1012 lines
37 KiB
Plaintext
1012 lines
37 KiB
Plaintext
|
<?xml version="1.0"?>
|
||
|
<opnsense>
|
||
|
<theme>opnsense</theme>
|
||
|
<sysctl>
|
||
|
<item>
|
||
|
<descr>Disable the pf ftp proxy handler.</descr>
|
||
|
<tunable>debug.pfftpproxy</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html</descr>
|
||
|
<tunable>vfs.read_max</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Set the ephemeral port range to be lower.</descr>
|
||
|
<tunable>net.inet.ip.portrange.first</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Drop packets to closed TCP ports without returning a RST</descr>
|
||
|
<tunable>net.inet.tcp.blackhole</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
|
||
|
<tunable>net.inet.udp.blackhole</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</descr>
|
||
|
<tunable>net.inet.ip.random_id</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>
|
||
|
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
||
|
It can also be used to probe for information about your internal networks. These functions come enabled
|
||
|
as part of the standard FreeBSD core system.
|
||
|
</descr>
|
||
|
<tunable>net.inet.ip.sourceroute</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>
|
||
|
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
||
|
It can also be used to probe for information about your internal networks. These functions come enabled
|
||
|
as part of the standard FreeBSD core system.
|
||
|
</descr>
|
||
|
<tunable>net.inet.ip.accept_sourceroute</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>
|
||
|
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
|
||
|
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
|
||
|
packets without returning a response.
|
||
|
</descr>
|
||
|
<tunable>net.inet.icmp.drop_redirect</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>
|
||
|
This option turns off the logging of redirect packets because there is no limit and this could fill
|
||
|
up your logs consuming your whole hard drive.
|
||
|
</descr>
|
||
|
<tunable>net.inet.icmp.log_redirect</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
|
||
|
<tunable>net.inet.tcp.drop_synfin</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Enable sending IPv4 redirects</descr>
|
||
|
<tunable>net.inet.ip.redirect</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Enable sending IPv6 redirects</descr>
|
||
|
<tunable>net.inet6.ip6.redirect</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
|
||
|
<tunable>net.inet6.ip6.use_tempaddr</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
|
||
|
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
|
||
|
<tunable>net.inet.tcp.syncookies</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
|
||
|
<tunable>net.inet.tcp.recvspace</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
|
||
|
<tunable>net.inet.tcp.sendspace</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
|
||
|
<tunable>net.inet.tcp.delayed_ack</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Maximum outgoing UDP datagram size</descr>
|
||
|
<tunable>net.inet.udp.maxdgram</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
|
||
|
<tunable>net.link.bridge.pfil_onlyip</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
|
||
|
<tunable>net.link.bridge.pfil_local_phys</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
|
||
|
<tunable>net.link.bridge.pfil_member</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Set to 1 to enable filtering on the bridge interface</descr>
|
||
|
<tunable>net.link.bridge.pfil_bridge</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Allow unprivileged access to tap(4) device nodes</descr>
|
||
|
<tunable>net.link.tap.user_open</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
|
||
|
<tunable>kern.randompid</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Maximum size of the IP input queue</descr>
|
||
|
<tunable>net.inet.ip.intr_queue_maxlen</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
|
||
|
<tunable>hw.syscons.kbd_reboot</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Enable TCP extended debugging</descr>
|
||
|
<tunable>net.inet.tcp.log_debug</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Set ICMP Limits</descr>
|
||
|
<tunable>net.inet.icmp.icmplim</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>TCP Offload Engine</descr>
|
||
|
<tunable>net.inet.tcp.tso</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>UDP Checksums</descr>
