240 files changed, 640 insertions, 365 deletions

diff --git a/data/config-mode-dependencies/vyos-1x.json b/data/config-mode-dependencies/vyos-1x.json
index 4a1bc4011..4fd94d895 100644
--- a/data/config-mode-dependencies/vyos-1x.json
+++ b/data/config-mode-dependencies/vyos-1x.json
@@ -1,56 +1,52 @@
 {
-    "conntrack": {
-        "conntrack_sync": ["conntrack_sync"]
+    "system_conntrack": {
+        "conntrack_sync": ["service_conntrack-sync"]
     },
     "firewall": {
-        "conntrack": ["conntrack"],
-        "conntrack_sync": ["conntrack_sync"],
-        "group_resync": ["conntrack", "nat", "policy-route"]
+        "conntrack": ["system_conntrack"],
+        "group_resync": ["system_conntrack", "nat", "policy_route"]
     },
     "interfaces_bonding": {
-        "ethernet": ["interfaces-ethernet"]
+        "ethernet": ["interfaces_ethernet"]
     },
     "interfaces_bridge": {
-        "vxlan": ["interfaces-vxlan"]
+        "vxlan": ["interfaces_vxlan"]
     },
     "load_balancing_wan": {
-        "conntrack": ["conntrack"],
-        "conntrack_sync": ["conntrack_sync"]
+        "conntrack": ["system_conntrack"]
     },
     "nat": {
-        "conntrack": ["conntrack"],
-        "conntrack_sync": ["conntrack_sync"]
+        "conntrack": ["system_conntrack"]
     },
     "nat66": {
-        "conntrack": ["conntrack"],
-        "conntrack_sync": ["conntrack_sync"]
+        "conntrack": ["system_conntrack"]
     },
     "pki": {
-        "ethernet": ["interfaces-ethernet"],
-        "openvpn": ["interfaces-openvpn"],
-        "https": ["https"],
+        "ethernet": ["interfaces_ethernet"],
+        "openvpn": ["interfaces_openvpn"],
+        "https": ["service_https"],
         "ipsec": ["vpn_ipsec"],
         "openconnect": ["vpn_openconnect"],
         "sstp": ["vpn_sstp"]
     },
     "qos": {
-        "bonding": ["interfaces-bonding"],
-        "bridge": ["interfaces-bridge"],
-        "dummy": ["interfaces-dummy"],
-        "ethernet": ["interfaces-ethernet"],
-        "geneve": ["interfaces-geneve"],
-        "input": ["interfaces-input"],
-        "l2tpv3": ["interfaces-l2tpv3"],
-        "loopback": ["interfaces-loopback"],
-        "macsec": ["interfaces-macsec"],
-        "openvpn": ["interfaces-openvpn"],
-        "pppoe": ["interfaces-pppoe"],
-        "pseudo-ethernet": ["interfaces-pseudo-ethernet"],
-        "tunnel": ["interfaces-tunnel"],
-        "vti": ["interfaces-vti"],
-        "vxlan": ["interfaces-vxlan"],
-        "wireguard": ["interfaces-wireguard"],
-        "wireless": ["interfaces-wireless"],
-        "wwan": ["interfaces-wwan"]
+        "bonding": ["interfaces_bonding"],
+        "bridge": ["interfaces_bridge"],
+        "dummy": ["interfaces_dummy"],
+        "ethernet": ["interfaces_ethernet"],
+        "geneve": ["interfaces_geneve"],
+        "input": ["interfaces_input"],
+        "l2tpv3": ["interfaces_l2tpv3"],
+        "loopback": ["interfaces_loopback"],
+        "macsec": ["interfaces_macsec"],
+        "openvpn": ["interfaces_openvpn"],
+        "pppoe": ["interfaces_pppoe"],
+        "pseudo-ethernet": ["interfaces_pseudo-ethernet"],
+        "tunnel": ["interfaces_tunnel"],
+        "vti": ["interfaces_vti"],
+        "vxlan": ["interfaces_vxlan"],
+        "wireguard": ["interfaces_wireguard"],
+        "wireless": ["interfaces_wireless"],
+        "wwan": ["interfaces_wwan"]
     }
 }
diff --git a/data/configd-include.json b/data/configd-include.json
index 6d7261b73..d1f9db796 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -1,88 +1,107 @@
 [
-"arp.py",
-"bcast_relay.py",
 "container.py",
-"conntrack.py",
-"conntrack_sync.py",
-"dhcp_relay.py",
-"dhcp_server.py",
-"dhcpv6_relay.py",
-"dhcpv6_server.py",
-"dns_forwarding.py",
-"dns_dynamic.py",
 "firewall.py",
-"flow_accounting_conf.py",
 "high-availability.py",
-"host_name.py",
-"igmp_proxy.py",
-"intel_qat.py",
-"interfaces-bonding.py",
-"interfaces-bridge.py",
-"interfaces-dummy.py",
-"interfaces-ethernet.py",
-"interfaces-geneve.py",
-"interfaces-l2tpv3.py",
-"interfaces-loopback.py",
-"interfaces-macsec.py",
-"interfaces-openvpn.py",
-"interfaces-pppoe.py",
-"interfaces-pseudo-ethernet.py",
-"interfaces-sstpc.py",
-"interfaces-tunnel.py",
-"interfaces-vti.py",
-"interfaces-vxlan.py",
-"interfaces-wireguard.py",
-"interfaces-wireless.py",
-"interfaces-wwan.py",
-"lldp.py",
+"interfaces_bonding.py",
+"interfaces_bridge.py",
+"interfaces_dummy.py",
+"interfaces_ethernet.py",
+"interfaces_geneve.py",
+"interfaces_input.py",
+"interfaces_l2tpv3.py",
+"interfaces_loopback.py",
+"interfaces_macsec.py",
+"interfaces_openvpn.py",
+"interfaces_pppoe.py",
+"interfaces_pseudo-ethernet.py",
+"interfaces_sstpc.py",
+"interfaces_tunnel.py",
+"interfaces_virtual-ethernet.py",
+"interfaces_vti.py",
+"interfaces_vxlan.py",
+"interfaces_wireguard.py",
+"interfaces_wireless.py",
+"interfaces_wwan.py",
+"load-balancing_reverse-proxy.py",
+"load-balancing_wan.py",
 "nat.py",
+"nat64.py",
 "nat66.py",
 "netns.py",
-"ntp.py",
 "pki.py",
 "policy.py",
-"policy-local-route.py",
+"policy_route.py",
+"policy_local-route.py",
+"protocols_babel.py",
 "protocols_bfd.py",
 "protocols_bgp.py",
+"protocols_eigrp.py",
+"protocols_failover.py",
+"protocols_igmp-proxy.py",
 "protocols_isis.py",
 "protocols_mpls.py",
 "protocols_nhrp.py",
 "protocols_ospf.py",
 "protocols_ospfv3.py",
 "protocols_pim.py",
+"protocols_pim6.py",
 "protocols_rip.py",
 "protocols_ripng.py",
 "protocols_rpki.py",
-"protocols_segment_routing.py",
+"protocols_segment-routing.py",
 "protocols_static.py",
+"protocols_static_arp.py",
 "protocols_static_multicast.py",
+"protocols_static_neighbor-proxy.py",
 "qos.py",
-"salt-minion.py",
+"service_broadcast-relay.py",
+"service_config-sync.py",
+"service_conntrack-sync.py",
 "service_console-server.py",
-"service_ids_fastnetmon.py",
+"service_dhcp-relay.py",
+"service_dhcp-server.py",
+"service_dhcpv6-relay.py",
+"service_dhcpv6-server.py",
+"service_dns_dynamic.py",
+"service_dns_forwarding.py",
+"service_event-handler.py",
+"service_https.py",
+"service_ids_ddos-protection.py",
 "service_ipoe-server.py",
-"service_mdns-repeater.py",
+"service_lldp.py",
+"service_mdns_repeater.py",
 "service_monitoring_telegraf.py",
+"service_monitoring_zabbix-agent.py",
 "service_ndp-proxy.py",
+"service_ntp.py",
 "service_pppoe-server.py",
 "service_router-advert.py",
+"service_salt-minion.py",
+"service_ssh.py",
+"service_tftp-server.py",
 "service_upnp.py",
-"ssh.py",
-"system-ip.py",
-"system-ipv6.py",
-"system-login-banner.py",
-"system-logs.py",
-"system-option.py",
-"system-proxy.py",
-"system_sflow.py",
-"system_sysctl.py",
-"system-syslog.py",
-"system-timezone.py",
+"system_acceleration.py",
+"system_conntrack.py",
 "system_console.py",
+"system_flow-accounting.py",
+"system_frr.py",
+"system_host-name.py",
+"system_ip.py",
+"system_ipv6.py",
 "system_lcd.py",
-"task_scheduler.py",
-"tftp_server.py",
+"system_login_banner.py",
+"system_logs.py",
+"system_option.py",
+"system_proxy.py",
+"system_sflow.py",
+"system_sysctl.py",
+"system_syslog.py",
+"system_task-scheduler.py",
+"system_timezone.py",
+"system_update-check.py",
+"vpn_ipsec.py",
 "vpn_l2tp.py",
+"vpn_openconnect.py",
 "vpn_pptp.py",
 "vpn_sstp.py",
 "vrf.py",
diff --git a/data/templates/bcast-relay/udp-broadcast-relay.j2 b/data/templates/bcast-relay/udp-broadcast-relay.j2
index 75740e04c..3f5b5bbe3 100644
--- a/data/templates/bcast-relay/udp-broadcast-relay.j2
+++ b/data/templates/bcast-relay/udp-broadcast-relay.j2
@@ -1,4 +1,4 @@
-### Autogenerated by bcast_relay.py ###
+### Autogenerated by service_broadcast-relay.py ###
 
 # UDP broadcast relay configuration for instance {{ id }}
 {{ '# ' ~ description if description is vyos_defined }}
diff --git a/data/templates/chrony/chrony.conf.j2 b/data/templates/chrony/chrony.conf.j2
index 0daec8fb8..d02fbf71d 100644
--- a/data/templates/chrony/chrony.conf.j2
+++ b/data/templates/chrony/chrony.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by ntp.py ###
+### Autogenerated by service_ntp.py ###
 
 # This would step the system clock if the adjustment is larger than 0.1 seconds,
 # but only in the first three clock updates.
diff --git a/data/templates/conntrack/sysctl.conf.j2 b/data/templates/conntrack/sysctl.conf.j2
index 3d6fc43f2..986f75c61 100644
--- a/data/templates/conntrack/sysctl.conf.j2
+++ b/data/templates/conntrack/sysctl.conf.j2
@@ -1,4 +1,4 @@
-# Autogenerated by conntrack.py
+# Autogenerated by system_conntrack.py
 {# all values have defaults - thus no checking required #}
 
 net.netfilter.nf_conntrack_expect_max = {{ expect_table_size }}
diff --git a/data/templates/conntrack/vyos_nf_conntrack.conf.j2 b/data/templates/conntrack/vyos_nf_conntrack.conf.j2
index 197155d96..1b12fec5f 100644
--- a/data/templates/conntrack/vyos_nf_conntrack.conf.j2
+++ b/data/templates/conntrack/vyos_nf_conntrack.conf.j2
@@ -1,2 +1,2 @@
-# Autogenerated by conntrack.py
+# Autogenerated by system_conntrack.py
 options nf_conntrack hashsize={{ hash_size }}
diff --git a/data/templates/conntrackd/conntrackd.conf.j2 b/data/templates/conntrackd/conntrackd.conf.j2
index 808a77759..8f56c8171 100644
--- a/data/templates/conntrackd/conntrackd.conf.j2
+++ b/data/templates/conntrackd/conntrackd.conf.j2
@@ -1,4 +1,4 @@
-# autogenerated by conntrack_sync.py
+### autogenerated by service_conntrack-sync.py ###
 
 # Synchronizer settings
 Sync {
@@ -111,4 +111,3 @@ General {
     }
 {% endif %}
 }
-
diff --git a/data/templates/dhcp-relay/dhcrelay.conf.j2 b/data/templates/dhcp-relay/dhcrelay.conf.j2
index c26c263fd..71a395454 100644
--- a/data/templates/dhcp-relay/dhcrelay.conf.j2
+++ b/data/templates/dhcp-relay/dhcrelay.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by dhcp_relay.py ###
+### Autogenerated by service_dhcp-relay.py ###
 
 {% set max_size = '-A ' ~ relay_options.max_size if relay_options.max_size is vyos_defined %}
 {# hop_count and relay_agents_packets is a default option, thus it is always present #}
@@ -6,4 +6,4 @@
 OPTIONS="-c {{ relay_options.hop_count }} -a -m {{ relay_options.relay_agents_packets }} {{ max_size }} -i {{ interface | join(' -i ') }} {{ server | join(' ') }}"
 {% else %}
 OPTIONS="-c {{ relay_options.hop_count }} -a -m {{ relay_options.relay_agents_packets }} {{ max_size }} -id {{ listen_interface | join(' -id ') }} -iu {{ upstream_interface | join(' -iu ') }} {{ server | join(' ') }}"
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/data/templates/dhcp-relay/dhcrelay6.conf.j2 b/data/templates/dhcp-relay/dhcrelay6.conf.j2
index 6365346b4..25f7671b3 100644
--- a/data/templates/dhcp-relay/dhcrelay6.conf.j2
+++ b/data/templates/dhcp-relay/dhcrelay6.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by dhcpv6_relay.py ###
+### Autogenerated by service_dhcpv6-relay.py ###
 
 {# upstream_interface is mandatory so it's always present #}
 {% set upstream = namespace(value='')  %}
@@ -18,4 +18,3 @@
 {% endfor %}
 
 OPTIONS="{{ listen.value }} {{ upstream.value }} -c {{ max_hop_count }} {{ '-I' if use_interface_id_option is vyos_defined }}"
-
diff --git a/data/templates/dns-dynamic/ddclient.conf.j2 b/data/templates/dns-dynamic/ddclient.conf.j2
index 30afb9e64..6c0653a55 100644
--- a/data/templates/dns-dynamic/ddclient.conf.j2
+++ b/data/templates/dns-dynamic/ddclient.conf.j2
@@ -20,7 +20,7 @@ if{{ ipv }}={{ address }}, \
 {# Actual hostname for the service #}
 {{ host }}
 {% endmacro %}
-### Autogenerated by dns_dynamic.py ###
+### Autogenerated by service_dns_dynamic.py ###
 daemon={{ interval }}
 syslog=yes
 ssl=yes
diff --git a/data/templates/dns-forwarding/recursor.conf.j2 b/data/templates/dns-forwarding/recursor.conf.j2
index e02e6c13d..ea700406c 100644
--- a/data/templates/dns-forwarding/recursor.conf.j2
+++ b/data/templates/dns-forwarding/recursor.conf.j2
@@ -1,5 +1,5 @@
 {# j2lint: disable=single-statement-per-line #}
-### Autogenerated by dns_forwarding.py ###
+### Autogenerated by service_dns_forwarding.py ###
 
 # XXX: pdns recursor doesn't like whitespace near entry separators,
 # especially in the semicolon-separated lists of name servers.
@@ -47,4 +47,3 @@ serve-rfc1918={{ 'no' if no_serve_rfc1918 is vyos_defined else 'yes' }}
 auth-zones={% for z in authoritative_zones %}{{ z.name }}={{ z.file }}{{- "," if not loop.last -}}{% endfor %}
 
 forward-zones-file=recursor.forward-zones.conf
-
diff --git a/data/templates/dns-forwarding/recursor.conf.lua.j2 b/data/templates/dns-forwarding/recursor.conf.lua.j2
index e2506238d..816f69160 100644
--- a/data/templates/dns-forwarding/recursor.conf.lua.j2
+++ b/data/templates/dns-forwarding/recursor.conf.lua.j2
@@ -1,4 +1,4 @@
--- Autogenerated by VyOS (dns_forwarding.py) --
+-- Autogenerated by VyOS (service_dns_forwarding.py) --
 -- Do not edit, your changes will get overwritten --
 
 -- Load DNSSEC root keys from dns-root-data package.
@@ -6,4 +6,3 @@ dofile("/usr/share/pdns-recursor/lua-config/rootkeys.lua")
 
