2018-01-30 10:40:13 +00:00
<?xml version="1.0"?>
<opnsense >
<version > 11.2</version>
<lastchange />
<theme > opnsense</theme>
<sysctl >
<item >
<descr > Disable the pf ftp proxy handler.</descr>
<tunable > debug.pfftpproxy</tunable>
<value > default</value>
</item>
<item >
<descr > Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html</descr>
<tunable > vfs.read_max</tunable>
<value > default</value>
</item>
<item >
<descr > Set the ephemeral port range to be lower.</descr>
<tunable > net.inet.ip.portrange.first</tunable>
<value > default</value>
</item>
<item >
<descr > Drop packets to closed TCP ports without returning a RST</descr>
<tunable > net.inet.tcp.blackhole</tunable>
<value > default</value>
</item>
<item >
<descr > Do not send ICMP port unreachable messages for closed UDP ports</descr>
<tunable > net.inet.udp.blackhole</tunable>
<value > default</value>
</item>
<item >
<descr > Randomize the ID field in IP packets (default is 0: sequential IP IDs)</descr>
<tunable > net.inet.ip.random_id</tunable>
<value > default</value>
</item>
<item >
<descr > Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<tunable > net.inet.tcp.drop_synfin</tunable>
<value > default</value>
</item>
<item >
<descr > Enable sending IPv4 redirects</descr>
<tunable > net.inet.ip.redirect</tunable>
<value > default</value>
</item>
<item >
<descr > Enable sending IPv6 redirects</descr>
<tunable > net.inet6.ip6.redirect</tunable>
<value > default</value>
</item>
<item >
<descr > Enable privacy settings for IPv6 (RFC 4941)</descr>
<tunable > net.inet6.ip6.use_tempaddr</tunable>
<value > default</value>
</item>
<item >
<descr > Prefer privacy addresses and use them over the normal addresses</descr>
<tunable > net.inet6.ip6.prefer_tempaddr</tunable>
<value > default</value>
</item>
<item >
<descr > Generate SYN cookies for outbound SYN-ACK packets</descr>
<tunable > net.inet.tcp.syncookies</tunable>
<value > default</value>
</item>
<item >
<descr > Maximum incoming/outgoing TCP datagram size (receive)</descr>
<tunable > net.inet.tcp.recvspace</tunable>
<value > default</value>
</item>
<item >
<descr > Maximum incoming/outgoing TCP datagram size (send)</descr>
<tunable > net.inet.tcp.sendspace</tunable>
<value > default</value>
</item>
<item >
<descr > IP Fastforwarding</descr>
<tunable > net.inet.ip.fastforwarding</tunable>
<value > default</value>
</item>
<item >
<descr > Do not delay ACK to try and piggyback it onto a data packet</descr>
<tunable > net.inet.tcp.delayed_ack</tunable>
<value > default</value>
</item>
<item >
<descr > Maximum outgoing UDP datagram size</descr>
<tunable > net.inet.udp.maxdgram</tunable>
<value > default</value>
</item>
<item >
<descr > Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<tunable > net.link.bridge.pfil_onlyip</tunable>
<value > default</value>
</item>
<item >
<descr > Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<tunable > net.link.bridge.pfil_member</tunable>
<value > default</value>
</item>
<item >
<descr > Set to 1 to enable filtering on the bridge interface</descr>
<tunable > net.link.bridge.pfil_bridge</tunable>
<value > default</value>
</item>
<item >
<descr > Allow unprivileged access to tap(4) device nodes</descr>
<tunable > net.link.tap.user_open</tunable>
<value > default</value>
</item>
<item >
2018-11-09 12:52:31 +00:00
<descr > Randomize PIDs (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
2018-01-30 10:40:13 +00:00
<tunable > kern.randompid</tunable>
<value > default</value>
</item>
<item >
<descr > Maximum size of the IP input queue</descr>
<tunable > net.inet.ip.intr_queue_maxlen</tunable>
<value > default</value>
</item>
<item >
<descr > Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<tunable > hw.syscons.kbd_reboot</tunable>
<value > default</value>
</item>
<item >
<descr > Enable TCP extended debugging</descr>
<tunable > net.inet.tcp.log_debug</tunable>
<value > default</value>
</item>
<item >
<descr > Set ICMP Limits</descr>
<tunable > net.inet.icmp.icmplim</tunable>
<value > default</value>
</item>
<item >
<descr > TCP Offload Engine</descr>
<tunable > net.inet.tcp.tso</tunable>
<value > default</value>
</item>
<item >
<descr > UDP Checksums</descr>
<tunable > net.inet.udp.checksum</tunable>
<value > default</value>
</item>
<item >
<descr > Maximum socket buffer size</descr>
<tunable > kern.ipc.maxsockbuf</tunable>
<value > default</value>
</item>
</sysctl>
<system >
<optimization > normal</optimization>
<hostname > OPNsense</hostname>
<domain > localdomain</domain>
<group >
<name > all</name>
<description > All Users</description>
<scope > system</scope>
<gid > 1998</gid>
<member > 0</member>
</group>
<group >
<name > admins</name>
<description > System Administrators</description>
<scope > system</scope>
<gid > 1999</gid>
<member > 0</member>
<priv > page-all</priv>
</group>
<user >
<name > root</name>
<descr > System Administrator</descr>
<scope > system</scope>
<groupname > admins</groupname>
<password > $6$$Y8Et6wWDdXO2tJZRabvSfQvG2Lc8bAS6D9COIsMXEJ2KjA27wqDuAyd/CdazBQc3H3xQX.JXMKxJeRz2OqTkl.</password>
<uid > 0</uid>
<priv > user-shell-access</priv>
<nt-hash > 6236393534643264633361623266386435346633383365643836616631626133</nt-hash>
</user>
<nextuid > 2000</nextuid>
<nextgid > 2000</nextgid>
<timezone > Africa/Abidjan</timezone>
<time-update-interval />
<timeservers > 0.nl.pool.ntp.org</timeservers>
<webgui >
<protocol > https</protocol>
<loginautocomplete > 1</loginautocomplete>
<ssl-certref > 55a674a3abc80</ssl-certref>
<port />
<max_procs > 2</max_procs>
</webgui>
<disablenatreflection > yes</disablenatreflection>
<disableconsolemenu > 1</disableconsolemenu>
<disablesegmentationoffloading />
<disablelargereceiveoffloading />
<ipv6allow />
<powerd_ac_mode > hadp</powerd_ac_mode>
<powerd_battery_mode > hadp</powerd_battery_mode>
<powerd_normal_mode > hadp</powerd_normal_mode>
<bogons >
<interval > monthly</interval>
</bogons>
<kill_states />
<enableserial > 1</enableserial>
<language > en_US</language>
<dns1gw > none</dns1gw>
<dns2gw > none</dns2gw>
<dns3gw > none</dns3gw>
<dns4gw > none</dns4gw>
<ssh >
<passwordauth > 1</passwordauth>
<permitrootlogin > enabled</permitrootlogin>
<enabled > enabled</enabled>
</ssh>
<serialspeed > 115200</serialspeed>
<primaryconsole > serial</primaryconsole>
<dnsserver > 8.8.8.8</dnsserver>
<dnsallowoverride > 1</dnsallowoverride>
</system>
<interfaces >
<wan >
<enable > 1</enable>
<if > em1</if>
<ipaddr > 172.18.0.101</ipaddr>
<ipaddrv6 > dhcpv6</ipaddrv6>
<subnet > 24</subnet>
<gateway > WANGW</gateway>
<media />
<mediaopt />
<dhcp6-duid />
<dhcp6-ia-pd-len > 0</dhcp6-ia-pd-len>
</wan>
<lan >
<enable > 1</enable>
<if > em0</if>
<ipaddr > 192.168.1.10</ipaddr>
<subnet > 24</subnet>
<ipaddrv6 > track6</ipaddrv6>
<subnetv6 > 64</subnetv6>
<media />
<mediaopt />
<track6-interface > wan</track6-interface>
<track6-prefix-id > 0</track6-prefix-id>
</lan>
<opt1 >
<descr > PFSYNC</descr>
<if > em2</if>
<enable > 1</enable>
<spoofmac />
<ipaddr > 10.0.0.1</ipaddr>
<subnet > 24</subnet>
</opt1>
</interfaces>
<staticroutes />
<dhcpd >
<lan >
<enable > 1</enable>
<range >
<from > 192.168.1.10</from>
<to > 192.168.1.245</to>
</range>
<failover_peerip > 192.168.1.20</failover_peerip>
<dhcpleaseinlocaltime />
<defaultleasetime />
<maxleasetime />
<netmask />
<gateway > 192.168.1.1</gateway>
<domain />
<domainsearchlist />
<ddnsdomain />
<ddnsdomainprimary />
<ddnsdomainkeyname />
<ddnsdomainkey />
<mac_allow />
<mac_deny />
<tftp />
<ldap />
<nextserver />
<filename />
<filename32 />
<filename64 />
<rootpath />
<dnsserver > 192.168.1.1</dnsserver>
</lan>
</dhcpd>
<pptpd >
<mode />
<redir />
<localip />
<remoteip />
</pptpd>
<dnsmasq >
<enable />
</dnsmasq>
<snmpd >
<syslocation />
<syscontact />
<rocommunity > public</rocommunity>
</snmpd>
<diag >
<ipv6nat >
<ipaddr />
</ipv6nat>
</diag>
<bridge >
</bridge>
<syslog >
<reverse />
</syslog>
<nat >
<outbound >
<mode > advanced</mode>
<rule >
<interface > wan</interface>
<source >
<network > 127.0.0.0/8</network>
</source>
<dstport > 500</dstport>
<target />
<destination >
<any > 1</any>
</destination>
<staticnatport > 1</staticnatport>
<descr > Auto created rule for ISAKMP - localhost to WAN</descr>
<created >
<time > 1436974583</time>
<username > Manual Outbound NAT Switch</username>
</created>
</rule>
<rule >
<interface > wan</interface>
<source >
<network > 127.0.0.0/8</network>
</source>
<sourceport />
<target />
<destination >
<any > 1</any>
</destination>
<natport />
<descr > Auto created rule - localhost to WAN</descr>
<created >
<time > 1436974583</time>
<username > Manual Outbound NAT Switch</username>
</created>
</rule>
<rule >
<source >
<network > 192.168.1.0/24</network>
</source>
<sourceport />
<descr > Auto created rule for ISAKMP - LAN to WAN</descr>
<target > 172.18.0.100</target>
<targetip />
<targetip_subnet > 0</targetip_subnet>
<interface > wan</interface>
<poolopts />
<staticnatport > 1</staticnatport>
<destination >
<any > 1</any>
</destination>
<dstport > 500</dstport>
<created >
<time > 1436974583</time>
<username > Manual Outbound NAT Switch</username>
</created>
<updated >
<time > 1436978113</time>
<username > root@192.168.1.127</username>
</updated>
</rule>
<rule >
<source >
<network > 192.168.1.0/24</network>
</source>
<sourceport />
<descr > Auto created rule - LAN to WAN</descr>
<target > 172.18.0.100</target>
<targetip />
<targetip_subnet > 0</targetip_subnet>
<interface > wan</interface>
<poolopts />
<destination >
<any > 1</any>
</destination>
<created >
<time > 1436974583</time>
<username > Manual Outbound NAT Switch</username>
</created>
<updated >
<time > 1436974663</time>
<username > root@192.168.1.100</username>
</updated>
</rule>
<rule >
<interface > wan</interface>
<source >
<network > 10.0.0.1/32</network>
</source>
<dstport > 500</dstport>
<target />
<destination >
<any > 1</any>
</destination>
<staticnatport > 1</staticnatport>
<descr > Auto created rule for ISAKMP - PFSYNC to WAN</descr>
<created >
<time > 1436974583</time>
<username > Manual Outbound NAT Switch</username>
</created>
</rule>
<rule >
<interface > wan</interface>
<source >
<network > 10.0.0.1/32</network>
</source>
<sourceport />
<target />
<destination >
<any > 1</any>
</destination>
<natport />
<descr > Auto created rule - PFSYNC to WAN</descr>
<created >
<time > 1436974583</time>
<username > Manual Outbound NAT Switch</username>
</created>
</rule>
</outbound>
</nat>
<filter >
<rule >
<id />
<type > pass</type>
<interface > wan</interface>
<ipprotocol > inet</ipprotocol>
<tag />
<tagged />
<max />
<max-src-nodes />
<max-src-conn />
<max-src-states />
<statetimeout />
<statetype > keep state</statetype>
<os />
<protocol > carp</protocol>
<source >
<any > 1</any>
</source>
<destination >
<any > 1</any>
</destination>
<descr />
<updated >
<time > 1437033188</time>
<username > root@192.168.1.127</username>
</updated>
<created >
<time > 1437033188</time>
<username > root@192.168.1.127</username>
</created>
</rule>
<rule >
<type > pass</type>
<ipprotocol > inet</ipprotocol>
<descr > Default allow LAN to any rule</descr>
<interface > lan</interface>
<source >
<network > lan</network>
</source>
<destination >
<any />
</destination>
</rule>
<rule >
<type > pass</type>
<ipprotocol > inet6</ipprotocol>
<descr > Default allow LAN IPv6 to any rule</descr>
<interface > lan</interface>
<source >
<network > lan</network>
</source>
<destination >
<any />
</destination>
</rule>
<rule >
<id />
<type > pass</type>
<interface > opt1</interface>
<ipprotocol > inet</ipprotocol>
<tag />
<tagged />
<max />
<max-src-nodes />
<max-src-conn />
<max-src-states />
<statetimeout />
<statetype > keep state</statetype>
<os />
<source >
<any > 1</any>
</source>
<destination >
<any > 1</any>
</destination>
<descr />
<created >
<time > 1436974315</time>
<username > root@192.168.1.100</username>
</created>
<updated >
<time > 1436974971</time>
<username > root@192.168.1.100</username>
</updated>
</rule>
</filter>
<ipsec >
</ipsec>
<aliases />
<proxyarp >
</proxyarp>
<cron >
<item >
<minute > 1,31</minute>
<hour > 0-5</hour>
<mday > *</mday>
<month > *</month>
<wday > *</wday>
<who > root</who>
<command > adjkerntz -a</command>
</item>
<item >
<minute > 1</minute>
<hour > 3</hour>
<mday > 1</mday>
<month > *</month>
<wday > *</wday>
<who > root</who>
<command > /usr/local/etc/rc.update_bogons</command>
</item>
<item >
<minute > */60</minute>
<hour > *</hour>
<mday > *</mday>
<month > *</month>
<wday > *</wday>
<who > root</who>
<command > /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
</item>
<item >
<minute > 1</minute>
<hour > 1</hour>
<mday > *</mday>
<month > *</month>
<wday > *</wday>
<who > root</who>
<command > /usr/local/etc/rc.dyndns.update</command>
</item>
<item >
<minute > */60</minute>
<hour > *</hour>
<mday > *</mday>
<month > *</month>
<wday > *</wday>
<who > root</who>
<command > /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
</item>
<item >
<minute > 30</minute>
<hour > 12</hour>
<mday > *</mday>
<month > *</month>
<wday > *</wday>
<who > root</who>
<command > /usr/local/etc/rc.update_urltables</command>
</item>
</cron>
<wol >
</wol>
<rrd >
<enable />
</rrd>
<load_balancer >
<monitor_type >
<name > ICMP</name>
<type > icmp</type>
<descr > ICMP</descr>
<options />
</monitor_type>
<monitor_type >
<name > TCP</name>
<type > tcp</type>
<descr > Generic TCP</descr>
<options />
</monitor_type>
<monitor_type >
<name > HTTP</name>
<type > http</type>
<descr > Generic HTTP</descr>
<options >
<path > /</path>
<host />
<code > 200</code>
</options>
</monitor_type>
<monitor_type >
<name > HTTPS</name>
<type > https</type>
<descr > Generic HTTPS</descr>
<options >
<path > /</path>
<host />
<code > 200</code>
</options>
</monitor_type>
<monitor_type >
<name > SMTP</name>
<type > send</type>
<descr > Generic SMTP</descr>
<options >
<send />
<expect > 220 *</expect>
</options>
</monitor_type>
</load_balancer>
<widgets >
<sequence > system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interface_list-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence>
