffic is seen</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>clear</format>
-                        <description>Remove the connection immediately</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>restart</format>
-                        <description>Attempt to re-negotiate the connection immediately</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>(hold|clear|restart)</regex>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="interval">
-                    <properties>
-                      <help>Keep-alive interval</help>
-                      <valueHelp>
-                        <format>u32:2-86400</format>
-                        <description>Keep-alive interval in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 2-86400"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>30</defaultValue>
-                  </leafNode>
-                  <leafNode name="timeout">
-                    <properties>
-                      <help>Dead Peer Detection keep-alive timeout (IKEv1 only)</help>
-                      <valueHelp>
-                        <format>u32:2-86400</format>
-                        <description>Keep-alive timeout in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 2-86400"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>120</defaultValue>
-                  </leafNode>
-                </children>
-              </node>
-              <leafNode name="ikev2-reauth">
-                <properties>
-                  <help>Re-authentication of the remote peer during an IKE re-key (IKEv2 only)</help>
-                  <completionHelp>
-                    <list>yes no</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>yes</format>
-                    <description>Enable remote host re-authentication during an IKE rekey (currently broken due to a strongswan bug)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>no</format>
-                    <description>Disable remote host re-authenticaton during an IKE rekey</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(yes|no)</regex>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="key-exchange">
-                <properties>
-                  <help>IKE version</help>
-                  <completionHelp>
-                    <list>ikev1 ikev2</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>ikev1</format>
-                    <description>Use IKEv1 for key exchange</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>ikev2</format>
-                    <description>Use IKEv2 for key exchange</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(ikev1|ikev2)</regex>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="lifetime">
-                <properties>
-                  <help>IKE lifetime</help>
-                  <valueHelp>
-                    <format>u32:30-86400</format>
-                    <description>IKE lifetime in seconds</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 30-86400"/>
-                  </constraint>
-                </properties>
-                <defaultValue>28800</defaultValue>
-              </leafNode>
-              <leafNode name="mobike">
-                <properties>
-                  <help>Enable MOBIKE Support (IKEv2 only)</help>
-                  <completionHelp>
-                    <list>enable disable</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>enable</format>
-                    <description>Enable MOBIKE</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>disable</format>
-                    <description>Disable MOBIKE</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(enable|disable)</regex>
-                  </constraint>
-                </properties>
-                <defaultValue>enable</defaultValue>
-              </leafNode>
-              <leafNode name="mode">
-                <properties>
-                  <help>IKEv1 phase 1 mode</help>
-                  <completionHelp>
-                    <list>main aggressive</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>main</format>
-                    <description>Use the main mode (recommended)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>aggressive</format>
-                    <description>Use the aggressive mode (insecure, not recommended)</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(main|aggressive)</regex>
-                  </constraint>
-                </properties>
-                <defaultValue>main</defaultValue>
-              </leafNode>
-              <tagNode name="proposal">
-                <properties>
-                  <help>IKE proposal</help>
-                  <valueHelp>
-                    <format>u32:1-65535</format>
-                    <description>IKE group proposal</description>
-                  </valueHelp>
-                </properties>
-                <children>
-                  <leafNode name="dh-group">
-                    <properties>
-                      <help>dh-grouphelp</help>
-                      <completionHelp>
-                        <list>1 2 5 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>1</format>
-                        <description>Diffie-Hellman group 1 (modp768)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>2</format>
-                        <description>Diffie-Hellman group 2 (modp1024)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>5</format>
-                        <description>Diffie-Hellman group 5 (modp1536)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>14</format>
-                        <description>Diffie-Hellman group 14 (modp2048)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>15</format>
-                        <description>Diffie-Hellman group 15 (modp3072)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>16</format>
-                        <description>Diffie-Hellman group 16 (modp4096)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>17</format>
-                        <description>Diffie-Hellman group 17 (modp6144)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>18</format>
-                        <description>Diffie-Hellman group 18 (modp8192)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>19</format>
-                        <description>Diffie-Hellman group 19 (ecp256)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>20</format>
-                        <description>Diffie-Hellman group 20 (ecp384)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>21</format>
-                        <description>Diffie-Hellman group 21 (ecp521)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>22</format>
-                        <description>Diffie-Hellman group 22 (modp1024s160)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>23</format>
-                        <description>Diffie-Hellman group 23 (modp2048s224)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>24</format>
-                        <description>Diffie-Hellman group 24 (modp2048s256)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>25</format>
-                        <description>Diffie-Hellman group 25 (ecp192)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>26</format>
-                        <description>Diffie-Hellman group 26 (ecp224)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>27</format>
-                        <description>Diffie-Hellman group 27 (ecp224bp)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>28</format>
-                        <description>Diffie-Hellman group 28 (ecp256bp)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>29</format>
-                        <description>Diffie-Hellman group 29 (ecp384bp)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>30</format>
-                        <description>Diffie-Hellman group 30 (ecp512bp)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>31</format>
-                        <description>Diffie-Hellman group 31 (curve25519)</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>32</format>
-                        <description>Diffie-Hellman group 32 (curve448)</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>(1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32)</regex>
-                      </constraint>
-                    </properties>
-                    <defaultValue>2</defaultValue>
-                  </leafNode>
-                  #include <include/vpn-ipsec-encryption.xml.i>
-                  #include <include/vpn-ipsec-hash.xml.i>
-                </children>
-              </tagNode>
-            </children>
-          </tagNode>
-          <leafNode name="include-ipsec-conf">
-            <properties>
-              <help>Absolute path to specify a strongSwan config include file</help>
-            </properties>
-          </leafNode>
-          <leafNode name="include-ipsec-secrets">
-            <properties>
-              <help>Absolute path to a strongSwan secrets include file</help>
-            </properties>
-          </leafNode>
-          #include <include/generic-interface-multi.xml.i>
-          <node name="log">
-            <properties>
-              <help>IPsec logging</help>
-            </properties>
-            <children>
-              <leafNode name="level">
-                <properties>
-                  <help>Global IPsec logging Level</help>
-                  <valueHelp>
-                    <format>0</format>
-                    <description>Very basic auditing logs (e.g., SA up/SA down)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>1</format>
-                    <description>Generic control flow with errors, a good default to see whats going on</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>2</format>
-                    <description>More detailed debugging control flow</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 0-2"/>
-                  </constraint>
-                </properties>
-                <defaultValue>0</defaultValue>
-              </leafNode>
-              <leafNode name="subsystem">
-                <properties>
-                  <help>Subsystem logging levels</help>
-                  <completionHelp>
-                    <list>dmn mgr ike chd job cfg knl net asn enc lib esp tls tnc imc imv pts any</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>dmn</format>
-                    <description>Main daemon setup/cleanup/signal handling</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>mgr</format>
-                    <description>IKE_SA manager, handling synchronization for IKE_SA access</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>ike</format>
-                    <description>IKE_SA/ISAKMP SA</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>chd</format>
-                    <description>CHILD_SA/IPsec SA</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>job</format>
-                    <description>Jobs queuing/processing and thread pool management</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>cfg</format>
-                    <description>Configuration management and plugins</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>knl</format>
-                    <description>IPsec/Networking kernel interface</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>net</format>
-                    <description>IKE network communication</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>asn</format>
-                    <description>Low-level encoding/decoding (ASN.1, X.509 etc.)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>enc</format>
-                    <description>Packet encoding/decoding encryption/decryption operations</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>lib</format>
-                    <description>libstrongswan library messages</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>esp</format>
-                    <description>libipsec library messages</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>tls</format>
-                    <description> libtls library messages</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>tnc</format>
-                    <description>Trusted Network Connect</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>imc</format>
-                    <description>Integrity Measurement Collector</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>imv</format>
-                    <description>Integrity Measurement Verifier</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>pts</format>
-                    <description> Platform Trust Service</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>any</format>
-                    <description>Any subsystem</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|lib|esp|tls|tnc|imc|imv|pts|any)</regex>
-                  </constraint>
-                  <multi/>
-                </properties>
-              </leafNode>
-            </children>
-          </node>
-          <node name="options">
-            <properties>
-              <help>Global IPsec settings</help>
-            </properties>
-            <children>
-              <leafNode name="disable-route-autoinstall">
-                <properties>
-                  <help>Do not automatically install routes to remote networks</help>
-                  <valueless/>
-                </properties>
-              </leafNode>
-              <leafNode name="flexvpn">
-                <properties>
-                  <help>Allow FlexVPN vendor ID payload (IKEv2 only)</help>
-                  <valueless/>
-                </properties>
-              </leafNode>
-              #include <include/generic-interface.xml.i>
-              <leafNode name="virtual-ip">
-                <properties>
-                  <help>Allow install virtual-ip addresses</help>
-                  <valueless/>
-                </properties>
-              </leafNode>
-            </children>
-          </node>
-          <tagNode name="profile">
-            <properties>
-              <help>VPN IPsec profile</help>
-            </properties>
-            <children>
-              #include <include/generic-disable-node.xml.i>
-              <node name="authentication">
-                <properties>
-                  <help>Authentication</help>
-                </properties>
-                <children>
-                  <leafNode name="mode">
-                    <properties>
-                      <help>Authentication mode</help>
-                      <completionHelp>
-                        <list>pre-shared-secret</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>pre-shared-secret</format>
-                        <description>Use a pre-shared secret key</description>
-                      </valueHelp>
-                    </properties>
-                  </leafNode>
-                  #include <include/ipsec/authentication-pre-shared-secret.xml.i>
-                </children>
-              </node>
-              <node name="bind">
-                <properties>
-                  <help>DMVPN tunnel configuration</help>
-                </properties>
-                <children>
-                  <leafNode name="tunnel">
-                    <properties>
-                      <help>Tunnel interface associated with this profile</help>
-                      <completionHelp>
-                        <path>interfaces tunnel</path>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>txt</format>
-                        <description>Associated interface to this profile</description>
-                      </valueHelp>
-                      <multi/>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-              #include <include/ipsec/esp-group.xml.i>
-              #include <include/ipsec/ike-group.xml.i>
-            </children>
-          </tagNode>
-          <node name="remote-access">
-            <properties>
-              <help>IKEv2 remote access VPN</help>
-            </properties>
-            <children>
-              <tagNode name="connection">
-                <properties>
-                  <help>IKEv2 VPN connection name</help>
-                </properties>
-                <children>
-                  <node name="authentication">
-                    <properties>
-                      <help>Authentication for remote access</help>
-                    </properties>
-                    <children>
