diff --git a/data/templates/vrrp/keepalived.conf.tmpl b/data/templates/vrrp/keepalived.conf.tmpl
index d51522e45..13619ca69 100644
--- a/data/templates/vrrp/keepalived.conf.tmpl
+++ b/data/templates/vrrp/keepalived.conf.tmpl
@@ -1,105 +1,94 @@
 # Autogenerated by VyOS
 # Do not edit this file, all your changes will be lost
 # on next commit or reboot
 
 global_defs {
     dynamic_interfaces
     script_user root
     notify_fifo /run/keepalived_notify_fifo
     notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py
 }
 
 {% for group in groups %}
-
-{% if group.health_check_script %}
+{%   if group.health_check_script is defined and group.health_check_script is not none %}
 vrrp_script healthcheck_{{ group.name }} {
     script "{{ group.health_check_script }}"
     interval {{ group.health_check_interval }}
     fall {{ group.health_check_count }}
     rise 1
 
 }
-{% endif %}
+{%   endif %}
 
 vrrp_instance {{ group.name }} {
-    {% if group.description %}
-    # {{ group.description }}
-    {% endif %}
-
+    {{ '# ' ~ group.description if group.description is defined }}
     state BACKUP
     interface {{ group.interface }}
     virtual_router_id {{ group.vrid }}
     priority {{ group.priority }}
     advert_int {{ group.advertise_interval }}
-
-    {% if group.preempt %}
+{%   if group.preempt is defined and group.preempt is not none %}
     preempt_delay {{ group.preempt_delay }}
-    {% else %}
+{%   else %}
     nopreempt
-    {% endif %}
-
-    {% if group.peer_address %}
+{%   endif %}
+{%   if group.peer_address is defined and group.peer_address is not none %}
     unicast_peer { {{ group.peer_address }} }
-    {% endif %}
-
-    {% if group.hello_source %}
-      {% if group.peer_address %}
-      unicast_src_ip {{ group.hello_source }}
-      {% else %}
-      mcast_src_ip {{ group.hello_source }}
-      {% endif %}
-    {% endif %}
-
-    {% if group.use_vmac and group.peer_address %}
-      use_vmac {{group.interface}}v{{group.vrid}}
-      vmac_xmit_base
-    {% elif group.use_vmac %}
-      use_vmac {{group.interface}}v{{group.vrid}}
-    {% endif %}
-
-    {% if group.auth_password %}
-      authentication {
+{%   endif %}
+{%   if group.hello_source is defined and group.hello_source is not none %}
+{%     if group.peer_address is defined and group.peer_address is not none %}
+    unicast_src_ip {{ group.hello_source }}
+{%     else %}
+    mcast_src_ip {{ group.hello_source }}
+{%     endif %}
+{%   endif %}
+{%   if group.use_vmac is defined and group.peer_address is defined %}
+    use_vmac {{ group.interface }}v{{ group.vrid }}
+    vmac_xmit_base
+{%   elif group.use_vmac is defined %}
+    use_vmac {{ group.interface }}v{{ group.vrid }}
+{%   endif %}
+{%   if group.auth_password is defined and group.auth_password is not none %}
+    authentication {
         auth_pass "{{ group.auth_password }}"
         auth_type {{ group.auth_type }}
-      }
-    {% endif %}
-
+    }
+{%   endif %}
+{%   if group.virtual_addresses is defined and group.virtual_addresses is not none %}
     virtual_ipaddress {
-    {% for addr in group.virtual_addresses %}
+{%     for addr in group.virtual_addresses %}
         {{ addr }}
-    {% endfor %}
+{%     endfor %}
     }
-
-    {% if group.virtual_addresses_excluded %}
+{%   endif %}
+{%   if group.virtual_addresses_excluded is defined and group.virtual_addresses_excluded is not none %}
     virtual_ipaddress_excluded {
-    {% for addr in group.virtual_addresses_excluded %}
+{%     for addr in group.virtual_addresses_excluded %}
         {{ addr }}
-    {% endfor %}
+{%     endfor %}
     }
-    {% endif %}
-
-    {% if group.health_check_script %}
+{%   endif %}
+{%   if group.health_check_script is defined and group.health_check_script is not none %}
     track_script {
         healthcheck_{{ group.name }}
     }
-    {% endif %}
+{%   endif %}
 }
-
 {% endfor %}
 
