3 files changed, 7 insertions, 5 deletions

diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index afa0c5b33..8e0ce701e 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -388,8 +388,10 @@ def verify_accel_ppp_base_service(config, local_users=True):
     """
     # vertify auth settings
     if local_users and dict_search('authentication.mode', config) == 'local':
-        if dict_search(f'authentication.local_users', config) == None:
-            raise ConfigError('Authentication mode local requires local users to be configured!')
+        if (dict_search(f'authentication.local_users', config) is None or
+                dict_search(f'authentication.local_users', config) == {}):
+            raise ConfigError(
+                'Authentication mode local requires local users to be configured!')
 
         for user in dict_search('authentication.local_users.username', config):
             user_config = config['authentication']['local_users']['username'][user]
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 38a332be3..f68acfe02 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -276,6 +276,8 @@ def verify_nested_group(group_name, group, groups, seen):
     if 'include' not in group:
         return
 
+    seen.append(group_name)
+
     for g in group['include']:
         if g not in groups:
             raise ConfigError(f'Nested group "{g}" does not exist')
@@ -283,8 +285,6 @@ def verify_nested_group(group_name, group, groups, seen):
         if g in seen:
             raise ConfigError(f'Group "{group_name}" has a circular reference')
 
-        seen.append(g)
-
         if 'include' in groups[g]:
             verify_nested_group(g, groups[g], groups, seen)
 
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index c050b796b..7c86356e9 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -157,7 +157,7 @@ def verify(ocserv):
                 ocserv["network_settings"]["push_route"].remove("0.0.0.0/0")
                 ocserv["network_settings"]["push_route"].append("default")
         else:
-            ocserv["network_settings"]["push_route"] = "default"
+            ocserv["network_settings"]["push_route"] = ["default"]
     else:
         raise ConfigError('openconnect network settings required')