-                      #include <include/ipsec/authentication-id.xml.i>
-                      #include <include/ipsec/authentication-x509.xml.i>
-                      <leafNode name="client-mode">
-                        <properties>
-                          <help>Client authentication mode</help>
-                          <completionHelp>
-                            <list>eap-tls eap-mschapv2 eap-radius</list>
-                          </completionHelp>
-                          <valueHelp>
-                            <format>eap-tls</format>
-                            <description>Use EAP-TLS authentication</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>eap-mschapv2</format>
-                            <description>Use EAP-MSCHAPv2 authentication</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>eap-radius</format>
-                            <description>Use EAP-RADIUS authentication</description>
-                          </valueHelp>
-                          <constraint>
-                            <regex>(eap-tls|eap-mschapv2|eap-radius)</regex>
-                          </constraint>
-                        </properties>
-                        <defaultValue>eap-mschapv2</defaultValue>
-                      </leafNode>
-                      #include <include/auth-local-users.xml.i>
-                      <leafNode name="server-mode">
-                        <properties>
-                          <help>Server authentication mode</help>
-                          <completionHelp>
-                            <list>pre-shared-secret x509</list>
-                          </completionHelp>
-                          <valueHelp>
-                            <format>pre-shared-secret</format>
-                            <description>Use a pre-shared secret key</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>x509</format>
-                            <description>Use x.509 certificate</description>
-                          </valueHelp>
-                          <constraint>
-                            <regex>(pre-shared-secret|x509)</regex>
-                          </constraint>
-                        </properties>
-                        <defaultValue>x509</defaultValue>
-                      </leafNode>
-                      #include <include/ipsec/authentication-pre-shared-secret.xml.i>
-                    </children>
-                  </node>
-                  #include <include/generic-description.xml.i>
-                  #include <include/generic-disable-node.xml.i>
-                  #include <include/ipsec/esp-group.xml.i>
-                  #include <include/ipsec/ike-group.xml.i>
-                  #include <include/ipsec/local-address.xml.i>
-                  #include <include/ipsec/local-traffic-selector.xml.i>
-                  <leafNode name="timeout">
-                    <properties>
-                      <help>Timeout to close connection if no data is transmitted</help>
-                      <valueHelp>
-                        <format>u32:0</format>
-                        <description>Disable inactivity checks</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>u32:1-86400</format>
-                        <description>Timeout in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 0-86400"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>28800</defaultValue>
-                  </leafNode>
-                  <leafNode name="pool">
-                    <properties>
-                      <help>IP address pool</help>
-                      <completionHelp>
-                        <path>vpn ipsec remote-access pool</path>
-                        <list>dhcp radius</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>txt</format>
-                        <description>Predefined IP pool name</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>dhcp</format>
-                        <description>Forward requests for virtual IP addresses to a DHCP server</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>radius</format>
-                        <description>Forward requests for virtual IP addresses to a RADIUS server</description>
-                      </valueHelp>
-                      <multi/>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="unique">
-                    <properties>
-                      <help>Connection uniqueness enforcement policy</help>
-                      <completionHelp>
-                        <list>never keep replace</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>never</format>
-                        <description>Never enforce connection uniqueness</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>keep</format>
-                        <description>Reject new connection attempts if the same user already has an active connection</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>replace</format>
-                        <description>Delete any existing connection if a new one for the same user gets established</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>(never|keep|replace)</regex>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                </children>
-              </tagNode>
-              <node name="dhcp">
-                <properties>
-                  <help>DHCP pool options for remote access</help>
-                </properties>
-                <children>
-                  #include <include/generic-interface.xml.i>
-                  <leafNode name="server">
-                    <properties>
-                      <help>DHCP server address</help>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>DHCP server IPv4 address</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-address"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-              <tagNode name="pool">
-                <properties>
-                  <help>IP address pool for remote access users</help>
-                </properties>
-                <children>
-                  <leafNode name="exclude">
-                    <properties>
-                      <help>Local IPv4 or IPv6 pool prefix exclusions</help>
-                      <valueHelp>
-                        <format>ipv4net</format>
-                        <description>Local IPv4 pool prefix exclusion</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>ipv6net</format>
-                        <description>Local IPv6 pool prefix exclusion</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-prefix"/>
-                        <validator name="ipv6-prefix"/>
-                      </constraint>
-                      <multi/>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="prefix">
-                    <properties>
-                      <help>Local IPv4 or IPv6 pool prefix</help>
-                      <valueHelp>
-                        <format>ipv4net</format>
-                        <description>Local IPv4 pool prefix</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>ipv6net</format>
-                        <description>Local IPv6 pool prefix</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-prefix"/>
-                        <validator name="ipv6-prefix"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  #include <include/name-server-ipv4-ipv6.xml.i>
-                </children>
-              </tagNode>
-              #include <include/radius-server-ipv4.xml.i>
-              <node name="radius">
-                <children>
-                  #include <include/radius-nas-identifier.xml.i>
-                  <tagNode name="server">
-                    <children>
-                      #include <include/accel-ppp/radius-additions-disable-accounting.xml.i>
-                    </children>
-                 </tagNode>
-                </children>
-              </node>
-            </children>
-          </node>
-          <node name="site-to-site">
-            <properties>
-              <help>Site-to-site VPN</help>
-            </properties>
-            <children>
-              <tagNode name="peer">
-                <properties>
-                  <help>VPN peer</help>
-                  <valueHelp>
-                    <format>ipv4</format>