 -- Load lua from vyos-hostsd --
 dofile("recursor.vyos-hostsd.conf.lua")
-
diff --git a/data/templates/dns-forwarding/recursor.zone.conf.j2 b/data/templates/dns-forwarding/recursor.zone.conf.j2
index 25193c2ec..797068c49 100644
--- a/data/templates/dns-forwarding/recursor.zone.conf.j2
+++ b/data/templates/dns-forwarding/recursor.zone.conf.j2
@@ -1,5 +1,5 @@
 ;
-; Autogenerated by dns_forwarding.py
+; Autogenerated by service_dns_forwarding.py
 ;
 {% for r in records %}
 {{ r.name }}    {{ r.ttl }}    {{ r.type }}    {{ r.value }}
diff --git a/data/templates/ethernet/wpa_supplicant.conf.j2 b/data/templates/ethernet/wpa_supplicant.conf.j2
index cd35d6d1e..6da2fa5e0 100644
--- a/data/templates/ethernet/wpa_supplicant.conf.j2
+++ b/data/templates/ethernet/wpa_supplicant.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by interfaces-ethernet.py ###
+### Autogenerated by interfaces_ethernet.py ###
 
 # see full documentation:
 # https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
@@ -74,4 +74,3 @@ network={
     # does not work for VyOS' git builds of wpa_supplicant.
     phase1="allow_canned_success=1 tls_disable_tlsv1_0=0"
 }
-
diff --git a/data/templates/https/nginx.default.j2 b/data/templates/https/nginx.default.j2
index dde839e9f..80239ea56 100644
--- a/data/templates/https/nginx.default.j2
+++ b/data/templates/https/nginx.default.j2
@@ -1,4 +1,4 @@
-### Autogenerated by https.py ###
+### Autogenerated by service_https.py ###
 # Default server configuration
 
 {% for server in server_block_list %}
diff --git a/data/templates/igmp-proxy/igmpproxy.conf.j2 b/data/templates/igmp-proxy/igmpproxy.conf.j2
index ab3c9fd31..85a04de7d 100644
--- a/data/templates/igmp-proxy/igmpproxy.conf.j2
+++ b/data/templates/igmp-proxy/igmpproxy.conf.j2
@@ -1,6 +1,6 @@
 ########################################################
 #
-# autogenerated by igmp_proxy.py
+# autogenerated by protocols_igmp-proxy.py
 #
 # The configuration file must define one upstream interface, and one or more
 # downstream interfaces.
diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2
index 60d2d1807..01dc8a4a7 100644
--- a/data/templates/ipsec/swanctl/remote_access.j2
+++ b/data/templates/ipsec/swanctl/remote_access.j2
@@ -29,8 +29,10 @@
 {% endif %}
         }
         remote {
+{% if rw_conf.authentication.client_mode == 'x509' %}
+            auth = pubkey
+{% elif rw_conf.authentication.client_mode.startswith("eap") %}
             auth = {{ rw_conf.authentication.client_mode }}
-{% if rw_conf.authentication.client_mode.startswith("eap") %}
             eap_id = %any
 {% endif %}
         }
diff --git a/data/templates/lldp/lldpd.j2 b/data/templates/lldp/lldpd.j2
index 6ae063c4b..2238fe1c4 100644
--- a/data/templates/lldp/lldpd.j2
+++ b/data/templates/lldp/lldpd.j2
@@ -1,2 +1,2 @@
-### Autogenerated by lldp.py ###
+### Autogenerated by service_lldp.py ###
 DAEMON_ARGS="-M 4 {{ '-x' if snmp is vyos_defined }} {{ '-c' if legacy_protocols.cdp is vyos_defined }} {{ '-e' if legacy_protocols.edp is vyos_defined }} {{ '-f' if legacy_protocols.fdp is vyos_defined }} {{ '-s' if legacy_protocols.sonmp is vyos_defined }}"
diff --git a/data/templates/lldp/vyos.conf.j2 b/data/templates/lldp/vyos.conf.j2
index dfa422ab8..4b4228cea 100644
--- a/data/templates/lldp/vyos.conf.j2
+++ b/data/templates/lldp/vyos.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by lldp.py ###
+### Autogenerated by service_lldp.py ###
 
 configure system platform VyOS
 configure system description "VyOS {{ version }}"
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2
index defb76fba..849cef74d 100644
--- a/data/templates/load-balancing/haproxy.cfg.j2
+++ b/data/templates/load-balancing/haproxy.cfg.j2
@@ -1,4 +1,4 @@
-# Generated by ${vyos_conf_scripts_dir}/load-balancing-haproxy.py
+### Autogenerated by load-balancing_reverse-proxy.py ###
 
 global
     log /dev/log local0
diff --git a/data/templates/load-balancing/wlb.conf.j2 b/data/templates/load-balancing/wlb.conf.j2
index d3326b6b8..6557b6f4c 100644
--- a/data/templates/load-balancing/wlb.conf.j2
+++ b/data/templates/load-balancing/wlb.conf.j2
@@ -1,4 +1,4 @@
-# Generated by /usr/libexec/vyos/conf_mode/load-balancing-wan.py
+### Autogenerated by load-balancing_wan.py ###
 
 {% if disable_source_nat is vyos_defined %}
 disable-source-nat
@@ -41,7 +41,7 @@ health {
                 test-script {{ test_config.test_script }}
 {%                     endif %}
 {%                     if test_config.target is vyos_defined %}
-                target {{ test_config.target }} 
+                target {{ test_config.target }}
 {%                     endif %}
                 resp-time {{ test_config.resp_time | int * 1000 }}
             }
diff --git a/data/templates/login/authorized_keys.j2 b/data/templates/login/authorized_keys.j2
index aabca47cf..695b66abe 100644
--- a/data/templates/login/authorized_keys.j2
+++ b/data/templates/login/authorized_keys.j2
@@ -1,4 +1,4 @@
-### Automatically generated by system-login.py ###
+### Automatically generated by system_login.py ###
 
 {% if authentication.public_keys is vyos_defined %}
 {%     for key, key_options in authentication.public_keys.items() %}
@@ -6,4 +6,3 @@
 {{ key_options.options ~ ' ' if key_options.options is vyos_defined }}{{ key_options.type }} {{ key_options.key }} {{ key }}
 {%     endfor %}
 {% endif %}
-
diff --git a/data/templates/login/limits.j2 b/data/templates/login/limits.j2
index 5e2c11f35..31abc85dd 100644
--- a/data/templates/login/limits.j2
+++ b/data/templates/login/limits.j2
@@ -1,4 +1,4 @@
-# Generated by /usr/libexec/vyos/conf_mode/system-login.py
+# Generated by system_login.py
 
 {% if max_login_session is vyos_defined %}
 * - maxsyslogins {{ max_login_session }}
diff --git a/data/templates/login/nsswitch.conf.j2 b/data/templates/login/nsswitch.conf.j2
index 65dc88291..0adfb491c 100644
--- a/data/templates/login/nsswitch.conf.j2
+++ b/data/templates/login/nsswitch.conf.j2
@@ -1,4 +1,4 @@
-# Automatically generated by system-login.py
+# automatically generated by system_login.py ###
 # /etc/nsswitch.conf
 #
 # Example configuration of GNU Name Service Switch functionality.
@@ -18,4 +18,3 @@ ethers:         db files
 rpc:            db files
 
 netgroup:       nis
-
diff --git a/data/templates/login/pam_radius_auth.conf.j2 b/data/templates/login/pam_radius_auth.conf.j2
index c61154753..75437ca71 100644
--- a/data/templates/login/pam_radius_auth.conf.j2
+++ b/data/templates/login/pam_radius_auth.conf.j2
@@ -1,4 +1,4 @@
-# Automatically generated by system-login.py
+### Automatically generated by system_login.py ###
 # RADIUS configuration file
 
 {% if radius is vyos_defined %}
diff --git a/data/templates/login/tacplus_servers.j2 b/data/templates/login/tacplus_servers.j2
index 5a65d6e68..23e8e495e 100644
--- a/data/templates/login/tacplus_servers.j2
+++ b/data/templates/login/tacplus_servers.j2
@@ -1,4 +1,4 @@
-# Automatically generated by system-login.py
+# Automatically generated by system_login.py
 # TACACS+ configuration file
 
 # This is a common file used by audisp-tacplus, libpam_tacplus, and
@@ -56,4 +56,3 @@ user_homedir=1
 
 service=shell
 protocol=ssh
-
diff --git a/data/templates/macsec/wpa_supplicant.conf.j2 b/data/templates/macsec/wpa_supplicant.conf.j2
index 1f7ba16f4..4bb762935 100644
--- a/data/templates/macsec/wpa_supplicant.conf.j2
+++ b/data/templates/macsec/wpa_supplicant.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by interfaces-macsec.py ###
+### Autogenerated by interfaces_macsec.py ###
 
 # see full documentation:
 # https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
diff --git a/data/templates/mdns-repeater/avahi-daemon.conf.j2 b/data/templates/mdns-repeater/avahi-daemon.conf.j2
index d562c048f..cc6495817 100644
--- a/data/templates/mdns-repeater/avahi-daemon.conf.j2
+++ b/data/templates/mdns-repeater/avahi-daemon.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by service_mdns-repeater.py ###
+### Autogenerated by service_mdns_repeater.py ###
 [server]
 use-ipv4={{ 'yes' if ip_version in ['ipv4', 'both'] else 'no' }}
 use-ipv6={{ 'yes' if ip_version in ['ipv6', 'both'] else 'no' }}
diff --git a/data/templates/openvpn/auth.pw.j2 b/data/templates/openvpn/auth.pw.j2
index 218121062..9f9b31e7a 100644
--- a/data/templates/openvpn/auth.pw.j2
+++ b/data/templates/openvpn/auth.pw.j2
@@ -1,4 +1,4 @@
-{# Autogenerated by interfaces-openvpn.py #}
+{# Autogenerated by interfaces_openvpn.py #}
 {% if authentication is vyos_defined %}
 {{ authentication.username }}
 {{ authentication.password }}
diff --git a/data/templates/openvpn/client.conf.j2 b/data/templates/openvpn/client.conf.j2
index 2e327e4d3..9edcdc8ae 100644
--- a/data/templates/openvpn/client.conf.j2
+++ b/data/templates/openvpn/client.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by interfaces-openvpn.py ###
+### Autogenerated by interfaces_openvpn.py ###
 
 {% if ip is vyos_defined %}
 ifconfig-push {{ ip[0] }} {{ server_subnet[0] | netmask_from_cidr }}
diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2
index c02411904..6ac525443 100644
--- a/data/templates/openvpn/server.conf.j2
+++ b/data/templates/openvpn/server.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by interfaces-openvpn.py ###
+### Autogenerated by interfaces_openvpn.py ###
 #
 # See https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
 # for individual keyword definition
diff --git a/data/templates/pppoe/peer.j2 b/data/templates/pppoe/peer.j2
index 2a99fcb2a..efe47f369 100644
--- a/data/templates/pppoe/peer.j2
+++ b/data/templates/pppoe/peer.j2
@@ -1,4 +1,4 @@
-### Autogenerated by interfaces-pppoe.py ###
+### Autogenerated by interfaces_pppoe.py ###
 {{ '# ' ~ description if description is vyos_defined else '' }}
 
 # Require peer to provide the local IP address if it is not
diff --git a/data/templates/rsyslog/logrotate.j2 b/data/templates/rsyslog/logrotate.j2
index cc535c48f..ea33fea4f 100644
--- a/data/templates/rsyslog/logrotate.j2
+++ b/data/templates/rsyslog/logrotate.j2
@@ -1,4 +1,4 @@
-### Autogenerated by system-syslog.py ###
+### Autogenerated by system_syslog.py ###
 /var/log/messages {
   missingok
   notifempty
diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index 8ca167803..97e0ee0b7 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by system-syslog.py ###
+### Autogenerated by system_syslog.py ###
 
 {% if global.marker is vyos_defined %}
 $ModLoad immark
diff --git a/data/templates/salt-minion/minion.j2 b/data/templates/salt-minion/minion.j2
index f4001db64..a69438f0b 100644
--- a/data/templates/salt-minion/minion.j2
+++ b/data/templates/salt-minion/minion.j2
@@ -1,4 +1,4 @@
-### Autogenerated by salt-minion.py ###
+### Autogenerated by service_salt-minion.py ###
 
 ##### Primary configuration settings #####
 ##########################################
diff --git a/data/templates/snmp/etc.snmp.conf.j2 b/data/templates/snmp/etc.snmp.conf.j2
index 8012cf6bb..c214b2266 100644
--- a/data/templates/snmp/etc.snmp.conf.j2
+++ b/data/templates/snmp/etc.snmp.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by snmp.py ###
+### Autogenerated by service_snmp.py ###
 {% if trap_source is vyos_defined %}
 clientaddr {{ trap_source }}
 {% endif %}
diff --git a/data/templates/snmp/etc.snmpd.conf.j2 b/data/templates/snmp/etc.snmpd.conf.j2
index 3db8c4d7b..b1ceb0451 100644
--- a/data/templates/snmp/etc.snmpd.conf.j2
+++ b/data/templates/snmp/etc.snmpd.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by snmp.py ###
+### Autogenerated by service_snmp.py ###
 
 # non configurable defaults
 sysObjectID 1.3.6.1.4.1.44641
diff --git a/data/templates/snmp/override.conf.j2 b/data/templates/snmp/override.conf.j2
index 443ee64db..42dc7a9d2 100644
--- a/data/templates/snmp/override.conf.j2
+++ b/data/templates/snmp/override.conf.j2
@@ -10,4 +10,3 @@ ExecStart=
 ExecStart={{ vrf_command }}/usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp -f -p /run/snmpd.pid
 Restart=always
 RestartSec=10
-
diff --git a/data/templates/snmp/usr.snmpd.conf.j2 b/data/templates/snmp/usr.snmpd.conf.j2
index a713c1cec..189032bb0 100644
--- a/data/templates/snmp/usr.snmpd.conf.j2
+++ b/data/templates/snmp/usr.snmpd.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by snmp.py ###
+### Autogenerated by service_snmp.py ###
 {% if v3.user is vyos_defined %}
 {%     for user, user_config in v3.user.items() %}
 {{ user_config.mode }}user {{ user }}
diff --git a/data/templates/snmp/var.snmpd.conf.j2 b/data/templates/snmp/var.snmpd.conf.j2
index 012f33aeb..afab88abc 100644
--- a/data/templates/snmp/var.snmpd.conf.j2
+++ b/data/templates/snmp/var.snmpd.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by snmp.py ###
+### Autogenerated by service_snmp.py ###
 # user
 {% if v3 is vyos_defined %}
 {%     if v3.user is vyos_defined %}
diff --git a/data/templates/ssh/sshd_config.j2 b/data/templates/ssh/sshd_config.j2
index 422969ed8..650fd25e6 100644
--- a/data/templates/ssh/sshd_config.j2
+++ b/data/templates/ssh/sshd_config.j2
@@ -1,4 +1,4 @@
-### Autogenerated by ssh.py ###
+### Autogenerated by service_ssh.py ###
 
 # https://linux.die.net/man/5/sshd_config
 
diff --git a/data/templates/ssh/sshguard_config.j2 b/data/templates/ssh/sshguard_config.j2
index 58c6ad48d..2e7507416 100644
--- a/data/templates/ssh/sshguard_config.j2
+++ b/data/templates/ssh/sshguard_config.j2
@@ -1,4 +1,4 @@
-### Autogenerated by ssh.py ###
+### Autogenerated by service_ssh.py ###
 
 {% if dynamic_protection is vyos_defined %}
 # Full path to backend executable (required, no default)
diff --git a/data/templates/ssh/sshguard_whitelist.j2 b/data/templates/ssh/sshguard_whitelist.j2
index 47a950a2b..194fa29df 100644
--- a/data/templates/ssh/sshguard_whitelist.j2
+++ b/data/templates/ssh/sshguard_whitelist.j2
@@ -1,4 +1,4 @@
-### Autogenerated by ssh.py ###
+### Autogenerated by service_ssh.py ###
 
 {% if dynamic_protection.allow_from is vyos_defined %}
 {%     for address in dynamic_protection.allow_from %}
diff --git a/data/templates/sstp-client/peer.j2 b/data/templates/sstp-client/peer.j2
index 745a09e14..d38e53f15 100644
--- a/data/templates/sstp-client/peer.j2
+++ b/data/templates/sstp-client/peer.j2
@@ -1,4 +1,4 @@
-### Autogenerated by interfaces-sstpc.py ###
+### Autogenerated by interfaces_sstpc.py ###
 {{ '# ' ~ description if description is vyos_defined else '' }}
 
