LegacyTechops/mtp-configs/ovh-core-rtr01.turnsys.net

897 lines
35 KiB
XML

<?xml version="1.0"?>
<opnsense>
<theme>opnsense</theme>
<sysctl>
<item>
<descr>Disable the pf ftp proxy handler.</descr>
<tunable>debug.pfftpproxy</tunable>
<value>default</value>
</item>
<item>
<descr>Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html</descr>
<tunable>vfs.read_max</tunable>
<value>default</value>
</item>
<item>
<descr>Set the ephemeral port range to be lower.</descr>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
</item>
<item>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</descr>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
packets without returning a response.
</descr>
<tunable>net.inet.icmp.drop_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
</descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv4 redirects</descr>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv6 redirects</descr>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
</item>
<item>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
</item>
<item>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
</item>
<item>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<tunable>kern.randompid</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum size of the IP input queue</descr>
<tunable>net.inet.ip.intr_queue_maxlen</tunable>
<value>default</value>
</item>
<item>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
</item>
<item>
<descr>Enable TCP extended debugging</descr>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
</item>
<item>
<descr>Set ICMP Limits</descr>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
</item>
<item>
<descr>TCP Offload Engine</descr>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
</item>
<item>
<descr>UDP Checksums</descr>
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum socket buffer size</descr>
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
</item>
</sysctl>
<system>
<optimization>normal</optimization>
<hostname>ovh-core-rtr01</hostname>
<domain>turnsys.net</domain>
<group>
<name>admins</name>
<description>System Administrators</description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>user-shell-access</priv>
<priv>page-all</priv>
</group>
<user>
<name>root</name>
<descr>System Administrator</descr>
<scope>system</scope>
<groupname>admins</groupname>
<password>$2b$10$k7UpLMTFYZHVQqDpnlXr1.tMDVslyuzDVWfvMg9.MNwC1SydPyxoy</password>
<uid>0</uid>
<expires/>
<authorizedkeys>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDL0xZSGo0TTh2UGJncmlDaXhnRXBiMFFwdUpNT2Z5c29VOEc2U1ZyWUQ2b21oYWFkam1ITUY1YStRNTdYRVUyQU8vTlNQWnI2TFRrdTNuUlY4anV5OFhVS1U4MzYrRVhaMkhJQnBMNVVmS3ptd2pyMERPdGFMTngva0lFa1ZEL21CeGhGSDRBWGlVVXZkZmpCZDZOdlNPcGJVWllocFo4RGRFTTdCeFZpT3YzV0FxZjd5Q1FJZGcxNWI4bUdkbmduemNzK2l6VWllKytzL09IMUpxZ21MVUhQM0F4VHE0WUVSS045azJCeU50UjdPNlBHZytHdlR1a1U3Z25tbE1abXFLb3dFWUVFMkREZGRtU2t2ZVpqUkdlbTRaVHFFdTkwNHBETWR2cXRPNVNiZUNMdSs2aUFsUy9hOThhVlBiaWMwaU90TXBFd3Y5dnpUaXBUbWE1NGwgam9zZWZjdWJAc2xlaXBuaXINCnNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ281VDBGRVVLb1lheFJoanM5eVd6S3RFeVh1S0p2VFdvbHJ5RDM5NWVxeUJKMHhPeGJrWEorOEVNd0t0V002Tlc1cWFxV2JUMkpKL1Z6T0ljb1lteEF1Kytxd1NXT2Vza1ZyK0Z4UHIyeXBhV0Q5OG5KeStDcFo5Uk42UHc2S2lrSGFreXF6U1VXS1hkb3ZXaVRwZHpxUk8rajBMbUptZ1VpVDNOc2g0MmV5YnZ0L1Q3Sk1rVkc0Vytqb1JYK0RDUzRVSVJSUWdNUkQ0VHFCUS9qcjltN1ZzMGFKbjFsZmxnc3Byc2FjZ29nK3NIbEV6aXR3d2NScU1OcHA1Sm0wRGZoajZQcUF2c2dLSllXT09NRlZvd3ZHc3FuUTl3cUpvNUFsbGxiVEdWMVJIZUlCTzNmUlJVOFVkOVRQQTNBZngxNi9hcGYxbmtMaFY4UVg5bUl4RVdwIGNoYXJsZXNAbGl2aW5ncm9vbQ==</authorizedkeys>
<ipsecpsk/>
<otp_seed/>
</user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timezone>America/Chicago</timezone>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<webgui>
<protocol>http</protocol>
<ssl-certref>5acd29581b4ba</ssl-certref>
<port/>
<ssl-ciphers/>
<interfaces/>
<compression/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu>1</disableconsolemenu>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<ipv6allow>1</ipv6allow>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<kill_states>1</kill_states>
<backupcount>60</backupcount>
<crypto_hardware>aesni</crypto_hardware>
<pf_share_forward>1</pf_share_forward>
<lb_use_sticky>1</lb_use_sticky>
<language>en_US</language>
<dnsserver>10.253.3.201</dnsserver>