|
||
|
<tunable>net.inet.udp.checksum</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Maximum socket buffer size</descr>
|
||
|
<tunable>kern.ipc.maxsockbuf</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
|
||
|
<tunable>vm.pmap.pti</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
<item>
|
||
|
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
|
||
|
<tunable>hw.ibrs_disable</tunable>
|
||
|
<value>default</value>
|
||
|
</item>
|
||
|
</sysctl>
|
||
|
<system>
|
||
|
<optimization>normal</optimization>
|
||
|
<hostname>pfv-core-rtr02</hostname>
|
||
|
<domain>pfv.turnsys.net</domain>
|
||
|
<group>
|
||
|
<name>admins</name>
|
||
|
<description>System Administrators</description>
|
||
|
<scope>system</scope>
|
||
|
<gid>1999</gid>
|
||
|
<member>0</member>
|
||
|
<priv>user-shell-access</priv>
|
||
|
<priv>page-all</priv>
|
||
|
</group>
|
||
|
<user>
|
||
|
<name>root</name>
|
||
|
<descr>System Administrator</descr>
|
||
|
<scope>system</scope>
|
||
|
<groupname>admins</groupname>
|
||
|
<password>$2b$10$A6E8slPQ47ZeKAAWEZikquT4cKDePehCLY547YFCcOIlQGPcaTeSu</password>
|
||
|
<uid>0</uid>
|
||
|
<expires/>
|
||
|
<authorizedkeys>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDbzVUMEZFVUtvWWF4Umhqczl5V3pLdEV5WHVLSnZUV29scnlEMzk1ZXF5QkoweE94YmtYSis4RU13S3RXTTZOVzVxYXFXYlQySkovVnpPSWNvWW14QXUrK3F3U1dPZXNrVnIrRnhQcjJ5cGFXRDk4bkp5K0NwWjlSTjZQdzZLaWtIYWt5cXpTVVdLWGRvdldpVHBkenFSTytqMExtSm1nVWlUM05zaDQyZXlidnQvVDdKTWtWRzRXK2pvUlgrRENTNFVJUlJRZ01SRDRUcUJRL2pyOW03VnMwYUpuMWxmbGdzcHJzYWNnb2crc0hsRXppdHd3Y1JxTU5wcDVKbTBEZmhqNlBxQXZzZ0tKWVdPT01GVm93dkdzcW5ROXdxSm81QWxsbGJUR1YxUkhlSUJPM2ZSUlU4VWQ5VFBBM0FmeDE2L2FwZjFua0xoVjhRWDltSXhFV3A=</authorizedkeys>
|
||
|
<ipsecpsk/>
|
||
|
<otp_seed/>
|
||
|
</user>
|
||
|
<nextuid>2000</nextuid>
|
||
|
<nextgid>2000</nextgid>
|
||
|
<timezone>America/Chicago</timezone>
|
||
|
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
|
||
|
<webgui>
|
||
|
<protocol>https</protocol>
|
||
|
<ssl-certref>5ab5ea42ad218</ssl-certref>
|
||
|
<port/>
|
||
|
<ssl-ciphers/>
|
||
|
<interfaces/>
|
||
|
<compression/>
|
||
|
</webgui>
|
||
|
<disablenatreflection>yes</disablenatreflection>
|
||
|
<usevirtualterminal>1</usevirtualterminal>
|
||
|
<disableconsolemenu>1</disableconsolemenu>
|
||
|
<disablechecksumoffloading>1</disablechecksumoffloading>
|
||
|
<disablesegmentationoffloading>1</disablesegmentationoffloading>
|
||
|
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
|
||
|
<ipv6allow/>
|
||
|
<powerd_ac_mode>hadp</powerd_ac_mode>
|
||
|
<powerd_battery_mode>hadp</powerd_battery_mode>
|
||
|
<powerd_normal_mode>hadp</powerd_normal_mode>
|
||
|
<bogons>
|
||
|
<interval>monthly</interval>
|
||
|
</bogons>
|
||
|
<kill_states/>
|
||
|
<backupcount>60</backupcount>
|
||
|
<crypto_hardware>aesni</crypto_hardware>
|
||
|
<pf_share_forward>1</pf_share_forward>
|
||
|
<snat_use_sticky>1</snat_use_sticky>
|
||
|
<lb_use_sticky>1</lb_use_sticky>
|
||
|
<language>en_US</language>
|
||
|
<dnsserver>10.251.30.71</dnsserver>
|
||
|
<serialspeed>115200</serialspeed>
|
||
|
<primaryconsole>video</primaryconsole>
|
||
|
<ssh>
|
||
|
<noauto>1</noauto>
|
||
|
<interfaces/>
|
||
|
<enabled>enabled</enabled>
|
||
|
<permitrootlogin>1</permitrootlogin>
|
||
|
</ssh>
|
||
|
<dns1gw>none</dns1gw>
|
||
|
<dns2gw>none</dns2gw>
|
||
|
<dns3gw>none</dns3gw>
|
||
|
<dns4gw>none</dns4gw>
|
||
|
<dns5gw>none</dns5gw>
|
||
|
<dns6gw>none</dns6gw>
|
||
|
<dns7gw>none</dns7gw>
|
||
|
<dns8gw>none</dns8gw>
|
||
|
</system>
|
||
|
<interfaces>
|
||
|
<wan>
|
||
|
<enable>1</enable>
|
||
|
<if>ue0</if>
|
||
|
<ipaddr>dhcp</ipaddr>
|
||
|
<ipaddrv6>dhcp6</ipaddrv6>
|
||
|
<subnet>32</subnet>
|
||
|
<gateway/>
|
||
|
<blockbogons>on</blockbogons>
|
||
|
<media/>
|
||
|
<mediaopt/>
|
||
|
<dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
|
||
|
<descr>WAN</descr>
|
||
|
</wan>
|
||
|
<lan>
|
||
|
<enable>1</enable>
|
||
|
<if>bge0_vlan100</if>
|
||
|
<ipaddr>10.251.100.253</ipaddr>
|
||
|
<subnet>24</subnet>
|
||
|
<ipaddrv6/>
|
||
|
<subnetv6/>
|
||
|
<media/>
|
||
|
<mediaopt/>
|
||
|
<gateway/>
|
||
|
<gatewayv6/>
|
||
|
<descr>LAN</descr>
|
||
|
</lan>
|
||
|
<openvpn>
|
||
|
<internal_dynamic>1</internal_dynamic>
|
||
|
<enable>1</enable>
|
||
|
<if>openvpn</if>
|
||
|
<descr>OpenVPN</descr>
|
||
|
<type>group</type>
|
||
|
<virtual>1</virtual>
|
||
|
</openvpn>
|
||
|
<opt1>
|
||
|
<if>bge0_vlan30</if>
|
||
|
<descr>ProductionManagement</descr>
|
||
|
<enable>1</enable>
|
||
|
<spoofmac/>
|
||
|
<ipaddr>10.251.30.253</ipaddr>
|
||
|
<subnet>24</subnet>
|
||
|
</opt1>
|
||
|
<opt2>
|
||
|
<if>bge0_vlan22</if>
|
||
|
<descr>HouseServices</descr>
|
||
|
<enable>1</enable>
|
||
|
<spoofmac/>
|
||
|
<ipaddr>10.251.22.253</ipaddr>
|
||
|
<subnet>24</subnet>
|
||
|
</opt2>
|
||
|
<opt3>
|
||
|
<if>bge0_vlan200</if>
|
||
|
<descr>Nerdbone</descr>
|
||
|
<enable>1</enable>
|
||
|
<spoofmac/>
|
||
|
<ipaddr>10.251.200.253</ipaddr>
|
||
|
<subnet>24</subnet>
|
||
|
</opt3>
|
||
|
<opt4>
|
||
|
<if>bge0_vlan5</if>
|
||
|
<descr>RRVOIP</descr>
|
||
|
<enable>1</enable>
|
||
|
<spoofmac/>
|
||
|
<ipaddr>10.251.5.253</ipaddr>
|
||
|
<subnet>24</subnet>
|
||
|
</opt4>
|
||
|
<opt5>
|
||
|
<if>bge0_vlan3</if>
|
||
|
<descr>RRAP</descr>
|
||
|
<enable>1</enable>
|
||
|
<spoofmac/>
|
||
|
<ipaddr>10.251.3.253</ipaddr>
|
||
|
<subnet>24</subnet>
|
||
|
</opt5>
|
||
|
</interfaces>
|
||
|
<dhcpd>
|
||
|
<lan>
|
||
|
<enable>1</enable>
|
||
|
<numberoptions/>
|
||
|
<range>
|
||
|
<from>10.251.100.10</from>
|
||
|
<to>10.251.100.245</to>
|
||
|
</range>
|
||
|
<dnsserver>10.251.30.71</dnsserver>
|
||
|
</lan>
|
||
|
</dhcpd>
|
||
|
<unbound>
|
||
|
<enable>on</enable>
|
||
|
</unbound>
|
||
|
<snmpd>
|
||
|
<modules>
|
||
|
<mibii>1</mibii>
|
||
|
<netgraph>1</netgraph>
|
||
|
<pf>1</pf>
|
||
|
<hostres>1</hostres>
|
||
|
<ucd>1</ucd>
|
||
|
<regex>1</regex>
|
||
|
</modules>
|
||
|
<enable>1</enable>
|
||
|
<rocommunity>kn3lmgmt</rocommunity>
|
||
|
<pollport>161</pollport>
|
||
|
<syslocation/>
|
||
|
<syscontact/>
|
||
|
<trapserver/>
|
||
|
<trapserverport>162</trapserverport>
|
||
|
<trapstring/>
|
||
|
<bindip>opt1</bindip>
|
||
|
</snmpd>
|
||
|
<syslog>
|
||
|
<reverse>1</reverse>
|
||
|
<nentries>50</nentries>
|
||
|
<remoteserver>10.253.3.99</remoteserver>
|
||
|
<remoteserver2/>
|
||
|
<remoteserver3/>
|
||
|
<sourceip/>
|
||
|
<ipproto>ipv4</ipproto>
|
||
|
<dhcp>1</dhcp>
|
||
|
<portalauth>1</portalauth>
|
||
|
<mail>1</mail>
|
||
|
<vpn>1</vpn>
|
||
|
<dns>1</dns>
|
||
|
<apinger>1</apinger>
|
||
|
<relayd>1</relayd>
|
||
|
<hostapd>1</hostapd>
|
||
|
<system>1</system>
|
||
|
<enable>1</enable>
|
||
|
</syslog>
|
||
|
<nat>
|
||
|
<outbound>
|
||
|
<mode>automatic</mode>
|
||
|
</outbound>
|
||
|
</nat>
|
||
|
<filter>
|
||
|
<rule>
|
||
|
<type>pass</type>
|
||
|
<ipprotocol>inet</ipprotocol>
|
||
|
<descr>Default allow LAN to any rule</descr>
|
||
|
<interface>lan</interface>
|
||
|
<source>
|
||
|
<network>lan</network>
|
||
|
</source>
|
||
|
<destination>
|
||
|
<any/>
|
||
|
</destination>
|
||
|
</rule>
|
||
|
<rule>
|
||
|
<type>pass</type>
|
||
|
<ipprotocol>inet6</ipprotocol>
|
||
|
<descr>Default allow LAN IPv6 to any rule</descr>
|
||
|
<interface>lan</interface>
|
||
|
<source>
|
||
|
<network>lan</network>
|
||
|
</source>
|
||
|
<destination>
|
||
|
<any/>
|
||
|
</destination>
|
||
|
</rule>
|
||
|
<rule>
|
||
|
<type>pass</type>
|
||
|
<interface>openvpn</interface>
|
||
|
<ipprotocol>inet</ipprotocol>
|
||
|
<statetype>keep state</statetype>
|
||
|
<descr>allow full transit across vpn</descr>
|
||
|
<source>
|
||
|
<any>1</any>
|
||
|
</source>
|
||
|
<destination>
|
||
|
<any>1</any>
|
||
|
</destination>
|
||
|
<updated>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1521872107.9121</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</updated>
|
||
|
<created>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1521872107.9121</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</created>
|
||
|
</rule>
|
||
|
<rule>
|
||
|
<type>pass</type>
|
||
|
<interface>openvpn</interface>
|
||
|
<ipprotocol>inet</ipprotocol>
|
||
|
<statetype>keep state</statetype>
|
||
|
<descr>allow bgp</descr>
|
||
|
<protocol>tcp</protocol>
|
||
|
<source>
|
||
|
<address>192.168.198.1/30</address>
|
||
|
</source>
|
||
|
<destination>
|
||
|
<address>192.168.198.2/30</address>
|
||
|
<port>179</port>
|
||
|
</destination>
|
||
|
<updated>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1521913738.0839</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</updated>
|
||
|
<created>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1521913738.0839</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</created>
|
||
|
</rule>
|
||
|
<rule>
|
||
|
<type>pass</type>
|
||
|
<interface>opt1</interface>
|
||
|
<ipprotocol>inet</ipprotocol>
|
||
|
<statetype>keep state</statetype>