 # Require peer to provide the local IP address if it is not
diff --git a/data/templates/system/proxy.j2 b/data/templates/system/proxy.j2
index 215c4c5c2..0737cd3f8 100644
--- a/data/templates/system/proxy.j2
+++ b/data/templates/system/proxy.j2
@@ -1,4 +1,4 @@
-# generated by system-proxy.py
+### autogenerated by system_proxy.py ###
 {% if url is vyos_defined and port is vyos_defined %}
 {# remove http:// prefix so we can inject a username/password if present #}
 export http_proxy=http://{{ username ~ ':' ~ password ~ '@' if username is vyos_defined and password is vyos_defined }}{{ url | replace('http://', '') }}:{{ port }}
diff --git a/data/templates/tftp-server/default.j2 b/data/templates/tftp-server/default.j2
index b2676e0aa..d9ce847de 100644
--- a/data/templates/tftp-server/default.j2
+++ b/data/templates/tftp-server/default.j2
@@ -1,5 +1,5 @@
 {# j2lint: disable=jinja-variable-format #}
-### Autogenerated by tftp_server.py ###
+### Autogenerated by service_tftp-server.py ###
 DAEMON_ARGS="--listen --user tftp --address {{ listen_address }} {{ "--create --umask 000" if allow_upload is vyos_defined }} --secure {{ directory }}"
 {% if vrf is vyos_defined %}
 VRF_ARGS="ip vrf exec {{ vrf }}"
diff --git a/data/templates/wifi/hostapd.conf.j2 b/data/templates/wifi/hostapd.conf.j2
index c3f32da72..83009242b 100644
--- a/data/templates/wifi/hostapd.conf.j2
+++ b/data/templates/wifi/hostapd.conf.j2
@@ -1,5 +1,5 @@
 {# j2lint: disable=operator-enclosed-by-spaces #}
-### Autogenerated by interfaces-wireless.py ###
+### Autogenerated by interfaces_wireless.py ###
 {% if description is vyos_defined %}
 # Description: {{ description }}
 # User-friendly description of device; up to 32 octets encoded in UTF-8
diff --git a/data/templates/wifi/wpa_supplicant.conf.j2 b/data/templates/wifi/wpa_supplicant.conf.j2
index 01e0d632f..ac857a04a 100644
--- a/data/templates/wifi/wpa_supplicant.conf.j2
+++ b/data/templates/wifi/wpa_supplicant.conf.j2
@@ -1,4 +1,4 @@
-### Autogenerated by interfaces-macsec.py ###
+### Autogenerated by interfaces_wireless.py ###
 
 # see full documentation:
 # https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index f7ebec8bc..74fd229b4 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -109,10 +109,10 @@ if ! grep -q '^hostsd' /etc/group; then
     addgroup --quiet --system hostsd
 fi
 
-# add dhcpd user for dhcp-server
-if ! grep -q '^dhcpd' /etc/passwd; then
-    adduser --quiet --system --disabled-login --no-create-home --home /run/dhcp-server dhcpd
-    adduser --quiet dhcpd hostsd
+# Add _kea user for kea-dhcp{4,6}-server to vyattacfg
+# The user should exist via kea-common installed as transitive dependency
+if grep -q '^_kea' /etc/passwd; then
+    adduser --quiet _kea vyattacfg
 fi
 
