4 files changed, 19 insertions, 13 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 83d1c6d9b..a9be093c2 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -608,7 +608,7 @@ def generate(openvpn):
 
     # Generate User/Password authentication file
     if 'authentication' in openvpn:
-        render(openvpn['auth_user_pass_file'], 'openvpn/auth.pw.tmpl', openvpn,
+        render(openvpn['auth_user_pass_file'], 'openvpn/auth.pw.j2', openvpn,
                user=user, group=group, permission=0o600)
     else:
         # delete old auth file if present
@@ -624,16 +624,16 @@ def generate(openvpn):
             # Our client need's to know its subnet mask ...
             client_config['server_subnet'] = dict_search('server.subnet', openvpn)
 
-            render(client_file, 'openvpn/client.conf.tmpl', client_config,
+            render(client_file, 'openvpn/client.conf.j2', client_config,
                    user=user, group=group)
 
     # we need to support quoting of raw parameters from OpenVPN CLI
     # see https://phabricator.vyos.net/T1632
-    render(cfg_file.format(**openvpn), 'openvpn/server.conf.tmpl', openvpn,
+    render(cfg_file.format(**openvpn), 'openvpn/server.conf.j2', openvpn,
            formater=lambda _: _.replace("&quot;", '"'), user=user, group=group)
 
     # Render 20-override.conf for OpenVPN service
-    render(service_file.format(**openvpn), 'openvpn/service-override.conf.tmpl', openvpn,
+    render(service_file.format(**openvpn), 'openvpn/service-override.conf.j2', openvpn,
            formater=lambda _: _.replace("&quot;", '"'), user=user, group=group)
     # Reload systemd services config to apply an override
     call(f'systemctl daemon-reload')
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index 848112c17..53704827e 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -23,6 +23,7 @@ from vyos.base import Warning
 from vyos.config import Config
 from vyos.configdict import get_interface_dict
 from vyos.configdict import leaf_node_changed
+from vyos.configdict import node_changed
 from vyos.configverify import verify_address
 from vyos.configverify import verify_bridge_delete
 from vyos.configverify import verify_mtu_ipv6
@@ -51,12 +52,13 @@ def get_config(config=None):
     # change. But a VXLAN interface should - of course - not be re-created if
     # it's description or IP address is adjusted. Feels somehow logic doesn't it?
     for cli_option in ['external', 'gpe', 'group', 'port', 'remote',
-                       'source-address', 'source-interface', 'vni',
-                       'parameters ip dont-fragment', 'parameters ip tos',
-                       'parameters ip ttl']:
-        if leaf_node_changed(conf, cli_option.split()):
+                       'source-address', 'source-interface', 'vni']:
+        if leaf_node_changed(conf, cli_option):
             vxlan.update({'rebuild_required': {}})
 
+    if node_changed(conf, ['parameters'], recursive=True):
+        vxlan.update({'rebuild_required': {}})
+
     # We need to verify that no other VXLAN tunnel is configured when external
     # mode is in use - Linux Kernel limitation
     conf.set_level(base)
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index f6d5071c2..8d9d3e99a 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -138,13 +138,20 @@ def verify(bgp):
                 if asn == bgp['local_as']:
                     raise ConfigError('Cannot have local-as same as BGP AS number')
 
+                # Neighbor AS specified for local-as and remote-as can not be the same
+                if dict_search('remote_as', peer_config) == asn:
+                     raise ConfigError(f'Neighbor "{peer}" has local-as specified which is '\
+                                        'the same as remote-as, this is not allowed!')
+
             # ttl-security and ebgp-multihop can't be used in the same configration
             if 'ebgp_multihop' in peer_config and 'ttl_security' in peer_config:
                 raise ConfigError('You can not set both ebgp-multihop and ttl-security hops')
 
-            # Check if neighbor has both override capability and strict capability match configured at the same time.
+            # Check if neighbor has both override capability and strict capability match
+            # configured at the same time.
             if 'override_capability' in peer_config and 'strict_capability_match' in peer_config:
-                raise ConfigError(f'Neighbor "{peer}" cannot have both override-capability and strict-capability-match configured at the same time!')
+                raise ConfigError(f'Neighbor "{peer}" cannot have both override-capability and '\
+                                  'strict-capability-match configured at the same time!')
 
             # Check spaces in the password
             if 'password' in peer_config and ' ' in peer_config['password']:
diff --git a/src/etc/systemd/system/salt-minion.service.d/override.conf b/src/etc/systemd/system/salt-minion.service.d/override.conf
deleted file mode 100644
index b0e00550f..000000000
--- a/src/etc/systemd/system/salt-minion.service.d/override.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-[Service]
-SendSIGKILL=yes
-FinalKillSignal=SIGQUIT