</widgets>
<revision >
<time > 1437058742</time>
<description > root@192.168.1.127: Updated High Availability configuration</description>
<username > root@192.168.1.127</username>
</revision>
<cert >
<refid > 55a674a3abc80</refid>
<descr > webConfigurator default</descr>
<crt > LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZiekNDQTFlZ0F3SUJBZ0lKQU40cUlaTHV4VXcrTUEwR0NTcUdTSWIzRFFFQkN3VUFNRTR4Q3pBSkJnTlYKQkFZVEFrNU1NUlV3RXdZRFZRUUlEQXhhZFdsa0xVaHZiR3hoYm1ReEZUQVRCZ05WQkFjTURFMXBaR1JsYkdoaApjbTVwY3pFUk1BOEdBMVVFQ2d3SVQxQk9jMlZ1YzJVd0hoY05NVFV3TnpFMU1UUTFOak01V2hjTk1UWXdOekUwCk1UUTFOak01V2pCT01Rc3dDUVlEVlFRR0V3Sk9UREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXcKRXdZRFZRUUhEQXhOYVdSa1pXeG9ZWEp1YVhNeEVUQVBCZ05WQkFvTUNFOVFUbk5sYm5ObE1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQW4wUlorR05lVGg2Qk1YckNPQ04rc0kzZXJYWWhuWDRSCm8yallCQ3VzeVZoSjFQK2p6VHNzcEhnUkhRNWpLZVhyc21iL3drQ2dxVzVFSUx3QWx2eUVLL0VQTm1hMlE2Q3QKSVBMckZzdEFYV0hRWTVYdWQwMDNySjFyWVFKem8wY1p6ak1rM3dCNzkyZDBGaUREbk5sMDY5allDb0wyd1BaRgplZlVjVm9nMDh5MGxXemNPTkY2TldjcmNNZzdBNHBEZTdacXJQMm9Ud1Arcy9sOFMySlZVbU90OGh3Z3NsYmo1CmRFbHlnS0RXWXZyeTR3YzFzbWo3Yk00OXV0VW9JQmI1OUk0VmlrNzdUSklzN1FscjdpUGE1akJRclhiSElldHYKSnUvQXZpaTcwUjR5cmZFUy9yMm5uQkZOQ2FhS3dnbmgyYjBOZUwzTFBtUHN2Y1pEZm92a2l3dWwwWTVXR0FzVQpvN3lHZ0Fmd0t5SjdKSEJLZjVmTm1MdXRlb2w2cU9xblROTlFoMDNHNVFyWXVPWlU5blJLMDdRN1JiUC9taXhMClJEMEhwd3ZRbjBRR21yS3kxeWRwOFJtZnlxOWhvRWVuamVBV0xtT1p6eVZncHRrQzJod0RmalNLcWdkK3lWOXEKemJiSHpscy9ueFEvazVWZGRJZXBHOTRad0RFTFNqZFNzaXlnazNOQ2N5QXk4VXJRNnV0dWZLMTBGaXhKK2JFWQpMZW8veEhJcC8yWFJQYmVRSUpxRllrSm81WmRMSVk4dXNvQ0ZOcEtBeTRRTkoyRnZBSDUxK0JZQTRzK1hHSnZDCmw3SWdaVHI3a0F1WU9ncGZHWVZTWFFyT1FZMVFBYmE4eUZSYi8vcG1RMko3K3NxSDRlZ2puZ0lWZEltUTJlR2UKdzZRNVlURmtMRzBDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRkVyY0tCaDBhVE1aVjRiUzRKNCtMWWZTejVRTwpNQjhHQTFVZEl3UVlNQmFBRkVyY0tCaDBhVE1aVjRiUzRKNCtMWWZTejVRT01Bd0dBMVVkRXdRRk1BTUJBZjh3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFBYzZKYU5pbTUyclh0c0lnekR4WVBjZjRiaWgwZlR6SHFqM0hTM1UKb0RvRmFOcG9ISTVFWjRCdTFlS2VnVVpqSEpMdTc2cWFkSnJvTkZ0cy83Zy8wdmliRW1venhqUzAxZUE2eUZRbAp0ZkRSSU5GU0puV05ZcnN4RHh6dHp4NGtYZ2QxcFlwbkNoUitDemord1ppNjhSWC9TTlpEOE1HSmIzVHJLT2FICnMyUGVoVTFRcTNqL25IT05TbEdwOHl3ZzRwVlBUUlZ6Y240anQ0NHc0RVNlWWtRTE1vZlhVeVluSzBxOWpaM0UKekE2UEtoWlhwNzFIYnJwYkNLRk5IaG14WDNFakFDS0VSRlN3QlFnRWs5QlBOdTI4YTgzS0FqVXhnNmIvbnJRMwpIbTIvdmdBQmJKQ3lWNUVvTU1NYlZOcUI3QXZ3MGJzQ2hYczk4dW9zcURtaWdld3dpaUJ5aGtBOWVjUnVOTW9hCmk2bDRacy9hTUhlYnRtRlI5Nmp0ZVoxY1RQazAvNEM3T2x2WE02VnhoWmhWMHZOb1ZyWExGZkw4eXI2TGlnUW4KWVRzUStMTlUrUUNyR1p6Mkl0ai9VNU5YZjZodFJQcTltVlh0ZmJQUDVPUmJYd3E3dmMrU3I0TDhCaXJkVE4rTApZWkd2bklSclBjVlBzTWZnOUp1cnFQRFpheG1KNEVUOHNxbEl1eEpySnY1SXNIbXJpRGNyUkx0NWlzQ1Zkbkc0CkNya1NPd1RLWmhPMUV2a1N1R0NVREJhT1BBdi82WUFRK3ZiQzdycnBtTit4TmM1R2xUcGRKS3c2YnNhVit5QzMKczJOeUJiNE5PS0VwamhubzZvZ0swMDBuL1FnMk9IMzB6VDlEWXQvZHg2UTA5Njd3QUIzZjFWWHphZFV2Z24xcQpESkZZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<prv > LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRQ2ZSRm40WTE1T0hvRXgKZXNJNEkzNndqZDZ0ZGlHZGZoR2phTmdFSzZ6SldFblUvNlBOT3l5a2VCRWREbU1wNWV1eVp2L0NRS0NwYmtRZwp2QUNXL0lRcjhRODJaclpEb0swZzh1c1d5MEJkWWRCamxlNTNUVGVzbld0aEFuT2pSeG5PTXlUZkFIdjNaM1FXCklNT2MyWFRyMk5nS2d2YkE5a1Y1OVJ4V2lEVHpMU1ZiTnc0MFhvMVp5dHd5RHNEaWtON3RtcXMvYWhQQS82eisKWHhMWWxWU1k2M3lIQ0N5VnVQbDBTWEtBb05aaSt2TGpCeld5YVB0c3pqMjYxU2dnRnZuMGpoV0tUdnRNa2l6dApDV3Z1STlybU1GQ3Rkc2NoNjI4bTc4QytLTHZSSGpLdDhSTCt2YWVjRVUwSnBvckNDZUhadlExNHZjcytZK3k5CnhrTitpK1NMQzZYUmpsWVlDeFNqdklhQUIvQXJJbnNrY0VwL2w4Mll1NjE2aVhxbzZxZE0wMUNIVGNibEN0aTQKNWxUMmRFclR0RHRGcy8rYUxFdEVQUWVuQzlDZlJBYWFzckxYSjJueEdaL0tyMkdnUjZlTjRCWXVZNW5QSldDbQoyUUxhSEFOK05JcXFCMzdKWDJyTnRzZk9XeitmRkQrVGxWMTBoNmtiM2huQU1RdEtOMUt5TEtDVGMwSnpJREx4ClN0RHE2MjU4clhRV0xFbjVzUmd0NmovRWNpbi9aZEU5dDVBZ21vVmlRbWpsbDBzaGp5NnlnSVUya29ETGhBMG4KWVc4QWZuWDRGZ0RpejVjWW04S1hzaUJsT3Z1UUM1ZzZDbDhaaFZKZENzNUJqVkFCdHJ6SVZGdi8rbVpEWW52Ngp5b2ZoNkNPZUFoVjBpWkRaNFo3RHBEbGhNV1FzYlFJREFRQUJBb0lDQUFDWnFsa2tUcnV1bzhBQy9XNW11OWlBCmdHRlkrNkZ6VXkreGVuYnhqekluRWdncWVueVFoNGVMS0UxYXU0Yng1ZVNEUE4ySGp0TjBwZThWcGs3clhyZ24Kclc0QUR4bk1KanJrajN4RGdkZVlRY2ZPVGRySFFMbDIwbXZJTFpWazlEVHh2bWJVd3FMWkVmZnZZYTFhcUhVbgpHUkZaRXdNQktwdmVENkJIM1NNNWZWV05ySkVIOWpKcmNFOEQvVGdkWWFtMWxvV2pxYlZsZ1Vwb0kxTUxwUWo2CmdqcWtEajcyTm9KNHNHVEp0bVVqR3YwK0RyYkFiSW9wY05RZWI0dEhhdVBBRVZhM0czMWJZNjMxQmlJY29udVIKblF3NlVWL1FXbGZrT1c2K0NvOHNOUGF3M09oMjRJWFhEdHBGZFdwcnpSMGIrRXdITXhmbUdvTlFsdnFJSG5GaQpNUnlQbk15bmpvV2RBbjN4MjBmQTByNVduUHZ6bC9CQUVTR2JhbzJFaTVWeUFId3NKWlpIMCt3MzNjM3hWTmRUCkJOc3l4ekp2YUxwYk4wbEVYSWxORTVaZDVGYTFKNnpYM0RFVk5wQVdqWU1BcFc4U01KUnRGOXA1eW40b3kyQmYKb3R0T2hyK09aUWRpNlcwUFV6T2lzYkViTjVCc2lwSUpySFpxOXZBSVlxaTlaTGwvMHJETkVobmEzYk9kMDI5WAo2ekV3VnMwTkwrQ1A2OW4ybWxYNlhuS3ZMT0NsNGc4ZTRaMEJ5VDhvY09lVGVRMFY4Vm1nVVBnUjQ5ZkdRREo1Ck1wMUZOL0MxTlprdDlXNFF5cXh1TFJTdHdoRmFycm5jY3hQZWpvZWVPdlJySTJJNE0yUFJtaDF5ZlpWNERQZEMKZjVwNVBRWDZ0MUhuVm1jM29USkJBb0lCQVFET2ZPNDBUSjZ3YmgzSllYMXB4T3V1UkM2TGRyQ3c4R24yd2JWTQp6THVKaElNbS81ME5TMmlPYmNoQXI1WkpSV29ndCtJMUt0Mm9PM09PMmEyQU56eVo0SzNySG5sYUVuYkZIVldGCm9rL1Z1L3NxeUpzVWJWaGszUEMvMUhhWGNWdlFVNWs2MVMyaisvRGJKR1RKck13U3pucUg1Y3VJZS9mYVBZTVAKY0w2a2hmWExoMWtTZFZNMmY1V0lpNDFOTXhnSHRQNW4rQnlrU1JBaEVtNEQvV1RObW9MWGxQYk9sZTVvTkd0VgpWeEduTk53d3c2RW5aamd6UHg5OGV1bi9GSmJZR2pBWFpWQUluRlo5YTVSTW1WUllObjJaUVVXWjBLWjk1dHc2CmIrL3dTRTdUR3M3dXhkODBIbkRmVVlmVy9ZMjRHSnBvUHhKdnU1RUQ0NFV4U25DUkFvSUJBUURGZE0zZlhTWVIKNnNCNXhiU0dHUDhXYTZiQlFSWFJObnBzYmFtNDR0cWZONGE3NzA4cTkycHZ4US8xYlpzYXFZYTkwZTdCeWlhawpCYkdsT04vLzRra25yRFBNQjlOeHZRenpERnpueUZSNGpiZmJNdXZMNkhVRW9TMm9QZnljNDlhMzdZbXFaekRVCnZOS09HWmgzWkRtNGpVbmNEMW9lUm5PUlZXZzRDWEpkT1c2WGpHSTdTdXhXb01lVklKY2NuOENHR1NiRFN6MXoKZlg5cmVCU3Ara0M3QXRwYnhYT2h2cngyKzViZEovRWkvTzNDSnBOYUViRzMxT0s2ak1xOW1Kak0xcXFaNjJIUAorMXVUYlViYTlqYXNvaVZKL3A1SXMrOWZYVGdaZFNLYlhnbDVLdzQ4dm0yRWRWTmxlc3gwTWkzZFRia2d6ZTBHCjB3SkV6NVY5Rkt3ZEFvSUJBRm5KSndia3ZpZjNhY3BVTXVWWDlDY3RqSk9tQTRTY3RXYlBxaGIvK3hmNzM4K0kKWEhFWWRobGdrUy9YYWVEb1p4SmRBdWFkZ2c2UjgxaU5QSTFBOTMvdG01SmVDT1Jxbk94dktlM1d1eUkwQUM0RgpWckdXTGxhRlg4WDZDNnNrWm9qNm9PbGRJdUJvUDczNllEejFmek02Unp0cVo0c3NaSVNvTktIMUkyQ0V3M0ZCCnBEQ0xoYWh2NThTYzhjODh4Vmtza1djQ0V1bzR2dU95a05YNVMraS9JOSs3N1dtODloS25vSGhXU04zTTlXWGEKMnVzMzNuNGlGMzNZTUlGeklYaE1RdGNaZmFpUTJtYms3WEkxUmVDcHFRbUh3VXoxMWo5dXNCcFU3Qjh1UWVBMwppdjEyV3V6ZHc3VEhUZXJsQzhlZUl4M3JOd2dRcGlqcnVOSExEWkVDZ2dFQUNXNHNydkJKOHkwZENEUFREVnlBClFsZmQzUGo0eThjb1RhbG5JN2RoN1p5L1NKYURWMi85bTF6MENDcTE3NjROQzEvTllXQUFQSEV4TE16c2xkSCsKNEhBdkFSMldrYVlQeWtQYTVBOERTY2FxODBNWlUrSEVSUFpWc2VWVC9VSThiUWhoUE13MDN0UXQwaStTd3BEOAoyTDJXdTNYWVBmM3JZeE9MS0xINnprMEI1U2NGUWdPd0Nlc2YzUlZ6WWlDWEYxQjRNM2VTZGNPV3BGRlYyMUJpCmF3d1YxYkEyZDVFZWV5aEU2a2NRRXpXMVBVS09Zd3paU2doVzA4WUpvTWg2ODcyRTVGa0RrT1ZXV0ZJdHdpTmsKTlJhQlpXbE5zZmMyQlgzMFFmTUFOaDlsb0czWC9qcXlERk4yS2pDVk55OTJWVTF5L0FnWnUrdXovZ2xVQUdkTwpXUUtDQVFBNFB1d09oRzlKTjlUUlJrVTVpcG85a2V0MUpJQUgyUjFaR2dBMElWZWp3Z3FjOUhnc0VnbjZPZ0ZjClRoSElQNm5nZTFCMHh6d3plVXNnUGx3ZVN1L0FTQ0xXbHd6bmhFcVpZcnZaRDNJSXBqdDRybmZLMUQ3Q2dRUTkKSmlNcm9aOWhianMxckVqb0U0Wm52VUgxSm1KVk55S3VwMkkwbmlaZ3BLanM5SF
</cert>
<ppps />
<gateways >
<gateway_item >
<interface > wan</interface>
<gateway > 172.18.0.250</gateway>
<name > WANGW</name>
<weight > 1</weight>
<ipprotocol > inet</ipprotocol>
<interval />
<avg_delay_samples />
<avg_loss_samples />
<avg_loss_delay_samples />
<descr > WAN Gateway</descr>
<monitor_disable > 1</monitor_disable>
<defaultgw > 1</defaultgw>
</gateway_item>
</gateways>
<virtualip >
<vip >
<mode > carp</mode>
<interface > wan</interface>
<vhid > 1</vhid>
<advskew > 0</advskew>
<advbase > 1</advbase>
<password > opnsense</password>
<descr > VIP WANx</descr>
<type > single</type>
<subnet_bits > 24</subnet_bits>
<subnet > 172.18.0.100</subnet>
</vip>
<vip >
<mode > carp</mode>
<interface > lan</interface>
<vhid > 3</vhid>
<advskew > 0</advskew>
<advbase > 1</advbase>
<password > opnsense</password>
<descr > VIP LAN</descr>
<type > single</type>
<subnet_bits > 24</subnet_bits>
<subnet > 192.168.1.1</subnet>
</vip>
</virtualip>
<hasync >
<pfsyncenabled > on</pfsyncenabled>
<synchronizerules > on</synchronizerules>
<synchronizenat > on</synchronizenat>
<pfsyncpeerip > 10.0.0.2</pfsyncpeerip>
<pfsyncinterface > opt1</pfsyncinterface>
<synchronizetoip > 10.0.0.2</synchronizetoip>
<username > root</username>
<password > opnsense</password>
<synchronizedhcpd > on</synchronizedhcpd>
<synchronizestaticroutes > on</synchronizestaticroutes>
<synchronizevirtualip > on</synchronizevirtualip>
</hasync>
</opnsense>