-                    <description>IPv4 address of the peer</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>ipv6</format>
-                    <description>IPv6 address of the peer</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>txt</format>
-                    <description>Hostname of the peer</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>&lt;@text&gt;</format>
-                    <description>ID of the peer</description>
-                  </valueHelp>
-                </properties>
-                <children>
-                  #include <include/generic-disable-node.xml.i>
-                  <node name="authentication">
-                    <properties>
-                      <help>Peer authentication</help>
-                    </properties>
-                    <children>
-                      #include <include/ipsec/authentication-id.xml.i>
-                      #include <include/ipsec/authentication-rsa.xml.i>
-                      #include <include/ipsec/authentication-x509.xml.i>
-                      <leafNode name="mode">
-                        <properties>
-                          <help>Authentication mode</help>
-                          <completionHelp>
-                            <list>pre-shared-secret rsa x509</list>
-                          </completionHelp>
-                          <valueHelp>
-                            <format>pre-shared-secret</format>
-                            <description>Use pre-shared secret key</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>rsa</format>
-                            <description>Use RSA key</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>x509</format>
-                            <description>Use x.509 certificate</description>
-                          </valueHelp>
-                          <constraint>
-                            <regex>(pre-shared-secret|rsa|x509)</regex>
-                          </constraint>
-                        </properties>
-                      </leafNode>
-                      #include <include/ipsec/authentication-pre-shared-secret.xml.i>
-                      <leafNode name="remote-id">
-                        <properties>
-                          <help>ID for remote authentication</help>
-                          <valueHelp>
-                            <format>txt</format>
-                            <description>ID used for peer authentication</description>
-                          </valueHelp>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="use-x509-id">
-                        <properties>
-                          <help>Use certificate common name as ID</help>
-                          <valueless/>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </node>
-                  <leafNode name="connection-type">
-                    <properties>
-                      <help>Connection type</help>
-                      <completionHelp>
-                        <list>initiate respond none</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>initiate</format>
-                        <description>Bring the connection up immediately</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>respond</format>
-                        <description>Wait for the peer to initiate the connection</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>none</format>
-                        <description>Load the connection only</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>(initiate|respond|none)</regex>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="default-esp-group">
-                    <properties>
-                      <help>Defult ESP group name</help>
-                      <completionHelp>
-                        <path>vpn ipsec esp-group</path>
-                      </completionHelp>
-                    </properties>
-                  </leafNode>
-                  #include <include/generic-description.xml.i>
-                  #include <include/dhcp-interface.xml.i>
-                  <leafNode name="force-encapsulation">
-                    <properties>
-                      <help>Force UDP Encapsulation for ESP payloads</help>
-                      <completionHelp>
-                        <list>enable disable</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>enable</format>
-                        <description>Force UDP encapsulation</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>disable</format>
-                        <description>Do not force UDP encapsulation</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>(enable|disable)</regex>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  #include <include/ipsec/ike-group.xml.i>
-                  <leafNode name="ikev2-reauth">
-                    <properties>
-                      <help>Re-authentication of the remote peer during an IKE re-key (IKEv2 only)</help>
-                      <completionHelp>
-                        <list>yes no inherit</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>yes</format>
-                        <description>Enable remote host re-autentication during an IKE re-key. Currently broken due to a strong swan bug</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>no</format>
-                        <description>Disable remote host re-authenticaton during an IKE re-key.</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>inherit</format>
-                        <description>Inherit the reauth configuration form your IKE-group</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>(yes|no|inherit)</regex>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  #include <include/ipsec/local-address.xml.i>
-                  <tagNode name="tunnel">
-                    <properties>
-                      <help>Peer tunnel</help>
-                      <valueHelp>
-                        <format>u32</format>
-                        <description>Peer tunnel</description>
-                      </valueHelp>
-                    </properties>
-                    <children>
-                      #include <include/generic-disable-node.xml.i>
-                      #include <include/ipsec/esp-group.xml.i>
-                      #include <include/ipsec/local-traffic-selector.xml.i>
-                      #include <include/ip-protocol.xml.i>
-                      <leafNode name="priority">
-                        <properties>
-                          <help>Priority for IPsec policy (lowest value more preferable)</help>
-                          <valueHelp>
-                            <format>u32:1-100</format>
-                            <description>Priority for IPsec policy (lowest value more preferable)</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="numeric" argument="--range 1-100"/>
-                          </constraint>
-                        </properties>
-                      </leafNode>
-                      <node name="remote">
-                        <properties>
-                          <help>Match remote addresses</help>
-                        </properties>
-                        <children>
-                          #include <include/port-number.xml.i>
-                          <leafNode name="prefix">
-                            <properties>
-                              <help>Remote IPv4 or IPv6 prefix</help>
-                              <valueHelp>
-                                <format>ipv4net</format>
-                                <description>Remote IPv4 prefix</description>
-                              </valueHelp>
-                              <valueHelp>
-                                <format>ipv6net</format>
-                                <description>Remote IPv6 prefix</description>
-                              </valueHelp>
-                              <constraint>
-                                <validator name="ipv4-prefix"/>
-                                <validator name="ipv6-prefix"/>
-                              </constraint>
-                              <multi/>
-                            </properties>
-                          </leafNode>
-                        </children>
-                      </node>