<dnsserver>8.8.8.8</dnsserver>
<dnsserver>8.8.4.4</dnsserver>
<serialspeed>115200</serialspeed>
<primaryconsole>video</primaryconsole>
<ssh>
<noauto>1</noauto>
<interfaces>lan,opt1</interfaces>
<enabled>enabled</enabled>
<permitrootlogin>1</permitrootlogin>
</ssh>
<rulesetoptimization>basic</rulesetoptimization>
<maximumstates/>
<maximumfrags/>
<aliasesresolveinterval/>
<maximumtableentries/>
<dns1gw>none</dns1gw>
<dns2gw>none</dns2gw>
<dns3gw>none</dns3gw>
<dns4gw>none</dns4gw>
<dns5gw>none</dns5gw>
<dns6gw>none</dns6gw>
<dns7gw>none</dns7gw>
<dns8gw>none</dns8gw>
</system>
<interfaces>
<wan>
<if>em0</if>
<descr>WAN</descr>
<enable>1</enable>
<spoofmac/>
<blockpriv>1</blockpriv>
<blockbogons>1</blockbogons>
<ipaddr>158.69.183.161</ipaddr>
<subnet>29</subnet>
<gateway>GW_WAN</gateway>
<ipaddrv6/>
<subnetv6/>
<gatewayv6/>
</wan>
<lan>
<if>vtnet0</if>
<descr>TSYS</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.253.9.252</ipaddr>
<subnet>24</subnet>
<gateway/>
<ipaddrv6/>
<subnetv6/>
<gatewayv6/>
</lan>
<opt1>
<if>vtnet1</if>
<descr>mgmt</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.253.3.252</ipaddr>
<subnet>24</subnet>
<gateway/>
<ipaddrv6/>
<subnetv6/>
<gatewayv6/>
</opt1>
<openvpn>
<internal_dynamic>1</internal_dynamic>
<enable>1</enable>
<if>openvpn</if>
<descr>OpenVPN</descr>
<type>group</type>
<virtual>1</virtual>
</openvpn>
</interfaces>
<dhcpd>
<lan>
<numberoptions/>
<range>
<from>10.253.9.10</from>
<to>10.253.9.244</to>
</range>
</lan>
</dhcpd>
<unbound>
<enable>on</enable>
</unbound>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<syslog>
<reverse/>
</syslog>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
<rule>
<protocol>tcp</protocol>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<descr>Allow HTTP to tsys-cloud-www</descr>
<tag/>
<tagged/>
<poolopts/>
<associated-rule-id>pass</associated-rule-id>
<target>10.253.9.80</target>
<local-port>80</local-port>
<source>
<any>1</any>
</source>
<destination>
<address>158.69.183.163</address>
<port>80</port>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1523418308.4677</time>
<description>/firewall_nat_edit.php made changes</description>
</updated>
<created>
<username>root@10.40.50.77</username>
<time>1523415475.9344</time>
<description>/firewall_nat_edit.php made changes</description>
</created>
</rule>
<rule>
<protocol>tcp</protocol>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<descr>Allow HTTPS to tsys-cloud-www</descr>
<tag/>
<tagged/>
<poolopts/>
<associated-rule-id>pass</associated-rule-id>
<target>10.253.9.80</target>
<local-port>443</local-port>
<source>
<any>1</any>
</source>
<destination>
<address>158.69.183.163</address>
<port>443</port>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1523418287.4024</time>
<description>/firewall_nat_edit.php made changes</description>
</updated>
<created>
<username>root@10.40.50.77</username>
<time>1523415559.6905</time>
<description>/firewall_nat_edit.php made changes</description>
</created>
</rule>
</nat>
<filter>
<rule>
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<address>158.69.183.163</address>
<port>443</port>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1523416403.3059</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1523416403.3059</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<address>158.69.183.163</address>
<port>80</port>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1523416435.3134</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1523416435.3134</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr>Default allow LAN to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule>
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr>Default allow LAN IPv6 to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule>
<type>pass</type>
<interface>openvpn</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.253.9.2</username>
<time>1523403486.057</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.253.9.2</username>
<time>1523403486.057</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet6</ipprotocol>
<statetype>keep state</statetype>
<descr>Default allow LAN IPv6 to any rule</descr>
<source>
<network>opt1</network>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.40.50.77</username>
