LegacyTechops/mtp-configs/pfv-core-rtr02.pfv.turnsys.net
2018-04-12 15:24:46 -05:00

1012 lines
37 KiB
XML

<?xml version="1.0"?>
<opnsense>
<theme>opnsense</theme>
<sysctl>
<item>
<descr>Disable the pf ftp proxy handler.</descr>
<tunable>debug.pfftpproxy</tunable>
<value>default</value>
</item>
<item>
<descr>Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html</descr>
<tunable>vfs.read_max</tunable>
<value>default</value>
</item>
<item>
<descr>Set the ephemeral port range to be lower.</descr>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
</item>
<item>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</descr>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
packets without returning a response.
</descr>
<tunable>net.inet.icmp.drop_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
</descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv4 redirects</descr>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv6 redirects</descr>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
</item>
<item>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
</item>
<item>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
</item>
<item>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<tunable>kern.randompid</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum size of the IP input queue</descr>
<tunable>net.inet.ip.intr_queue_maxlen</tunable>
<value>default</value>
</item>
<item>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
</item>
<item>
<descr>Enable TCP extended debugging</descr>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
</item>
<item>
<descr>Set ICMP Limits</descr>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
</item>
<item>
<descr>TCP Offload Engine</descr>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
</item>
<item>
<descr>UDP Checksums</descr>
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum socket buffer size</descr>
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
</item>
<item>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
<tunable>vm.pmap.pti</tunable>
<value>default</value>
</item>
<item>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
<tunable>hw.ibrs_disable</tunable>
<value>default</value>
</item>
</sysctl>
<system>
<optimization>normal</optimization>
<hostname>pfv-core-rtr02</hostname>
<domain>pfv.turnsys.net</domain>
<group>
<name>admins</name>
<description>System Administrators</description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>user-shell-access</priv>
<priv>page-all</priv>
</group>
<user>
<name>root</name>
<descr>System Administrator</descr>
<scope>system</scope>
<groupname>admins</groupname>
<password>$2b$10$A6E8slPQ47ZeKAAWEZikquT4cKDePehCLY547YFCcOIlQGPcaTeSu</password>
<uid>0</uid>
<expires/>
<authorizedkeys>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDbzVUMEZFVUtvWWF4Umhqczl5V3pLdEV5WHVLSnZUV29scnlEMzk1ZXF5QkoweE94YmtYSis4RU13S3RXTTZOVzVxYXFXYlQySkovVnpPSWNvWW14QXUrK3F3U1dPZXNrVnIrRnhQcjJ5cGFXRDk4bkp5K0NwWjlSTjZQdzZLaWtIYWt5cXpTVVdLWGRvdldpVHBkenFSTytqMExtSm1nVWlUM05zaDQyZXlidnQvVDdKTWtWRzRXK2pvUlgrRENTNFVJUlJRZ01SRDRUcUJRL2pyOW03VnMwYUpuMWxmbGdzcHJzYWNnb2crc0hsRXppdHd3Y1JxTU5wcDVKbTBEZmhqNlBxQXZzZ0tKWVdPT01GVm93dkdzcW5ROXdxSm81QWxsbGJUR1YxUkhlSUJPM2ZSUlU4VWQ5VFBBM0FmeDE2L2FwZjFua0xoVjhRWDltSXhFV3A=</authorizedkeys>
<ipsecpsk/>
<otp_seed/>
</user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timezone>America/Chicago</timezone>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<ssl-certref>5ab5ea42ad218</ssl-certref>
<port/>
<ssl-ciphers/>
<interfaces/>
<compression/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu>1</disableconsolemenu>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<ipv6allow/>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<kill_states/>
<backupcount>60</backupcount>
<crypto_hardware>aesni</crypto_hardware>
<pf_share_forward>1</pf_share_forward>
<snat_use_sticky>1</snat_use_sticky>
<lb_use_sticky>1</lb_use_sticky>
<language>en_US</language>
<dnsserver>10.251.30.71</dnsserver>
<serialspeed>115200</serialspeed>
<primaryconsole>video</primaryconsole>
<ssh>
<noauto>1</noauto>
<interfaces/>
<enabled>enabled</enabled>
<permitrootlogin>1</permitrootlogin>
</ssh>
<dns1gw>none</dns1gw>
<dns2gw>none</dns2gw>
<dns3gw>none</dns3gw>
<dns4gw>none</dns4gw>
<dns5gw>none</dns5gw>
<dns6gw>none</dns6gw>
<dns7gw>none</dns7gw>
<dns8gw>none</dns8gw>
</system>
<interfaces>
<wan>
<enable>1</enable>
<if>ue0</if>
<ipaddr>dhcp</ipaddr>
<ipaddrv6>dhcp6</ipaddrv6>
<subnet>32</subnet>
<gateway/>
<blockbogons>on</blockbogons>
<media/>
<mediaopt/>
<dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
<descr>WAN</descr>
</wan>
<lan>
<enable>1</enable>
<if>bge0_vlan100</if>
<ipaddr>10.251.100.253</ipaddr>
<subnet>24</subnet>
<ipaddrv6/>
<subnetv6/>
<media/>
<mediaopt/>
<gateway/>
<gatewayv6/>
<descr>LAN</descr>
</lan>
<openvpn>
<internal_dynamic>1</internal_dynamic>
<enable>1</enable>
<if>openvpn</if>
<descr>OpenVPN</descr>
<type>group</type>
<virtual>1</virtual>
</openvpn>
<opt1>
<if>bge0_vlan30</if>
<descr>ProductionManagement</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.30.253</ipaddr>
<subnet>24</subnet>
</opt1>
<opt2>
<if>bge0_vlan22</if>
<descr>HouseServices</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.22.253</ipaddr>
<subnet>24</subnet>
</opt2>
<opt3>
<if>bge0_vlan200</if>
<descr>Nerdbone</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.200.253</ipaddr>
<subnet>24</subnet>
</opt3>
<opt4>
<if>bge0_vlan5</if>
<descr>RRVOIP</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.5.253</ipaddr>
<subnet>24</subnet>
</opt4>
<opt5>
<if>bge0_vlan3</if>
<descr>RRAP</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.251.3.253</ipaddr>
<subnet>24</subnet>
</opt5>
</interfaces>
<dhcpd>
<lan>
<enable>1</enable>
<numberoptions/>
<range>
<from>10.251.100.10</from>
<to>10.251.100.245</to>
</range>
<dnsserver>10.251.30.71</dnsserver>
</lan>
</dhcpd>
<unbound>
<enable>on</enable>
</unbound>
<snmpd>
<modules>
<mibii>1</mibii>
<netgraph>1</netgraph>
<pf>1</pf>
<hostres>1</hostres>
<ucd>1</ucd>
<regex>1</regex>
</modules>
<enable>1</enable>
<rocommunity>kn3lmgmt</rocommunity>
<pollport>161</pollport>
<syslocation/>
<syscontact/>
<trapserver/>
<trapserverport>162</trapserverport>
<trapstring/>
<bindip>opt1</bindip>
</snmpd>
<syslog>
<reverse>1</reverse>
<nentries>50</nentries>
<remoteserver>10.253.3.99</remoteserver>
<remoteserver2/>
<remoteserver3/>
<sourceip/>
<ipproto>ipv4</ipproto>
<dhcp>1</dhcp>
<portalauth>1</portalauth>
<mail>1</mail>
<vpn>1</vpn>
<dns>1</dns>
<apinger>1</apinger>
<relayd>1</relayd>
<hostapd>1</hostapd>
<system>1</system>
<enable>1</enable>
</syslog>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
</nat>
<filter>
<rule>
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr>Default allow LAN to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule>
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr>Default allow LAN IPv6 to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule>
<type>pass</type>
<interface>openvpn</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>allow full transit across vpn</descr>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1521872107.9121</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1521872107.9121</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>openvpn</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>allow bgp</descr>
<protocol>tcp</protocol>
<source>
<address>192.168.198.1/30</address>
</source>
<destination>
<address>192.168.198.2/30</address>
<port>179</port>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1521913738.0839</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1521913738.0839</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<source>
<network>lan</network>
</source>
<destination>
<network>opt1</network>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1522507174.5786</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1522027365.9625</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<source>
<address>10.40.50.0/24</address>
</source>
<destination>
<network>opt1</network>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1522508077.631</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1522508077.631</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<source>
<address>10.253.3.0/24</address>
</source>
<destination>
<network>opt1</network>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1522508132.8358</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1522508132.8359</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt2</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<source>
<network>lan</network>
</source>
<destination>
<network>opt2</network>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1522452947.2917</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1522452914.5354</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt3</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<source>
<network>lan</network>
</source>
<destination>
<network>opt3</network>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1523232300.5565</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1523232300.5565</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
</filter>
<rrd>
<enable/>
</rrd>
<load_balancer>
<monitor_type>
<name>ICMP</name>
<type>icmp</type>
<descr>ICMP</descr>
<options/>
</monitor_type>
<monitor_type>
<name>TCP</name>
<type>tcp</type>
<descr>Generic TCP</descr>
<options/>
</monitor_type>
<monitor_type>
<name>HTTP</name>
<type>http</type>
<descr>Generic HTTP</descr>
<options>
<path>/</path>
<host/>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>HTTPS</name>
<type>https</type>
<descr>Generic HTTPS</descr>
<options>
<path>/</path>
<host/>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>SMTP</name>
<type>send</type>
<descr>Generic SMTP</descr>
<options>
<send/>
<expect>220 *</expect>
</options>
</monitor_type>
</load_balancer>
<ntpd>
<prefer>0.opnsense.pool.ntp.org</prefer>
</ntpd>
<widgets>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<column_count>2</column_count>
</widgets>
<revision>
<username>root@10.40.50.77</username>
<time>1523564426.0701</time>
<description>/services_snmp.php made changes</description>
</revision>
<OPNsense>
<captiveportal version="1.0.0">
<zones/>
<templates/>
</captiveportal>
<cron version="1.0.0">
<jobs/>
</cron>
<TrafficShaper version="1.0.1">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
<IDS version="1.0.1">
<rules/>
<userDefinedRules/>
<files/>
<fileTags/>
<general>
<enabled>0</enabled>
<ips>0</ips>
<promisc>0</promisc>
<interfaces>wan</interfaces>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<defaultPacketSize/>
<UpdateCron/>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<MPMAlgo>ac</MPMAlgo>
<syslog>0</syslog>
<LogPayload>0</LogPayload>
</general>
</IDS>
<proxy version="1.0.0">
<general>
<enabled>0</enabled>
<icpPort/>
<logging>
<enable>
<accessLog>1</accessLog>
<storeLog>1</storeLog>
</enable>
<ignoreLogACL/>
<target/>
</logging>
<alternateDNSservers/>
<dnsV4First>0</dnsV4First>
<forwardedForHandling>on</forwardedForHandling>
<uriWhitespaceHandling>strip</uriWhitespaceHandling>
<useViaHeader>1</useViaHeader>
<suppressVersion>0</suppressVersion>
<VisibleEmail>admin@localhost.local</VisibleEmail>
<VisibleHostname/>
<cache>
<local>
<enabled>0</enabled>
<directory>/var/squid/cache</directory>
<cache_mem>256</cache_mem>
<maximum_object_size/>
<size>100</size>
<l1>16</l1>
<l2>256</l2>
<cache_linux_packages>0</cache_linux_packages>
<cache_windows_updates>0</cache_windows_updates>
</local>
</cache>
<traffic>
<enabled>0</enabled>
<maxDownloadSize>2048</maxDownloadSize>
<maxUploadSize>1024</maxUploadSize>
<OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
<perHostTrotteling>256</perHostTrotteling>
</traffic>
</general>
<forward>
<interfaces>lan</interfaces>
<port>3128</port>
<sslbumpport>3129</sslbumpport>
<sslbump>0</sslbump>
<sslurlonly>0</sslurlonly>
<sslcertificate/>
<sslnobumpsites/>
<ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
<sslcrtd_children>5</sslcrtd_children>
<ftpInterfaces/>
<ftpPort>2121</ftpPort>
<ftpTransparentMode>0</ftpTransparentMode>
<addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
<transparentMode>0</transparentMode>
<acl>
<allowedSubnets/>
<unrestricted/>
<bannedHosts/>
<whiteList/>
<blackList/>
<browser/>
<mimeType/>
<safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
<sslPorts>443:https</sslPorts>
<remoteACLs>
<blacklists/>
<UpdateCron/>
</remoteACLs>
</acl>
<icap>
<enable>0</enable>
<RequestURL>icap://[::1]:1344/avscan</RequestURL>
<ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
<SendClientIP>1</SendClientIP>
<SendUsername>0</SendUsername>
<EncodeUsername>0</EncodeUsername>
<UsernameHeader>X-Username</UsernameHeader>
<EnablePreview>1</EnablePreview>
<PreviewSize>1024</PreviewSize>
<OptionsTTL>60</OptionsTTL>
<exclude/>
</icap>
<authentication>
<method/>
<realm>OPNsense proxy authentication</realm>
<credentialsttl>2</credentialsttl>
<children>5</children>
</authentication>
</forward>
</proxy>
<Netflow version="1.0.0">
<capture>
<interfaces/>
<egress_only>wan</egress_only>
<version>v9</version>
<targets/>
</capture>
<collect>
<enable>0</enable>
</collect>
</Netflow>
<quagga>
<general version="0.0.0">
<enabled>1</enabled>
<enablelogfile>1</enablelogfile>
<logfilelevel>debugging</logfilelevel>
<enablesyslog>0</enablesyslog>
<sysloglevel>notifications</sysloglevel>
</general>
<bgp version="0.0.0">
<enabled>1</enabled>
<asnumber>64524</asnumber>
<networks>10.251.0.0/16,192.168.198.0/30</networks>
<redistribute/>
<neighbors>
<neighbor uuid="d10c2862-f1bd-4a37-b72f-6d69cfd7125d">
<enabled>1</enabled>
<address>192.168.198.1</address>
<remoteas>64517</remoteas>
<updatesource>openvpn</updatesource>
<nexthopself>0</nexthopself>
<defaultoriginate>0</defaultoriginate>
<linkedPrefixlistIn/>
<linkedPrefixlistOut/>
<linkedRoutemapIn/>
<linkedRoutemapOut/>
</neighbor>
</neighbors>
<aspaths/>
<prefixlists/>
<routemaps/>
</bgp>
</quagga>
<clamav>
<general version="1.0.0">
<enabled>0</enabled>
<fc_enabled>0</fc_enabled>
<enabletcp>1</enabletcp>
<maxthreads>10</maxthreads>
<maxqueue>100</maxqueue>
<idletimeout>30</idletimeout>
<maxdirrecursion>20</maxdirrecursion>
<followdirsym>0</followdirsym>
<followfilesym>0</followfilesym>
<disablecache>0</disablecache>
<scanpe>1</scanpe>
<scanelf>1</scanelf>
<detectbroken>0</detectbroken>
<scanole2>1</scanole2>
<ole2blockmarcros>0</ole2blockmarcros>
<scanpdf>1</scanpdf>
<scanswf>1</scanswf>
<scanxmldocs>1</scanxmldocs>
<scanhwp3>1</scanhwp3>
<scanmailfiles>1</scanmailfiles>
<scanhtml>1</scanhtml>
<scanarchive>1</scanarchive>
<arcblockenc>0</arcblockenc>
<maxscansize>100M</maxscansize>
<maxfilesize>25M</maxfilesize>
<maxrecursion>16</maxrecursion>
<maxfiles>10000</maxfiles>
<fc_logverbose>0</fc_logverbose>
<fc_databasemirror>database.clamav.net</fc_databasemirror>
<fc_timeout>60</fc_timeout>
</general>
</clamav>
</OPNsense>
<vlans>
<vlan>
<if>bge0</if>
<tag>100</tag>
<vlanif>bge0_vlan100</vlanif>
</vlan>
<vlan>
<if>bge0</if>
<tag>100</tag>
<vlanif>bge0_vlan100</vlanif>
</vlan>
<vlan>
<if>bge0</if>
<tag>30</tag>
<pcp>0</pcp>
<descr>ProductionManagement</descr>
<vlanif>bge0_vlan30</vlanif>
</vlan>
<vlan>
<if>bge0</if>
<tag>200</tag>
<pcp>0</pcp>
<descr>Nerdbone</descr>
<vlanif>bge0_vlan200</vlanif>
</vlan>
<vlan>
<if>bge0</if>
<tag>22</tag>
<pcp>0</pcp>
<descr>LabManagement</descr>
<vlanif>bge0_vlan22</vlanif>
</vlan>
<vlan>
<if>bge0</if>
<tag>3</tag>
<pcp>0</pcp>
<descr>RR-AP</descr>
<vlanif>bge0_vlan3</vlanif>
</vlan>
<vlan>
<if>bge0</if>
<tag>4</tag>
<pcp>0</pcp>
<descr>RR-SW</descr>
<vlanif>bge0_vlan4</vlanif>
</vlan>
<vlan>
<if>bge0</if>
<tag>5</tag>
<pcp>0</pcp>
<descr>RR-VOIP</descr>
<vlanif>bge0_vlan5</vlanif>
</vlan>
<vlan>
<if>bge0</if>
<tag>6</tag>
<pcp>0</pcp>
<descr>RR-RTR-LAN1</descr>
<vlanif>bge0_vlan6</vlanif>
</vlan>
<vlan>
<if>bge0</if>
<tag>7</tag>
<pcp>0</pcp>
<descr>RR-IPTV</descr>
<vlanif>bge0_vlan7</vlanif>