-                    </children>
-                  </tagNode>
-                  <leafNode name="virtual-address">
-                    <properties>
-                      <help>Initiator request virtual-address from peer</help>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>Request IPv4 address from peer</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>ipv6</format>
-                        <description>Request IPv6 address from peer</description>
-                      </valueHelp>
-                      <multi/>
-                    </properties>
-                  </leafNode>
-                  <node name="vti">
-                    <properties>
-                      <help>Virtual tunnel interface</help>
-                    </properties>
-                    <children>
-                      <leafNode name="bind">
-                        <properties>
-                          <help>VTI tunnel interface associated with this configuration</help>
-                          <completionHelp>
-                            <path>interfaces vti</path>
-                          </completionHelp>
-                        </properties>
-                      </leafNode>
-                      #include <include/ipsec/esp-group.xml.i>
-                    </children>
-                  </node>
-                </children>
-              </tagNode>
-            </children>
-          </node>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in
deleted file mode 100644
index f734283e7..000000000
--- a/interface-definitions/vpn_l2tp.xml.in
+++ /dev/null
@@ -1,282 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="vpn">
-    <children>
-      <node name="l2tp" owner="${vyos_conf_scripts_dir}/vpn_l2tp.py">
-        <properties>
-          <help>L2TP Virtual Private Network (VPN)</help>
-          <priority>902</priority>
-        </properties>
-        <children>
-          <node name="remote-access">
-            <properties>
-              <help>Remote access L2TP VPN</help>
-            </properties>
-            <children>
-              #include <include/accel-ppp/mtu-128-16384.xml.i>
-              <leafNode name="outside-address">
-                <properties>
-                  <help>External IP address to which VPN clients will connect</help>
-                  <constraint>
-                    <validator name="ipv4-address"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              #include <include/accel-ppp/gateway-address.xml.i>
-              #include <include/name-server-ipv4-ipv6.xml.i>
-              <node name="lns">
-                <properties>
-                  <help>L2TP Network Server (LNS)</help>
-                </properties>
-                <children>
-                  <leafNode name="shared-secret">
-                    <properties>
-                      <help>Tunnel password used to authenticate the client (LAC)</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="host-name">
-                    <properties>
-                      <help>Sent to the client (LAC) in the Host-Name attribute</help>
-                      <constraint>
-                        <regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-              <leafNode name="ccp-disable">
-                <properties>
-                  <help>Disable Compression Control Protocol (CCP)</help>
-                  <valueless />
-                </properties>
-              </leafNode>
-              <node name="ipsec-settings">
-                <properties>
-                  <help>Internet Protocol Security (IPsec) for remote access L2TP VPN</help>
-                </properties>
-                <children>
-                  <node name="authentication">
-                    <properties>
-                      <help>IPsec authentication settings</help>
-                    </properties>
-                    <children>
-                      <leafNode name="mode">
-                        <properties>
-                          <help>Authentication mode for IPsec</help>
-                          <valueHelp>
-                            <format>pre-shared-secret</format>
-                            <description>Use pre-shared secret for IPsec authentication</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>x509</format>
-                            <description>Use X.509 certificate for IPsec authentication</description>
-                          </valueHelp>
-                          <constraint>
-                            <regex>(pre-shared-secret|x509)</regex>
-                          </constraint>
-                          <completionHelp>
-                            <list>pre-shared-secret x509</list>
-                          </completionHelp>
-                        </properties>
-                      </leafNode>
-                      #include <include/ipsec/authentication-pre-shared-secret.xml.i>
-                      #include <include/ipsec/authentication-x509.xml.i>
-                    </children>
-                  </node>
-                  <leafNode name="ike-lifetime">
-                    <properties>
-                      <help>IKE lifetime</help>
-                      <valueHelp>
-                        <format>u32:30-86400</format>
-                        <description>IKE lifetime in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 30-86400"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>3600</defaultValue>
-                  </leafNode>
-                   <leafNode name="lifetime">
-                    <properties>
-                      <help>ESP lifetime</help>
-                      <valueHelp>
-                        <format>u32:30-86400</format>
-                        <description>IKE lifetime in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 30-86400"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>3600</defaultValue>
-                  </leafNode>
-                  #include <include/ipsec/esp-group.xml.i>
-                  #include <include/ipsec/ike-group.xml.i>
-                </children>
-              </node>
-              #include <include/accel-ppp/wins-server.xml.i>
-              <node name="client-ip-pool">
-                <properties>
-                  <help>Pool of client IP addresses (must be within a /24)</help>
-                </properties>
-                <children>
-                  #include <include/accel-ppp/client-ip-pool-start-stop.xml.i>
-                  #include <include/accel-ppp/client-ip-pool-subnet.xml.i>
-                </children>
-              </node>
-              #include <include/accel-ppp/client-ipv6-pool.xml.i>
-              <leafNode name="description">
-                <properties>
-                  <help>Description for L2TP remote-access settings</help>
-                </properties>
-              </leafNode>
-              #include <include/dhcp-interface.xml.i>
-              <leafNode name="idle">
-                <properties>
-                  <help>PPP idle timeout</help>
-                  <valueHelp>
-                    <format>u32:30-86400</format>
-                    <description>PPP idle timeout in seconds</description>
-                  </valueHelp>
-                    <constraint>
-                      <validator name="numeric" argument="--range 30-86400"/>
-                    </constraint>
-                </properties>
-              </leafNode>
-              <node name="authentication">
-                <properties>
-                  <help>Authentication for remote access L2TP VPN</help>
-                </properties>
-                <children>
-                  <leafNode name="require">
-                    <properties>
-                      <help>Authentication protocol for remote access peer L2TP VPN</help>
-                      <valueHelp>
-                        <format>pap</format>
-                        <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>chap</format>
-                        <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>mschap</format>
-                        <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>mschap-v2</format>