-{% for sync_group in sync_groups %}
+{% if sync_groups is defined and sync_groups is not none %}
+{%   for sync_group in sync_groups %}
 vrrp_sync_group {{ sync_group.name }} {
-       group {
-            {% for member in sync_group.members %}
-                {{ member }}
-            {% endfor %}
-        }
-
-        {% if sync_group.conntrack_sync %}
+    group {
+{%     for member in sync_group.members %}
+        {{ member }}
+{%     endfor %}
+    }
+{%     if sync_group.conntrack_sync %}
             notify_master "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh master {{ sync_group.name }}"
             notify_backup "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh backup {{ sync_group.name }}"
             notify_fault "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh fault {{ sync_group.name }}"
-        {% endif %}
+{%     endif %}
 }
-
-{% endfor %}
+{%   endfor %}
+{% endif %}
diff --git a/src/conf_mode/vrrp.py b/src/conf_mode/vrrp.py
index 3ccc7d66b..4cee87003 100755
--- a/src/conf_mode/vrrp.py
+++ b/src/conf_mode/vrrp.py
@@ -1,266 +1,271 @@
 #!/usr/bin/env python3
 #
 # Copyright (C) 2018-2020 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
 # published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import os
 
 from sys import exit
-from ipaddress import ip_address, ip_interface, IPv4Interface, IPv6Interface, IPv4Address, IPv6Address
+from ipaddress import ip_address
+from ipaddress import ip_interface
+from ipaddress import IPv4Interface
+from ipaddress import IPv6Interface
+from ipaddress import IPv4Address
+from ipaddress import IPv6Address
 from json import dumps
 from pathlib import Path
 
 import vyos.config
 
 from vyos import ConfigError
 from vyos.util import call
 from vyos.template import render
 
 from vyos.ifconfig.vrrp import VRRP
 
 from vyos import airbag
 airbag.enable()
 
 def get_config(config=None):
     vrrp_groups = []
     sync_groups = []
 
     if config:
         config = config
     else:
         config = vyos.config.Config()
 
     # Get the VRRP groups
     for group_name in config.list_nodes("high-availability vrrp group"):
         config.set_level("high-availability vrrp group {0}".format(group_name))
 
         # Retrieve the values
         group = {"preempt": True, "use_vmac": False, "disable": False}
 
         if config.exists("disable"):
             group["disable"] = True
 
         group["name"] = group_name
         group["vrid"] = config.return_value("vrid")
         group["interface"] = config.return_value("interface")
         group["description"] = config.return_value("description")
         group["advertise_interval"] = config.return_value("advertise-interval")
         group["priority"] = config.return_value("priority")
         group["hello_source"] = config.return_value("hello-source-address")
         group["peer_address"] = config.return_value("peer-address")
         group["sync_group"] = config.return_value("sync-group")
         group["preempt_delay"] = config.return_value("preempt-delay")
         group["virtual_addresses"] = config.return_values("virtual-address")
         group["virtual_addresses_excluded"] = config.return_values("virtual-address-excluded")
 
         group["auth_password"] = config.return_value("authentication password")
         group["auth_type"] = config.return_value("authentication type")
 
         group["health_check_script"] = config.return_value("health-check script")
         group["health_check_interval"] = config.return_value("health-check interval")
         group["health_check_count"] = config.return_value("health-check failure-count")
 
         group["master_script"] = config.return_value("transition-script master")
         group["backup_script"] = config.return_value("transition-script backup")
         group["fault_script"] = config.return_value("transition-script fault")
         group["stop_script"] = config.return_value("transition-script stop")
         group["script_mode_force"] = config.exists("transition-script mode-force")
 
         if config.exists("no-preempt"):
             group["preempt"] = False
         if config.exists("rfc3768-compatibility"):
             group["use_vmac"] = True
 
         # Substitute defaults where applicable
         if not group["advertise_interval"]:
             group["advertise_interval"] = 1
         if not group["priority"]:
             group["priority"] = 100
         if not group["preempt_delay"]:
             group["preempt_delay"] = 0
         if not group["health_check_interval"]:
             group["health_check_interval"] = 60
         if not group["health_check_count"]:
             group["health_check_count"] = 3
 
         # FIXUP: translate our option for auth type to keepalived's syntax
         # for simplicity
         if group["auth_type"]:
             if group["auth_type"] == "plaintext-password":
                 group["auth_type"] = "PASS"
             else:
                 group["auth_type"] = "AH"
 
         vrrp_groups.append(group)
 
     config.set_level("")
 
     # Get the sync group used for conntrack-sync
     conntrack_sync_group = None
     if config.exists("service conntrack-sync failover-mechanism vrrp"):
         conntrack_sync_group = config.return_value("service conntrack-sync failover-mechanism vrrp sync-group")
 
     # Get the sync groups
     for sync_group_name in config.list_nodes("high-availability vrrp sync-group"):
         config.set_level("high-availability vrrp sync-group {0}".format(sync_group_name))
 
         sync_group = {"conntrack_sync": False}
         sync_group["name"] = sync_group_name
         sync_group["members"] = config.return_values("member")
         if conntrack_sync_group:
             if conntrack_sync_group == sync_group_name:
                 sync_group["conntrack_sync"] = True
 
         # add transition script configuration
         sync_group["master_script"] = config.return_value("transition-script master")
         sync_group["backup_script"] = config.return_value("transition-script backup")
         sync_group["fault_script"] = config.return_value("transition-script fault")
         sync_group["stop_script"] = config.return_value("transition-script stop")
 
         sync_groups.append(sync_group)
 
     # create a file with dict with proposed configuration
     with open("{}.temp".format(VRRP.location['vyos']), 'w') as dict_file:
         dict_file.write(dumps({'vrrp_groups': vrrp_groups, 'sync_groups': sync_groups}))
 
     return (vrrp_groups, sync_groups)
 
 
 def verify(data):
     vrrp_groups, sync_groups = data
 
     for group in vrrp_groups:
         # Check required fields
         if not group["vrid"]:
             raise ConfigError("vrid is required but not set in VRRP group {0}".format(group["name"]))
         if not group["interface"]:
             raise ConfigError("interface is required but not set in VRRP group {0}".format(group["name"]))
         if not group["virtual_addresses"]:
             raise ConfigError("virtual-address is required but not set in VRRP group {0}".format(group["name"]))
 
         if group["auth_password"] and (not group["auth_type"]):
             raise ConfigError("authentication type is required but not set in VRRP group {0}".format(group["name"]))
 
         # Keepalived doesn't allow mixing IPv4 and IPv6 in one group, so we mirror that restriction
 
         # XXX: filter on map object is destructive, so we force it to list.
         # Additionally, filter objects always evaluate to True, empty or not,
         # so we force them to lists as well.
         vaddrs = list(map(lambda i: ip_interface(i), group["virtual_addresses"]))
         vaddrs4 = list(filter(lambda x: isinstance(x, IPv4Interface), vaddrs))
         vaddrs6 = list(filter(lambda x: isinstance(x, IPv6Interface), vaddrs))
 
         if vaddrs4 and vaddrs6:
             raise ConfigError("VRRP group {0} mixes IPv4 and IPv6 virtual addresses, this is not allowed. Create separate groups for IPv4 and IPv6".format(group["name"]))
 
         if vaddrs4:
             if group["hello_source"]:
                 hsa = ip_address(group["hello_source"])
                 if isinstance(hsa, IPv6Address):
                     raise ConfigError("VRRP group {0} uses IPv4 but its hello-source-address is IPv6".format(group["name"]))
             if group["peer_address"]:
                 pa = ip_address(group["peer_address"])
                 if isinstance(pa, IPv6Address):
                     raise ConfigError("VRRP group {0} uses IPv4 but its peer-address is IPv6".format(group["name"]))
 