 # ensure the proxy user has a proper shell
diff --git a/interface-definitions/dns-domain-name.xml.in b/interface-definitions/dns-domain-name.xml.in
deleted file mode 100644
index b5b3692b1..000000000
--- a/interface-definitions/dns-domain-name.xml.in
+++ /dev/null
@@ -1,107 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="system">
-    <children>
-      <leafNode name="name-server" owner="${vyos_conf_scripts_dir}/host_name.py">
-        <properties>
-          <help>System Domain Name Servers (DNS)</help>
-          <priority>400</priority>
-          <completionHelp>
-            <script>${vyos_completion_dir}/list_interfaces</script>
-          </completionHelp>
-          <valueHelp>
-            <format>ipv4</format>
-            <description>Domain Name Server IPv4 address</description>
-          </valueHelp>
-          <valueHelp>
-            <format>ipv6</format>
-            <description>Domain Name Server IPv6 address</description>
-          </valueHelp>
-          <valueHelp>
-            <format>txt</format>
-            <description>Use Domain Name Server from DHCP interface</description>
-          </valueHelp>
-          <multi/>
-          <constraint>
-            <validator name="ip-address"/>
-            #include <include/constraint/interface-name.xml.i>
-          </constraint>
-        </properties>
-      </leafNode>
-      <!-- script does not use XML defaults so far -->
-      <leafNode name="host-name" owner="${vyos_conf_scripts_dir}/host_name.py">
-        <properties>
-          <help>System host name (default: vyos)</help>
-          <constraint>
-            #include <include/constraint/host-name.xml.i>
-          </constraint>
-        </properties>
-      </leafNode>
-      <leafNode name="domain-name" owner="${vyos_conf_scripts_dir}/host_name.py">
-        <properties>
-          <help>System domain name</help>
-          <constraint>
-            <validator name="fqdn"/>
-          </constraint>
-        </properties>
-      </leafNode>
-      <leafNode name="domain-search" owner="${vyos_conf_scripts_dir}/host_name.py">
-        <properties>
-          <help>Domain Name Server (DNS) domain completion order</help>
-          <priority>400</priority>
-          <constraint>
-            <validator name="fqdn"/>
-          </constraint>
-          <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and period.</constraintErrorMessage>
-          <multi/>
-        </properties>
-      </leafNode>
-      <node name="static-host-mapping" owner="${vyos_conf_scripts_dir}/host_name.py">
-        <properties>
-          <help>Map host names to addresses</help>
-          <priority>400</priority>
-        </properties>
-        <children>
-          <tagNode name="host-name">
-            <properties>
-              <help>Host name for static address mapping</help>
-              <constraint>
-                #include <include/constraint/host-name.xml.i>
-              </constraint>
-              <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage>
-            </properties>
-            <children>
-              <leafNode name="alias">
-                <properties>
-                  <help>Alias for this address</help>
-                  <constraint>
-                    <regex>.{1,63}</regex>
-                  </constraint>
-                  <constraintErrorMessage>invalid alias hostname, needs to be between 1 and 63 charactes</constraintErrorMessage>
-                  <multi />
-                </properties>
-              </leafNode>
-              <leafNode name="inet">
-                <properties>
-                  <help>IP Address</help>
-                  <valueHelp>
-                    <format>ipv4</format>
-                    <description>IPv4 address</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>ipv6</format>
-                    <description>IPv6 address</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ip-address"/>
-                  </constraint>
-                  <multi/>
-                </properties>
-              </leafNode>
-            </children>
-          </tagNode>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces_bonding.xml.in
index 86c4776b6..62ee0bdc7 100644
--- a/interface-definitions/interfaces-bonding.xml.in
+++ b/interface-definitions/interfaces_bonding.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="bonding" owner="${vyos_conf_scripts_dir}/interfaces-bonding.py">
+      <tagNode name="bonding" owner="${vyos_conf_scripts_dir}/interfaces_bonding.py">
         <properties>
           <help>Bonding Interface/Link Aggregation</help>
           <priority>320</priority>
diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces_bridge.xml.in
index db3762065..d4d277cfc 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces_bridge.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="bridge" owner="${vyos_conf_scripts_dir}/interfaces-bridge.py">
+      <tagNode name="bridge" owner="${vyos_conf_scripts_dir}/interfaces_bridge.py">
         <properties>
           <help>Bridge Interface</help>
           <priority>310</priority>
diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces_dummy.xml.in
index 00784fcdf..ef8ee78e7 100644
--- a/interface-definitions/interfaces-dummy.xml.in
+++ b/interface-definitions/interfaces_dummy.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="dummy" owner="${vyos_conf_scripts_dir}/interfaces-dummy.py">
+      <tagNode name="dummy" owner="${vyos_conf_scripts_dir}/interfaces_dummy.py">
         <properties>
           <help>Dummy Interface</help>
           <priority>300</priority>
diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces_ethernet.xml.in
index 5aaa7095c..4e55bac7c 100644
--- a/interface-definitions/interfaces-ethernet.xml.in
+++ b/interface-definitions/interfaces_ethernet.xml.in
@@ -5,7 +5,7 @@
       <help>Network interfaces</help>
     </properties>
     <children>
-      <tagNode name="ethernet" owner="${vyos_conf_scripts_dir}/interfaces-ethernet.py">
+      <tagNode name="ethernet" owner="${vyos_conf_scripts_dir}/interfaces_ethernet.py">
         <properties>
           <help>Ethernet Interface</help>
           <priority>318</priority>
diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces_geneve.xml.in
index 29b563a09..c94113271 100644
--- a/interface-definitions/interfaces-geneve.xml.in
+++ b/interface-definitions/interfaces_geneve.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="geneve" owner="${vyos_conf_scripts_dir}/interfaces-geneve.py">
+      <tagNode name="geneve" owner="${vyos_conf_scripts_dir}/interfaces_geneve.py">
         <properties>
           <help>Generic Network Virtualization Encapsulation (GENEVE) Interface</help>
           <priority>460</priority>
diff --git a/interface-definitions/interfaces-input.xml.in b/interface-definitions/interfaces_input.xml.in
index d90cf936f..771c47e42 100644
--- a/interface-definitions/interfaces-input.xml.in
+++ b/interface-definitions/interfaces_input.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="input" owner="${vyos_conf_scripts_dir}/interfaces-input.py">
+      <tagNode name="input" owner="${vyos_conf_scripts_dir}/interfaces_input.py">
         <properties>
           <help>Input Functional Block (IFB) interface name</help>
           <!-- before real devices that redirect -->
diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces_l2tpv3.xml.in
index 1f0dd3d19..5f816c956 100644
--- a/interface-definitions/interfaces-l2tpv3.xml.in
+++ b/interface-definitions/interfaces_l2tpv3.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="l2tpv3" owner="${vyos_conf_scripts_dir}/interfaces-l2tpv3.py">
+      <tagNode name="l2tpv3" owner="${vyos_conf_scripts_dir}/interfaces_l2tpv3.py">
         <properties>
           <help>Layer 2 Tunnel Protocol Version 3 (L2TPv3) Interface</help>
           <priority>485</priority>
diff --git a/interface-definitions/interfaces-loopback.xml.in b/interface-definitions/interfaces_loopback.xml.in
index fe0944467..09b4a00cf 100644
--- a/interface-definitions/interfaces-loopback.xml.in
+++ b/interface-definitions/interfaces_loopback.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="loopback" owner="${vyos_conf_scripts_dir}/interfaces-loopback.py">
+      <tagNode name="loopback" owner="${vyos_conf_scripts_dir}/interfaces_loopback.py">
         <properties>
           <help>Loopback Interface</help>
           <priority>300</priority>
diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces_macsec.xml.in
index 766b0bede..d825f8262 100644
--- a/interface-definitions/interfaces-macsec.xml.in
+++ b/interface-definitions/interfaces_macsec.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="macsec" owner="${vyos_conf_scripts_dir}/interfaces-macsec.py">
+      <tagNode name="macsec" owner="${vyos_conf_scripts_dir}/interfaces_macsec.py">
         <properties>
           <help>MACsec Interface (802.1ae)</help>
           <priority>461</priority>
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in
index b8b04334c..addf3c1ab 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces_openvpn.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="openvpn" owner="${vyos_conf_scripts_dir}/interfaces-openvpn.py">
+      <tagNode name="openvpn" owner="${vyos_conf_scripts_dir}/interfaces_openvpn.py">
         <properties>
           <help>OpenVPN Tunnel Interface</help>
           <priority>460</priority>
diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces_pppoe.xml.in
index 4542b8b01..56660bc15 100644
--- a/interface-definitions/interfaces-pppoe.xml.in
+++ b/interface-definitions/interfaces_pppoe.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="pppoe" owner="${vyos_conf_scripts_dir}/interfaces-pppoe.py">
+      <tagNode name="pppoe" owner="${vyos_conf_scripts_dir}/interfaces_pppoe.py">
         <properties>
           <help>Point-to-Point Protocol over Ethernet (PPPoE) Interface</help>
           <priority>322</priority>
diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces_pseudo-ethernet.xml.in
index 5c73825c3..031af3563 100644
--- a/interface-definitions/interfaces-pseudo-ethernet.xml.in
+++ b/interface-definitions/interfaces_pseudo-ethernet.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="pseudo-ethernet" owner="${vyos_conf_scripts_dir}/interfaces-pseudo-ethernet.py">
+      <tagNode name="pseudo-ethernet" owner="${vyos_conf_scripts_dir}/interfaces_pseudo-ethernet.py">
         <properties>
           <help>Pseudo Ethernet Interface (Macvlan)</help>
           <priority>321</priority>
diff --git a/interface-definitions/interfaces-sstpc.xml.in b/interface-definitions/interfaces_sstpc.xml.in
index b569e9bde..b7c49446f 100644
--- a/interface-definitions/interfaces-sstpc.xml.in
+++ b/interface-definitions/interfaces_sstpc.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="sstpc" owner="${vyos_conf_scripts_dir}/interfaces-sstpc.py">
+      <tagNode name="sstpc" owner="${vyos_conf_scripts_dir}/interfaces_sstpc.py">
         <properties>
           <help>Secure Socket Tunneling Protocol (SSTP) client Interface</help>
           <priority>460</priority>
diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces_tunnel.xml.in
index 58f95dddb..99d9b34c6 100644
--- a/interface-definitions/interfaces-tunnel.xml.in
+++ b/interface-definitions/interfaces_tunnel.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="tunnel" owner="${vyos_conf_scripts_dir}/interfaces-tunnel.py">
+      <tagNode name="tunnel" owner="${vyos_conf_scripts_dir}/interfaces_tunnel.py">
         <properties>
           <help>Tunnel interface</help>
           <priority>380</priority>
diff --git a/interface-definitions/interfaces-virtual-ethernet.xml.in b/interface-definitions/interfaces_virtual-ethernet.xml.in
index 0fc89efc0..c4610feec 100644
--- a/interface-definitions/interfaces-virtual-ethernet.xml.in
+++ b/interface-definitions/interfaces_virtual-ethernet.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="virtual-ethernet" owner="${vyos_conf_scripts_dir}/interfaces-virtual-ethernet.py">
+      <tagNode name="virtual-ethernet" owner="${vyos_conf_scripts_dir}/interfaces_virtual-ethernet.py">
         <properties>
           <help>Virtual Ethernet (veth) Interface</help>
           <priority>300</priority>
diff --git a/interface-definitions/interfaces-vti.xml.in b/interface-definitions/interfaces_vti.xml.in
index b116f7386..158d9afd0 100644
--- a/interface-definitions/interfaces-vti.xml.in
+++ b/interface-definitions/interfaces_vti.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="vti" owner="${vyos_conf_scripts_dir}/interfaces-vti.py">
+      <tagNode name="vti" owner="${vyos_conf_scripts_dir}/interfaces_vti.py">
         <properties>
           <help>Virtual Tunnel Interface (XFRM)</help>
           <priority>381</priority>
diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces_vxlan.xml.in
index 4461923d9..504c08e7e 100644
--- a/interface-definitions/interfaces-vxlan.xml.in
+++ b/interface-definitions/interfaces_vxlan.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="vxlan" owner="${vyos_conf_scripts_dir}/interfaces-vxlan.py">
+      <tagNode name="vxlan" owner="${vyos_conf_scripts_dir}/interfaces_vxlan.py">
         <properties>
           <help>Virtual Extensible LAN (VXLAN) Interface</help>
           <priority>460</priority>
diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces_wireguard.xml.in
index 3c79cef28..f3fe0f1da 100644
--- a/interface-definitions/interfaces-wireguard.xml.in
+++ b/interface-definitions/interfaces_wireguard.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="wireguard" owner="${vyos_conf_scripts_dir}/interfaces-wireguard.py">
+      <tagNode name="wireguard" owner="${vyos_conf_scripts_dir}/interfaces_wireguard.py">
         <properties>
           <help>WireGuard Interface</help>
           <priority>379</priority>
diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in
index 88b858c07..b5da0a556 100644
--- a/interface-definitions/interfaces-wireless.xml.in
+++ b/interface-definitions/interfaces_wireless.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="wireless" owner="${vyos_conf_scripts_dir}/interfaces-wireless.py">
+      <tagNode name="wireless" owner="${vyos_conf_scripts_dir}/interfaces_wireless.py">
         <properties>
           <help>Wireless (WiFi/WLAN) Network Interface</help>
           <priority>318</priority>
diff --git a/interface-definitions/interfaces-wwan.xml.in b/interface-definitions/interfaces_wwan.xml.in
index 5fa3be8db..1580c3bcb 100644
--- a/interface-definitions/interfaces-wwan.xml.in
+++ b/interface-definitions/interfaces_wwan.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="interfaces">
     <children>
-      <tagNode name="wwan" owner="${vyos_conf_scripts_dir}/interfaces-wwan.py">
+      <tagNode name="wwan" owner="${vyos_conf_scripts_dir}/interfaces_wwan.py">
         <properties>
           <help>Wireless Modem (WWAN) Interface</help>
           <priority>350</priority>
diff --git a/interface-definitions/load-balancing-haproxy.xml.in b/interface-definitions/load-balancing_reverse-proxy.xml.in
index 8f6bd3a99..2c2742dff 100644
--- a/interface-definitions/load-balancing-haproxy.xml.in
+++ b/interface-definitions/load-balancing_reverse-proxy.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="load-balancing">
     <children>
-      <node name="reverse-proxy" owner="${vyos_conf_scripts_dir}/load-balancing-haproxy.py">
+      <node name="reverse-proxy" owner="${vyos_conf_scripts_dir}/load-balancing_reverse-proxy.py">
         <properties>
           <help>Configure reverse-proxy</help>
         </properties>
diff --git a/interface-definitions/load-balancing-wan.xml.in b/interface-definitions/load-balancing_wan.xml.in
index c12cab22a..e117fd1b2 100644
--- a/interface-definitions/load-balancing-wan.xml.in
+++ b/interface-definitions/load-balancing_wan.xml.in
@@ -6,7 +6,7 @@
       <priority>900</priority>
     </properties>
     <children>
-      <node name="wan" owner="${vyos_conf_scripts_dir}/load-balancing-wan.py">
+      <node name="wan" owner="${vyos_conf_scripts_dir}/load-balancing_wan.py">
         <properties>
           <help>Configure Wide Area Network (WAN) load-balancing</help>
         </properties>
diff --git a/interface-definitions/policy-local-route.xml.in b/interface-definitions/policy_local-route.xml.in
index 15be099c9..7a019154a 100644
--- a/interface-definitions/policy-local-route.xml.in
+++ b/interface-definitions/policy_local-route.xml.in
@@ -3,7 +3,7 @@
 <interfaceDefinition>
   <node name="policy">
     <children>
-      <node name="local-route" owner="${vyos_conf_scripts_dir}/policy-local-route.py">
+      <node name="local-route" owner="${vyos_conf_scripts_dir}/policy_local-route.py">
         <properties>
           <help>IPv4 policy route of local traffic</help>
           <priority>500</priority>
@@ -77,7 +77,7 @@
           </tagNode>
         </children>
       </node>
-      <node name="local-route6" owner="${vyos_conf_scripts_dir}/policy-local-route.py">
+      <node name="local-route6" owner="${vyos_conf_scripts_dir}/policy_local-route.py">
         <properties>
           <help>IPv6 policy route of local traffic</help>
           <priority>500</priority>
diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy_route.xml.in
index 92e7a0cb4..9cc22540b 100644
--- a/interface-definitions/policy-route.xml.in
+++ b/interface-definitions/policy_route.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="policy">
     <children>
-      <tagNode name="route6" owner="${vyos_conf_scripts_dir}/policy-route.py">
+      <tagNode name="route6" owner="${vyos_conf_scripts_dir}/policy_route.py">
         <properties>
           <help>Policy route rule set name for IPv6</help>
           <constraint>
@@ -57,7 +57,7 @@
           </tagNode>
         </children>
       </tagNode>
-      <tagNode name="route" owner="${vyos_conf_scripts_dir}/policy-route.py">
+      <tagNode name="route" owner="${vyos_conf_scripts_dir}/policy_route.py">
         <properties>
           <help>Policy route rule set name for IPv4</help>
           <constraint>
diff --git a/interface-definitions/protocols-babel.xml.in b/interface-definitions/protocols_babel.xml.in
index 49fffe230..49fffe230 100644
--- a/interface-definitions/protocols-babel.xml.in
+++ b/interface-definitions/protocols_babel.xml.in
diff --git a/interface-definitions/protocols-bfd.xml.in b/interface-definitions/protocols_bfd.xml.in
index 9048cf5c2..9048cf5c2 100644
--- a/interface-definitions/protocols-bfd.xml.in
+++ b/interface-definitions/protocols_bfd.xml.in
diff --git a/interface-definitions/protocols-bgp.xml.in b/interface-definitions/protocols_bgp.xml.in
index e1a822999..e1a822999 100644
--- a/interface-definitions/protocols-bgp.xml.in
+++ b/interface-definitions/protocols_bgp.xml.in
diff --git a/interface-definitions/protocols-eigrp.xml.in b/interface-definitions/protocols_eigrp.xml.in
index 88a881a1e..88a881a1e 100644
--- a/interface-definitions/protocols-eigrp.xml.in
+++ b/interface-definitions/protocols_eigrp.xml.in
diff --git a/interface-definitions/protocols-failover.xml.in b/interface-definitions/protocols_failover.xml.in
index c0caec68e..c0caec68e 100644
--- a/interface-definitions/protocols-failover.xml.in
+++ b/interface-definitions/protocols_failover.xml.in
diff --git a/interface-definitions/igmp-proxy.xml.in b/interface-definitions/protocols_igmp-proxy.xml.in
index 0eea85060..5cde484f5 100644
--- a/interface-definitions/igmp-proxy.xml.in
+++ b/interface-definitions/protocols_igmp-proxy.xml.in
@@ -3,7 +3,7 @@
 <interfaceDefinition>
   <node name="protocols">
     <children>
-      <node name="igmp-proxy" owner="${vyos_conf_scripts_dir}/igmp_proxy.py">
+      <node name="igmp-proxy" owner="${vyos_conf_scripts_dir}/protocols_igmp-proxy.py">
         <properties>
           <help>Internet Group Management Protocol (IGMP) proxy parameters</help>
           <priority>740</priority>
diff --git a/interface-definitions/protocols-isis.xml.in b/interface-definitions/protocols_isis.xml.in
index e0bc47bb9..e0bc47bb9 100644
--- a/interface-definitions/protocols-isis.xml.in
+++ b/interface-definitions/protocols_isis.xml.in
diff --git a/interface-definitions/protocols-mpls.xml.in b/interface-definitions/protocols_mpls.xml.in
index 831601fc6..831601fc6 100644
--- a/interface-definitions/protocols-mpls.xml.in
+++ b/interface-definitions/protocols_mpls.xml.in
diff --git a/interface-definitions/protocols-nhrp.xml.in b/interface-definitions/protocols_nhrp.xml.in
index d7663c095..d7663c095 100644
--- a/interface-definitions/protocols-nhrp.xml.in
+++ b/interface-definitions/protocols_nhrp.xml.in
diff --git a/interface-definitions/protocols-ospf.xml.in b/interface-definitions/protocols_ospf.xml.in
index b3c063d0d..b3c063d0d 100644
--- a/interface-definitions/protocols-ospf.xml.in
+++ b/interface-definitions/protocols_ospf.xml.in
diff --git a/interface-definitions/protocols-ospfv3.xml.in b/interface-definitions/protocols_ospfv3.xml.in
index 2b98ffa7b..2b98ffa7b 100644
--- a/interface-definitions/protocols-ospfv3.xml.in
+++ b/interface-definitions/protocols_ospfv3.xml.in
diff --git a/interface-definitions/protocols-pim.xml.in b/interface-definitions/protocols_pim.xml.in
index 4a20c0d9b..4a20c0d9b 100644
--- a/interface-definitions/protocols-pim.xml.in
+++ b/interface-definitions/protocols_pim.xml.in
diff --git a/interface-definitions/protocols-pim6.xml.in b/interface-definitions/protocols_pim6.xml.in
index 8bd3f3fee..8bd3f3fee 100644
--- a/interface-definitions/protocols-pim6.xml.in
+++ b/interface-definitions/protocols_pim6.xml.in
diff --git a/interface-definitions/protocols-rip.xml.in b/interface-definitions/protocols_rip.xml.in
index 0edd8f2ce..0edd8f2ce 100644
--- a/interface-definitions/protocols-rip.xml.in
+++ b/interface-definitions/protocols_rip.xml.in
diff --git a/interface-definitions/protocols-ripng.xml.in b/interface-definitions/protocols_ripng.xml.in
index 9d4d87422..9d4d87422 100644
--- a/interface-definitions/protocols-ripng.xml.in
+++ b/interface-definitions/protocols_ripng.xml.in
diff --git a/interface-definitions/protocols-rpki.xml.in b/interface-definitions/protocols_rpki.xml.in
index e9fd04b5f..e9fd04b5f 100644
--- a/interface-definitions/protocols-rpki.xml.in
+++ b/interface-definitions/protocols_rpki.xml.in
diff --git a/interface-definitions/protocols-segment-routing.xml.in b/interface-definitions/protocols_segment-routing.xml.in
index 4308f0c91..c299f624e 100644
--- a/interface-definitions/protocols-segment-routing.xml.in
+++ b/interface-definitions/protocols_segment-routing.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="protocols">
     <children>
-       <node name="segment-routing" owner="${vyos_conf_scripts_dir}/protocols_segment_routing.py">
+       <node name="segment-routing" owner="${vyos_conf_scripts_dir}/protocols_segment-routing.py">
         <properties>
           <help>Segment Routing</help>
           <priority>900</priority>
diff --git a/interface-definitions/protocols-static.xml.in b/interface-definitions/protocols_static.xml.in
index ca4ca2d74..ca4ca2d74 100644
--- a/interface-definitions/protocols-static.xml.in
+++ b/interface-definitions/protocols_static.xml.in
diff --git a/interface-definitions/protocols-static-arp.xml.in b/interface-definitions/protocols_static_arp.xml.in
index 4b338df63..05c69f1ed 100644
--- a/interface-definitions/protocols-static-arp.xml.in
+++ b/interface-definitions/protocols_static_arp.xml.in
@@ -4,7 +4,7 @@
     <children>
       <node name="static">
         <children>
-          <node name="arp" owner="${vyos_conf_scripts_dir}/arp.py">
+          <node name="arp" owner="${vyos_conf_scripts_dir}/protocols_static_arp.py">
             <properties>
               <help>Static ARP translation</help>
             </properties>
diff --git a/interface-definitions/protocols-multicast.xml.in b/interface-definitions/protocols_static_multicast.xml.in
index c8e28ed35..c8e28ed35 100644
--- a/interface-definitions/protocols-multicast.xml.in
+++ b/interface-definitions/protocols_static_multicast.xml.in
diff --git a/interface-definitions/service-aws-glb.xml.in b/interface-definitions/service_aws_glb.xml.in
index c749fd04e..c749fd04e 100644
--- a/interface-definitions/service-aws-glb.xml.in
+++ b/interface-definitions/service_aws_glb.xml.in
diff --git a/interface-definitions/bcast-relay.xml.in b/interface-definitions/service_broadcast-relay.xml.in
index e2993f3f3..2e4330e20 100644
--- a/interface-definitions/bcast-relay.xml.in
+++ b/interface-definitions/service_broadcast-relay.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="broadcast-relay" owner="${vyos_conf_scripts_dir}/bcast_relay.py">
+      <node name="broadcast-relay" owner="${vyos_conf_scripts_dir}/service_broadcast-relay.py">
         <properties>
           <help>UDP broadcast relay service</help>
           <priority>990</priority>
diff --git a/interface-definitions/service-config-sync.xml.in b/interface-definitions/service_config-sync.xml.in
index e804e17f7..9955acfee 100644
--- a/interface-definitions/service-config-sync.xml.in
+++ b/interface-definitions/service_config-sync.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="config-sync" owner="${vyos_conf_scripts_dir}/service_config_sync.py">
+      <node name="config-sync" owner="${vyos_conf_scripts_dir}/service_config-sync.py">
         <properties>
           <help>Configuration synchronization</help>
         </properties>
diff --git a/interface-definitions/service-conntrack-sync.xml.in b/interface-definitions/service_conntrack-sync.xml.in
index 50a4bf62f..46dc8adc0 100644
--- a/interface-definitions/service-conntrack-sync.xml.in
+++ b/interface-definitions/service_conntrack-sync.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/conntrack_sync.py">
+      <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/service_conntrack-sync.py">
         <properties>
           <help>Connection tracking synchronization</help>
           <!-- before VRRP / HA -->
diff --git a/interface-definitions/service-console-server.xml.in b/interface-definitions/service_console-server.xml.in
index fc6dbe954..fc6dbe954 100644
--- a/interface-definitions/service-console-server.xml.in
+++ b/interface-definitions/service_console-server.xml.in
diff --git a/interface-definitions/dhcp-relay.xml.in b/interface-definitions/service_dhcp-relay.xml.in
index 42715c9bb..9fdd9581d 100644
--- a/interface-definitions/dhcp-relay.xml.in
+++ b/interface-definitions/service_dhcp-relay.xml.in
@@ -3,7 +3,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="dhcp-relay" owner="${vyos_conf_scripts_dir}/dhcp_relay.py">
+      <node name="dhcp-relay" owner="${vyos_conf_scripts_dir}/service_dhcp-relay.py">
         <properties>
           <help>Host Configuration Protocol (DHCP) relay agent</help>
           <priority>910</priority>
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/service_dhcp-server.xml.in
index 8aaeeb29d..e35d845f1 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/service_dhcp-server.xml.in
@@ -3,7 +3,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="dhcp-server" owner="${vyos_conf_scripts_dir}/dhcp_server.py">
+      <node name="dhcp-server" owner="${vyos_conf_scripts_dir}/service_dhcp-server.py">
         <properties>
           <help>Dynamic Host Configuration Protocol (DHCP) for DHCP server</help>
           <priority>911</priority>
diff --git a/interface-definitions/dhcpv6-relay.xml.in b/interface-definitions/service_dhcpv6-relay.xml.in
index a80317609..40679d1c2 100644
--- a/interface-definitions/dhcpv6-relay.xml.in
+++ b/interface-definitions/service_dhcpv6-relay.xml.in
@@ -3,7 +3,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="dhcpv6-relay" owner="${vyos_conf_scripts_dir}/dhcpv6_relay.py">
+      <node name="dhcpv6-relay" owner="${vyos_conf_scripts_dir}/service_dhcpv6-relay.py">
         <properties>
           <help>DHCPv6 Relay Agent parameters</help>
           <priority>900</priority>
diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/service_dhcpv6-server.xml.in
index 10fdbf3f7..102c164a6 100644
--- a/interface-definitions/dhcpv6-server.xml.in
+++ b/interface-definitions/service_dhcpv6-server.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="dhcpv6-server" owner="${vyos_conf_scripts_dir}/dhcpv6_server.py">
+      <node name="dhcpv6-server" owner="${vyos_conf_scripts_dir}/service_dhcpv6-server.py">
         <properties>
           <help>DHCP for IPv6 (DHCPv6) server</help>
           <priority>900</priority>
diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/service_dns_dynamic.xml.in
index d296a6694..d1b0e90bb 100644
--- a/interface-definitions/dns-dynamic.xml.in
+++ b/interface-definitions/service_dns_dynamic.xml.in
@@ -7,7 +7,7 @@
           <help>Domain Name System (DNS) related services</help>
         </properties>
         <children>
-          <node name="dynamic" owner="${vyos_conf_scripts_dir}/dns_dynamic.py">
+          <node name="dynamic" owner="${vyos_conf_scripts_dir}/service_dns_dynamic.py">
             <properties>
               <help>Dynamic DNS</help>
               <priority>990</priority>
diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/service_dns_forwarding.xml.in
index 5ca02acef..7dce9b548 100644
--- a/interface-definitions/dns-forwarding.xml.in
+++ b/interface-definitions/service_dns_forwarding.xml.in
@@ -8,7 +8,7 @@
           <help>Domain Name System (DNS) related services</help>
         </properties>
         <children>
-          <node name="forwarding" owner="${vyos_conf_scripts_dir}/dns_forwarding.py">
+          <node name="forwarding" owner="${vyos_conf_scripts_dir}/service_dns_forwarding.py">
             <properties>
               <help>DNS forwarding</help>
               <priority>918</priority>
diff --git a/interface-definitions/service-event-handler.xml.in b/interface-definitions/service_event-handler.xml.in
index aef6bc1bc..2cee4f595 100644
--- a/interface-definitions/service-event-handler.xml.in
+++ b/interface-definitions/service_event-handler.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="event-handler" owner="${vyos_conf_scripts_dir}/service_event_handler.py">
+      <node name="event-handler" owner="${vyos_conf_scripts_dir}/service_event-handler.py">
         <properties>
           <help>Service event handler</help>
         </properties>
diff --git a/interface-definitions/https.xml.in b/interface-definitions/service_https.xml.in
index ca5a5f088..223f10962 100644
--- a/interface-definitions/https.xml.in
+++ b/interface-definitions/service_https.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="https" owner="${vyos_conf_scripts_dir}/https.py">
+      <node name="https" owner="${vyos_conf_scripts_dir}/service_https.py">
         <properties>
           <help>HTTPS configuration</help>
           <priority>1001</priority>
@@ -192,7 +192,7 @@
             <children>
               #include <include/pki/ca-certificate.xml.i>
               #include <include/pki/certificate.xml.i>
-              <node name="certbot" owner="${vyos_conf_scripts_dir}/le_cert.py">
+              <node name="certbot" owner="${vyos_conf_scripts_dir}/service_https_certificates_certbot.py">
                 <properties>
                   <help>Request or apply a letsencrypt certificate for domain-name</help>
                 </properties>
diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service_ids_ddos-protection.xml.in
index 78463136b..3ef2640b3 100644
--- a/interface-definitions/service-ids-ddos-protection.xml.in
+++ b/interface-definitions/service_ids_ddos-protection.xml.in
@@ -7,7 +7,7 @@
           <help>Intrusion Detection System</help>
         </properties>
         <children>
-          <node name="ddos-protection" owner="${vyos_conf_scripts_dir}/service_ids_fastnetmon.py">
+          <node name="ddos-protection" owner="${vyos_conf_scripts_dir}/service_ids_ddos-protection.py">
             <properties>
               <help>FastNetMon detection and protection parameters</help>
               <priority>731</priority>
diff --git a/interface-definitions/service-ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in
index edfe6a34c..edfe6a34c 100644
--- a/interface-definitions/service-ipoe-server.xml.in
+++ b/interface-definitions/service_ipoe-server.xml.in
diff --git a/interface-definitions/lldp.xml.in b/interface-definitions/service_lldp.xml.in
index 25fb575b6..1a06e0cb3 100644
--- a/interface-definitions/lldp.xml.in
+++ b/interface-definitions/service_lldp.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="lldp" owner="${vyos_conf_scripts_dir}/lldp.py">
+      <node name="lldp" owner="${vyos_conf_scripts_dir}/service_lldp.py">
         <properties>
           <help>LLDP settings</help>
           <priority>985</priority>
diff --git a/interface-definitions/service-mdns-repeater.xml.in b/interface-definitions/service_mdns_repeater.xml.in
index 67870946c..5d6f61d74 100644
--- a/interface-definitions/service-mdns-repeater.xml.in
+++ b/interface-definitions/service_mdns_repeater.xml.in
@@ -7,7 +7,7 @@
           <help>Multicast DNS (mDNS) parameters</help>
         </properties>
         <children>
-          <node name="repeater" owner="${vyos_conf_scripts_dir}/service_mdns-repeater.py">
+          <node name="repeater" owner="${vyos_conf_scripts_dir}/service_mdns_repeater.py">
             <properties>
               <help>mDNS repeater configuration</help>
               <priority>990</priority>
diff --git a/interface-definitions/service-monitoring-telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in
index 4d694114a..4d694114a 100644
--- a/interface-definitions/service-monitoring-telegraf.xml.in
+++ b/interface-definitions/service_monitoring_telegraf.xml.in
diff --git a/interface-definitions/service-monitoring-zabbix-agent.xml.in b/interface-definitions/service_monitoring_zabbix-agent.xml.in
index 40f2df642..40f2df642 100644
--- a/interface-definitions/service-monitoring-zabbix-agent.xml.in
+++ b/interface-definitions/service_monitoring_zabbix-agent.xml.in
diff --git a/interface-definitions/ntp.xml.in b/interface-definitions/service_ntp.xml.in
index 4e874434b..65a45d7a1 100644
--- a/interface-definitions/ntp.xml.in
+++ b/interface-definitions/service_ntp.xml.in
@@ -3,7 +3,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="ntp" owner="${vyos_conf_scripts_dir}/ntp.py">
+      <node name="ntp" owner="${vyos_conf_scripts_dir}/service_ntp.py">
         <properties>
           <help>Network Time Protocol (NTP) configuration</help>
           <priority>900</priority>
diff --git a/interface-definitions/service-pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in
index f1b369936..f1b369936 100644
--- a/interface-definitions/service-pppoe-server.xml.in
+++ b/interface-definitions/service_pppoe-server.xml.in
diff --git a/interface-definitions/service-router-advert.xml.in b/interface-definitions/service_router-advert.xml.in
index 16c29022d..16c29022d 100644
--- a/interface-definitions/service-router-advert.xml.in
+++ b/interface-definitions/service_router-advert.xml.in
diff --git a/interface-definitions/salt-minion.xml.in b/interface-definitions/service_salt-minion.xml.in
index c3219cff3..eaa2899f4 100644
--- a/interface-definitions/salt-minion.xml.in
+++ b/interface-definitions/service_salt-minion.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="salt-minion" owner="${vyos_conf_scripts_dir}/salt-minion.py">
+      <node name="salt-minion" owner="${vyos_conf_scripts_dir}/service_salt-minion.py">
         <properties>
           <help>Salt Minion</help>
           <priority>500</priority>
diff --git a/interface-definitions/service-sla.xml.in b/interface-definitions/service_sla.xml.in
index 0c4f8a591..0c4f8a591 100644
--- a/interface-definitions/service-sla.xml.in
+++ b/interface-definitions/service_sla.xml.in
diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/service_snmp.xml.in
index ec2151b98..e16e9daa1 100644
--- a/interface-definitions/snmp.xml.in
+++ b/interface-definitions/service_snmp.xml.in
@@ -3,7 +3,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="snmp" owner="${vyos_conf_scripts_dir}/snmp.py">
+      <node name="snmp" owner="${vyos_conf_scripts_dir}/service_snmp.py">
         <properties>
           <help>Simple Network Management Protocol (SNMP)</help>
           <priority>900</priority>
diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/service_ssh.xml.in
index 2bcce2cf0..5c893bd35 100644
--- a/interface-definitions/ssh.xml.in
+++ b/interface-definitions/service_ssh.xml.in
@@ -5,7 +5,7 @@
       <help>System services</help>
     </properties>
     <children>
-      <node name="ssh" owner="${vyos_conf_scripts_dir}/ssh.py">
+      <node name="ssh" owner="${vyos_conf_scripts_dir}/service_ssh.py">
         <properties>
           <help>Secure Shell (SSH)</help>
           <priority>1000</priority>
diff --git a/interface-definitions/tftp-server.xml.in b/interface-definitions/service_tftp-server.xml.in
index 8ca4da883..e48b5a3f0 100644
--- a/interface-definitions/tftp-server.xml.in
+++ b/interface-definitions/service_tftp-server.xml.in
@@ -3,7 +3,7 @@
 <interfaceDefinition>
   <node name="service">
     <children>
-      <node name="tftp-server" owner="${vyos_conf_scripts_dir}/tftp_server.py">
+      <node name="tftp-server" owner="${vyos_conf_scripts_dir}/service_tftp-server.py">
         <properties>
           <help>Trivial File Transfer Protocol (TFTP) server</help>
           <priority>990</priority>
diff --git a/interface-definitions/service-upnp.xml.in b/interface-definitions/service_upnp.xml.in
index 20e01bfbd..20e01bfbd 100644
--- a/interface-definitions/service-upnp.xml.in
+++ b/interface-definitions/service_upnp.xml.in
diff --git a/interface-definitions/service-webproxy.xml.in b/interface-definitions/service_webproxy.xml.in
index 637d57891..637d57891 100644
--- a/interface-definitions/service-webproxy.xml.in
+++ b/interface-definitions/service_webproxy.xml.in
diff --git a/interface-definitions/system-acceleration-qat.xml.in b/interface-definitions/system_acceleration.xml.in
index 812484184..fb5c9d4ea 100644
--- a/interface-definitions/system-acceleration-qat.xml.in
+++ b/interface-definitions/system_acceleration.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <node name="acceleration" owner="${vyos_conf_scripts_dir}/intel_qat.py">
+      <node name="acceleration" owner="${vyos_conf_scripts_dir}/system_acceleration.py">
         <properties>
           <help>Acceleration components</help>
           <priority>50</priority>
diff --git a/interface-definitions/system-config-mgmt.xml.in b/interface-definitions/system_config-management.xml.in
index 61089ce34..7ae347955 100644
--- a/interface-definitions/system-config-mgmt.xml.in
+++ b/interface-definitions/system_config-management.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <node name="config-management" owner="${vyos_conf_scripts_dir}/config_mgmt.py">
+      <node name="config-management" owner="${vyos_conf_scripts_dir}/system_config-management.py">
         <properties>
           <help>Configuration management settings</help>
           <priority>400</priority>
diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system_conntrack.xml.in
index d9504544d..a348097cc 100644
--- a/interface-definitions/system-conntrack.xml.in
+++ b/interface-definitions/system_conntrack.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <node name="conntrack" owner="${vyos_conf_scripts_dir}/conntrack.py">
+      <node name="conntrack" owner="${vyos_conf_scripts_dir}/system_conntrack.py">
         <properties>
           <help>Connection Tracking Engine Options</help>
           <!-- Before NAT and conntrack-sync are configured -->
@@ -218,7 +218,7 @@
                   </tagNode>
                 </children>
               </node>
-              
+
             </children>
           </node>
           <node name="log">
diff --git a/interface-definitions/system-console.xml.in b/interface-definitions/system_console.xml.in
index 5acd3e90b..5acd3e90b 100644
--- a/interface-definitions/system-console.xml.in
+++ b/interface-definitions/system_console.xml.in
diff --git a/interface-definitions/system_domain-name.xml.in b/interface-definitions/system_domain-name.xml.in
new file mode 100644
index 000000000..bfca9b8ce
--- /dev/null
+++ b/interface-definitions/system_domain-name.xml.in
@@ -0,0 +1,15 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="system">
+    <children>
+      <leafNode name="domain-name" owner="${vyos_conf_scripts_dir}/system_host-name.py">
+        <properties>
+          <help>System domain name</help>
+          <constraint>
+            <validator name="fqdn"/>
+          </constraint>
+        </properties>
+      </leafNode>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/system_domain-search.xml.in b/interface-definitions/system_domain-search.xml.in
new file mode 100644
index 000000000..eb6c8a85c
--- /dev/null
+++ b/interface-definitions/system_domain-search.xml.in
@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="system">
+    <children>
+      <leafNode name="domain-search" owner="${vyos_conf_scripts_dir}/system_host-name.py">
+        <properties>
+          <help>Domain Name Server (DNS) domain completion order</help>
+          <priority>400</priority>
+          <constraint>
+            <validator name="fqdn"/>
+          </constraint>
+          <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and period.</constraintErrorMessage>
+          <multi/>
+        </properties>
+      </leafNode>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/system_flow-accounting.xml.in
index 40a9bb423..83a2480a3 100644
--- a/interface-definitions/flow-accounting-conf.xml.in
+++ b/interface-definitions/system_flow-accounting.xml.in
@@ -3,7 +3,7 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <node name="flow-accounting" owner="${vyos_conf_scripts_dir}/flow_accounting_conf.py">
+      <node name="flow-accounting" owner="${vyos_conf_scripts_dir}/system_flow-accounting.py">
         <properties>
           <help>Flow accounting settings</help>
           <priority>990</priority>
diff --git a/interface-definitions/system-frr.xml.in b/interface-definitions/system_frr.xml.in
index 76001b392..76001b392 100644
--- a/interface-definitions/system-frr.xml.in
+++ b/interface-definitions/system_frr.xml.in
diff --git a/interface-definitions/system_host-name.xml.in b/interface-definitions/system_host-name.xml.in
new file mode 100644
index 000000000..423531a68
--- /dev/null
+++ b/interface-definitions/system_host-name.xml.in
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="system">
+    <children>
+      <!-- script does not use XML defaults so far -->
+      <leafNode name="host-name" owner="${vyos_conf_scripts_dir}/system_host-name.py">
+        <properties>
+          <help>System host name (default: vyos)</help>
+          <constraint>
+            #include <include/constraint/host-name.xml.i>
+          </constraint>
+        </properties>
+      </leafNode>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/system-ip.xml.in b/interface-definitions/system_ip.xml.in
index 6db4dbfc7..6e3b7d5d0 100644
--- a/interface-definitions/system-ip.xml.in
+++ b/interface-definitions/system_ip.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <node name="ip" owner="${vyos_conf_scripts_dir}/system-ip.py">
+      <node name="ip" owner="${vyos_conf_scripts_dir}/system_ip.py">
         <properties>
           <help>IPv4 Settings</help>
           <!-- must be before any interface, check /opt/vyatta/sbin/priority.pl -->
diff --git a/interface-definitions/system-ipv6.xml.in b/interface-definitions/system_ipv6.xml.in
index e17e1c01c..8957cb6a7 100644
--- a/interface-definitions/system-ipv6.xml.in
+++ b/interface-definitions/system_ipv6.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <node name="ipv6" owner="${vyos_conf_scripts_dir}/system-ipv6.py">
+      <node name="ipv6" owner="${vyos_conf_scripts_dir}/system_ipv6.py">
         <properties>
           <help>IPv6 Settings</help>
           <!-- must be before any interface, check /opt/vyatta/sbin/priority.pl -->
diff --git a/interface-definitions/system-lcd.xml.in b/interface-definitions/system_lcd.xml.in
index 0cf4de308..0cf4de308 100644
--- a/interface-definitions/system-lcd.xml.in
+++ b/interface-definitions/system_lcd.xml.in
diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system_login.xml.in
index a2f8beead..44e1a7a92 100644
--- a/interface-definitions/system-login.xml.in
+++ b/interface-definitions/system_login.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <node name="login" owner="${vyos_conf_scripts_dir}/system-login.py">
+      <node name="login" owner="${vyos_conf_scripts_dir}/system_login.py">
         <properties>
           <help>System User Login Configuration</help>
           <priority>400</priority>
diff --git a/interface-definitions/system-login-banner.xml.in b/interface-definitions/system_login_banner.xml.in
index bdd0ad96a..211505ae4 100644
--- a/interface-definitions/system-login-banner.xml.in
+++ b/interface-definitions/system_login_banner.xml.in
@@ -2,13 +2,13 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <node name="login" owner="${vyos_conf_scripts_dir}/system-login.py">
+      <node name="login" owner="${vyos_conf_scripts_dir}/system_login.py">
         <properties>
           <help>System User Login Configuration</help>
           <priority>400</priority>
         </properties>
         <children>
-          <node name="banner" owner="${vyos_conf_scripts_dir}/system-login-banner.py">
+          <node name="banner" owner="${vyos_conf_scripts_dir}/system_login_banner.py">
             <properties>
               <help>System login banners</help>
             </properties>
diff --git a/interface-definitions/system-logs.xml.in b/interface-definitions/system_logs.xml.in
index 1caa7abb6..b34cbdc39 100644
--- a/interface-definitions/system-logs.xml.in
+++ b/interface-definitions/system_logs.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <node name="logs" owner="${vyos_conf_scripts_dir}/system-logs.py">
+      <node name="logs" owner="${vyos_conf_scripts_dir}/system_logs.py">
         <properties>
           <help>Logging options</help>
           <priority>9999</priority>
diff --git a/interface-definitions/system_name-server.xml.in b/interface-definitions/system_name-server.xml.in
new file mode 100644
index 000000000..2f750abfa
--- /dev/null
+++ b/interface-definitions/system_name-server.xml.in
@@ -0,0 +1,33 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="system">
+    <children>
+      <leafNode name="name-server" owner="${vyos_conf_scripts_dir}/system_host-name.py">
+        <properties>
+          <help>System Domain Name Servers (DNS)</help>
+          <priority>400</priority>
+          <completionHelp>
+            <script>${vyos_completion_dir}/list_interfaces</script>
+          </completionHelp>
+          <valueHelp>
+            <format>ipv4</format>
+            <description>Domain Name Server IPv4 address</description>
+          </valueHelp>
+          <valueHelp>
+            <format>ipv6</format>
+            <description>Domain Name Server IPv6 address</description>
+          </valueHelp>
+          <valueHelp>
+            <format>txt</format>
+            <description>Use Domain Name Server from DHCP interface</description>
+          </valueHelp>
+          <multi/>
+          <constraint>
+            <validator name="ip-address"/>
+            #include <include/constraint/interface-name.xml.i>
+          </constraint>
+        </properties>
+      </leafNode>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/system-option.xml.in b/interface-definitions/system_option.xml.in
index b1b5f7fae..adb45bdcc 100644
--- a/interface-definitions/system-option.xml.in
+++ b/interface-definitions/system_option.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <node name="option" owner="${vyos_conf_scripts_dir}/system-option.py">
+      <node name="option" owner="${vyos_conf_scripts_dir}/system_option.py">
         <properties>
           <help>System Options</help>
           <priority>9999</priority>
diff --git a/interface-definitions/system-proxy.xml.in b/interface-definitions/system_proxy.xml.in
index f7ab31d7e..214534dbb 100644
--- a/interface-definitions/system-proxy.xml.in
+++ b/interface-definitions/system_proxy.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <node name="proxy" owner="${vyos_conf_scripts_dir}/system-proxy.py">
+      <node name="proxy" owner="${vyos_conf_scripts_dir}/system_proxy.py">
         <properties>
           <help>Sets a proxy for system wide use</help>
         </properties>
diff --git a/interface-definitions/system-sflow.xml.in b/interface-definitions/system_sflow.xml.in
index c5152abe9..c5152abe9 100644
--- a/interface-definitions/system-sflow.xml.in
+++ b/interface-definitions/system_sflow.xml.in
diff --git a/interface-definitions/system_static-host-mapping.xml.in b/interface-definitions/system_static-host-mapping.xml.in
new file mode 100644
index 000000000..492741f11
--- /dev/null
+++ b/interface-definitions/system_static-host-mapping.xml.in
@@ -0,0 +1,53 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="system">
+    <children>
+      <node name="static-host-mapping" owner="${vyos_conf_scripts_dir}/system_host-name.py">
+        <properties>
+          <help>Map host names to addresses</help>
+          <priority>400</priority>
+        </properties>
+        <children>
+          <tagNode name="host-name">
+            <properties>
+              <help>Host name for static address mapping</help>
+              <constraint>
+                #include <include/constraint/host-name.xml.i>
+              </constraint>
+              <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage>
+            </properties>
+            <children>
+              <leafNode name="alias">
+                <properties>
+                  <help>Alias for this address</help>
+                  <constraint>
+                    <regex>.{1,63}</regex>
+                  </constraint>
+                  <constraintErrorMessage>invalid alias hostname, needs to be between 1 and 63 charactes</constraintErrorMessage>
+                  <multi />
+                </properties>
+              </leafNode>
+              <leafNode name="inet">
+                <properties>
+                  <help>IP Address</help>
+                  <valueHelp>
+                    <format>ipv4</format>
+                    <description>IPv4 address</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ipv6</format>
+                    <description>IPv6 address</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ip-address"/>
+                  </constraint>
+                  <multi/>
+                </properties>
+              </leafNode>
+            </children>
+          </tagNode>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/interface-definitions/system-sysctl.xml.in b/interface-definitions/system_sysctl.xml.in
index bf118c24b..bf118c24b 100644
--- a/interface-definitions/system-sysctl.xml.in
+++ b/interface-definitions/system_sysctl.xml.in
diff --git a/interface-definitions/system-syslog.xml.in b/interface-definitions/system_syslog.xml.in
index cd5c514a8..3343e2c59 100644
--- a/interface-definitions/system-syslog.xml.in
+++ b/interface-definitions/system_syslog.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <node name="syslog" owner="${vyos_conf_scripts_dir}/system-syslog.py">
+      <node name="syslog" owner="${vyos_conf_scripts_dir}/system_syslog.py">
         <properties>
           <help>System logging</help>
           <priority>400</priority>
diff --git a/interface-definitions/cron.xml.in b/interface-definitions/system_task-scheduler.xml.in
index 58dcf64ac..597d58813 100644
--- a/interface-definitions/cron.xml.in
+++ b/interface-definitions/system_task-scheduler.xml.in
@@ -7,7 +7,7 @@
           <help>Task scheduler settings</help>
         </properties>
         <children>
-          <tagNode name="task" owner="${vyos_conf_scripts_dir}/task_scheduler.py">
+          <tagNode name="task" owner="${vyos_conf_scripts_dir}/system_task-scheduler.py">
             <properties>
               <help>Scheduled task</help>
               <valueHelp>
diff --git a/interface-definitions/system-time-zone.xml.in b/interface-definitions/system_time-zone.xml.in
index f6b291984..65cce9e95 100644
--- a/interface-definitions/system-time-zone.xml.in
+++ b/interface-definitions/system_time-zone.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <leafNode name="time-zone" owner="${vyos_conf_scripts_dir}/system-timezone.py">
+      <leafNode name="time-zone" owner="${vyos_conf_scripts_dir}/system_timezone.py">
         <properties>
           <help>Local time zone (default UTC)</help>
           <priority>100</priority>
diff --git a/interface-definitions/system-update-check.xml.in b/interface-definitions/system_update-check.xml.in
index a7d754003..14570b039 100644
--- a/interface-definitions/system-update-check.xml.in
+++ b/interface-definitions/system_update-check.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="system">
     <children>
-      <node name="update-check" owner="${vyos_conf_scripts_dir}/system_update_check.py">
+      <node name="update-check" owner="${vyos_conf_scripts_dir}/system_update-check.py">
         <properties>
           <help>Check available update images</help>
           <priority>9999</priority>
diff --git a/interface-definitions/vpn-ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 64cfbda08..1847401b5 100644
--- a/interface-definitions/vpn-ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -772,9 +772,13 @@
                         <properties>
                           <help>Client authentication mode</help>
                           <completionHelp>
-                            <list>eap-tls eap-mschapv2 eap-radius</list>
+                            <list>x509 eap-tls eap-mschapv2 eap-radius</list>
                           </completionHelp>
                           <valueHelp>
+                            <format>x509</format>
+                            <description>Use IPsec x.509 certificate authentication</description>
+                          </valueHelp>
+                          <valueHelp>
                             <format>eap-tls</format>
                             <description>Use EAP-TLS authentication</description>
                           </valueHelp>
@@ -787,7 +791,7 @@
                             <description>Use EAP-RADIUS authentication</description>
                           </valueHelp>
                           <constraint>
-                            <regex>(eap-tls|eap-mschapv2|eap-radius)</regex>
+                            <regex>(x509|eap-tls|eap-mschapv2|eap-radius)</regex>
                           </constraint>
                         </properties>
                         <defaultValue>eap-mschapv2</defaultValue>
diff --git a/interface-definitions/vpn-l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in
index 3e2d00e6b..3e2d00e6b 100644
--- a/interface-definitions/vpn-l2tp.xml.in
+++ b/interface-definitions/vpn_l2tp.xml.in
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in
index 736084f8b..736084f8b 100644
--- a/interface-definitions/vpn-openconnect.xml.in
+++ b/interface-definitions/vpn_openconnect.xml.in
diff --git a/interface-definitions/vpn-pptp.xml.in b/interface-definitions/vpn_pptp.xml.in
index 7bb8db798..7bb8db798 100644
--- a/interface-definitions/vpn-pptp.xml.in
+++ b/interface-definitions/vpn_pptp.xml.in
diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn_sstp.xml.in
index a1b69f990..a1b69f990 100644
--- a/interface-definitions/vpn-sstp.xml.in
+++ b/interface-definitions/vpn_sstp.xml.in
diff --git a/python/vyos/ifconfig/vxlan.py b/python/vyos/ifconfig/vxlan.py
index 23b6daa3a..a2c4aad50 100644
--- a/python/vyos/ifconfig/vxlan.py
+++ b/python/vyos/ifconfig/vxlan.py
@@ -112,7 +112,7 @@ class VXLANIf(Interface):
         # interface is always A/D down. It needs to be enabled explicitly
         self.set_admin_state('down')
 
-        # VXLAN tunnel is always recreated on any change - see interfaces-vxlan.py
+        # VXLAN tunnel is always recreated on any change - see interfaces_vxlan.py
         if remote_list:
             for remote in remote_list:
                 cmd = f'bridge fdb append to 00:00:00:00:00:00 dst {remote} ' \
diff --git a/smoketest/scripts/cli/test_ha_virtual_server.py b/smoketest/scripts/cli/test_high-availability_virtual-server.py
index 51ccfa4df..51ccfa4df 100755
--- a/smoketest/scripts/cli/test_ha_virtual_server.py
+++ b/smoketest/scripts/cli/test_high-availability_virtual-server.py
diff --git a/smoketest/scripts/cli/test_ha_vrrp.py b/smoketest/scripts/cli/test_high-availability_vrrp.py
index 98259d830..98259d830 100755
--- a/smoketest/scripts/cli/test_ha_vrrp.py
+++ b/smoketest/scripts/cli/test_high-availability_vrrp.py
diff --git a/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py b/smoketest/scripts/cli/test_interfaces_pseudo-ethernet.py
index 0d6f5bc1f..0d6f5bc1f 100755
--- a/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py
+++ b/smoketest/scripts/cli/test_interfaces_pseudo-ethernet.py
diff --git a/smoketest/scripts/cli/test_interfaces_virtual_ethernet.py b/smoketest/scripts/cli/test_interfaces_virtual-ethernet.py
index 7874589ca..7874589ca 100755
--- a/smoketest/scripts/cli/test_interfaces_virtual_ethernet.py
+++ b/smoketest/scripts/cli/test_interfaces_virtual-ethernet.py
diff --git a/smoketest/scripts/cli/test_load_balancing_reverse_proxy.py b/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py
index 274b97f22..274b97f22 100755
--- a/smoketest/scripts/cli/test_load_balancing_reverse_proxy.py
+++ b/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py
diff --git a/smoketest/scripts/cli/test_load_balancing_wan.py b/smoketest/scripts/cli/test_load-balancing_wan.py
index 47ca19b27..47ca19b27 100755
--- a/smoketest/scripts/cli/test_load_balancing_wan.py
+++ b/smoketest/scripts/cli/test_load-balancing_wan.py
diff --git a/smoketest/scripts/cli/test_protocols_segment_routing.py b/smoketest/scripts/cli/test_protocols_segment-routing.py
index 403c05924..403c05924 100755
--- a/smoketest/scripts/cli/test_protocols_segment_routing.py
+++ b/smoketest/scripts/cli/test_protocols_segment-routing.py
diff --git a/smoketest/scripts/cli/test_service_bcast-relay.py b/smoketest/scripts/cli/test_service_broadcast-relay.py
index 87901869e..87901869e 100755
--- a/smoketest/scripts/cli/test_service_bcast-relay.py
+++ b/smoketest/scripts/cli/test_service_broadcast-relay.py
diff --git a/smoketest/scripts/cli/test_service_ids.py b/smoketest/scripts/cli/test_service_ids_ddos-protection.py
index 91b056eea..91b056eea 100755
--- a/smoketest/scripts/cli/test_service_ids.py
+++ b/smoketest/scripts/cli/test_service_ids_ddos-protection.py
diff --git a/smoketest/scripts/cli/test_service_mdns-repeater.py b/smoketest/scripts/cli/test_service_mdns_repeater.py
index f2fb3b509..f2fb3b509 100755
--- a/smoketest/scripts/cli/test_service_mdns-repeater.py
+++ b/smoketest/scripts/cli/test_service_mdns_repeater.py
diff --git a/smoketest/scripts/cli/test_service_salt.py b/smoketest/scripts/cli/test_service_salt-minion.py
index 48a588b72..48a588b72 100755
--- a/smoketest/scripts/cli/test_service_salt.py
+++ b/smoketest/scripts/cli/test_service_salt-minion.py
diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py
index 6f811000f..17e12bcaf 100755
--- a/smoketest/scripts/cli/test_vpn_ipsec.py
+++ b/smoketest/scripts/cli/test_vpn_ipsec.py
@@ -667,5 +667,232 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
 