</vlan>
<vlan>
<if>bge0</if>
<tag>8</tag>
<pcp>0</pcp>
<descr>RR-PeanutGallery1</descr>
<vlanif>bge0_vlan8</vlanif>
</vlan>
<vlan>
<if>bge0</if>
<tag>9</tag>
<pcp>0</pcp>
<descr>RR-MalZoo</descr>
<vlanif>bge0_vlan9</vlanif>
</vlan>
<vlan>
<if>bge0</if>
<tag>10</tag>
<pcp>0</pcp>
<descr>RR-Fstack1</descr>
<vlanif>bge0_vlan10</vlanif>
</vlan>
<vlan>
<if>bge0</if>
<tag>11</tag>
<pcp>0</pcp>
<descr>RR-RTRWAN-1</descr>
<vlanif>bge0_vlan11</vlanif>
</vlan>
</vlans>
<cert>
<refid>5ab5ea42ad218</refid>
<descr>Web GUI SSL certificate</descr>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZiekNDQTFlZ0F3SUJBZ0lKQU40UkRYZDJBRkhnTUEwR0NTcUdTSWIzRFFFQkN3VUFNRTR4Q3pBSkJnTlYKQkFZVEFrNU1NUlV3RXdZRFZRUUlEQXhhZFdsa0xVaHZiR3hoYm1ReEZUQVRCZ05WQkFjTURFMXBaR1JsYkdoaApjbTVwY3pFUk1BOEdBMVVFQ2d3SVQxQk9jMlZ1YzJVd0hoY05NVGd3TXpJME1EWXdNelEzV2hjTk1Ua3dNekkwCk1EWXdNelEzV2pCT01Rc3dDUVlEVlFRR0V3Sk9UREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXcKRXdZRFZRUUhEQXhOYVdSa1pXeG9ZWEp1YVhNeEVUQVBCZ05WQkFvTUNFOVFUbk5sYm5ObE1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQTU1NDB5ZmVxOXo0cmxNYW9xRWJmbWxBWTZNUXRjSGNxCi9PZzZMMytlQ1BYa1d6ZjFGZ3lsSVgxRWwyR0xkMk16OGlFRXZLMHZaVzhGVWNxbVlUeDgzN1RNNEVjdUhmSFgKRnBBNm1yYUh6RUNORThUaGpVeTgwL1NJbW9VdnUzdmR1YmFSVFMvMnFjMkhKLzdOWXpXc2hmaUFOYVVLRy9JYwpDY2hCZ1RhczJNVERuUGZ4UEY0YkZTOGtFYXJobFYzYzlJbHNUT3RmTG9iLzBpdkRyUU5RK3BtdlRYeS9Eb05ICi9RMmZyTVZOUWh2M0FUK25neFFKSXQvN3prcDR2YlVocHh5SW1ZSXZyOFNvWTVBeDBTRmR3YkFPTG5qQVZxWlMKUXNRaWdERkZaRi9uS05Zbk55enljMEJIbkdxS0Rxdm9HUGJjTDF2MS9mbG0yNWlPSkFKN1JPdzA5NExoc0l3NApOcmdqRURVQ0ZIWmJsdlBzT09IZlo1b3pCaU93Z2drY210MzVxVjBjcFkrQ0hodFRGZVV3R3BSUGlWRjNBeGUrClVZV1l2dXlVMkt0RDFIYzR6Wmg0a3p0WE0yMGpkMS9IOVRJNkhyQ2owaFJaN2hhSDZvOTJmL2luU0VkS2JuUW8KeHRzKzMyUElHRGRRQnpjNWZHL2dMT3F3NkQ5YjFyNTV0QkkrTUFrNlZ4NVM4STZsamgzeVRzQVI3Y2tiRlp4dApuSWtrbSt4YmJUTUdZd2xuaHpJUDE3dGloS2tyMjg3eGkyNndnK01ZaEJBMkZ2VVNPOHU3Mm1NbDdQUFNqU3hLCjZqTjJST1AzVTBnNElwM3N4K1ltbGdOUnp1Q1M2K0crdHJiVmlER3cvNHZ4UHZTcDJHM0M3cUZlQXF2SkJkY0oKQzhkSlJoZDkyUVVDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRkhXeHZwdituUnFCczJIbHJQZ3lkVUc1Uk5EWgpNQjhHQTFVZEl3UVlNQmFBRkhXeHZwdituUnFCczJIbHJQZ3lkVUc1Uk5EWk1Bd0dBMVVkRXdRRk1BTUJBZjh3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFPS2NyRGNTRCtQbWtLY3poaU5WWGtKYisrdjdUdmh3UHpWbGRCNUMKbnc4R0kxMjRKYS9ZR01hQWVhMEs0ZlJwTjVGTFhZWHpDRUVXYlpDaS9oZm5DaG9IVXljbmtuN2VtR0UrZW9pYwpCcXhZUGNMcVdUcWw4YkpjWlNLSUFwZlBBZStuNktyc2syS0FZb0JpVHppb0lQdlpXanBTNEhCMTlOVkxweVJPCmVuS1BMcmZsZEpBNiszTGgrRXhNb1Y3VXNGc2REbzYxVU81d21PVm4vcDV2MmlvYVVkN3VZVUJSemJDRlF3SzkKNDhPR01WbkZVRnJoV2MxaE44ZkJ1c3A2V0lZOFYwdGJzM3JkQUJXdXladFMxQXFCdG9tR24vTDRhSWVSZmpRZwp1bDkvT0M2dWRjcHEvVkk0SVZDckd6TFpBem9xWit3VUZkaVpCVFRLWEpxU3R5cUVFZDY1Q3Z4Sm5QdllSR0IwCmNhOVRWMGtFYkFONDB6R2J4V3IySGN2UmRRR21FUUVjdjBUTmtUWVlDTjI3YmxWWGZiVHliU2dLL2VXcEF2VSsKaTE2NVRuZFZBeHh5ZkFJZmxwRFFyVDFrVHcwbWxFR2ZNcHRIck1SOXpWTm1nRjhNS041V3psTE9xNDR3bjQ4RAptR0IxZjVkR0VaTVd4NlN3cGpySUxoN0xWYkxSemkxU0t2dGRqOU40SEI0ZXZ0eGhoT0swVmhZMW0zRDR6T25jCkFiQ1dlV0dRWXVtM0pRNFQ1WVJoWTM0bC9rc0ZQMFBXRE1raStod1IxTUJNWU5UMy9CQjl4T0lBbmlhNlhZQ2UKd3RjcXYwQkd6bExkUEp2aWRRcDdEUjFkSk5KYlRnbmkza0RVZ0NaMG45TVIyT3NNSmtYUUN6TzV4SDBjS3EzQQp4TEszCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRRG5ualRKOTZyM1BpdVUKeHFpb1J0K2FVQmpveEMxd2R5cjg2RG92ZjU0STllUmJOL1VXREtVaGZVU1hZWXQzWXpQeUlRUzhyUzlsYndWUgp5cVpoUEh6ZnRNemdSeTRkOGRjV2tEcWF0b2ZNUUkwVHhPR05UTHpUOUlpYWhTKzdlOTI1dHBGTkwvYXB6WWNuCi9zMWpOYXlGK0lBMXBRb2I4aHdKeUVHQk5xell4TU9jOS9FOFhoc1ZMeVFScXVHVlhkejBpV3hNNjE4dWh2L1MKSzhPdEExRDZtYTlOZkw4T2cwZjlEWitzeFUxQ0cvY0JQNmVERkFraTMvdk9Tbmk5dFNHbkhJaVpnaSt2eEtoagprREhSSVYzQnNBNHVlTUJXcGxKQ3hDS0FNVVZrWCtjbzFpYzNMUEp6UUVlY2Fvb09xK2dZOXR3dlcvWDkrV2JiCm1JNGtBbnRFN0RUM2d1R3dqRGcydUNNUU5RSVVkbHVXOCt3NDRkOW5tak1HSTdDQ0NSeWEzZm1wWFJ5bGo0SWUKRzFNVjVUQWFsRStKVVhjREY3NVJoWmkrN0pUWXEwUFVkempObUhpVE8xY3piU04zWDhmMU1qb2VzS1BTRkZudQpGb2ZxajNaLytLZElSMHB1ZENqRzJ6N2ZZOGdZTjFBSE56bDhiK0FzNnJEb1Axdld2bm0wRWo0d0NUcFhIbEx3CmpxV09IZkpPd0JIdHlSc1ZuRzJjaVNTYjdGdHRNd1pqQ1dlSE1nL1h1MktFcVN2Ynp2R0xickNENHhpRUVEWVcKOVJJN3k3dmFZeVhzODlLTkxFcnFNM1pFNC9kVFNEZ2luZXpINWlhV0ExSE80SkxyNGI2MnR0V0lNYkQvaS9FKwo5S25ZYmNMdW9WNENxOGtGMXdrTHgwbEdGMzNaQlFJREFRQUJBb0lDQUNxRjRTc3pUVEFYT2VrV2orQlZJcmd4Ci9HQy9vNWdDU09JbHdJajM1UXZBR1N5bUdWankrVjRzb1dzcGZYRnR4UnV1OUMrdm5BUURYZmFtUGVXY05WRGMKNE1CTVVTc3VPMDdwSzlrN3FiTFdKeEI2Rk83Y0o4N0NGbEpJSVh0S1FtcldHZGNSOXpjMWhKclRMT0lKK0tLZgovT25jWXY2K2RHZFhYSzljV2w5eHdIZ1JEVGtJRGZEVnRzbUhsZUxXV0xxTWdGV2U0TnFwN2sybnUwVUlWdFdyCllZUFlZenRHM3ZDV2o3b29md2FrRzdVZStxSVdDNWRiaDk5WHpOTUhiaVpBRnRRWUVxa3ljYmZWd1UrajBKSysKdjl2SVQ0ZVpBWUZBZ1JVSDlyVjI1Zm1aVjVuSnBybUNFNk9qNjdURjJ0YTZlN0kyTC9OdzFuRjZrSjRMMXBWMwpXV3Q1Q3hyL3UvdnQ0RVZqdzIrNkVZR2ZRV1dBcEhNbmw5eXJhb1A4QktQN2FHdWI3WHNCdWZZU3AyNVdDYWtxCnpWWEpIOXBubEZGTFFzUmVIeWMrdTc2SGxzRUtaOFhqQUtmSW01WUNSdkh6dWFxYjFVNGpjMGNkaWk1ckdVaHYKeVlaRDd3cFNDMjAwRkFRTzdHbnFUOWY1ckQ3d3pjZGR3WWZJNk5Hb2p3VnNHWkI4OE5ObWl1UmFPR0pQRmowUApuV1pWRFRGUFJzU20ydDVNbmZIOFlhUTR6UDJkRW1lNitQanB6NE80Q2NjUEY5dzRzUUFFM0xQM2Q0dStVd051ClNwRUVzUjJyWFBuN2djTEFYN2ZZOHlSbzFzMnI0UFlMcVRxbDRDT0loQzlhdktmR2UzSkc1RWZsekx4eFJHRzEKY0dwNnFSMEJxeXc5RHZOQmdtQUJBb0lCQVFENDRhWkxXZ3FUaU8yTjdoelVlRDVDaG9yQnIvQ2hqMzdwQk1pQworTEhBcHJtcGt5SEl5cURnSzYzRnVhMVBXRzhMeC96bG5Qa3ZqSmlvYmRjZFJWZjdLRkF5VkdjR1VmcE53dTFWCmQ1WTYyMGZodVpDNHZQYXgwaGxuTkxZTE14ZnQrejFCWmttK0E4S3BmajV3UTY1dmNweWhIVGR1emUxYVdSUUcKR21ucVMvc2tJVllFMXQ1aGs2WGVreklpSTZTZVZvYUlaL3NkUkh0YkZPYUpycjA1U3IyTk9TNmh1VG0vVHFwMQpZVjYrdWtSMVB1cHljdXFaSHBxSXdaQUxVQ01PK2dGZ2RaTFlUQmJrcGxuN3JseDg3OTIxa2F3V255ZGYzV0xUClVudmVIeHVNSDZtWWRWcEdtNGJRRm41MERteEpxcEh4RlczUU1Qb1RrOTVOcUJ6dEFvSUJBUUR1UGlhY2Z3MDYKNjByL1pPR1cwWmVlQk15RlBDNVY0enQvN01uUU9ZZExBQmVyOTJiT1Z2b21DbHVqODBLQzh1dkhYcTlaQWlKQwpieVo5YSs5SHZ3eE9ycU9FY0hqdDRNM09IdkFicjFBckhmTGY2aDgyaXJyYnNTTk9ScklGZGczNTh4QXUrRVFCCjcrME9VbitHNlZUZkpZbXorbUpYOHhpQ2lXbko3Rzh1dDZNL0o5RmVPNkp6N3JneUx3ZG1MYm1xczNKdlEwNy8KVkVleTFtaEtQbXRVaktlbFdNTStTNThQenFuTmUrY2RpN2pVQlJwekZzYWQrRkhIL0MxVU1TQW04QVVma3JiLwpydzFYRXEyVjJYaFAwSDdka0dxN2VSZm0zOXpBYlN4cy9ieU5MYVZYSHpRekp4dFZLR2ovSW1jOWNXWkg1dFhCCk9TS01VbFc4Y0VGNUFvSUJBQlFtWU1wVS9lbzMrZE8xNVl1bU9KUTJSR0d1RnZOZHBNN0UzbDhNTjRmN2Q2aXQKQ3QwdzJwbUxyOFFFWm0yNElUVjQrWmExZ005Q3VORmFJMEp4Yk5BZTBXOWh1ZjJmQVg3dU96emlNNzJNSjJPMQpIR3g0a0JpUmhCRUJDWVFhbk9OZHBmWDNqQnpnUFJCdjhpb3dzSnpCVU1FU2xueFlHOUZteU9JOW5UbWs4UzVaCnJKY3p0a2w4SkwvQ2R4cWdmQ0Y5cStLN1dHOWtMZ0NQenFKekRVcm9MRFNVM3B1bFhYR0pzdTlSOU5QSVRPYVoKTTI0VXM3MjE1cGtQNHRPbnAwNzlHc051Z1hjVm9memRJd2ZuZEFHQmdoZkROWVdYV1I2LzA5SjhLUjh3c1pCRQp0L3hwOCtjbmpHQ29rWkJmNHBDTVNNaVdEWS8vaHgreXB4cnVjM2tDZ2dFQWVxa0pIQjNWNC9Yc3dSMWhnRk1jCjZzQ3h4QTgrRS81UVRnYk55U1UxWVFvRkpnYlVxWHZpZ3Q5bVd6ME5pM29pcHAwN1RtcG8xU2VBKzZZc3BoWFkKOGxHNzRwNDl4TXV2YW1aSFhSbWYvdk1HYnY2TlgzbUJ4MGFtVk5EVkt6YWk3NE9UVzN0N0dEdzlJdGlhekEwcQpJMUdpV2tXWmlJcWluZUs5MHJhbWI3a2dsWTJjb0JXNENGUnFCWHh0Sk5CNS9VY3lyZEpMdyszU2xHTUxndDRzClNIVzZnc2oyalFaR09NOUFZWWxmYnJqWFNtSHVRajhCdDZkNEE2ejBjWnB4WVZyR2FJRVRNd1VmcXlyMHNHZ3QKSjNyRE5yUDZIOWV5MUsyQmJKbEkvRHlQYldpSTdoZ2t1Z2x5YXgvSkgwTEpRTHMzMitFZlFNSjM1U01tL1VRVwprUUtDQVFBUkVBdnB4a1VzMytPSnBabVFtanZ6UWhtUTdaNXJ1cHlPeXEvUkN0a3diMURBTHV1YzVnWUswMzAxCi9jVVFkRm1rWStUUnhJU3lURFdzN1RsTHhRNzZ1Ty9nUWtSNEhtUVhtb01UWDJwd1ZyMDhycFhEL21yYmNUMGYKRVBWSzBBR3dCNFNBd085a3pXc3g5b25Wc1RscGY5d2dGTnNGeUdtMEZac0VOL1pPUWdqeGZiTGJqYTJ1K0NDaQpueVhIMmZHM0lqU3UxK1p1cGFaL3lRSmRiVDRtYlZOSXRqcTVNcXNZSTFQRWxpUW9QQ0ZYME1kZkI4QXBHNlZDCnpCNktyUmYyWXdjNWlMVDhocFBTcUV2VDBjRWpoSXcwelE5WDJ5WDdhUzRudGQzd3BTVSs0TVlMNW9XcUdFY1AKOVloZFpEV0J1TkxIVDJ0elRBc3g5TTJTdlpNQQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==</prv>
</cert>
<ppps/>
<openvpn>
<openvpn-client>
<protocol>UDP</protocol>
<dev_mode>tun</dev_mode>
<server_addr>158.69.183.162</server_addr>
<server_port>1199</server_port>
<proxy_authtype>none</proxy_authtype>
<description>asn2net</description>
<mode>p2p_shared_key</mode>
<crypto>AES-128-CBC</crypto>
<digest>SHA1</digest>
<engine>none</engine>
<tunnel_network>192.168.198.0/30</tunnel_network>
<compression>no</compression>
<verbosity_level>5</verbosity_level>
<interface>wan</interface>
<vpnid>1</vpnid>
<custom_options/>
<shared_key>Iw0KIyAyMDQ4IGJpdCBPcGVuVlBOIHN0YXRpYyBrZXkNCiMNCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0NCjM3ZTdhZjg0MjQ3OTA1YmFjMWUzN2U3Y2RjNTIyN2VmDQpjMTMxNTZiZjAyZDE4ZWJjMjk0ODUxOTg0OGQwMDdmYQ0KMTQ0NWNjNzgzY2I5Njc1NDA4ZWExN2ViZjJiNTgwZDcNCjU2NmQxODcxODc1NmNjN2UzZTBiZThjODM2NGJkMGI1DQpjZmVhNzJhYjNmMjFkZmQzOGExMjliODhiNWM1YzQ4ZA0KNzMxNDExOWNjN2E0ZDgxYzZiNzE3ZDVhZDRlNzZhZDMNCjg4YjY5M2YxY2ZmZWRhMjlkOTljMjc4NmQ4MTc3ZjE5DQpkOGQxNGI2ODM5YmZjZTMyN2EwOGYwODgzMGM2N2I2OA0KNmQ4NzA1YmVjYTlkOWZlNzdlMDhkNGVlODc2YTI4NzQNCjNjZThkMzY5YzM2ZGQzOWRhZjdkMDZjNGEzN2MzZWYxDQo3ZDdmZDAyYTMzMTc1NzBhOTE2NGI0Nzk1ZTYwNTNmYQ0KNmQ0ZDhjNThhNGMxZGNjZTQ1ZTI3NzYyNDAzNDQ3M2QNCmIwNjdlMmFlYjNhZDkzY2QyYmRhZWQ4MWRiZWIxNjMxDQowMDRjNzg0ZmMyZWRkZTJkNzM5YWMxY2MxZTFjOTFhNA0KYjA0YTgzNzg1MWQxMzIzOGRiMzhlZWY4MWUwYWQyNGMNCmVhM2M2OWRiYTQxYTgyOGE1MTQ0MWZlODA2ZjYxYjE4DQotLS0tLUVORCBPcGVuVlBOIFN0YXRpYyBrZXkgVjEtLS0tLQ0K</shared_key>
</openvpn-client>
</openvpn>
<virtualip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt2</interface>
<descr>lan gw - vl22</descr>
<subnet>10.251.22.254</subnet>
<vhid>1</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>vippw</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt1</interface>
<descr>langw - vl30</descr>
<subnet>10.251.30.254</subnet>
<vhid>2</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>vippw</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt3</interface>
<subnet>10.251.200.254</subnet>
<vhid>3</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>carpvip</password>
</vip>
</virtualip>
<staticroutes/>
</opnsense>