         if vaddrs6:
             if group["hello_source"]:
                 hsa = ip_address(group["hello_source"])
                 if isinstance(hsa, IPv4Address):
                     raise ConfigError("VRRP group {0} uses IPv6 but its hello-source-address is IPv4".format(group["name"]))
             if group["peer_address"]:
                 pa = ip_address(group["peer_address"])
                 if isinstance(pa, IPv4Address):
                     raise ConfigError("VRRP group {0} uses IPv6 but its peer-address is IPv4".format(group["name"]))
 
         # Warn the user about the deprecated mode-force option
         if group["script_mode_force"]:
             print("""Warning: "transition-script mode-force" VRRP option is deprecated and will be removed in VyOS 1.4.""")
             print("""It's no longer necessary, so you can safely remove it from your config now.""")
 
     # Disallow same VRID on multiple interfaces
     _groups = sorted(vrrp_groups, key=(lambda x: x["interface"]))
     count = len(_groups) - 1
     index = 0
     while (index < count):
         if (_groups[index]["vrid"] == _groups[index + 1]["vrid"]) and (_groups[index]["interface"] == _groups[index + 1]["interface"]):
             raise ConfigError("VRID {0} is used in groups {1} and {2} that both use interface {3}. Groups on the same interface must use different VRIDs".format(
               _groups[index]["vrid"], _groups[index]["name"], _groups[index + 1]["name"], _groups[index]["interface"]))
         else:
             index += 1
 
     # Check sync groups
     vrrp_group_names = list(map(lambda x: x["name"], vrrp_groups))
 
     for sync_group in sync_groups:
         for m in sync_group["members"]:
             if not (m in vrrp_group_names):
                 raise ConfigError("VRRP sync-group {0} refers to VRRP group {1}, but group {1} does not exist".format(sync_group["name"], m))
 
 
 def generate(data):
     vrrp_groups, sync_groups = data
 
     # Remove disabled groups from the sync group member lists
     for sync_group in sync_groups:
         for member in sync_group["members"]:
             g = list(filter(lambda x: x["name"] == member, vrrp_groups))[0]
             if g["disable"]:
                 print("Warning: ignoring disabled VRRP group {0} in sync-group {1}".format(g["name"], sync_group["name"]))
     # Filter out disabled groups
     vrrp_groups = list(filter(lambda x: x["disable"] is not True, vrrp_groups))
 
     render(VRRP.location['config'], 'vrrp/keepalived.conf.tmpl',
             {"groups": vrrp_groups, "sync_groups": sync_groups})
     render(VRRP.location['daemon'], 'vrrp/daemon.tmpl', {})
     return None
 
 
 def apply(data):
     vrrp_groups, sync_groups = data
     if vrrp_groups:
         # safely rename a temporary file with configuration dict
         try:
             dict_file = Path("{}.temp".format(VRRP.location['vyos']))
             dict_file.rename(Path(VRRP.location['vyos']))
         except Exception as err:
             print("Unable to rename the file with keepalived config for FIFO pipe: {}".format(err))
 
         if not VRRP.is_running():
             print("Starting the VRRP process")
             ret = call("systemctl restart keepalived.service")
         else:
             print("Reloading the VRRP process")
             ret = call("systemctl reload keepalived.service")
 
         if ret != 0:
             raise ConfigError("keepalived failed to start")
     else:
         # VRRP is removed in the commit
         print("Stopping the VRRP process")
         call("systemctl stop keepalived.service")
         os.unlink(VRRP.location['daemon'])
 
     return None
 
 
 if __name__ == '__main__':
     try:
         c = get_config()
         verify(c)
         generate(c)
         apply(c)
     except ConfigError as e:
         print("VRRP error: {0}".format(str(e)))
         exit(1)