         self.tearDownPKI()
 
+    def test_08_ikev2_road_warrior_client_auth_eap_tls(self):
+        # This is a known to be good configuration for Microsoft Windows 10 and Apple iOS 17
+        self.setupPKI()
+
+        ike_group = 'IKE-RW'
+        esp_group = 'ESP-RW'
+
+        conn_name = 'vyos-rw'
+        local_address = '192.0.2.1'
+        ip_pool_name = 'ra-rw-ipv4'
+        username = 'vyos'
+        password = 'secret'
+        ike_lifetime = '7200'
+        eap_lifetime = '3600'
+        local_id = 'ipsec.vyos.net'
+
+        name_servers = ['172.16.254.100', '172.16.254.101']
+        prefix = '172.16.250.0/28'
+
+        # IKE
+        self.cli_set(base_path + ['ike-group', ike_group, 'key-exchange', 'ikev2'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'lifetime', ike_lifetime])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '1',  'dh-group', '14'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '1',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '1',  'hash', 'sha512'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '2',  'dh-group', '14'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '2',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '2',  'hash', 'sha256'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '3',  'dh-group', '2'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '3',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '3',  'hash', 'sha256'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '10', 'dh-group', '14'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '10', 'encryption', 'aes128gcm128'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '10', 'hash', 'sha256'])
+
+        # ESP
+        self.cli_set(base_path + ['esp-group', esp_group, 'lifetime', eap_lifetime])
+        self.cli_set(base_path + ['esp-group', esp_group, 'pfs', 'disable'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '1',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '1',  'hash', 'sha512'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '2',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '2',  'hash', 'sha384'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '3',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '3',  'hash', 'sha256'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '4',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '4',  'hash', 'sha1'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '10', 'encryption', 'aes128gcm128'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '10', 'hash', 'sha256'])
+
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'authentication', 'local-id', local_id])
+        # Use EAP-TLS auth instead of default EAP-MSCHAPv2
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'authentication', 'client-mode', 'eap-tls'])
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'authentication', 'server-mode', 'x509'])
+
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'authentication', 'x509', 'certificate', peer_name])
+        # verify() - CA cert required for x509 auth
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'authentication', 'x509', 'ca-certificate', ca_name])
+
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'esp-group', esp_group])
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'ike-group', ike_group])
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'local-address', local_address])
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'pool', ip_pool_name])
+
+        for ns in name_servers:
+            self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'name-server', ns])
+        self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'prefix', prefix])
+
+        self.cli_commit()
+
+        # verify applied configuration
+        swanctl_conf = read_file(swanctl_file)
+        swanctl_lines = [
+            f'{conn_name}',
+            f'remote_addrs = %any',
+            f'local_addrs = {local_address}',
+            f'proposals = aes256-sha512-modp2048,aes256-sha256-modp2048,aes256-sha256-modp1024,aes128gcm128-sha256-modp2048',
+            f'version = 2',
+            f'send_certreq = no',
+            f'rekey_time = {ike_lifetime}s',
+            f'keyingtries = 0',
+            f'pools = {ip_pool_name}',
+            f'id = "{local_id}"',
+            f'auth = pubkey',
+            f'certs = peer1.pem',
+            f'auth = eap-tls',
+            f'eap_id = %any',
+            f'esp_proposals = aes256-sha512,aes256-sha384,aes256-sha256,aes256-sha1,aes128gcm128-sha256',
+            f'rekey_time = {eap_lifetime}s',
+            f'rand_time = 540s',
+            f'dpd_action = clear',
+            f'inactivity = 28800',
+            f'local_ts = 0.0.0.0/0,::/0',
+        ]
+        for line in swanctl_lines:
+            self.assertIn(line, swanctl_conf)
+
+        swanctl_pool_lines = [
+            f'{ip_pool_name}',
+            f'addrs = {prefix}',
+            f'dns = {",".join(name_servers)}',
+        ]
+        for line in swanctl_pool_lines:
+            self.assertIn(line, swanctl_conf)
+
+        # Check Root CA, Intermediate CA and Peer cert/key pair is present
+        self.assertTrue(os.path.exists(os.path.join(CA_PATH, f'{ca_name}_1.pem')))
+        self.assertTrue(os.path.exists(os.path.join(CERT_PATH, f'{peer_name}.pem')))
+
+        self.tearDownPKI()
+
+    def test_09_ikev2_road_warrior_client_auth_x509(self):
+        # This is a known to be good configuration for Microsoft Windows 10 and Apple iOS 17
+        self.setupPKI()
+
+        ike_group = 'IKE-RW'
+        esp_group = 'ESP-RW'
+
+        conn_name = 'vyos-rw'
+        local_address = '192.0.2.1'
+        ip_pool_name = 'ra-rw-ipv4'
+        ike_lifetime = '7200'
+        eap_lifetime = '3600'
+        local_id = 'ipsec.vyos.net'
+
+        name_servers = ['172.16.254.100', '172.16.254.101']
+        prefix = '172.16.250.0/28'
+
+        # IKE
+        self.cli_set(base_path + ['ike-group', ike_group, 'key-exchange', 'ikev2'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'lifetime', ike_lifetime])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '1',  'dh-group', '14'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '1',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '1',  'hash', 'sha512'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '2',  'dh-group', '14'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '2',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '2',  'hash', 'sha256'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '3',  'dh-group', '2'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '3',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '3',  'hash', 'sha256'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '10', 'dh-group', '14'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '10', 'encryption', 'aes128gcm128'])
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '10', 'hash', 'sha256'])
+
+        # ESP
+        self.cli_set(base_path + ['esp-group', esp_group, 'lifetime', eap_lifetime])
+        self.cli_set(base_path + ['esp-group', esp_group, 'pfs', 'disable'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '1',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '1',  'hash', 'sha512'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '2',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '2',  'hash', 'sha384'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '3',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '3',  'hash', 'sha256'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '4',  'encryption', 'aes256'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '4',  'hash', 'sha1'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '10', 'encryption', 'aes128gcm128'])
+        self.cli_set(base_path + ['esp-group', esp_group, 'proposal', '10', 'hash', 'sha256'])
+
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'authentication', 'local-id', local_id])
+        # Use client-mode x509 instead of default EAP-MSCHAPv2
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'authentication', 'client-mode', 'x509'])
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'authentication', 'server-mode', 'x509'])
+
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'authentication', 'x509', 'certificate', peer_name])
+        # verify() - CA cert required for x509 auth
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'authentication', 'x509', 'ca-certificate', ca_name])
+
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'esp-group', esp_group])
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'ike-group', ike_group])
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'local-address', local_address])
+        self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'pool', ip_pool_name])
+
+        for ns in name_servers:
+            self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'name-server', ns])
+        self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'prefix', prefix])
+
+        self.cli_commit()
+
+        # verify applied configuration
+        swanctl_conf = read_file(swanctl_file)
+        swanctl_lines = [
+            f'{conn_name}',
+            f'remote_addrs = %any',
+            f'local_addrs = {local_address}',
+            f'proposals = aes256-sha512-modp2048,aes256-sha256-modp2048,aes256-sha256-modp1024,aes128gcm128-sha256-modp2048',
+            f'version = 2',
+            f'send_certreq = no',
+            f'rekey_time = {ike_lifetime}s',
+            f'keyingtries = 0',
+            f'pools = {ip_pool_name}',
+            f'id = "{local_id}"',
+            f'auth = pubkey',
+            f'certs = peer1.pem',
+            f'esp_proposals = aes256-sha512,aes256-sha384,aes256-sha256,aes256-sha1,aes128gcm128-sha256',
+            f'rekey_time = {eap_lifetime}s',
+            f'rand_time = 540s',
+            f'dpd_action = clear',
+            f'inactivity = 28800',
+            f'local_ts = 0.0.0.0/0,::/0',
+        ]
+        for line in swanctl_lines:
+            self.assertIn(line, swanctl_conf)
+
+        swanctl_unexpected_lines = [
+            f'auth = eap-',
+            f'eap_id'
+        ]
+        for unexpected_line in swanctl_unexpected_lines:
+            self.assertNotIn(unexpected_line, swanctl_conf)
+
+        swanctl_pool_lines = [
+            f'{ip_pool_name}',
+            f'addrs = {prefix}',
+            f'dns = {",".join(name_servers)}',
+        ]
+        for line in swanctl_pool_lines:
+            self.assertIn(line, swanctl_conf)
+
+        # Check Root CA, Intermediate CA and Peer cert/key pair is present
+        self.assertTrue(os.path.exists(os.path.join(CA_PATH, f'{ca_name}_1.pem')))
+        self.assertTrue(os.path.exists(os.path.join(CERT_PATH, f'{peer_name}.pem')))
+
+        self.tearDownPKI()
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index da6724fde..acb7dfa41 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -42,9 +42,6 @@ from vyos import airbag
 
 airbag.enable()
 
-nat_conf_script = 'nat.py'
-policy_route_conf_script = 'policy-route.py'
-
 nftables_conf = '/run/nftables.conf'
 
 sysfs_config = {
diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces_bonding.py
index 8184d8415..8184d8415 100755
--- a/src/conf_mode/interfaces-bonding.py
+++ b/src/conf_mode/interfaces_bonding.py
diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces_bridge.py
index 29991e2da..29991e2da 100755
--- a/src/conf_mode/interfaces-bridge.py
+++ b/src/conf_mode/interfaces_bridge.py
diff --git a/src/conf_mode/interfaces-dummy.py b/src/conf_mode/interfaces_dummy.py
index db768b94d..db768b94d 100755
--- a/src/conf_mode/interfaces-dummy.py
+++ b/src/conf_mode/interfaces_dummy.py
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces_ethernet.py
index 7374a29f7..7374a29f7 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces_ethernet.py
diff --git a/src/conf_mode/interfaces-geneve.py b/src/conf_mode/interfaces_geneve.py
index f6694ddde..f6694ddde 100755
--- a/src/conf_mode/interfaces-geneve.py
+++ b/src/conf_mode/interfaces_geneve.py
diff --git a/src/conf_mode/interfaces-input.py b/src/conf_mode/interfaces_input.py
index ad248843d..ad248843d 100755
--- a/src/conf_mode/interfaces-input.py
+++ b/src/conf_mode/interfaces_input.py
diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces_l2tpv3.py
index e1db3206e..e1db3206e 100755
--- a/src/conf_mode/interfaces-l2tpv3.py
+++ b/src/conf_mode/interfaces_l2tpv3.py
diff --git a/src/conf_mode/interfaces-loopback.py b/src/conf_mode/interfaces_loopback.py
index 08d34477a..08d34477a 100755
--- a/src/conf_mode/interfaces-loopback.py
+++ b/src/conf_mode/interfaces_loopback.py
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces_macsec.py
index 0a927ac88..0a927ac88 100755
--- a/src/conf_mode/interfaces-macsec.py
+++ b/src/conf_mode/interfaces_macsec.py
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces_openvpn.py
index bdeb44837..bdeb44837 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces_openvpn.py
diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces_pppoe.py
index 42f084309..42f084309 100755
--- a/src/conf_mode/interfaces-pppoe.py
+++ b/src/conf_mode/interfaces_pppoe.py
diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces_pseudo-ethernet.py
index dce5c2358..dce5c2358 100755
--- a/src/conf_mode/interfaces-pseudo-ethernet.py
+++ b/src/conf_mode/interfaces_pseudo-ethernet.py
diff --git a/src/conf_mode/interfaces-sstpc.py b/src/conf_mode/interfaces_sstpc.py
index b588910dc..b588910dc 100755
--- a/src/conf_mode/interfaces-sstpc.py
+++ b/src/conf_mode/interfaces_sstpc.py
diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces_tunnel.py
index 91aed9cc3..91aed9cc3 100755
--- a/src/conf_mode/interfaces-tunnel.py
+++ b/src/conf_mode/interfaces_tunnel.py
diff --git a/src/conf_mode/interfaces-virtual-ethernet.py b/src/conf_mode/interfaces_virtual-ethernet.py
index 8efe89c41..8efe89c41 100755
--- a/src/conf_mode/interfaces-virtual-ethernet.py
+++ b/src/conf_mode/interfaces_virtual-ethernet.py
diff --git a/src/conf_mode/interfaces-vti.py b/src/conf_mode/interfaces_vti.py
index 9871810ae..9871810ae 100755
--- a/src/conf_mode/interfaces-vti.py
+++ b/src/conf_mode/interfaces_vti.py
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces_vxlan.py
index 4251e611b..4251e611b 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces_vxlan.py
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces_wireguard.py
index 79e5d3f44..79e5d3f44 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces_wireguard.py
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces_wireless.py
index 02b4a2500..02b4a2500 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces_wireless.py
diff --git a/src/conf_mode/interfaces-wwan.py b/src/conf_mode/interfaces_wwan.py
index 2515dc838..2515dc838 100755
--- a/src/conf_mode/interfaces-wwan.py
+++ b/src/conf_mode/interfaces_wwan.py
diff --git a/src/conf_mode/load-balancing-haproxy.py b/src/conf_mode/load-balancing_reverse-proxy.py
index 333ebc66c..333ebc66c 100755
--- a/src/conf_mode/load-balancing-haproxy.py
+++ b/src/conf_mode/load-balancing_reverse-proxy.py
diff --git a/src/conf_mode/load-balancing-wan.py b/src/conf_mode/load-balancing_wan.py
index 5da0b906b..5da0b906b 100755
--- a/src/conf_mode/load-balancing-wan.py
+++ b/src/conf_mode/load-balancing_wan.py
diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py
index 34ba2fe69..f7e14aa16 100755
--- a/src/conf_mode/pki.py
+++ b/src/conf_mode/pki.py
@@ -36,22 +36,22 @@ sync_search = [
     {
         'keys': ['certificate'],
         'path': ['service', 'https'],
-        'script': '/usr/libexec/vyos/conf_mode/https.py'
+        'script': '/usr/libexec/vyos/conf_mode/service_https.py'
     },
     {
         'keys': ['certificate', 'ca_certificate'],
         'path': ['interfaces', 'ethernet'],
-        'script': '/usr/libexec/vyos/conf_mode/interfaces-ethernet.py'
+        'script': '/usr/libexec/vyos/conf_mode/interfaces_ethernet.py'
     },
     {
         'keys': ['certificate', 'ca_certificate', 'dh_params', 'shared_secret_key', 'auth_key', 'crypt_key'],
         'path': ['interfaces', 'openvpn'],
-        'script': '/usr/libexec/vyos/conf_mode/interfaces-openvpn.py'
+        'script': '/usr/libexec/vyos/conf_mode/interfaces_openvpn.py'
     },
     {
         'keys': ['ca_certificate'],
         'path': ['interfaces', 'sstpc'],
-        'script': '/usr/libexec/vyos/conf_mode/interfaces-sstpc.py'
+        'script': '/usr/libexec/vyos/conf_mode/interfaces_sstpc.py'
     },
     {
         'keys': ['certificate', 'ca_certificate', 'local_key', 'remote_key'],
diff --git a/src/conf_mode/policy-local-route.py b/src/conf_mode/policy_local-route.py
index 91e4fce2c..91e4fce2c 100755
--- a/src/conf_mode/policy-local-route.py
+++ b/src/conf_mode/policy_local-route.py
diff --git a/src/conf_mode/policy-route.py b/src/conf_mode/policy_route.py
index adad012de..adad012de 100755
--- a/src/conf_mode/policy-route.py
+++ b/src/conf_mode/policy_route.py
diff --git a/src/conf_mode/igmp_proxy.py b/src/conf_mode/protocols_igmp-proxy.py
index 40db417dd..40db417dd 100755
--- a/src/conf_mode/igmp_proxy.py
+++ b/src/conf_mode/protocols_igmp-proxy.py
diff --git a/src/conf_mode/protocols_segment_routing.py b/src/conf_mode/protocols_segment-routing.py
index d865c2ac0..d865c2ac0 100755
--- a/src/conf_mode/protocols_segment_routing.py
+++ b/src/conf_mode/protocols_segment-routing.py
diff --git a/src/conf_mode/arp.py b/src/conf_mode/protocols_static_arp.py
index b141f1141..b141f1141 100755
--- a/src/conf_mode/arp.py
+++ b/src/conf_mode/protocols_static_arp.py
diff --git a/src/conf_mode/bcast_relay.py b/src/conf_mode/service_broadcast-relay.py
index 31c552f5a..31c552f5a 100755
--- a/src/conf_mode/bcast_relay.py
+++ b/src/conf_mode/service_broadcast-relay.py
diff --git a/src/conf_mode/service_config_sync.py b/src/conf_mode/service_config-sync.py
index 4b8a7f6ee..4b8a7f6ee 100755
--- a/src/conf_mode/service_config_sync.py
+++ b/src/conf_mode/service_config-sync.py
diff --git a/src/conf_mode/conntrack_sync.py b/src/conf_mode/service_conntrack-sync.py
index 4fb2ce27f..4fb2ce27f 100755
--- a/src/conf_mode/conntrack_sync.py
+++ b/src/conf_mode/service_conntrack-sync.py
diff --git a/src/conf_mode/dhcp_relay.py b/src/conf_mode/service_dhcp-relay.py
index 37d708847..37d708847 100755
--- a/src/conf_mode/dhcp_relay.py
+++ b/src/conf_mode/service_dhcp-relay.py
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/service_dhcp-server.py
index c1308cda7..7ebc560ba 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/service_dhcp-server.py
@@ -27,9 +27,10 @@ from vyos.pki import wrap_private_key
 from vyos.template import render
 from vyos.utils.dict import dict_search
 from vyos.utils.dict import dict_search_args
+from vyos.utils.file import chmod_775
+from vyos.utils.file import makedir
 from vyos.utils.file import write_file
 from vyos.utils.process import call
-from vyos.utils.process import run
 from vyos.utils.network import is_subnet_connected
 from vyos.utils.network import is_addr_assigned
 from vyos import ConfigError
@@ -39,8 +40,9 @@ airbag.enable()
 ctrl_config_file = '/run/kea/kea-ctrl-agent.conf'
 ctrl_socket = '/run/kea/dhcp4-ctrl-socket'
 config_file = '/run/kea/kea-dhcp4.conf'
-lease_file = '/config/dhcp4.leases'
+lease_file = '/config/dhcp/dhcp4-leases.csv'
 systemd_override = r'/run/systemd/system/kea-ctrl-agent.service.d/10-override.conf'
+user_group = '_kea'
 
 ca_cert_file = '/run/kea/kea-failover-ca.pem'
 cert_file = '/run/kea/kea-failover.pem'
@@ -308,8 +310,15 @@ def generate(dhcp):
     dhcp['lease_file'] = lease_file
     dhcp['machine'] = os.uname().machine
 
+    # Create directory for lease file if necessary
+    lease_dir = os.path.dirname(lease_file)
+    if not os.path.isdir(lease_dir):
+        makedir(lease_dir, group='vyattacfg')
+        chmod_775(lease_dir)
+
+    # Create lease file if necessary and let kea own it - 'kea-lfc' expects it that way
     if not os.path.exists(lease_file):
-        write_file(lease_file, '', user='_kea', group='vyattacfg', mode=0o755)
+        write_file(lease_file, '', user=user_group, group=user_group, mode=0o644)
 
     for f in [cert_file, cert_key_file, ca_cert_file]:
         if os.path.exists(f):
@@ -320,8 +329,8 @@ def generate(dhcp):
             cert_name = dhcp['failover']['certificate']
             cert_data = dhcp['pki']['certificate'][cert_name]['certificate']
             key_data = dhcp['pki']['certificate'][cert_name]['private']['key']
-            write_file(cert_file, wrap_certificate(cert_data), user='_kea', mode=0o600)
-            write_file(cert_key_file, wrap_private_key(key_data), user='_kea', mode=0o600)
+            write_file(cert_file, wrap_certificate(cert_data), user=user_group, mode=0o600)
+            write_file(cert_key_file, wrap_private_key(key_data), user=user_group, mode=0o600)
 
             dhcp['failover']['cert_file'] = cert_file
             dhcp['failover']['cert_key_file'] = cert_key_file
@@ -329,14 +338,14 @@ def generate(dhcp):
         if 'ca_certificate' in dhcp['failover']:
             ca_cert_name = dhcp['failover']['ca_certificate']
             ca_cert_data = dhcp['pki']['ca'][ca_cert_name]['certificate']
-            write_file(ca_cert_file, wrap_certificate(ca_cert_data), user='_kea', mode=0o600)
+            write_file(ca_cert_file, wrap_certificate(ca_cert_data), user=user_group, mode=0o600)
 
             dhcp['failover']['ca_cert_file'] = ca_cert_file
 
         render(systemd_override, 'dhcp-server/10-override.conf.j2', dhcp)
 
-    render(ctrl_config_file, 'dhcp-server/kea-ctrl-agent.conf.j2', dhcp)
-    render(config_file, 'dhcp-server/kea-dhcp4.conf.j2', dhcp)
+    render(ctrl_config_file, 'dhcp-server/kea-ctrl-agent.conf.j2', dhcp, user=user_group, group=user_group)
+    render(config_file, 'dhcp-server/kea-dhcp4.conf.j2', dhcp, user=user_group, group=user_group)
 
     return None
 
diff --git a/src/conf_mode/dhcpv6_relay.py b/src/conf_mode/service_dhcpv6-relay.py
index 6537ca3c2..6537ca3c2 100755
--- a/src/conf_mode/dhcpv6_relay.py
+++ b/src/conf_mode/service_dhcpv6-relay.py
diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/service_dhcpv6-server.py
index f9da3d84a..9cc57dbcf 100755
--- a/src/conf_mode/dhcpv6_server.py
+++ b/src/conf_mode/service_dhcpv6-server.py
@@ -22,8 +22,9 @@ from sys import exit
 
 from vyos.config import Config
 from vyos.template import render
-from vyos.template import is_ipv6
 from vyos.utils.process import call
+from vyos.utils.file import chmod_775
+from vyos.utils.file import makedir
 from vyos.utils.file import write_file
 from vyos.utils.dict import dict_search
 from vyos.utils.network import is_subnet_connected
@@ -33,7 +34,8 @@ airbag.enable()
 
 config_file = '/run/kea/kea-dhcp6.conf'
 ctrl_socket = '/run/kea/dhcp6-ctrl-socket'
-lease_file = '/config/dhcp6.leases'
+lease_file = '/config/dhcp/dhcp6-leases.csv'
+user_group = '_kea'
 
 def get_config(config=None):
     if config:
@@ -182,10 +184,17 @@ def generate(dhcpv6):
     dhcpv6['lease_file'] = lease_file
     dhcpv6['machine'] = os.uname().machine
 
