6 files changed, 32 insertions, 22 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 5d537dadf..ae35ed3c4 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -51,6 +51,7 @@ user = 'openvpn'
 group = 'openvpn'
 
 cfg_file = '/run/openvpn/{ifname}.conf'
+service_file = '/run/systemd/system/openvpn@{ifname}.service.d/20-override.conf'
 
 def checkCertHeader(header, filename):
     """
@@ -434,6 +435,11 @@ def generate(openvpn):
     if os.path.isdir(ccd_dir):
         rmtree(ccd_dir, ignore_errors=True)
 
+    # Remove systemd directories with overrides
+    service_dir = os.path.dirname(service_file.format(**openvpn))
+    if os.path.isdir(service_dir):
+        rmtree(service_dir, ignore_errors=True)
+
     if 'deleted' in openvpn or 'disable' in openvpn:
         return None
 
@@ -477,14 +483,20 @@ def generate(openvpn):
     render(cfg_file.format(**openvpn), 'openvpn/server.conf.tmpl', openvpn,
            formater=lambda _: _.replace("&quot;", '"'), user=user, group=group)
 
+    # Render 20-override.conf for OpenVPN service
+    render(service_file.format(**openvpn), 'openvpn/service-override.conf.tmpl', openvpn,
+           formater=lambda _: _.replace("&quot;", '"'), user=user, group=group)
+    # Reload systemd services config to apply an override
+    call(f'systemctl daemon-reload')
+
     return None
 
 def apply(openvpn):
     interface = openvpn['ifname']
-    call(f'systemctl stop openvpn@{interface}.service')
 
     # Do some cleanup when OpenVPN is disabled/deleted
     if 'deleted' in openvpn or 'disable' in openvpn:
+        call(f'systemctl stop openvpn@{interface}.service')
         for cleanup_file in glob(f'/run/openvpn/{interface}.*'):
             if os.path.isfile(cleanup_file):
                 os.unlink(cleanup_file)
@@ -496,7 +508,7 @@ def apply(openvpn):
 
     # No matching OpenVPN process running - maybe it got killed or none
     # existed - nevertheless, spawn new OpenVPN process
-    call(f'systemctl start openvpn@{interface}.service')
+    call(f'systemctl reload-or-restart openvpn@{interface}.service')
 
     conf = VTunIf.get_config()
     conf['device_type'] = openvpn['device_type']
diff --git a/src/conf_mode/interfaces-wwan.py b/src/conf_mode/interfaces-wwan.py
index 31c599145..cb46b3723 100755
--- a/src/conf_mode/interfaces-wwan.py
+++ b/src/conf_mode/interfaces-wwan.py
@@ -25,7 +25,9 @@ from vyos.configverify import verify_interface_exists
 from vyos.configverify import verify_vrf
 from vyos.ifconfig import WWANIf
 from vyos.util import cmd
+from vyos.util import call
 from vyos.util import dict_search
+from vyos.util import DEVNULL
 from vyos.template import render
 from vyos import ConfigError
 from vyos import airbag
@@ -89,7 +91,7 @@ def apply(wwan):
         options += ',user={user},password={password}'.format(**wwan['authentication'])
 
     command = f'{base_cmd} --simple-connect="{options}"'
-    cmd(command)
+    call(command, stdout=DEVNULL)
     w.update(wwan)
 
     return None
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py
index 3990e5735..0fbe90cce 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/snmp.py
@@ -20,13 +20,17 @@ from sys import exit
 
 from vyos.config import Config
 from vyos.configverify import verify_vrf
-from vyos.snmpv3_hashgen import plaintext_to_md5, plaintext_to_sha1, random
+from vyos.snmpv3_hashgen import plaintext_to_md5
+from vyos.snmpv3_hashgen import plaintext_to_sha1
+from vyos.snmpv3_hashgen import random
 from vyos.template import render
 from vyos.template import is_ipv4
-from vyos.util import call, chmod_755
+from vyos.util import call
+from vyos.util import chmod_755
 from vyos.validate import is_addr_assigned
 from vyos.version import get_version_data
-from vyos import ConfigError, airbag
+from vyos import ConfigError
+from vyos import airbag
 airbag.enable()
 
 config_file_client  = r'/etc/snmp/snmp.conf'
@@ -401,19 +405,20 @@ def verify(snmp):
         addr = listen[0]
         port = listen[1]
 
+        tmp = None
         if is_ipv4(addr):
             # example: udp:127.0.0.1:161
-            listen = 'udp:' + addr + ':' + port
+            tmp = f'udp:{addr}:{port}'
         elif snmp['ipv6_enabled']:
             # example: udp6:[::1]:161
-            listen = 'udp6:' + '[' + addr + ']' + ':' + port
+            tmp = f'udp6:[{addr}]:{port}'
 
         # We only wan't to configure addresses that exist on the system.
         # Hint the user if they don't exist
         if is_addr_assigned(addr):
-            snmp['listen_on'].append(listen)
+            if tmp: snmp['listen_on'].append(tmp)
         else:
-            print('WARNING: SNMP listen address {0} not configured!'.format(addr))
+            print(f'WARNING: SNMP listen address {addr} not configured!')
 
     verify_vrf(snmp)
 
diff --git a/src/conf_mode/system-login-banner.py b/src/conf_mode/system-login-banner.py
index a40d932e0..2220d7b66 100755
--- a/src/conf_mode/system-login-banner.py
+++ b/src/conf_mode/system-login-banner.py
@@ -37,7 +37,7 @@ PRELOGIN_NET_FILE = r'/etc/issue.net'
 POSTLOGIN_FILE = r'/etc/motd'
 
 default_config_data = {
-    'issue': 'Welcome to VyOS - \n \l\n',
+    'issue': 'Welcome to VyOS - \\n \\l\n\n',
     'issue_net': 'Welcome to VyOS\n',
     'motd': motd
 }
diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py
index e970d2ef5..86aa9af09 100755
--- a/src/conf_mode/vpn_l2tp.py
+++ b/src/conf_mode/vpn_l2tp.py
@@ -291,6 +291,8 @@ def get_config(config=None):
     # LNS secret
     if conf.exists(['lns', 'shared-secret']):
         l2tp['lns_shared_secret'] = conf.return_value(['lns', 'shared-secret'])
+    if conf.exists(['lns', 'host-name']):
+        l2tp['lns_host_name'] = conf.return_value(['lns', 'host-name'])
 
     if conf.exists(['ccp-disable']):
         l2tp['ccp_disable'] = True
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index 070009722..215dfb37a 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -56,24 +56,13 @@ def verify(sstp):
     #
     # SSL certificate checks
     #
-    tmp = dict_search('ssl.ca_cert_file', sstp)
-    if tmp:
-        if not os.path.isfile(tmp):
-            raise ConfigError(f'SSL CA certificate "{tmp}" does not exist!')
-
     tmp = dict_search('ssl.cert_file', sstp)
     if not tmp:
         raise ConfigError(f'SSL public key file required!')
-    else:
-        if not os.path.isfile(tmp):
-            raise ConfigError(f'SSL public key "{tmp}" does not exist!')
 
     tmp = dict_search('ssl.key_file', sstp)
     if not tmp:
         raise ConfigError(f'SSL private key file required!')
-    else:
-        if not os.path.isfile(tmp):
-            raise ConfigError(f'SSL private key "{tmp}" does not exist!')
 
 def generate(sstp):
     if not sstp: