LegacyTechops/mtp-configs/pfv-core-rtr01.pfv.turnsys.net

1041 lines
38 KiB
Plaintext
Raw Normal View History

<?xml version="1.0"?>
<opnsense>
<theme>opnsense</theme>
<sysctl>
<item>
<descr>Disable the pf ftp proxy handler.</descr>
<tunable>debug.pfftpproxy</tunable>
<value>default</value>
</item>
<item>
<descr>Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html</descr>
<tunable>vfs.read_max</tunable>
<value>default</value>
</item>
<item>
<descr>Set the ephemeral port range to be lower.</descr>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
</item>
<item>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</descr>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
packets without returning a response.
</descr>
<tunable>net.inet.icmp.drop_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
</descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv4 redirects</descr>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv6 redirects</descr>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
</item>
<item>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
</item>
<item>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
</item>
<item>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<tunable>kern.randompid</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum size of the IP input queue</descr>
<tunable>net.inet.ip.intr_queue_maxlen</tunable>
<value>default</value>
</item>
<item>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
</item>
<item>
<descr>Enable TCP extended debugging</descr>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
</item>
<item>
<descr>Set ICMP Limits</descr>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
</item>
<item>
<descr>TCP Offload Engine</descr>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
</item>
<item>
<descr>UDP Checksums</descr>
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum socket buffer size</descr>
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
</item>
</sysctl>
<system>
<optimization>normal</optimization>
<hostname>pfv-core-rtr01</hostname>
<domain>pfv.turnsys.net</domain>
<group>
<name>admins</name>
<description>System Administrators</description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>user-shell-access</priv>
<priv>page-all</priv>
</group>
<user>
<name>root</name>
<descr>System Administrator</descr>
<scope>system</scope>
<groupname>admins</groupname>
<password>$2b$10$aGhrQyAdjqqWt4Rz/2nzi.EVhxDEgehnX5uVUbmC87.DGogM0Op6O</password>
<uid>0</uid>
<expires/>
<authorizedkeys>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDbzVUMEZFVUtvWWF4Umhqczl5V3pLdEV5WHVLSnZUV29scnlEMzk1ZXF5QkoweE94YmtYSis4RU13S3RXTTZOVzVxYXFXYlQySkovVnpPSWNvWW14QXUrK3F3U1dPZXNrVnIrRnhQcjJ5cGFXRDk4bkp5K0NwWjlSTjZQdzZLaWtIYWt5cXpTVVdLWGRvdldpVHBkenFSTytqMExtSm1nVWlUM05zaDQyZXlidnQvVDdKTWtWRzRXK2pvUlgrRENTNFVJUlJRZ01SRDRUcUJRL2pyOW03VnMwYUpuMWxmbGdzcHJzYWNnb2crc0hsRXppdHd3Y1JxTU5wcDVKbTBEZmhqNlBxQXZzZ0tKWVdPT01GVm93dkdzcW5ROXdxSm81QWxsbGJUR1YxUkhlSUJPM2ZSUlU4VWQ5VFBBM0FmeDE2L2FwZjFua0xoVjhRWDltSXhFV3ANCnNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQy9MWUhqNE04dlBiZ3JpQ2l4Z0VwYjBRcHVKTU9meXNvVThHNlNWcllENm9taGFhZGptSE1GNWErUTU3WEVVMkFPL05TUFpyNkxUa3UzblJWOGp1eThYVUtVODM2K0VYWjJISUJwTDVVZkt6bXdqcjBET3RhTE54L2tJRWtWRC9tQnhoRkg0QVhpVVV2ZGZqQmQ2TnZTT3BiVVpZaHBaOERkRU03QnhWaU92M1dBcWY3eUNRSWRnMTViOG1HZG5nbnpjcytpelVpZSsrcy9PSDFKcWdtTFVIUDNBeFRxNFlFUktOOWsyQnlOdFI3TzZQR2crR3ZUdWtVN2dubWxNWm1xS293RVlFRTJERGRkbVNrdmVaalJHZW00WlRxRXU5MDRwRE1kdnF0TzVTYmVDTHUrNmlBbFMvYTk4YVZQYmljMGlPdE1wRXd2OXZ6VGlwVG1hNTRs</authorizedkeys>
<ipsecpsk/>
<otp_seed/>
</user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timezone>America/Chicago</timezone>
<time-update-interval>300</time-update-interval>
<timeservers>0.nl.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<ssl-certref>5a16ea4a3fdf7</ssl-certref>
<port/>
<ssl-ciphers/>
<compression/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu>1</disableconsolemenu>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<ipv6allow/>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<kill_states/>
<backupcount>60</backupcount>
<crypto_hardware>aesni</crypto_hardware>
<language>en_US</language>
<dnsserver>8.8.8.8</dnsserver>
<sudo_allow_wheel>2</sudo_allow_wheel>
<serialspeed>115200</serialspeed>
<primaryconsole>video</primaryconsole>
<ssh>
<noauto>1</noauto>
<enabled>enabled</enabled>
<passwordauth>1</passwordauth>
<permitrootlogin>1</permitrootlogin>
</ssh>
<dns1gw>none</dns1gw>
<dns2gw>none</dns2gw>
<dns3gw>none</dns3gw>
<dns4gw>none</dns4gw>
<dns5gw>none</dns5gw>
<dns6gw>none</dns6gw>
<dns7gw>none</dns7gw>
<dns8gw>none</dns8gw>
</system>
<interfaces>
<lan>
<if>em0_vlan30</if>
<descr>ProductionManagement</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.30.252</ipaddr>
<subnet>24</subnet>
</lan>
<wan>
<if>ue0</if>
<enable>1</enable>
<ipaddr>dhcp</ipaddr>
<ipaddrv6>dhcp6</ipaddrv6>
<blockbogons>on</blockbogons>
<subnet>32</subnet>
</wan>
<opt2>
<if>em0_vlan200</if>
<descr>Nerdbone</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.200.252</ipaddr>
<subnet>24</subnet>
</opt2>
<opt1>
<if>em0_vlan100</if>
<descr>TheNerdery</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.100.252</ipaddr>
<subnet>24</subnet>
</opt1>
<openvpn>
<internal_dynamic>1</internal_dynamic>
<enable>1</enable>
<if>openvpn</if>
<descr>OpenVPN</descr>
<type>group</type>
<virtual>1</virtual>
</openvpn>
<opt3>
<if>em0_vlan22</if>
<descr>LabManagement</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.22.252</ipaddr>
<subnet>24</subnet>
</opt3>
<opt4>
<if>em0_vlan3</if>
<descr>RRAP</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.3.252</ipaddr>
<subnet>24</subnet>
</opt4>
<opt5>
<if>em0_vlan4</if>
<descr>RRSW</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.4.252</ipaddr>
<subnet>24</subnet>
</opt5>
<opt6>
<if>em0_vlan5</if>
<descr>RRVOIP</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.5.252</ipaddr>
<subnet>24</subnet>
</opt6>
<opt7>
<if>em0_vlan6</if>
<descr>RRRTRLan</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.6.252</ipaddr>
<subnet>24</subnet>
</opt7>
<opt8>
<if>em0_vlan7</if>
<descr>RRIPTV</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.7.252</ipaddr>
<subnet>24</subnet>
</opt8>
</interfaces>
<dhcpd>
<lan>
<enable>1</enable>
<range>
<from>10.251.30.10</from>
<to>10.251.30.245</to>
</range>
</lan>
<opt1>
<enable>1</enable>
<numberoptions/>
<range>
<from>10.251.100.100</from>
<to>10.251.100.200</to>
</range>
<dnsserver>10.251.30.71</dnsserver>
</opt1>
</dhcpd>
<unbound>
<enable>1</enable>
<dnssec>1</dnssec>
<dnssecstripped>1</dnssecstripped>
</unbound>
<snmpd>
<modules>
<mibii>1</mibii>
<netgraph>1</netgraph>
<pf>1</pf>
<hostres>1</hostres>
</modules>
<enable>1</enable>
<rocommunity>kn3lmgmt</rocommunity>
<pollport>161</pollport>
<syslocation>PFV</syslocation>
<syscontact/>
<trapserver/>
<trapserverport>162</trapserverport>
<trapstring/>
<bindip>lan</bindip>
</snmpd>
<syslog>
<reverse>1</reverse>
<nentries>50</nentries>
<remoteserver>10.253.3.99</remoteserver>
<remoteserver2/>
<remoteserver3/>
<sourceip/>
<ipproto>ipv4</ipproto>
<logall>1</logall>
<enable>1</enable>
</syslog>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
</nat>
<filter>
<rule>
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow TheNerdery full access</descr>
<direction>out</direction>
<quick>yes</quick>
<floating>yes</floating>
<source>
<network>opt1</network>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1512005312.2896</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1512005312.2896</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr>Default allow LAN to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule>
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr>Default allow LAN IPv6 to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule>
<type>pass</type>
<interface>openvpn</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<protocol>tcp</protocol>
<source>
<address>192.168.198.1/30</address>
</source>
<destination>
<address>192.168.198.2/30</address>
<port>179</port>
</destination>
<updated>
<username>root@10.251.100.100</username>
<time>1511636936.8881</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.100</username>
<time>1511636643.7199</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>openvpn</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>allow road warrior full access pass</descr>
<source>
<address>172.16.80.0/24</address>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1512005158.8433</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1512005158.8433</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>openvpn</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>allow toolbox full access (librenms etc)</descr>
<source>
<address>10.253.3.99</address>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1512227140.3773</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1512227140.3773</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>openvpn</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>allow satx workstation net access</descr>
<source>
<address>10.40.50.0/24</address>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1512227203.5376</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1512227203.5376</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Default allow LAN to any rule</descr>
<source>
<network>opt1</network>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.251.30.10</username>
<time>1511623940.7898</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.30.10</username>
<time>1511623940.7898</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt3</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>allow pfv-consrv outbound access</descr>
<source>
<address>10.251.22.3</address>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1512330491.1084</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1512330491.1084</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt3</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>allow pfv-octopi outbound access</descr>
<source>
<address>10.251.22.23</address>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1512832374.3339</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1512832374.3339</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
</filter>
<rrd>
<enable/>
</rrd>
<load_balancer>
<monitor_type>
<name>ICMP</name>
<type>icmp</type>
<descr>ICMP</descr>
<options/>
</monitor_type>
<monitor_type>
<name>TCP</name>
<type>tcp</type>
<descr>Generic TCP</descr>
<options/>
</monitor_type>
<monitor_type>
<name>HTTP</name>
<type>http</type>
<descr>Generic HTTP</descr>
<options>
<path>/</path>
<host/>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>HTTPS</name>
<type>https</type>
<descr>Generic HTTPS</descr>
<options>
<path>/</path>
<host/>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>SMTP</name>
<type>send</type>
<descr>Generic SMTP</descr>
<options>
<send/>
<expect>220 *</expect>
</options>
</monitor_type>
</load_balancer>
<widgets>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<column_count>2</column_count>
</widgets>
<revision>
<username>root@10.40.50.77</username>
<time>1518050271.9921</time>
<description>/system_usermanager.php made changes</description>
</revision>
<OPNsense>
<captiveportal version="1.0.0">
<zones/>
<templates/>
</captiveportal>
<cron version="1.0.0">
<jobs/>
</cron>
<IDS version="1.0.1">
<rules/>
<userDefinedRules/>
<files/>
<fileTags/>
<general>
<enabled>0</enabled>
<ips>0</ips>
<promisc>0</promisc>
<interfaces>wan</interfaces>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<defaultPacketSize/>
<UpdateCron/>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<MPMAlgo>ac</MPMAlgo>
<syslog>0</syslog>
</general>
</IDS>
<proxy version="1.0.0">
<general>
<enabled>0</enabled>
<icpPort/>
<logging>
<enable>
<accessLog>1</accessLog>
<storeLog>1</storeLog>
</enable>
<ignoreLogACL/>
<target/>
</logging>
<alternateDNSservers/>
<dnsV4First>0</dnsV4First>
<forwardedForHandling>on</forwardedForHandling>
<uriWhitespaceHandling>strip</uriWhitespaceHandling>
<useViaHeader>1</useViaHeader>
<suppressVersion>0</suppressVersion>
<VisibleEmail>admin@localhost.local</VisibleEmail>
<VisibleHostname>localhost</VisibleHostname>
<cache>
<local>
<enabled>0</enabled>
<directory>/var/squid/cache</directory>
<cache_mem>256</cache_mem>
<maximum_object_size/>
<size>100</size>
<l1>16</l1>
<l2>256</l2>
</local>
</cache>
<traffic>
<enabled>0</enabled>
<maxDownloadSize>2048</maxDownloadSize>
<maxUploadSize>1024</maxUploadSize>
<OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
<perHostTrotteling>256</perHostTrotteling>
</traffic>
</general>
<forward>
<interfaces>lan</interfaces>
<port>3128</port>
<sslbumpport>3129</sslbumpport>
<sslbump>0</sslbump>
<sslurlonly>0</sslurlonly>
<sslcertificate/>
<sslnobumpsites/>
<ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
<sslcrtd_children>5</sslcrtd_children>
<ftpInterfaces/>
<ftpPort>2121</ftpPort>
<ftpTransparentMode>0</ftpTransparentMode>
<addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
<transparentMode>0</transparentMode>
<acl>
<allowedSubnets/>
<unrestricted/>
<bannedHosts/>
<whiteList/>
<blackList/>
<browser/>
<mimeType/>
<safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
<sslPorts>443:https</sslPorts>
<remoteACLs>
<blacklists/>
<UpdateCron/>
</remoteACLs>
</acl>
<icap>
<enable>0</enable>
<RequestURL>icap://[::1]:1344/avscan</RequestURL>
<ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
<SendClientIP>1</SendClientIP>
<SendUsername>0</SendUsername>
<EncodeUsername>0</EncodeUsername>
<UsernameHeader>X-Username</UsernameHeader>
<EnablePreview>1</EnablePreview>
<PreviewSize>1024</PreviewSize>
<OptionsTTL>60</OptionsTTL>
<exclude/>
</icap>
<authentication>
<method/>
<realm>OPNsense proxy authentication</realm>
<credentialsttl>2</credentialsttl>
<children>5</children>
</authentication>
</forward>
</proxy>
<TrafficShaper version="1.0.1">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
<quagga>
<bgp version="0.0.0">
<enabled>1</enabled>
<asnumber>64524</asnumber>
<networks>10.251.0.0/16,192.168.198.0/30</networks>
<redistribute/>
<neighbors>
<neighbor uuid="0db0a9b5-23c9-4412-aa5d-180899fe5ebc">
<enabled>1</enabled>
<address>192.168.198.1</address>
<remoteas>64517</remoteas>
<updatesource>openvpn</updatesource>
<nexthopself>0</nexthopself>
<defaultoriginate>0</defaultoriginate>
<linkedPrefixlistIn/>
<linkedPrefixlistOut/>
<linkedRoutemapIn/>
<linkedRoutemapOut/>
</neighbor>
</neighbors>
<aspaths/>
<prefixlists/>
<routemaps/>
</bgp>
<general version="0.0.0">
<enabled>1</enabled>
<enablelogfile>0</enablelogfile>
<logfilelevel>debugging</logfilelevel>
<enablesyslog>0</enablesyslog>
<sysloglevel>notifications</sysloglevel>
</general>
</quagga>
<clamav>
<general version="1.0.0">
<enabled>0</enabled>
<fc_enabled>0</fc_enabled>
<enabletcp>1</enabletcp>
<maxthreads>10</maxthreads>
<maxqueue>100</maxqueue>
<idletimeout>30</idletimeout>
<maxdirrecursion>20</maxdirrecursion>
<followdirsym>0</followdirsym>
<followfilesym>0</followfilesym>
<disablecache>0</disablecache>
<scanpe>1</scanpe>
<scanelf>1</scanelf>
<detectbroken>0</detectbroken>
<scanole2>1</scanole2>
<ole2blockmarcros>0</ole2blockmarcros>
<scanpdf>1</scanpdf>
<scanswf>1</scanswf>
<scanxmldocs>1</scanxmldocs>
<scanhwp3>1</scanhwp3>
<scanmailfiles>1</scanmailfiles>
<scanhtml>1</scanhtml>
<scanarchive>1</scanarchive>
<arcblockenc>0</arcblockenc>
<maxscansize>100M</maxscansize>
<maxfilesize>25M</maxfilesize>
<maxrecursion>16</maxrecursion>
<maxfiles>10000</maxfiles>
<fc_logverbose>0</fc_logverbose>
<fc_databasemirror>database.clamav.net</fc_databasemirror>
<fc_timeout>60</fc_timeout>
</general>
</clamav>
<Netflow version="1.0.0">
<capture>
<interfaces>lan,wan,opt2,opt1,openvpn,opt3,opt4,opt5,opt6,opt7,opt8</interfaces>
<egress_only>wan</egress_only>
<version>v9</version>
<targets/>
</capture>
<collect>
<enable>0</enable>
</collect>
</Netflow>
</OPNsense>
<cert>
<refid>5a16ea4a3fdf7</refid>
<descr>Web GUI SSL