2 files changed, 13 insertions, 16 deletions

diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index f34e4f7fe..8a615ec62 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -490,7 +490,11 @@ def verify(openvpn):
     # OpenVPN site-to-site - VERIFY
     #
     if openvpn['mode'] == 'site-to-site':
-        if not (openvpn['local_address'] or openvpn['bridge_member']):
+        if openvpn['ncp_ciphers']:
+            raise ConfigError('encryption ncp-ciphers cannot be specified in site-to-site mode, only server or client')
+
+    if openvpn['mode'] == 'site-to-site' and not openvpn['bridge_member']:
+        if not openvpn['local_address']:
             raise ConfigError('Must specify "local-address" or "bridge member interface"')
 
         for host in openvpn['remote_host']:
@@ -507,15 +511,10 @@ def verify(openvpn):
             if openvpn['local_address'] == openvpn['local_host']:
                 raise ConfigError('"local-address" cannot be the same as "local-host"')
 
-        if openvpn['ncp_ciphers']:
-            raise ConfigError('encryption ncp-ciphers cannot be specified in site-to-site mode, only server or client')
-
     else:
+        # checks for client-server or site-to-site bridged
         if openvpn['local_address'] or openvpn['remote_address']:
-            raise ConfigError('Cannot specify "local-address" or "remote-address" in client-server mode')
-
-        elif openvpn['bridge_member']:
-            raise ConfigError('Cannot specify "local-address" or "remote-address" in bridge mode')
+            raise ConfigError('Cannot specify "local-address" or "remote-address" in client-server or bridge mode')
 
     #
     # OpenVPN server mode - VERIFY
@@ -538,7 +537,7 @@ def verify(openvpn):
 
         if not openvpn['server_subnet']:
             if not openvpn['bridge_member']:
-                raise ConfigError('Must specify "server subnet" option in server mode')
+                raise ConfigError('Must specify "server subnet" or "bridge member interface" in server mode')
 
     else:
         # checks for both client and site-to-site go here
diff --git a/src/helpers/vyos-merge-config.py b/src/helpers/vyos-merge-config.py
index 10a5ea4bc..14df2734b 100755
--- a/src/helpers/vyos-merge-config.py
+++ b/src/helpers/vyos-merge-config.py
@@ -17,13 +17,13 @@
 
 import sys
 import os
-import subprocess
 import tempfile
 import vyos.defaults
 import vyos.remote
 from vyos.config import Config
 from vyos.configtree import ConfigTree
 from vyos.migrator import Migrator, VirtualMigrator
+from vyos.util import cmd, DEVNULL
 
 
 if (len(sys.argv) < 2):
@@ -99,13 +99,11 @@ if (len(sys.argv) > 2):
 if path:
     add_cmds = [ cmd for cmd in add_cmds if path in cmd ]
 
-for cmd in add_cmds:
-    cmd = "/opt/vyatta/sbin/my_" + cmd
-
+for add in add_cmds:
     try:
-        subprocess.check_call(cmd, shell=True)
-    except subprocess.CalledProcessError as err:
-        print("Called process error: {}.".format(err))
+        cmd(f'/opt/vyatta/sbin/my_{add}', shell=True, stderr=DEVNULL)
+    except OSError as err:
+        print(err)
 
 if effective_config.session_changed():
     print("Merge complete. Use 'commit' to make changes effective.")