-                        <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>(pap|chap|mschap|mschap-v2)</regex>
-                      </constraint>
-                      <completionHelp>
-                        <list>pap chap mschap mschap-v2</list>
-                      </completionHelp>
-                      <multi />
-                    </properties>
-                  </leafNode>
-                  #include <include/accel-ppp/ppp-mppe.xml.i>
-                  #include <include/accel-ppp/auth-mode.xml.i>
-                  #include <include/accel-ppp/auth-local-users.xml.i>
-                  #include <include/radius-server-ipv4.xml.i>
-                  <node name="radius">
-                    <children>
-                      <tagNode name="server">
-                        <children>
-                          #include <include/accel-ppp/radius-additions-disable-accounting.xml.i>
-                          <leafNode name="fail-time">
-                            <properties>
-                              <help>Mark server unavailable for N seconds on failure</help>
-                              <valueHelp>
-                                <format>u32:0-600</format>
-                                <description>Fail time penalty</description>
-                              </valueHelp>
-                              <constraint>
-                                <validator name="numeric" argument="--range 0-600"/>
-                              </constraint>
-                              <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage>
-                            </properties>
-                          </leafNode>
-                        </children>
-                      </tagNode>
-                      <leafNode name="timeout">
-                        <properties>
-                          <help>Timeout to wait response from server (seconds)</help>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="acct-timeout">
-                        <properties>
-                          <help>Timeout to wait reply for Interim-Update packets</help>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="max-try">
-                        <properties>
-                          <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help>
-                        </properties>
-                      </leafNode>
-                      #include <include/radius-nas-identifier.xml.i>
-                      <node name="dae-server">
-                        <properties>
-                          <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help>
-                        </properties>
-                        <children>
-                          <leafNode name="ip-address">
-                            <properties>
-                              <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
-                            </properties>
-                          </leafNode>
-                          <leafNode name="port">
-                            <properties>
-                              <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
-                            </properties>
-                          </leafNode>
-                          <leafNode name="secret">
-                            <properties>
-                              <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help>
-                            </properties>
-                          </leafNode>
-                        </children>
-                      </node>
-                      <node name="rate-limit">
-                        <properties>
-                          <help>Upload/Download speed limits</help>
-                        </properties>
-                        <children>
-                          <leafNode name="attribute">
-                            <properties>
-                              <help>Specifies which radius attribute contains rate information</help>
-                            </properties>
-                          </leafNode>
-                          <leafNode name="vendor">
-                            <properties>
-                              <help>Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius)</help>
-                            </properties>
-                          </leafNode>
-                          <leafNode name="enable">
-                            <properties>
-                              <help>Enables Bandwidth shaping via RADIUS</help>
-                              <valueless />
-                            </properties>
-                          </leafNode>
-                        </children>
-                      </node>
-                    </children>
-                  </node>
-                </children>
-              </node>
-              <node name="ppp-options">
-                <properties>
-                  <help>Advanced protocol options</help>
-                </properties>
-                <children>
-                  #include <include/accel-ppp/lcp-echo-interval-failure.xml.i>
-                  #include <include/accel-ppp/ppp-options-ipv6.xml.i>
-                </children>
-              </node>
-            </children>
-          </node>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in
deleted file mode 100644
index 21b47125d..000000000
--- a/interface-definitions/vpn_openconnect.xml.in
+++ /dev/null
@@ -1,274 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="vpn">
-    <children>
-      <node name="openconnect" owner="${vyos_conf_scripts_dir}/vpn_openconnect.py">
-        <properties>
-          <help>SSL VPN OpenConnect, AnyConnect compatible server</help>
-          <priority>901</priority>
-        </properties>
-        <children>
-          <node name="authentication">
-            <properties>
-              <help>Authentication for remote access SSL VPN Server</help>
-            </properties>
-            <children>
-              <node name="mode">
-                <properties>
-                  <help>Authentication mode used by this server</help>
-                </properties>
-                <children>
-                  <leafNode name="local">
-                    <properties>
-                      <help>Use local username/password configuration (OTP supported)</help>
-                      <valueHelp>
-                        <format>password</format>
-                        <description>Password-only local authentication</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>otp</format>
-                        <description>OTP-only local authentication</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>password-otp</format>
-                        <description>Password (first) + OTP local authentication</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>(password|otp|password-otp)</regex>
-                      </constraint>
-                      <constraintErrorMessage>Invalid authentication mode. Must be one of: password, otp or password-otp </constraintErrorMessage>
-                      <completionHelp>
-                        <list>otp password password-otp</list>
-                      </completionHelp>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="radius">
-                    <properties>
-                      <help>Use RADIUS server for user autentication</help>
-                      <valueless/>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-              #include <include/auth-local-users.xml.i>
-              <node name="local-users">
-                <children>
-                  <tagNode name="username">
-                    <children>
-                        <node name="otp">
-                          <properties>
-                            <help>2FA OTP authentication parameters</help>
-                          </properties>
-                          <children>
-                            <leafNode name="key">
-                              <properties>
-                                <help>Token Key Secret key for the token algorithm (see RFC 4226)</help>
-                                <valueHelp>
-                                  <format>txt</format>
-                                  <description>OTP key in hex-encoded format</description>
-                                </valueHelp>
-                                <constraint>
-                                  <regex>[a-fA-F0-9]{20,10000}</regex>
-                                </constraint>
-                                <constraintErrorMessage>Key name must only include hex characters and be at least 20 characters long</constraintErrorMessage>
-                              </properties>
-                            </leafNode>
-                            <leafNode name="otp-length">
-                              <properties>
-                                <help>Number of digits in OTP code</help>
-                                <valueHelp>
-                                  <format>u32:6-8</format>
-                                  <description>Number of digits in OTP code</description>
-                                </valueHelp>
-                                <constraint>
-                                  <validator name="numeric" argument="--range 6-8"/>
-                                </constraint>
-                                <constraintErrorMessage>Number of digits in OTP code must be between 6 and 8</constraintErrorMessage>
-                              </properties>
-                              <defaultValue>6</defaultValue>
-                            </leafNode>
-                            <leafNode name="interval">
-                              <properties>
-                                <help>Time tokens interval in seconds</help>
-                                <valueHelp>
-                                  <format>u32:5-86400</format>
-                                  <description>Time tokens interval in seconds.</description>
-                                </valueHelp>
-                                <constraint>
-                                  <validator name="numeric" argument="--range 5-86400"/>
-                                </constraint>
-                                <constraintErrorMessage>Time token interval must be between 5 and 86400 seconds</constraintErrorMessage>
-                              </properties>
-                              <defaultValue>30</defaultValue>
-                            </leafNode>
-                            <leafNode name="token-type">
-                              <properties>
-                                <help>Token type</help>
-                                <valueHelp>
-                                  <format>hotp-time</format>
-                                  <description>Time-based OTP algorithm</description>
-                                </valueHelp>
-                                <valueHelp>
-                                  <format>hotp-event</format>
-                                  <description>Event-based OTP algorithm</description>
-                                </valueHelp>
-                                <constraint>
-                                  <regex>(hotp-time|hotp-event)</regex>
-                                </constraint>
-                                <completionHelp>
-                                  <list>hotp-time hotp-event</list>
-                                </completionHelp>
-                              </properties>
-                              <defaultValue>hotp-time</defaultValue>
-                            </leafNode>
-                          </children>
-                        </node>
-                    </children>
-                  </tagNode>
-                </children>
-              </node>
-              #include <include/radius-server-ipv4.xml.i>
-              <node name="radius">
-                <children>
-                  <leafNode name="timeout">
-                    <properties>
-                      <help>Session timeout</help>
-                      <valueHelp>
-                        <format>u32:1-240</format>
-                        <description>Session timeout in seconds (default: 2)</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-240"/>
-                      </constraint>
-                      <constraintErrorMessage>Timeout must be between 1 and 240 seconds</constraintErrorMessage>
-                    </properties>
-                    <defaultValue>2</defaultValue>
-                  </leafNode>
-                </children>
-              </node>
-            </children>
-          </node>
-          <node name="listen-ports">
-            <properties>
-              <help>Specify custom ports to use for client connections</help>
-            </properties>
-            <children>
-              <leafNode name="tcp">
-                <properties>
-                  <help>tcp port number to accept connections</help>
-                  <valueHelp>
-                    <format>u32:1-65535</format>
-                    <description>Numeric IP port</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1-65535"/>
-                  </constraint>
-                </properties>
-                <defaultValue>443</defaultValue>
-              </leafNode>
-              <leafNode name="udp">
-                <properties>
-                  <help>udp port number to accept connections</help>
-                  <valueHelp>
-                    <format>u32:1-65535</format>
-                    <description>Numeric IP port</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1-65535"/>
-                  </constraint>
-                </properties>
-                <defaultValue>443</defaultValue>
-              </leafNode>
-            </children>
-          </node>
-          <node name="ssl">
-            <properties>
-              <help>SSL Certificate, SSL Key and CA</help>
-            </properties>
-            <children>
-              #include <include/pki/ca-certificate.xml.i>
-              #include <include/pki/certificate-key.xml.i>
-            </children>
-          </node>
-          <node name="network-settings">
-            <properties>
-              <help>Network settings</help>
-            </properties>
-            <children>
-              <leafNode name="push-route">
-                <properties>
-                  <help>Route to be pushed to the client</help>
-                  <valueHelp>
-                    <format>ipv4net</format>
-                    <description>IPv4 network and prefix length</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>ipv6net</format>
-                    <description>IPv6 network and prefix length</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ip-prefix"/>
-                  </constraint>
-                  <multi/>
-                </properties>
-              </leafNode>
-              <node name="client-ip-settings">
-                <properties>
-                  <help>Client IP pools settings</help>
-                </properties>
-                <children>
-                  <leafNode name="subnet">
-                    <properties>
-                      <help>Client IP subnet (CIDR notation)</help>
-                      <valueHelp>
-                        <format>ipv4net</format>
-                        <description>IPv4 address and prefix length</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-prefix"/>
-                      </constraint>
-                      <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-              <node name="client-ipv6-pool">
-                <properties>
-                  <help>Pool of client IPv6 addresses</help>
-                </properties>
-                <children>
-                  <leafNode name="prefix">
-                    <properties>
-                      <help>Pool of addresses used to assign to clients</help>
-                      <valueHelp>
-                        <format>ipv6net</format>
-                        <description>IPv6 address and prefix length</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv6-prefix"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="mask">
-                    <properties>
-                      <help>Prefix length used for individual client</help>
-                      <valueHelp>
-                        <format>u32:48-128</format>