certificate</descr>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZiekNDQTFlZ0F3SUJBZ0lKQUlMTmRkUi9XWUp6TUEwR0NTcUdTSWIzRFFFQkN3VUFNRTR4Q3pBSkJnTlYKQkFZVEFrNU1NUlV3RXdZRFZRUUlEQXhhZFdsa0xVaHZiR3hoYm1ReEZUQVRCZ05WQkFjTURFMXBaR1JsYkdoaApjbTVwY3pFUk1BOEdBMVVFQ2d3SVQxQk9jMlZ1YzJVd0hoY05NVGN4TVRJek1UVXpNek0zV2hjTk1UZ3hNVEl6Ck1UVXpNek0zV2pCT01Rc3dDUVlEVlFRR0V3Sk9UREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXcKRXdZRFZRUUhEQXhOYVdSa1pXeG9ZWEp1YVhNeEVUQVBCZ05WQkFvTUNFOVFUbk5sYm5ObE1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQXpFOXUzblNNSkkyemxuL2dVS3dRY2JmQTQ3RjlvU28wClRFbDhMQ2EyVEtuUC9QQXZScnkxMCtsYXQzOXJVNHV5MnB4MmhpNklNU1lkNnp1dG9yVkpMM2tjajU0NC9OVXEKVyszNE5LRnpBNjQ3a3RPN0pTanByRnVwTHZoMjNPc0hkTUkyalV3UDRQaVQva08wdHBOT3JCTlBkSkhpVXdmQgpCdzNVbXl6Tk1xOFZseS9MVXRoWFphVUxnbCs1U2FsWHFQaGpJdktRcTZHODJPaWZFNWRYSGdJQ1UrWFZ0OXgvCmFjQ1BDaUwveVlmUlgvR2tDdk1qSjljdDlOY3FSRURZU0hDS2FHVnNtaFMrUzlIM1J3Y0djMDAxQi9KaldaeHEKZnJRQ1RVV1RrVHVNNitTQW9ZY0xsUFpUZ3lvc0xaL0RvRHV3bHpDL1hJVG5sQ01SNnQ1Uy9sV0lYREw5Zmc4VQptMnZqRkpPK0NLWlRjc3lxaHY5TTFXT0lpbEl0a2ZlQzZzNzgvN3JMaC9GaEsxMzZGM3V6dktoTnlldEJBRXZUCnpiNDlQUC9MZG0zbU5ubkViSS91V2ttMmE2Z2hHZWhNQVA5V1ZLZGtBK2w4ZWlveVAweWNSV3R5bVExYk1sZUkKRWxGMVJlcHhLMWFkQ0xxSTJyVEJRam90T3JFeVJYSGsrbnByU1dyTWRXcHRGa3o5c0Z4TE0ySEVRbXcxTThCZgppeEVIUlhwNFhrR2MyUmhaNlZqNXB0dGJBdlFQcmEzUG1PZWhka2UzQjBsMDhTZVhiNHF3M3NHUERYRHZqYzdTCnhYWHdiMVc4RDJXVUU5b0xrcS90b2xjV3NLZHdhWlJFU2xlTDlsNEEwWkp3a3ErNEsvK0c2aVZRQ1VJSjRRdE4KOE9MT2pCT1JVdjhDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRkswVzdoZ1l6aG1IWG15eDhUNGVxaVQ3L1FGdwpNQjhHQTFVZEl3UVlNQmFBRkswVzdoZ1l6aG1IWG15eDhUNGVxaVQ3L1FGd01Bd0dBMVVkRXdRRk1BTUJBZjh3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFGM3g0UW1LamZNbXArWm1OZXo5S3ZEb1ZSMlpnNTd0WkJha2RRdFMKcUN0V3kyRGV1M1Qya00wbWNtSzRwZ1VsaG9FT2t6dmlqVkZ5SGI5UDlQc0pHUG1pUUp5QTRjelR0Q0lmakNIbApic2RyWjRudEdnWmVWZmZEdFNiYU9LdkpubFZtZUQxcGJ0UmtNSHdKTmRCWTZtbUZFTUJkOGxMZ09IMndlNXNQCjZMZnRaLzBMTDdSdXg5aEI1d1dzaitqdjgvdWhGMnJUZ0dZRi9oMjQ1OFl1bzdyVk5wYjNZSEo4enpyZ09aOWUKeWo5bGh2Zk5YUXk4clBQaXJmNWxscWk3RFBKVStGVzdCL2Y3NmlsbmxLdkEvZDdOUHRDL3lNUlk2eDJoN3krdgptUVhtYUUzUzRUcEFtcmh5M3NabFBubWpSQ1hId1lSRHlGT3ZWZUt0UzFUbExyNDlieTYrNWdzcjJvWXlmTUwrCjVkeFdBQ2ppb280dk8xcWI4NjVOUmhjMU9lWm1GZVZtYmRRQmFOc24wNkJUWjNVczBBbU15UStVSkdIc0xxeTIKQ2I5YmlWTmJWZG10M3ZTa3lVdzN5c3N5RU1jQmdMTXdkU0NaeHo3bDVlbjZBLzhoTjBreHR1OGh0clpWRkRTNAo2dHd5WXdOc2hZUStwTFpialMrVUpOeWY1YlNrMVZQeWlaOCtiSUNqMFZPbEVNSk9acG91UFVrS0ZOa0JzY0oxCk81bG1CNGtFUVNORlUzWHJlanA2bGFncDIxUTgxWE5ZZUFYZ21yNnVmSlNRZ3Y3TXJBem0xYnIvY2dvQkM1UVkKUzNEZXhsOUdGZklIWlRHS05Ubm9ka21SaFhOemNtN2Q5QlF1ZnpRZ21QbjdqZE9FNXpGY0s2ckordk1Hb3l3cgphTnIvCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRE1UMjdlZEl3a2piT1cKZitCUXJCQnh0OERqc1gyaEtqUk1TWHdzSnJaTXFjLzg4QzlHdkxYVDZWcTNmMnRUaTdMYW5IYUdMb2d4SmgzcgpPNjJpdFVrdmVSeVBuamo4MVNwYjdmZzBvWE1Ecmp1UzA3c2xLT21zVzZrdStIYmM2d2Qwd2phTlRBL2crSlArClE3UzJrMDZzRTA5MGtlSlRCOEVIRGRTYkxNMHlyeFdYTDh0UzJGZGxwUXVDWDdsSnFWZW8rR01pOHBDcm9ielkKNko4VGwxY2VBZ0pUNWRXMzNIOXB3SThLSXYvSmg5RmY4YVFLOHlNbjF5MzAxeXBFUU5oSWNJcG9aV3lhRkw1TAowZmRIQndaelRUVUg4bU5abkdwK3RBSk5SWk9STzR6cjVJQ2hod3VVOWxPREtpd3RuOE9nTzdDWE1MOWNoT2VVCkl4SHEzbEwrVlloY012MStEeFNiYStNVWs3NElwbE55ektxRy8welZZNGlLVWkyUjk0THF6dnovdXN1SDhXRXIKWGZvWGU3TzhxRTNKNjBFQVM5UE52ajA4Lzh0MmJlWTJlY1Jzais1YVNiWnJxQ0VaNkV3QS8xWlVwMlFENlh4NgpLakkvVEp4RmEzS1pEVnN5VjRnU1VYVkY2bkVyVnAwSXVvamF0TUZDT2kwNnNUSkZjZVQ2ZW10SmFzeDFhbTBXClRQMndYRXN6WWNSQ2JEVXp3RitMRVFkRmVuaGVRWnpaR0ZucFdQbW0yMXNDOUErdHJjK1k1NkYyUjdjSFNYVHgKSjVkdmlyRGV3WThOY08rTnp0TEZkZkJ2VmJ3UFpaUVQyZ3VTcisyaVZ4YXdwM0JwbEVSS1Y0djJYZ0RSa25DUwpyN2dyLzRicUpWQUpRZ25oQzAzdzRzNk1FNUZTL3dJREFRQUJBb0lDQUFjempZN2R3TXJSQzlGME5HM2pncmpmClp6Y2ZYSFEvenBRWnl2eXJhS1dQSHJ1bG82VDBwZHdRVDVoRUwzNUVZRXVBVkZVcWNyWjR4M2t4STArbTRDdUMKTTFXRW1ER2hPZHIvcWs0QW10TTRZdlVyN1Y3RDhHaVkybi9EVmowM000NFVBbVE4bUJxdjZGZC8vM0NvQkkvZwpKbDdQZlpDN3B6d2VhcTRGaUQ0UEdjMjRhNHhCLytLZlRLYU54VFFwZWVPRXpjbS9qd1hkcjVCZHNxMjRHZVArCjRpSWU2Y2VQU0Jac0tSNk1XVU83TzlBTDdtSk1hNkxOM05yU2NyVHhMQzV4ZVE5dzg4RUNsaXFKL2hOTTFoZGUKVTA0eVp2b1RuMVZUOXZqT1NRTkhmQkljZmNRenhGNjl4L2ZKbHNFTTdwSkpTRklyNzdMTkpIUitQL1Z0WExOMgpFczZyOE9qZzR5ZlZZdzhRSmlmRFh1ZjVyQlFRZDl4OUh4NGYzNTZEVkpQNU0vNkVscHlpT01FL1drMFZpTndVClg5N1BYbjlwY0RvRWpEUzNoeEN2cjF3aTFPRmtXTDByL2VOUDNIa2lLbml5RHh2b2U4YjFVTVlDOHZ0N2lUSHkKSno3anU1ZnFZa2dxWC9iWVZKTlAxNHlVOVhhNVAzUC9idklqSXQ3Wk9DaU0yOFhZdUtLZmllVDl4QXVLWGIyKwp6RUtTeS92S2xJbVdqZjhDRmNYbG1VN214OXNoaEVCZ1VDVFduODRhbUhYdkxudk5yY3VObHlvMmc0OS9FeTgyCkgrUXU1MzdRbE5tc0Mva09LVXJocm41NmVRVW9HTGNMb1ZQeU55aHFKUUV5QW0rSVlWNmpmY0F0N2ExZlh3VlYKdU4rSkxRalpUZVhoSE51d0NtWmhBb0lCQVFEN09NelJQUUNzdjVuUzUvampJOHlZRGdtd3ROcWlHVUgwTnNzcApiQVlvVkJCSlQ1M1VGNUt5SHNrQ3JDR2ZQY1J1Q0MwejBpbVRJUFhrdU5CMXJ6MlMvRFVFcm1MaHRKc1liWFJFCjBwUU1HaDRzVTZUVGhyZnlJRHRPMVVnVXlydHNXc05YYUtwT1hIS0QyeXI1RzZMYU1RUStPdCsyMmxNU0JreFcKaFRmc090NjU1UWxGUGprRm56MmF6ZFNwMUVWOUFTV3pNRksxUWRUWjNPTmNGcnE3YUliZUhRY0VSWXhoVTQvOAo2TXNWQ2I0U2FlQTJ6UXRNTW1Sc0dheU1sTFAwMi9WaCs3M3RhQ09RRlNnc0cwNTlkZmtscGpCejFsc1h4MFFkCk80WExxa1k0WWdFZGdtQUxuWHF4VzdZUzhCRjl3QW9yVEFIV290SVdQSkhqSUhCWEFvSUJBUURRTWpocC84b1kKaFQ2Mkk1Nk1WdDArZy95cEpEOTV6VXFnV0xPR0dOVFkwSUtOcVByK1N6VEVVR2diaFZLL3B6ZXo5ZWtMOU5qeAo3RTg3QkN4S3ZuRktuamtSclN6SlFITVdXVGsraVplRldwTEFhZm9mczdCNDFLeGhXU1plK1g0Wmp2YlpXMmlRCmt0bVVaemFkbmRRK0MxVlVaMGg5RzFOMnUwSlpQQVA3UHhSVE43WEpFNFJvdkgvYW9oVU92NTNSNi9idEN6M1oKcHh6d0VFY1JxVHRyc2ZCQUkyZWI2NGJNYkdSQWNmRXVVaGp1NGJOT0lleUt6OEpuOU1pdldjQzFUZjFmY2ZXTgpPb0hocjBVbkpydXpiMjRvWHpmL21KZXFpNGxuZ2ZQUndPQ0x6NVBiL1J5S2pLV3BDekhEVWRZaVZLMkVuVW1PCnk1SXFCYzhYS2VtWkFvSUJBR3BvZWFDYTFTRldtcUlScllNUUU4WElGR1NyaGZ1bzlSMnE0OHlzdThMek1GN04KQVUzbm1qUW1CQUJFeG96N2phc0pmWlA0amJHTEFYd2FwL2xnKzVTNWpQOXBtZXArSkQ5cGhSanRsTlczYmxaYQpLM09KR1hyT0dqRGUrQVFPaHVwelcxQTN2Z01vOXp4UVpkaFQwMXZWN1RVcW5MMkhwaTM1U3ZaT3dRd25OMVhICjVIQlcxYkpDNjhZWkx0MnNVcTZMQU52d09PZ2JkVHUrYXZNRGtaNTF2TUp4eXhvTkYxUFdJQ1FBdXB3em56V1AKY08vbFU4YTNoWCtnTkV6clkzbndmUFErdkFqRjFtSmVBOEVDNC9FU09qQ3ZQdENoMTcydm9uTTdWZ1daSHRzYwo3OW4rOGcyWmEzR2FKZm5KZzY4ZTIyL1JadW54MTBpaDZTMHAvVXNDZ2dFQWV0L1k2YjU4Y1NKYTA3YU1BWG5XCjArbWorZE9aM3ZJcGhCODF2UVAwd3cyMHI1UzJwZFNQRFBvRHA1SjFOd1dpMjRSY0NhRjFWTHJLUENPSFhJbXYKWllHaVh1dGREbDRLVG50VVRMTjZDTXRlNTA3a3YwY1c5UWxYdjVDVkUrS2Q2TW0ycUt2Sk4rSmpwYkdReTA5MgpEelF6SlVCYnlQS1N2UFZpQURacWh5TkFoS2pSa2g0QnZLcmJycGFRWlFiMFJ3dkR6VDBnUU0vZlJWUG1EZWRhCldZSklNQ0oxS05IRjJlcHk5SklLN1BLcEludDBqcjE0MUtndnJaa0x4R250VVZQNUlSYXAvTE0yS3BOOTlkQm4KWVV4M3NENGFWN0NnZXBnbC9ULzJQYXBmSEVUam1DZDNhOUg4aDV0Q3dHc1JQV3ZLaVFVbmY2NW4wb05oS09PawpxUUtDQVFFQXFGY1B0SXNraGdRb3MvNlI1MW41MzVld1k0QTRGTnhWTjh1NUtMT25vbGo1RW4zWTNWTEV2c2NCCnF6a2VTNlJSckU5aTNtZVYvd0xWUTVRWFFFY2VnMUtJNlhjc2toRXUvT0phUnM2ODVwWlk3SjgwcCs1SXg0VW8KZ2lmaFBhWDZ0NllFR3hLSnYvV0JuS3dUbTdiQkVDeUV6d3JJQ1RNaEdManFBdl
</cert>
<vlans>
<vlan>
<if>em0</if>
<tag>30</tag>
<pcp>0</pcp>
<descr>Production Management</descr>
<vlanif>em0_vlan30</vlanif>
</vlan>
<vlan>
<if>em0</if>
<tag>100</tag>
<pcp>0</pcp>
<descr>TheNerdery</descr>
<vlanif>em0_vlan100</vlanif>
</vlan>
<vlan>
<if>em0</if>
<tag>22</tag>
<pcp>0</pcp>
<descr>Lab Management</descr>
<vlanif>em0_vlan22</vlanif>
</vlan>
<vlan>
<if>em0</if>
<tag>200</tag>
<pcp>0</pcp>
<descr>Nerdbone</descr>
<vlanif>em0_vlan200</vlanif>
</vlan>
<vlan>
<if>em0</if>
<tag>3</tag>
<pcp>0</pcp>
<descr>RR-AP</descr>
<vlanif>em0_vlan3</vlanif>
</vlan>
<vlan>
<if>em0</if>
<tag>4</tag>
<pcp>0</pcp>
<descr>RR-Sw</descr>
<vlanif>em0_vlan4</vlanif>
</vlan>
<vlan>
<if>em0</if>
<tag>5</tag>
<pcp>0</pcp>
<descr>RR-Voip</descr>
<vlanif>em0_vlan5</vlanif>
</vlan>
<vlan>
<if>em0</if>
<tag>6</tag>
<pcp>0</pcp>
<descr>RR-RtrLan</descr>
<vlanif>em0_vlan6</vlanif>
</vlan>
<vlan>
<if>em0</if>
<tag>7</tag>
<pcp>0</pcp>
<descr>RR-IPTV</descr>
<vlanif>em0_vlan7</vlanif>
</vlan>
<vlan>
<if>em0</if>
<tag>8</tag>
<pcp>0</pcp>
<descr>RR-PeanutGallery1</descr>
<vlanif>em0_vlan8</vlanif>
</vlan>
<vlan>
<if>em0</if>
<tag>9</tag>
<pcp>0</pcp>
<descr>RR-Malzoo</descr>
<vlanif>em0_vlan9</vlanif>
</vlan>
<vlan>
<if>em0</if>
<tag>10</tag>
<pcp>0</pcp>
<descr>RR-Fstack1</descr>
<vlanif>em0_vlan10</vlanif>
</vlan>
<vlan>
<if>em0</if>
<tag>11</tag>
<pcp>0</pcp>
<descr>RR-RtrWan</descr>
<vlanif>em0_vlan11</vlanif>
</vlan>
</vlans>
<ppps/>
<openvpn>
<openvpn-client>
<protocol>TCP</protocol>
<dev_mode>tun</dev_mode>
<server_addr>158.69.183.162</server_addr>
<server_port>1199</server_port>
<proxy_authtype>none</proxy_authtype>
<description>tsys corp vpn - ovh</description>
<mode>p2p_shared_key</mode>
<crypto>AES-128-CBC</crypto>
<digest>SHA1</digest>
<engine>none</engine>
<tunnel_network>192.168.198.0/30</tunnel_network>
<compression>no</compression>
<verbosity_level>1</verbosity_level>
<interface>wan</interface>
<vpnid>1</vpnid>
<custom_options/>
<shared_key>Iw0KIyAyMDQ4IGJpdCBPcGVuVlBOIHN0YXRpYyBrZXkNCiMNCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0NCjM3ZTdhZjg0MjQ3OTA1YmFjMWUzN2U3Y2RjNTIyN2VmDQpjMTMxNTZiZjAyZDE4ZWJjMjk0ODUxOTg0OGQwMDdmYQ0KMTQ0NWNjNzgzY2I5Njc1NDA4ZWExN2ViZjJiNTgwZDcNCjU2NmQxODcxODc1NmNjN2UzZTBiZThjODM2NGJkMGI1DQpjZmVhNzJhYjNmMjFkZmQzOGExMjliODhiNWM1YzQ4ZA0KNzMxNDExOWNjN2E0ZDgxYzZiNzE3ZDVhZDRlNzZhZDMNCjg4YjY5M2YxY2ZmZWRhMjlkOTljMjc4NmQ4MTc3ZjE5DQpkOGQxNGI2ODM5YmZjZTMyN2EwOGYwODgzMGM2N2I2OA0KNmQ4NzA1YmVjYTlkOWZlNzdlMDhkNGVlODc2YTI4NzQNCjNjZThkMzY5YzM2ZGQzOWRhZjdkMDZjNGEzN2MzZWYxDQo3ZDdmZDAyYTMzMTc1NzBhOTE2NGI0Nzk1ZTYwNTNmYQ0KNmQ0ZDhjNThhNGMxZGNjZTQ1ZTI3NzYyNDAzNDQ3M2QNCmIwNjdlMmFlYjNhZDkzY2QyYmRhZWQ4MWRiZWIxNjMxDQowMDRjNzg0ZmMyZWRkZTJkNzM5YWMxY2MxZTFjOTFhNA0KYjA0YTgzNzg1MWQxMzIzOGRiMzhlZWY4MWUwYWQyNGMNCmVhM2M2OWRiYTQxYTgyOGE1MTQ0MWZlODA2ZjYxYjE4DQotLS0tLUVORCBPcGVuVlBOIFN0YXRpYyBrZXkgVjEtLS0tLQ0K</shared_key>
</openvpn-client>
</openvpn>
<virtualip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>lan</interface>
<descr>.30 float</descr>
<subnet>10.251.30.254</subnet>
<vhid>1</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>carpyo</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt1</interface>
<descr>.100 float</descr>
<subnet>10.251.100.254</subnet>
<vhid>2</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>carpyo</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt3</interface>
<descr>.22 float</descr>
<subnet>10.251.22.254</subnet>
<vhid>3</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>carpyo</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt2</interface>
<descr>nerdbone float</descr>
<subnet>10.251.200.254</subnet>
<vhid>4</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>123</password>
</vip>
</virtualip>
</opnsense>