+    # Create directory for lease file if necessary
+    lease_dir = os.path.dirname(lease_file)
+    if not os.path.isdir(lease_dir):
+        makedir(lease_dir, group='vyattacfg')
+        chmod_775(lease_dir)
+
+    # Create lease file if necessary and let kea own it - 'kea-lfc' expects it that way
     if not os.path.exists(lease_file):
-        write_file(lease_file, '', user='_kea', group='vyattacfg', mode=0o755)
+        write_file(lease_file, '', user=user_group, group=user_group, mode=0o644)
 
-    render(config_file, 'dhcp-server/kea-dhcp6.conf.j2', dhcpv6)
+    render(config_file, 'dhcp-server/kea-dhcp6.conf.j2', dhcpv6, user=user_group, group=user_group)
     return None
 
 def apply(dhcpv6):
diff --git a/src/conf_mode/dns_dynamic.py b/src/conf_mode/service_dns_dynamic.py
index 99fa8feee..99fa8feee 100755
--- a/src/conf_mode/dns_dynamic.py
+++ b/src/conf_mode/service_dns_dynamic.py
diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/service_dns_forwarding.py
index c186f47af..c186f47af 100755
--- a/src/conf_mode/dns_forwarding.py
+++ b/src/conf_mode/service_dns_forwarding.py
diff --git a/src/conf_mode/service_event_handler.py b/src/conf_mode/service_event-handler.py
index 5028ef52f..5028ef52f 100755
--- a/src/conf_mode/service_event_handler.py
+++ b/src/conf_mode/service_event-handler.py
diff --git a/src/conf_mode/https.py b/src/conf_mode/service_https.py
index 3dc5dfc01..3dc5dfc01 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/service_https.py
diff --git a/src/conf_mode/le_cert.py b/src/conf_mode/service_https_certificates_certbot.py
index 06c7e7b72..1a6a498de 100755
--- a/src/conf_mode/le_cert.py
+++ b/src/conf_mode/service_https_certificates_certbot.py
@@ -31,7 +31,7 @@ vyos_conf_scripts_dir = vyos.defaults.directories['conf_mode']
 vyos_certbot_dir = vyos.defaults.directories['certbot']
 
 dependencies = [
-    'https.py',
+    'service_https.py',
 ]
 
 def request_certbot(cert):
@@ -112,4 +112,3 @@ if __name__ == '__main__':
     except ConfigError as e:
         print(e)
         sys.exit(1)
-
diff --git a/src/conf_mode/service_ids_fastnetmon.py b/src/conf_mode/service_ids_ddos-protection.py
index 276a71fcb..276a71fcb 100755
--- a/src/conf_mode/service_ids_fastnetmon.py
+++ b/src/conf_mode/service_ids_ddos-protection.py
diff --git a/src/conf_mode/lldp.py b/src/conf_mode/service_lldp.py
index 3c647a0e8..3c647a0e8 100755
--- a/src/conf_mode/lldp.py
+++ b/src/conf_mode/service_lldp.py
diff --git a/src/conf_mode/service_mdns-repeater.py b/src/conf_mode/service_mdns_repeater.py
index 6526c23d1..6526c23d1 100755
--- a/src/conf_mode/service_mdns-repeater.py
+++ b/src/conf_mode/service_mdns_repeater.py
diff --git a/src/conf_mode/ntp.py b/src/conf_mode/service_ntp.py
index 1cc23a7df..1cc23a7df 100755
--- a/src/conf_mode/ntp.py
+++ b/src/conf_mode/service_ntp.py
diff --git a/src/conf_mode/salt-minion.py b/src/conf_mode/service_salt-minion.py
index a8fce8e01..a8fce8e01 100755
--- a/src/conf_mode/salt-minion.py
+++ b/src/conf_mode/service_salt-minion.py
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/service_snmp.py
index 6565ffd60..6565ffd60 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/service_snmp.py
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/service_ssh.py
index ee5e1eca2..ee5e1eca2 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/service_ssh.py
diff --git a/src/conf_mode/tftp_server.py b/src/conf_mode/service_tftp-server.py
index 3ad346e2e..3ad346e2e 100755
--- a/src/conf_mode/tftp_server.py
+++ b/src/conf_mode/service_tftp-server.py
diff --git a/src/conf_mode/intel_qat.py b/src/conf_mode/system_acceleration.py
index e4b248675..e4b248675 100755
--- a/src/conf_mode/intel_qat.py
+++ b/src/conf_mode/system_acceleration.py
diff --git a/src/conf_mode/config_mgmt.py b/src/conf_mode/system_config-management.py
index c681a8405..c681a8405 100755
--- a/src/conf_mode/config_mgmt.py
+++ b/src/conf_mode/system_config-management.py
diff --git a/src/conf_mode/conntrack.py b/src/conf_mode/system_conntrack.py
index 7f6c71440..7f6c71440 100755
--- a/src/conf_mode/conntrack.py
+++ b/src/conf_mode/system_conntrack.py
diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/system_flow-accounting.py
index 206f513c8..206f513c8 100755
--- a/src/conf_mode/flow_accounting_conf.py
+++ b/src/conf_mode/system_flow-accounting.py
diff --git a/src/conf_mode/host_name.py b/src/conf_mode/system_host-name.py
index 6204cf247..6204cf247 100755
--- a/src/conf_mode/host_name.py
+++ b/src/conf_mode/system_host-name.py
diff --git a/src/conf_mode/system-ip.py b/src/conf_mode/system_ip.py
index 7612e2c0d..7612e2c0d 100755
--- a/src/conf_mode/system-ip.py
+++ b/src/conf_mode/system_ip.py
diff --git a/src/conf_mode/system-ipv6.py b/src/conf_mode/system_ipv6.py
index 90a1a8087..90a1a8087 100755
--- a/src/conf_mode/system-ipv6.py
+++ b/src/conf_mode/system_ipv6.py
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system_login.py
index f34575aff..f34575aff 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system_login.py
diff --git a/src/conf_mode/system-login-banner.py b/src/conf_mode/system_login_banner.py
index 65fa04417..65fa04417 100755
--- a/src/conf_mode/system-login-banner.py
+++ b/src/conf_mode/system_login_banner.py
diff --git a/src/conf_mode/system-logs.py b/src/conf_mode/system_logs.py
index 8ad4875d4..8ad4875d4 100755
--- a/src/conf_mode/system-logs.py
+++ b/src/conf_mode/system_logs.py
diff --git a/src/conf_mode/system-option.py b/src/conf_mode/system_option.py
index d92121b3d..d92121b3d 100755
--- a/src/conf_mode/system-option.py
+++ b/src/conf_mode/system_option.py
diff --git a/src/conf_mode/system-proxy.py b/src/conf_mode/system_proxy.py
index 079c43e7e..079c43e7e 100755
--- a/src/conf_mode/system-proxy.py
+++ b/src/conf_mode/system_proxy.py
diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system_syslog.py
index 07fbb0734..07fbb0734 100755
--- a/src/conf_mode/system-syslog.py
+++ b/src/conf_mode/system_syslog.py
diff --git a/src/conf_mode/task_scheduler.py b/src/conf_mode/system_task-scheduler.py
index 129be5d3c..129be5d3c 100755
--- a/src/conf_mode/task_scheduler.py
+++ b/src/conf_mode/system_task-scheduler.py
diff --git a/src/conf_mode/system-timezone.py b/src/conf_mode/system_timezone.py
index cd3d4b229..cd3d4b229 100755
--- a/src/conf_mode/system-timezone.py
+++ b/src/conf_mode/system_timezone.py
diff --git a/src/conf_mode/system_update_check.py b/src/conf_mode/system_update-check.py
index 8d641a97d..8d641a97d 100755
--- a/src/conf_mode/system_update_check.py
+++ b/src/conf_mode/system_update-check.py
diff --git a/src/etc/ppp/ip-down.d/98-vyos-pppoe-cleanup-nameservers b/src/etc/ppp/ip-down.d/98-vyos-pppoe-cleanup-nameservers
index 222c75f21..5157469f4 100755
--- a/src/etc/ppp/ip-down.d/98-vyos-pppoe-cleanup-nameservers
+++ b/src/etc/ppp/ip-down.d/98-vyos-pppoe-cleanup-nameservers
@@ -1,5 +1,4 @@
 #!/bin/bash
-### Autogenerated by interfaces-pppoe.py ###
 
 interface=$6
 if [ -z "$interface" ]; then
diff --git a/src/etc/ppp/ip-up.d/98-vyos-pppoe-setup-nameservers b/src/etc/ppp/ip-up.d/98-vyos-pppoe-setup-nameservers
index 0fcedbedc..4affaeb5c 100755
--- a/src/etc/ppp/ip-up.d/98-vyos-pppoe-setup-nameservers
+++ b/src/etc/ppp/ip-up.d/98-vyos-pppoe-setup-nameservers
@@ -1,5 +1,4 @@
 #!/bin/bash
-### Autogenerated by interfaces-pppoe.py ###
 
 interface=$6
 if [ -z "$interface" ]; then
diff --git a/src/init/vyos-router b/src/init/vyos-router
index 711681a8e..aaecbf2a1 100755
--- a/src/init/vyos-router
+++ b/src/init/vyos-router
@@ -372,11 +372,11 @@ start ()
     # As VyOS does not execute commands that are not present in the CLI we call
     # the script by hand to have a single source for the login banner and MOTD
     ${vyos_conf_scripts_dir}/system_console.py || log_failure_msg "could not reset serial console"
-    ${vyos_conf_scripts_dir}/system-login-banner.py || log_failure_msg "could not reset motd and issue files"
-    ${vyos_conf_scripts_dir}/system-option.py || log_failure_msg "could not reset system option files"
-    ${vyos_conf_scripts_dir}/system-ip.py || log_failure_msg "could not reset system IPv4 options"
-    ${vyos_conf_scripts_dir}/system-ipv6.py || log_failure_msg "could not reset system IPv6 options"
-    ${vyos_conf_scripts_dir}/conntrack.py || log_failure_msg "could not reset conntrack subsystem"
+    ${vyos_conf_scripts_dir}/system_login_banner.py || log_failure_msg "could not reset motd and issue files"
+    ${vyos_conf_scripts_dir}/system_option.py || log_failure_msg "could not reset system option files"
+    ${vyos_conf_scripts_dir}/system_ip.py || log_failure_msg "could not reset system IPv4 options"
+    ${vyos_conf_scripts_dir}/system_ipv6.py || log_failure_msg "could not reset system IPv6 options"
+    ${vyos_conf_scripts_dir}/system_conntrack.py || log_failure_msg "could not reset conntrack subsystem"
     ${vyos_conf_scripts_dir}/container.py || log_failure_msg "could not reset container subsystem"
 
     clear_or_override_config_files || log_failure_msg "could not reset config files"
diff --git a/src/migration-scripts/https/1-to-2 b/src/migration-scripts/https/1-to-2
index b1cf37ea6..1a2cdc1e7 100755
--- a/src/migration-scripts/https/1-to-2
+++ b/src/migration-scripts/https/1-to-2
@@ -15,7 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 # * Move 'api virtual-host' list to 'api-restrict virtual-host' so it
-#   is owned by https.py instead of http-api.py
+#   is owned by service_https.py
 
 import sys
 
diff --git a/src/op_mode/clear_dhcp_lease.py b/src/op_mode/clear_dhcp_lease.py
index 2c95a2b08..7d4b47104 100755
--- a/src/op_mode/clear_dhcp_lease.py
+++ b/src/op_mode/clear_dhcp_lease.py
@@ -28,7 +28,7 @@ from vyos.utils.commit import commit_in_progress
 
 config = ConfigTreeQuery()
 base = ['service', 'dhcp-server']
-lease_file = '/config/dhcp4.leases'
+lease_file = '/config/dhcp/dhcp4-leases.csv'
 
 
 def del_lease_ip(address):
@@ -52,7 +52,6 @@ def is_ip_in_leases(address):
     Return True if address found in the lease file
     """
     leases = kea_parse_leases(lease_file)
-    lease_ips = []
     for lease in leases:
         if address == lease['address']:
             return True
diff --git a/src/op_mode/connect_disconnect.py b/src/op_mode/connect_disconnect.py
index 89f929be7..10034e499 100755
--- a/src/op_mode/connect_disconnect.py
+++ b/src/op_mode/connect_disconnect.py
@@ -55,7 +55,7 @@ def connect(interface):
         if is_wwan_connected(interface):
             print(f'Interface {interface}: already connected!')
         else:
-            call(f'VYOS_TAGNODE_VALUE={interface} /usr/libexec/vyos/conf_mode/interfaces-wwan.py')
+            call(f'VYOS_TAGNODE_VALUE={interface} /usr/libexec/vyos/conf_mode/interfaces_wwan.py')
     else:
         print(f'Unknown interface {interface}, can not connect. Aborting!')
 
diff --git a/src/op_mode/dhcp.py b/src/op_mode/dhcp.py
index a9271ea79..02f4d5bbb 100755
--- a/src/op_mode/dhcp.py
+++ b/src/op_mode/dhcp.py
@@ -31,9 +31,6 @@ from vyos.configquery import ConfigTreeQuery
 from vyos.kea import kea_get_active_config
 from vyos.kea import kea_get_pool_from_subnet_id
 from vyos.kea import kea_parse_leases
-from vyos.utils.dict import dict_search
-from vyos.utils.file import read_file
-from vyos.utils.process import cmd
 from vyos.utils.process import is_systemd_service_running
 
 time_string = "%a %b %d %H:%M:%S %Z %Y"
@@ -79,8 +76,8 @@ def _get_raw_server_leases(family='inet', pool=None, sorted=None, state=[], orig
     Get DHCP server leases
     :return list
     """
-    lease_file = '/config/dhcp6.leases' if family == 'inet6' else '/config/dhcp4.leases'
-    data = []
+    inet_suffix = '6' if family == 'inet6' else '4'
+    lease_file = f'/config/dhcp/dhcp{inet_suffix}-leases.csv'
     leases = kea_parse_leases(lease_file)
 
     if pool is None:
@@ -88,9 +85,9 @@ def _get_raw_server_leases(family='inet', pool=None, sorted=None, state=[], orig
     else:
         pool = [pool]
 
-    inet_suffix = '6' if family == 'inet6' else '4'
     active_config = kea_get_active_config(inet_suffix)
 
+    data = []
     for lease in leases:
         data_lease = {}
         data_lease['ip'] = lease['address']
diff --git a/src/system/keepalived-fifo.py b/src/system/keepalived-fifo.py
index 5e19bdbad..6d33e372d 100755
--- a/src/system/keepalived-fifo.py
+++ b/src/system/keepalived-fifo.py
@@ -41,7 +41,7 @@ logger.addHandler(logs_handler_syslog)
 logger.setLevel(logging.DEBUG)
 
 mdns_running_file = '/run/mdns_vrrp_active'
-mdns_update_command = 'sudo /usr/libexec/vyos/conf_mode/service_mdns-repeater.py'
+mdns_update_command = 'sudo /usr/libexec/vyos/conf_mode/service_mdns_repeater.py'
 
 # class for all operations
 class KeepalivedFifo:
diff --git a/src/tests/test_task_scheduler.py b/src/tests/test_task_scheduler.py
index f15fcde88..130f825e6 100644
--- a/src/tests/test_task_scheduler.py
+++ b/src/tests/test_task_scheduler.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018-2020 VyOS maintainers and contributors
+# Copyright (C) 2018-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -17,16 +17,16 @@
 import os
 import tempfile
 import unittest
+import importlib
 
 from vyos import ConfigError
 
 try:
-    from src.conf_mode import task_scheduler
+    task_scheduler = importlib.import_module("src.conf_mode.system_task-scheduler")
 except ModuleNotFoundError:  # for unittest.main()
     import sys
     sys.path.append(os.path.join(os.path.dirname(__file__), '../..'))
-    from src.conf_mode import task_scheduler
-
+    task_scheduler = importlib.import_module("src.conf_mode.system_task-scheduler")
 
 class TestUpdateCrontab(unittest.TestCase):