-                        <description>Client prefix length</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 48-128"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>64</defaultValue>
-                  </leafNode>
-                </children>
-              </node>
-              #include <include/name-server-ipv4-ipv6.xml.i>
-            </children>
-          </node>
-      </children>
-    </node>
-  </children>
-</node>
-</interfaceDefinition>
diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in
deleted file mode 100644
index 28a53acb9..000000000
--- a/interface-definitions/vpn_pptp.xml.in
+++ /dev/null
@@ -1,121 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="vpn">
-    <children>
-      <node name="pptp" owner="${vyos_conf_scripts_dir}/vpn_pptp.py">
-        <properties>
-          <help>Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN)</help>
-          <priority>901</priority>
-        </properties>
-        <children>
-          <node name="remote-access">
-            <properties>
-              <help>Remote access PPTP VPN</help>
-            </properties>
-            <children>
-              #include <include/accel-ppp/mtu-128-16384.xml.i>
-              <leafNode name="outside-address">
-                <properties>
-                  <help>External IP address to which VPN clients will connect</help>
-                  <constraint>
-                    <validator name="ipv4-address"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              #include <include/name-server-ipv4.xml.i>
-              #include <include/accel-ppp/wins-server.xml.i>
-              <node name="client-ip-pool">
-                <properties>
-                  <help>Pool of client IP addresses (must be within a /24)</help>
-                </properties>
-                <children>
-                  #include <include/accel-ppp/client-ip-pool-start-stop.xml.i>
-                </children>
-              </node>
-              #include <include/accel-ppp/gateway-address.xml.i>
-              <node name="authentication">
-                <properties>
-                  <help>Authentication for remote access PPTP VPN</help>
-                </properties>
-                <children>
-                  <leafNode name="require">
-                    <properties>
-                      <help>Authentication protocol for remote access peer PPTP VPN</help>
-                      <valueHelp>
-                        <format>pap</format>
-                        <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>chap</format>
-                        <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>mschap</format>
-                        <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>mschap-v2</format>
-                        <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description>
-                      </valueHelp>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="mppe">
-                    <properties>
-                      <help>Specifies mppe negotioation preference. (default require mppe 128-bit stateless</help>
-                      <valueHelp>
-                        <format>deny</format>
-                        <description>deny mppe</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>prefer</format>
-                        <description>ask client for mppe, if it rejects do not fail</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>require</format>
-                        <description>ask client for mppe, if it rejects drop connection</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>(deny|prefer|require)</regex>
-                      </constraint>
-                      <completionHelp>
-                        <list>deny prefer require</list>
-                      </completionHelp>
-                    </properties>
-                  </leafNode>
-                  #include <include/accel-ppp/auth-mode.xml.i>
-                  <node name="local-users">
-                    <properties>
-                      <help>Local user authentication for remote access PPTP VPN</help>
-                    </properties>
-                    <children>
-                      <tagNode name="username">
-                        <properties>
-                          <help>User name for authentication</help>
-                        </properties>
-                        <children>
-                          #include <include/generic-disable-node.xml.i>
-                          <leafNode name="password">
-                            <properties>
-                              <help>Password for authentication</help>
-                            </properties>
-                          </leafNode>
-                          <leafNode name="static-ip">
-                            <properties>
-                              <help>Static client IP address</help>
-                            </properties>
-                          </leafNode>
-                        </children>
-                      </tagNode>
-                    </children>
-                  </node>
-                  #include <include/radius-server-ipv4.xml.i>
-                  #include <include/accel-ppp/radius-additions.xml.i>
-                </children>
-              </node>
-            </children>
-          </node>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in
deleted file mode 100644
index 195d581df..000000000
--- a/interface-definitions/vpn_sstp.xml.in
+++ /dev/null
@@ -1,69 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="vpn">
-    <children>
-      <node name="sstp" owner="${vyos_conf_scripts_dir}/vpn_sstp.py">
-        <properties>
-          <help>Secure Socket Tunneling Protocol (SSTP) server</help>
-          <priority>901</priority>
-        </properties>
-        <children>
-          <node name="authentication">
-            <properties>
-              <help>Authentication for remote access SSTP Server</help>
-            </properties>
-            <children>
-              #include <include/accel-ppp/auth-local-users.xml.i>
-              #include <include/accel-ppp/auth-mode.xml.i>
-              #include <include/accel-ppp/auth-protocols.xml.i>
-              #include <include/radius-server-ipv4.xml.i>
-              #include <include/accel-ppp/radius-additions.xml.i>
-              <node name="radius">
-                <children>
-                  #include <include/accel-ppp/radius-additions-rate-limit.xml.i>
-                </children>
-              </node>
-            </children>
-          </node>
-          #include <include/interface/mtu-68-1500.xml.i>
-          #include <include/accel-ppp/gateway-address.xml.i>
-          #include <include/name-server-ipv4-ipv6.xml.i>
-          <node name="client-ip-pool">
-            <properties>
-              <help>Client IP pools and gateway setting</help>
-            </properties>
-            <children>
-              #include <include/accel-ppp/client-ip-pool-subnet.xml.i>
-            </children>
-          </node>
-          #include <include/accel-ppp/client-ipv6-pool.xml.i>
-          #include <include/port-number.xml.i>
-          <leafNode name="port">
-            <defaultValue>443</defaultValue>
-          </leafNode>
-          <node name="ppp-options">
-            <properties>
-              <help>PPP (Point-to-Point Protocol) settings</help>
-            </properties>
-            <children>
-              #include <include/accel-ppp/ppp-mppe.xml.i>
-              #include <include/accel-ppp/ppp-options-ipv4.xml.i>
-              #include <include/accel-ppp/ppp-options-ipv6.xml.i>
-              #include <include/accel-ppp/lcp-echo-interval-failure.xml.i>
-              #include <include/accel-ppp/lcp-echo-timeout.xml.i>
-            </children>
-          </node>
-          <node name="ssl">
-            <properties>
-              <help>SSL Certificate, SSL Key and CA</help>
-            </properties>
-            <children>
-              #include <include/pki/ca-certificate.xml.i>
-              #include <include/pki/certificate.xml.i>
-            </children>
-          </node>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
-- 
cgit v1.2.3