|
||
|
<source>
|
||
|
<network>lan</network>
|
||
|
</source>
|
||
|
<destination>
|
||
|
<network>opt1</network>
|
||
|
</destination>
|
||
|
<updated>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1522507174.5786</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</updated>
|
||
|
<created>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1522027365.9625</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</created>
|
||
|
</rule>
|
||
|
<rule>
|
||
|
<type>pass</type>
|
||
|
<interface>opt1</interface>
|
||
|
<ipprotocol>inet</ipprotocol>
|
||
|
<statetype>keep state</statetype>
|
||
|
<source>
|
||
|
<address>10.40.50.0/24</address>
|
||
|
</source>
|
||
|
<destination>
|
||
|
<network>opt1</network>
|
||
|
</destination>
|
||
|
<updated>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1522508077.631</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</updated>
|
||
|
<created>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1522508077.631</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</created>
|
||
|
</rule>
|
||
|
<rule>
|
||
|
<type>pass</type>
|
||
|
<interface>opt1</interface>
|
||
|
<ipprotocol>inet</ipprotocol>
|
||
|
<statetype>keep state</statetype>
|
||
|
<source>
|
||
|
<address>10.253.3.0/24</address>
|
||
|
</source>
|
||
|
<destination>
|
||
|
<network>opt1</network>
|
||
|
</destination>
|
||
|
<updated>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1522508132.8358</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</updated>
|
||
|
<created>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1522508132.8359</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</created>
|
||
|
</rule>
|
||
|
<rule>
|
||
|
<type>pass</type>
|
||
|
<interface>opt2</interface>
|
||
|
<ipprotocol>inet</ipprotocol>
|
||
|
<statetype>keep state</statetype>
|
||
|
<source>
|
||
|
<network>lan</network>
|
||
|
</source>
|
||
|
<destination>
|
||
|
<network>opt2</network>
|
||
|
</destination>
|
||
|
<updated>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1522452947.2917</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</updated>
|
||
|
<created>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1522452914.5354</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</created>
|
||
|
</rule>
|
||
|
<rule>
|
||
|
<type>pass</type>
|
||
|
<interface>opt3</interface>
|
||
|
<ipprotocol>inet</ipprotocol>
|
||
|
<statetype>keep state</statetype>
|
||
|
<source>
|
||
|
<network>lan</network>
|
||
|
</source>
|
||
|
<destination>
|
||
|
<network>opt3</network>
|
||
|
</destination>
|
||
|
<updated>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1523232300.5565</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</updated>
|
||
|
<created>
|
||
|
<username>root@10.251.100.101</username>
|
||
|
<time>1523232300.5565</time>
|
||
|
<description>/firewall_rules_edit.php made changes</description>
|
||
|
</created>
|
||
|
</rule>
|
||
|
</filter>
|
||
|
<rrd>
|
||
|
<enable/>
|
||
|
</rrd>
|
||
|
<load_balancer>
|
||
|
<monitor_type>
|
||
|
<name>ICMP</name>
|
||
|
<type>icmp</type>
|
||
|
<descr>ICMP</descr>
|
||
|
<options/>
|
||
|
</monitor_type>
|
||
|
<monitor_type>
|
||
|
<name>TCP</name>
|
||
|
<type>tcp</type>
|
||
|
<descr>Generic TCP</descr>
|
||
|
<options/>
|
||
|
</monitor_type>
|
||
|
<monitor_type>
|
||
|
<name>HTTP</name>
|
||
|
<type>http</type>
|
||
|
<descr>Generic HTTP</descr>
|
||
|
<options>
|
||
|
<path>/</path>
|
||
|
<host/>
|
||
|
<code>200</code>
|
||
|
</options>
|
||
|
</monitor_type>
|
||
|
<monitor_type>
|
||
|
<name>HTTPS</name>
|
||
|
<type>https</type>
|
||
|
<descr>Generic HTTPS</descr>
|
||
|
<options>
|
||
|
<path>/</path>
|
||
|
<host/>
|
||
|
<code>200</code>
|
||
|
</options>
|
||
|
</monitor_type>
|
||
|
<monitor_type>
|
||
|
<name>SMTP</name>
|
||
|
<type>send</type>
|
||
|
<descr>Generic SMTP</descr>
|
||
|
<options>
|
||
|
<send/>
|
||
|
<expect>220 *</expect>
|
||
|
</options>
|
||
|
</monitor_type>
|
||
|
</load_balancer>
|
||
|
<ntpd>
|
||
|
<prefer>0.opnsense.pool.ntp.org</prefer>
|
||
|
</ntpd>
|
||
|
<widgets>
|
||
|
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
|
||
|
<column_count>2</column_count>
|
||
|
</widgets>
|
||
|
<revision>
|
||
|
<username>root@10.40.50.77</username>
|
||
|
<time>1523564426.0701</time>
|
||
|
<description>/services_snmp.php made changes</description>
|
||
|
</revision>
|
||
|
<OPNsense>
|
||
|
<captiveportal version="1.0.0">
|
||
|
<zones/>
|
||
|
<templates/>
|
||
|
</captiveportal>
|
||
|
<cron version="1.0.0">
|
||
|
<jobs/>
|
||
|
</cron>
|
||
|
<TrafficShaper version="1.0.1">
|
||
|
<pipes/>
|
||
|
<queues/>
|
||
|
<rules/>
|
||
|
</TrafficShaper>
|
||
|
<IDS version="1.0.1">
|
||
|
<rules/>
|
||
|
<userDefinedRules/>
|
||
|
<files/>
|
||
|
<fileTags/>
|
||
|
<general>
|
||
|
<enabled>0</enabled>
|
||
|
<ips>0</ips>
|
||
|
<promisc>0</promisc>
|
||
|
<interfaces>wan</interfaces>
|
||
|
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
|
||
|
<defaultPacketSize/>
|
||
|
<UpdateCron/>
|
||
|
<AlertLogrotate>W0D23</AlertLogrotate>
|
||
|
<AlertSaveLogs>4</AlertSaveLogs>
|
||
|
<MPMAlgo>ac</MPMAlgo>
|
||
|
<syslog>0</syslog>
|
||
|
<LogPayload>0</LogPayload>
|
||
|
</general>
|
||
|
</IDS>
|
||
|
<proxy version="1.0.0">
|
||
|
<general>
|
||
|
<enabled>0</enabled>
|
||
|
<icpPort/>
|
||
|
<logging>
|
||
|
<enable>
|
||
|
<accessLog>1</accessLog>
|
||
|
<storeLog>1</storeLog>
|
||
|
</enable>
|
||
|
<ignoreLogACL/>
|
||
|
<target/>
|
||
|
</logging>
|
||
|
<alternateDNSservers/>
|
||
|
<dnsV4First>0</dnsV4First>
|
||
|
<forwardedForHandling>on</forwardedForHandling>
|
||
|
<uriWhitespaceHandling>strip</uriWhitespaceHandling>
|
||
|
<useViaHeader>1</useViaHeader>
|
||
|
<suppressVersion>0</suppressVersion>
|
||
|
<VisibleEmail>admin@localhost.local</VisibleEmail>
|
||
|
<VisibleHostname/>
|
||
|
<cache>
|
||
|
<local>
|
||
|
<enabled>0</enabled>
|
||
|
<directory>/var/squid/cache</directory>
|
||
|
<cache_mem>256</cache_mem>
|
||
|
<maximum_object_size/>
|
||
|
<size>100</size>
|
||
|
<l1>16</l1>
|
||
|
<l2>256</l2>
|
||
|
<cache_linux_packages>0</cache_linux_packages>
|
||
|
<cache_windows_updates>0</cache_windows_updates>
|
||
|
</local>
|
||
|
</cache>
|
||
|
<traffic>
|
||
|
<enabled>0</enabled>
|
||
|
<maxDownloadSize>2048</maxDownloadSize>
|
||
|
<maxUploadSize>1024</maxUploadSize>
|
||
|
<OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
|
||
|
<perHostTrotteling>256</perHostTrotteling>
|
||
|
</traffic>
|
||
|
</general>
|
||
|
<forward>
|
||
|
<interfaces>lan</interfaces>
|
||
|
<port>3128</port>
|
||
|
<sslbumpport>3129</sslbumpport>
|
||
|
<sslbump>0</sslbump>
|
||
|
<sslurlonly>0</sslurlonly>
|
||
|
<sslcertificate/>
|
||
|
<sslnobumpsites/>
|
||
|
<ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
|
||
|
<sslcrtd_children>5</sslcrtd_children>
|
||
|
<ftpInterfaces/>
|
||
|
<ftpPort>2121</ftpPort>
|
||
|
<ftpTransparentMode>0</ftpTransparentMode>
|
||
|
<addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
|
||
|
<transparentMode>0</transparentMode>
|
||
|
<acl>
|
||
|
<allowedSubnets/>
|
||
|
<unrestricted/>
|
||
|
<bannedHosts/>
|
||
|
<whiteList/>
|
||
|
<blackList/>
|
||
|
<browser/>
|
||
|
<mimeType/>
|
||
|
<safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
|
||
|
<sslPorts>443:https</sslPorts>
|
||
|
<remoteACLs>
|
||
|
<blacklists/>
|
||
|
<UpdateCron/>
|
||
|
</remoteACLs>
|
||
|
</acl>
|
||
|
<icap>
|
||
|
<enable>0</enable>
|
||
|
<RequestURL>icap://[::1]:1344/avscan</RequestURL>
|
||
|
<ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
|
||
|
<SendClientIP>1</SendClientIP>
|
||
|
<SendUsername>0</SendUsername>
|
||
|
<EncodeUsername>0</EncodeUsername>
|
||
|
<UsernameHeader>X-Username</UsernameHeader>
|
||
|
<EnablePreview>1</EnablePreview>
|
||
|
<PreviewSize>1024</PreviewSize>
|
||
|
<OptionsTTL>60</OptionsTTL>
|
||
|
<exclude/>
|
||
|
</icap>
|
||
|
<authentication>
|
||
|
<method/>
|
||
|
<realm>OPNsense proxy authentication</realm>
|
||
|
<credentialsttl>2</credentialsttl>
|
||
|
<children>5</children>
|
||
|
</authentication>
|
||
|
</forward>
|
||
|
</proxy>
|
||
|
<Netflow version="1.0.0">
|
||
|
<capture>
|
||
|
<interfaces/>
|
||
|
<egress_only>wan</egress_only>
|
||
|
<version>v9</version>
|
||
|
<targets/>
|
||
|
</capture>
|
||
|
<collect>
|
||
|
<enable>0</enable>
|
||
|
</collect>
|
||
|
</Netflow>
|
||
|
<quagga>
|
||
|
<general version="0.0.0">
|
||
|
<enabled>1</enabled>
|
||
|
<enablelogfile>1</enablelogfile>
|
||
|
<logfilelevel>debugging</logfilelevel>
|
||
|
<enablesyslog>0</enablesyslog>
|
||
|
<sysloglevel>notifications</sysloglevel>
|
||
|
</general>
|
||
|
<bgp version="0.0.0">
|
||
|
<enabled>1</enabled>
|
||
|
<asnumber>64524</asnumber>
|
||
|
<networks>10.251.0.0/16,192.168.198.0/30</networks>
|
||
|
<redistribute/>
|
||
|
<neighbors>
|
||
|
<neighbor uuid="d10c2862-f1bd-4a37-b72f-6d69cfd7125d">
|
||
|
<enabled>1</enabled>
|
||
|
<address>192.168.198.1</address>
|
||
|
<remoteas>64517</remoteas>
|
||
|
<updatesource>openvpn</updatesource>
|
||
|
<nexthopself>0</nexthopself>
|
||
|
<defaultoriginate>0</defaultoriginate>
|
||
|
<linkedPrefixlistIn/>
|
||
|
<linkedPrefixlistOut/>
|
||
|
<linkedRoutemapIn/>
|
||
|
<linkedRoutemapOut/>
|
||
|
</neighbor>
|
||
|
</neighbors>
|
||
|
<aspaths/>
|
||
|
<prefixlists/>
|
||
|
<routemaps/>
|
||
|
</bgp>
|
||
|
</quagga>
|
||
|
<clamav>
|
||
|
<general version="1.0.0">
|
||
|
<enabled>0</enabled>
|
||
|
<fc_enabled>0</fc_enabled>
|
||
|
<enabletcp>1</enabletcp>
|
||
|
<maxthreads>10</maxthreads>
|
||
|
<maxqueue>100</maxqueue>
|
||
|
<idletimeout>30</idletimeout>
|
||
|
<maxdirrecursion>20</maxdirrecursion>
|
||
|
<followdirsym>0</followdirsym>
|
||
|
<followfilesym>0</followfilesym>
|
||
|
<disablecache>0</disablecache>
|
||
|
<scanpe>1</scanpe>
|
||
|
<scanelf>1</scanelf>
|
||
|
<detectbroken>0</detectbroken>
|
||
|
<scanole2>1</scanole2>
|
||
|
<ole2blockmarcros>0</ole2blockmarcros>
|
||
|
<scanpdf>1</scanpdf>
|
||
|
<scanswf>1</scanswf>
|
||
|
<scanxmldocs>1</scanxmldocs>
|
||
|
<scanhwp3>1</scanhwp3>
|
||
|
<scanmailfiles>1</scanmailfiles>
|
||
|
<scanhtml>1</scanhtml>
|
||
|
<scanarchive>1</scanarchive>
|
||
|
<arcblockenc>0</arcblockenc>
|
||
|
<maxscansize>100M</maxscansize>
|
||
|
<maxfilesize>25M</maxfilesize>
|
||
|
<maxrecursion>16</maxrecursion>
|
||
|
<maxfiles>10000</maxfiles>
|
||
|
<fc_logverbose>0</fc_logverbose>
|
||
|
<fc_databasemirror>database.clamav.net</fc_databasemirror>
|
||
|
<fc_timeout>60</fc_timeout>
|
||
|
</general>
|
||
|
</clamav>
|
||
|
</OPNsense>
|
||
|
<vlans>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>100</tag>
|
||
|
<vlanif>bge0_vlan100</vlanif>
|
||
|
</vlan>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>100</tag>
|
||
|
<vlanif>bge0_vlan100</vlanif>
|
||
|
</vlan>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>30</tag>
|
||
|
<pcp>0</pcp>
|
||
|
<descr>ProductionManagement</descr>
|
||
|
<vlanif>bge0_vlan30</vlanif>
|
||
|
</vlan>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>200</tag>
|
||
|
<pcp>0</pcp>
|
||
|
<descr>Nerdbone</descr>
|
||
|
<vlanif>bge0_vlan200</vlanif>
|
||
|
</vlan>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>22</tag>
|
||
|
<pcp>0</pcp>
|
||
|
<descr>LabManagement</descr>
|
||
|
<vlanif>bge0_vlan22</vlanif>
|
||
|
</vlan>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>3</tag>
|
||
|
<pcp>0</pcp>
|
||
|
<descr>RR-AP</descr>
|
||
|
<vlanif>bge0_vlan3</vlanif>
|
||
|
</vlan>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>4</tag>
|
||
|
<pcp>0</pcp>
|
||
|
<descr>RR-SW</descr>
|
||
|
<vlanif>bge0_vlan4</vlanif>
|
||
|
</vlan>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>5</tag>
|
||
|
<pcp>0</pcp>
|
||
|
<descr>RR-VOIP</descr>
|
||
|
<vlanif>bge0_vlan5</vlanif>
|
||
|
</vlan>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>6</tag>
|
||
|
<pcp>0</pcp>
|
||
|
<descr>RR-RTR-LAN1</descr>
|
||
|
<vlanif>bge0_vlan6</vlanif>
|
||
|
</vlan>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>7</tag>
|
||
|
<pcp>0</pcp>
|
||
|
<descr>RR-IPTV</descr>
|
||
|
<vlanif>bge0_vlan7</vlanif>
|
||
|
</vlan>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>8</tag>
|
||
|
<pcp>0</pcp>
|
||
|
<descr>RR-PeanutGallery1</descr>
|
||
|
<vlanif>bge0_vlan8</vlanif>
|
||
|
</vlan>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>9</tag>
|
||
|
<pcp>0</pcp>
|
||
|
<descr>RR-MalZoo</descr>
|
||
|
<vlanif>bge0_vlan9</vlanif>
|
||
|
</vlan>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>10</tag>
|
||
|
<pcp>0</pcp>
|
||
|
<descr>RR-Fstack1</descr>
|
||
|
<vlanif>bge0_vlan10</vlanif>
|
||
|
</vlan>
|
||
|
<vlan>
|
||
|
<if>bge0</if>
|
||
|
<tag>11</tag>
|
||
|
<pcp>0</pcp>
|
||
|
<descr>RR-RTRWAN-1</descr>
|
||
|
<vlanif>bge0_vlan11</vlanif>
|
||
|
</vlan>
|
||
|
</vlans>
|
||
|
<cert>
|
||
|
<refid>5ab5ea42ad218</refid>
|
||
|
<descr>Web GUI SSL certificate</descr>
|
||
|
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZiekNDQTFlZ0F3SUJBZ0lKQU40UkRYZDJBRkhnTUEwR0NTcUdTSWIzRFFFQkN3VUFNRTR4Q3pBSkJnTlYKQkFZVEFrNU1NUlV3RXdZRFZRUUlEQXhhZFdsa0xVaHZiR3hoYm1ReEZUQVRCZ05WQkFjTURFMXBaR1JsYkdoaApjbTVwY3pFUk1BOEdBMVVFQ2d3SVQxQk9jMlZ1YzJVd0hoY05NVGd3TXpJME1EWXdNelEzV2hjTk1Ua3dNekkwCk1EWXdNelEzV2pCT01Rc3dDUVlEVlFRR0V3Sk9UREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXcKRXdZRFZRUUhEQXhOYVdSa1pXeG9ZWEp1YVhNeEVUQVBCZ05WQkFvTUNFOVFUbk5sYm5ObE1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQTU1NDB5ZmVxOXo0cmxNYW9xRWJmbWxBWTZNUXRjSGNxCi9PZzZMMytlQ1BYa1d6ZjFGZ3lsSVgxRWwyR0xkMk16OGlFRXZLMHZaVzhGVWNxbVlUeDgzN1RNNEVjdUhmSFgKRnBBNm1yYUh6RUNORThUaGpVeTgwL1NJbW9VdnUzdmR1YmFSVFMvMnFjMkhKLzdOWXpXc2hmaUFOYVVLRy9JYwpDY2hCZ1RhczJNVERuUGZ4UEY0YkZTOGtFYXJobFYzYzlJbHNUT3RmTG9iLzBpdkRyUU5RK3BtdlRYeS9Eb05ICi9RMmZyTVZOUWh2M0FUK25neFFKSXQvN3prcDR2YlVocHh5SW1ZSXZyOFNvWTVBeDBTRmR3YkFPTG5qQVZxWlMKUXNRaWdERkZaRi9uS05Zbk55enljMEJIbkdxS0Rxdm9HUGJjTDF2MS9mbG0yNWlPSkFKN1JPdzA5NExoc0l3NApOcmdqRURVQ0ZIWmJsdlBzT09IZlo1b3pCaU93Z2drY210MzVxVjBjcFkrQ0hodFRGZVV3R3BSUGlWRjNBeGUrClVZV1l2dXlVMkt0RDFIYzR6Wmg0a3p0WE0yMGpkMS9IOVRJNkhyQ2owaFJaN2hhSDZvOTJmL2luU0VkS2JuUW8KeHRzKzMyUElHRGRRQnpjNWZHL2dMT3F3NkQ5YjFyNTV0QkkrTUFrNlZ4NVM4STZsamgzeVRzQVI3Y2tiRlp4dApuSWtrbSt4YmJUTUdZd2xuaHpJUDE3dGloS2tyMjg3eGkyNndnK01ZaEJBMkZ2VVNPOHU3Mm1NbDdQUFNqU3hLCjZqTjJST1AzVTBnNElwM3N4K1ltbGdOUnp1Q1M2K0crdHJiVmlER3cvNHZ4UHZTcDJHM0M3cUZlQXF2SkJkY0oKQzhkSlJoZDkyUVVDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRkhXeHZwdituUnFCczJIbHJQZ3lkVUc1Uk5EWgpNQjhHQTFVZEl3UVlNQmFBRkhXeHZwdituUnFCczJIbHJQZ3lkVUc1Uk5EWk1Bd0dBMVVkRXdRRk1BTUJBZjh3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFPS2NyRGNTRCtQbWtLY3poaU5WWGtKYisrdjdUdmh3UHpWbGRCNUMKbnc4R0kxMjRKYS9ZR01hQWVhMEs0ZlJwTjVGTFhZWHpDRUVXYlpDaS9oZm5DaG9IVXljbmtuN2VtR0UrZW9pYwpCcXhZUGNMcVdUcWw4YkpjWlNLSUFwZlBBZStuNktyc2syS0FZb0JpVHppb0lQdlpXanBTNEhCMTlOVkxweVJPCmVuS1BMcmZsZEpBNiszTGgrRXhNb1Y3VXNGc2REbzYxVU81d21PVm4vcDV2MmlvYVVkN3VZVUJSemJDRlF3SzkKNDhPR01WbkZVRnJoV2MxaE44ZkJ1c3A2V0lZOFYwdGJzM3JkQUJXdXladFMxQXFCdG9tR24vTDRhSWVSZmpRZwp1bDkvT0M2dWRjcHEvVkk0SVZDckd6TFpBem9xWit3VUZkaVpCVFRLWEpxU3R5cUVFZDY1Q3Z4Sm5QdllSR0IwCmNhOVRWMGtFYkFONDB6R2J4V3IySGN2UmRRR21FUUVjdjBUTmtUWVlDTjI3YmxWWGZiVHliU2dLL2VXcEF2VSsKaTE2NVRuZFZBeHh5ZkFJZmxwRFFyVDFrVHcwbWxFR2ZNcHRIck1SOXpWTm1nRjhNS041V3psTE9xNDR3bjQ4RAptR0IxZjVkR0VaTVd4NlN3cGpySUxoN0xWYkxSemkxU0t2dGRqOU40SEI0ZXZ0eGhoT0swVmhZMW0zRDR6T25jCkFiQ1dlV0dRWXVtM0pRNFQ1WVJoWTM0bC9rc0ZQMFBXRE1raStod1IxTUJNWU5UMy9CQjl4T0lBbmlhNlhZQ2UKd3RjcXYwQkd6bExkUEp2aWRRcDdEUjFkSk5KYlRnbmkza0RVZ0NaMG45TVIyT3NNSmtYUUN6TzV4SDBjS3EzQQp4TEszCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
|
||
|
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRRG5ualRKOTZyM1BpdVUKeHFpb1J0K2FVQmpveEMxd2R5cjg2RG92ZjU0STllUmJOL1VXREtVaGZVU1hZWXQzWXpQeUlRUzhyUzlsYndWUgp5cVpoUEh6ZnRNemdSeTRkOGRjV2tEcWF0b2ZNUUkwVHhPR05UTHpUOUlpYWhTKzdlOTI1dHBGTkwvYXB6WWNuCi9zMWpOYXlGK0lBMXBRb2I4aHdKeUVHQk5xell4TU9jOS9FOFhoc1ZMeVFScXVHVlhkejBpV3hNNjE4dWh2L1MKSzhPdEExRDZtYTlOZkw4T2cwZjlEWitzeFUxQ0cvY0JQNmVERkFraTMvdk9Tbmk5dFNHbkhJaVpnaSt2eEtoagprREhSSVYzQnNBNHVlTUJXcGxKQ3hDS0FNVVZrWCtjbzFpYzNMUEp6UUVlY2Fvb09xK2dZOXR3dlcvWDkrV2JiCm1JNGtBbnRFN0RUM2d1R3dqRGcydUNNUU5RSVVkbHVXOCt3NDRkOW5tak1HSTdDQ0NSeWEzZm1wWFJ5bGo0SWUKRzFNVjVUQWFsRStKVVhjREY3NVJoWmkrN0pUWXEwUFVkempObUhpVE8xY3piU04zWDhmMU1qb2VzS1BTRkZudQpGb2ZxajNaLytLZElSMHB1ZENqRzJ6N2ZZOGdZTjFBSE56bDhiK0FzNnJEb1Axdld2bm0wRWo0d0NUcFhIbEx3CmpxV09IZkpPd0JIdHlSc1ZuRzJjaVNTYjdGdHRNd1pqQ1dlSE1nL1h1MktFcVN2Ynp2R0xickNENHhpRUVEWVcKOVJJN3k3dmFZeVhzODlLTkxFcnFNM1pFNC9kVFNEZ2luZXpINWlhV0ExSE80SkxyNGI2MnR0V0lNYkQvaS9FKwo5S25ZYmNMdW9WNENxOGtGMXdrTHgwbEdGMzNaQlFJREFRQUJBb0lDQUNxRjRTc3pUVEFYT2VrV2orQlZJcmd4Ci9HQy9vNWdDU09JbHdJajM1UXZBR1N5bUdWankrVjRzb1dzcGZYRnR4UnV1OUMrdm5BUURYZmFtUGVXY05WRGMKNE1CTVVTc3VPMDdwSzlrN3FiTFdKeEI2Rk83Y0o4N0NGbEpJSVh0S1FtcldHZGNSOXpjMWhKclRMT0lKK0tLZgovT25jWXY2K2RHZFhYSzljV2w5eHdIZ1JEVGtJRGZEVnRzbUhsZUxXV0xxTWdGV2U0TnFwN2sybnUwVUlWdFdyCllZUFlZenRHM3ZDV2o3b29md2FrRzdVZStxSVdDNWRiaDk5WHpOTUhiaVpBRnRRWUVxa3ljYmZWd1UrajBKSysKdjl2SVQ0ZVpBWUZBZ1JVSDlyVjI1Zm1aVjVuSnBybUNFNk9qNjdURjJ0YTZlN0kyTC9OdzFuRjZrSjRMMXBWMwpXV3Q1Q3hyL3UvdnQ0RVZqdzIrNkVZR2ZRV1dBcEhNbmw5eXJhb1A4QktQN2FHdWI3WHNCdWZZU3AyNVdDYWtxCnpWWEpIOXBubEZGTFFzUmVIeWMrdTc2SGxzRUtaOFhqQUtmSW01WUNSdkh6dWFxYjFVNGpjMGNkaWk1ckdVaHYKeVlaRDd3cFNDMjAwRkFRTzdHbnFUOWY1ckQ3d3pjZGR3WWZJNk5Hb2p3VnNHWkI4OE5ObWl1UmFPR0pQRmowUApuV1pWRFRGUFJzU20ydDVNbmZIOFlhUTR6UDJkRW1lNitQanB6NE80Q2NjUEY5dzRzUUFFM0xQM2Q0dStVd051ClNwRUVzUjJyWFBuN2djTEFYN2ZZOHlSbzFzMnI0UFlMcVRxbDRDT0loQzlhdktmR2UzSkc1RWZsekx4eFJHRzEKY0dwNnFSMEJxeXc5RHZOQmdtQUJBb0lCQVFENDRhWkxXZ3FUaU8yTjdoelVlRDVDaG9yQnIvQ2hqMzdwQk1pQworTEhBcHJtcGt5SEl5cURnSzYzRnVhMVBXRzhMeC96bG5Qa3ZqSmlvYmRjZFJWZjdLRkF5VkdjR1VmcE53dTFWCmQ1WTYyMGZodVpDNHZQYXgwaGxuTkxZTE14ZnQrejFCWmttK0E4S3BmajV3UTY1dmNweWhIVGR1emUxYVdSUUcKR21ucVMvc2tJVllFMXQ1aGs2WGVreklpSTZTZVZvYUlaL3NkUkh0YkZPYUpycjA1U3IyTk9TNmh1VG0vVHFwMQpZVjYrdWtSMVB1cHljdXFaSHBxSXdaQUxVQ01PK2dGZ2RaTFlUQmJrcGxuN3JseDg3OTIxa2F3V255ZGYzV0xUClVudmVIeHVNSDZtWWRWcEdtNGJRRm41MERteEpxcEh4RlczUU1Qb1RrOTVOcUJ6dEFvSUJBUUR1UGlhY2Z3MDYKNjByL1pPR1cwWmVlQk15RlBDNVY0enQvN01uUU9ZZExBQmVyOTJiT1Z2b21DbHVqODBLQzh1dkhYcTlaQWlKQwpieVo5YSs5SHZ3eE9ycU9FY0hqdDRNM09IdkFicjFBckhmTGY2aDgyaXJyYnNTTk9ScklGZGczNTh4QXUrRVFCCjcrME9VbitHNlZUZkpZbXorbUpYOHhpQ2lXbko3Rzh1dDZNL0o5RmVPNkp6N3JneUx3ZG1MYm1xczNKdlEwNy8KVkVleTFtaEtQbXRVaktlbFdNTStTNThQenFuTmUrY2RpN2pVQlJwekZzYWQrRkhIL0MxVU1TQW04QVVma3JiLwpydzFYRXEyVjJYaFAwSDdka0dxN2VSZm0zOXpBYlN4cy9ieU5MYVZYSHpRekp4dFZLR2ovSW1jOWNXWkg1dFhCCk9TS01VbFc4Y0VGNUFvSUJBQlFtWU1wVS9lbzMrZE8xNVl1bU9KUTJSR0d1RnZOZHBNN0UzbDhNTjRmN2Q2aXQKQ3QwdzJwbUxyOFFFWm0yNElUVjQrWmExZ005Q3VORmFJMEp4Yk5BZTBXOWh1ZjJmQVg3dU96emlNNzJNSjJPMQpIR3g0a0JpUmhCRUJDWVFhbk9OZHBmWDNqQnpnUFJCdjhpb3dzSnpCVU1FU2xueFlHOUZteU9JOW5UbWs4UzVaCnJKY3p0a2w4SkwvQ2R4cWdmQ0Y5cStLN1dHOWtMZ0NQenFKekRVcm9MRFNVM3B1bFhYR0pzdTlSOU5QSVRPYVoKTTI0VXM3MjE1cGtQNHRPbnAwNzlHc051Z1hjVm9memRJd2ZuZEFHQmdoZkROWVdYV1I2LzA5SjhLUjh3c1pCRQp0L3hwOCtjbmpHQ29rWkJmNHBDTVNNaVdEWS8vaHgreXB4cnVjM2tDZ2dFQWVxa0pIQjNWNC9Yc3dSMWhnRk1jCjZzQ3h4QTgrRS81UVRnYk55U1UxWVFvRkpnYlVxWHZpZ3Q5bVd6ME5pM29pcHAwN1RtcG8xU2VBKzZZc3BoWFkKOGxHNzRwNDl4TXV2YW1aSFhSbWYvdk1HYnY2TlgzbUJ4MGFtVk5EVkt6YWk3NE9UVzN0N0dEdzlJdGlhekEwcQpJMUdpV2tXWmlJcWluZUs5MHJhbWI3a2dsWTJjb0JXNENGUnFCWHh0Sk5CNS9VY3lyZEpMdyszU2xHTUxndDRzClNIVzZnc2oyalFaR09NOUFZWWxmYnJqWFNtSHVRajhCdDZkNEE2ejBjWnB4WVZyR2FJRVRNd1VmcXlyMHNHZ3QKSjNyRE5yUDZIOWV5MUsyQmJKbEkvRHlQYldpSTdoZ2t1Z2x5YXgvSkgwTEpRTHMzMitFZlFNSjM1U01tL1VRVwprUUtDQVFBUkVBdnB4a1VzMytPSnBabVFtanZ6UWhtUTdaNXJ1cHlPeXEvUkN0a3diMURBTHV1YzVnWUswMzAxCi9jVVFkRm1rWStUUnhJU3lURFdzN1RsTHhRNzZ1Ty9nUWtSNEhtUVhtb01UWDJwd1ZyMDhycFhEL21yYmNUMGYKRVBWSzBBR3dCNFNBd085a3pXc3g5b25Wc1RscGY5d2dGTnNGeUdtMEZac0VOL1
|
||
|
</cert>
|
||
|
<ppps/>
|
||
|
<openvpn>
|
||
|
<openvpn-client>
|
||
|
<protocol>UDP</protocol>
|
||
|
<dev_mode>tun</dev_mode>
|
||
|
<server_addr>158.69.183.162</server_addr>
|
||
|
<server_port>1199</server_port>
|
||
|
<proxy_authtype>none</proxy_authtype>
|
||
|
<description>asn2net</description>
|
||
|
<mode>p2p_shared_key</mode>
|
||
|
<crypto>AES-128-CBC</crypto>
|
||
|
<digest>SHA1</digest>
|
||
|
<engine>none</engine>
|
||
|
<tunnel_network>192.168.198.0/30</tunnel_network>
|
||
|
<compression>no</compression>
|
||
|
<verbosity_level>5</verbosity_level>
|
||
|
<interface>wan</interface>
|
||
|
<vpnid>1</vpnid>
|
||
|
<custom_options/>
|
||
|
<shared_key>Iw0KIyAyMDQ4IGJpdCBPcGVuVlBOIHN0YXRpYyBrZXkNCiMNCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0NCjM3ZTdhZjg0MjQ3OTA1YmFjMWUzN2U3Y2RjNTIyN2VmDQpjMTMxNTZiZjAyZDE4ZWJjMjk0ODUxOTg0OGQwMDdmYQ0KMTQ0NWNjNzgzY2I5Njc1NDA4ZWExN2ViZjJiNTgwZDcNCjU2NmQxODcxODc1NmNjN2UzZTBiZThjODM2NGJkMGI1DQpjZmVhNzJhYjNmMjFkZmQzOGExMjliODhiNWM1YzQ4ZA0KNzMxNDExOWNjN2E0ZDgxYzZiNzE3ZDVhZDRlNzZhZDMNCjg4YjY5M2YxY2ZmZWRhMjlkOTljMjc4NmQ4MTc3ZjE5DQpkOGQxNGI2ODM5YmZjZTMyN2EwOGYwODgzMGM2N2I2OA0KNmQ4NzA1YmVjYTlkOWZlNzdlMDhkNGVlODc2YTI4NzQNCjNjZThkMzY5YzM2ZGQzOWRhZjdkMDZjNGEzN2MzZWYxDQo3ZDdmZDAyYTMzMTc1NzBhOTE2NGI0Nzk1ZTYwNTNmYQ0KNmQ0ZDhjNThhNGMxZGNjZTQ1ZTI3NzYyNDAzNDQ3M2QNCmIwNjdlMmFlYjNhZDkzY2QyYmRhZWQ4MWRiZWIxNjMxDQowMDRjNzg0ZmMyZWRkZTJkNzM5YWMxY2MxZTFjOTFhNA0KYjA0YTgzNzg1MWQxMzIzOGRiMzhlZWY4MWUwYWQyNGMNCmVhM2M2OWRiYTQxYTgyOGE1MTQ0MWZlODA2ZjYxYjE4DQotLS0tLUVORCBPcGVuVlBOIFN0YXRpYyBrZXkgVjEtLS0tLQ0K</shared_key>
|
||
|
</openvpn-client>
|
||
|
</openvpn>
|
||
|
<virtualip>
|
||
|
<vip>
|
||
|
<type>single</type>
|
||
|
<subnet_bits>24</subnet_bits>
|
||
|
<mode>carp</mode>
|
||
|
<interface>opt2</interface>
|
||
|
<descr>lan gw - vl22</descr>
|
||
|
<subnet>10.251.22.254</subnet>
|
||
|
<vhid>1</vhid>
|
||
|
<advskew>0</advskew>
|
||
|
<advbase>1</advbase>
|
||
|
<password>vippw</password>
|
||
|
</vip>
|
||
|
<vip>
|
||
|
<type>single</type>
|
||
|
<subnet_bits>24</subnet_bits>
|
||
|
<mode>carp</mode>
|
||
|
<interface>opt1</interface>
|
||
|
<descr>langw - vl30</descr>
|
||
|
<subnet>10.251.30.254</subnet>
|
||
|
<vhid>2</vhid>
|
||
|
<advskew>0</advskew>
|
||
|
<advbase>1</advbase>
|
||
|
<password>vippw</password>
|
||
|
</vip>
|
||
|
<vip>
|
||
|
<type>single</type>
|
||
|
<subnet_bits>24</subnet_bits>
|
||
|
<mode>carp</mode>
|
||
|
<interface>opt3</interface>
|
||
|
<subnet>10.251.200.254</subnet>
|
||
|
<vhid>3</vhid>
|
||
|
<advskew>0</advskew>
|
||
|
<advbase>1</advbase>
|
||
|
<password>carpvip</password>
|
||
|
</vip>
|
||
|
</virtualip>
|
||
|
<staticroutes/>
|
||
|
</opnsense>
|