<time>1523484939.8032</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.40.50.77</username>
<time>1523484939.8032</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Default allow LAN to any rule</descr>
<source>
<network>opt1</network>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.40.50.77</username>
<time>1523484915.9788</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.40.50.77</username>
<time>1523484915.9788</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow traffic to management VLAN</descr>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.40.50.77</username>
<time>1523479299.9205</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.40.50.77</username>
<time>1523478607.6733</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
</filter>
<rrd>
<enable/>
</rrd>
<load_balancer>
<monitor_type>
<name>ICMP</name>
<type>icmp</type>
<descr>ICMP</descr>
<options/>
</monitor_type>
<monitor_type>
<name>TCP</name>
<type>tcp</type>
<descr>Generic TCP</descr>
<options/>
</monitor_type>
<monitor_type>
<name>HTTP</name>
<type>http</type>
<descr>Generic HTTP</descr>
<options>
<path>/</path>
<host/>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>HTTPS</name>
<type>https</type>
<descr>Generic HTTPS</descr>
<options>
<path>/</path>
<host/>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>SMTP</name>
<type>send</type>
<descr>Generic SMTP</descr>
<options>
<send/>
<expect>220 *</expect>
</options>
</monitor_type>
</load_balancer>
<ntpd>
<prefer>0.opnsense.pool.ntp.org</prefer>
</ntpd>
<widgets>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<column_count>2</column_count>
</widgets>
<revision>
<username>root@10.40.50.77</username>
<time>1523486151.3622</time>
<description>/firewall_virtual_ip_edit.php made changes</description>
</revision>
<OPNsense>
<captiveportal version="1.0.0">
<zones/>
<templates/>
</captiveportal>
<cron version="1.0.0">
<jobs/>
</cron>
<Netflow version="1.0.0">
<capture>
<interfaces/>
<egress_only>wan</egress_only>
<version>v9</version>
<targets/>
</capture>
<collect>
<enable>0</enable>
</collect>
</Netflow>
<IDS version="1.0.1">
<rules/>
<userDefinedRules/>
<files/>
<fileTags/>
<general>
<enabled>0</enabled>
<ips>0</ips>
<promisc>0</promisc>
<interfaces>wan</interfaces>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<defaultPacketSize/>
<UpdateCron/>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<MPMAlgo>ac</MPMAlgo>
<syslog>0</syslog>
<LogPayload>0</LogPayload>
</general>
</IDS>
<proxy version="1.0.0">
<general>
<enabled>0</enabled>
<icpPort/>
<logging>
<enable>
<accessLog>1</accessLog>
<storeLog>1</storeLog>
</enable>
<ignoreLogACL/>
<target/>
</logging>
<alternateDNSservers/>
<dnsV4First>0</dnsV4First>
<forwardedForHandling>on</forwardedForHandling>
<uriWhitespaceHandling>strip</uriWhitespaceHandling>
<useViaHeader>1</useViaHeader>
<suppressVersion>0</suppressVersion>
<VisibleEmail>admin@localhost.local</VisibleEmail>
<VisibleHostname/>
<cache>
<local>
<enabled>0</enabled>
<directory>/var/squid/cache</directory>
<cache_mem>256</cache_mem>
<maximum_object_size/>
<size>100</size>
<l1>16</l1>
<l2>256</l2>
<cache_linux_packages>0</cache_linux_packages>
<cache_windows_updates>0</cache_windows_updates>
</local>
</cache>
<traffic>
<enabled>0</enabled>
<maxDownloadSize>2048</maxDownloadSize>
<maxUploadSize>1024</maxUploadSize>
<OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
<perHostTrotteling>256</perHostTrotteling>
</traffic>
</general>
<forward>
<interfaces>lan</interfaces>
<port>3128</port>
<sslbumpport>3129</sslbumpport>
<sslbump>0</sslbump>
<sslurlonly>0</sslurlonly>
<sslcertificate/>
<sslnobumpsites/>
<ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
<sslcrtd_children>5</sslcrtd_children>
<ftpInterfaces/>
<ftpPort>2121</ftpPort>
<ftpTransparentMode>0</ftpTransparentMode>
<addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
<transparentMode>0</transparentMode>
<acl>
<allowedSubnets/>
<unrestricted/>
<bannedHosts/>
<whiteList/>
<blackList/>
<browser/>
<mimeType/>
<safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
<sslPorts>443:https</sslPorts>
<remoteACLs>
<blacklists/>
<UpdateCron/>
</remoteACLs>
</acl>
<icap>
<enable>0</enable>
<RequestURL>icap://[::1]:1344/avscan</RequestURL>
<ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
<SendClientIP>1</SendClientIP>
<SendUsername>0</SendUsername>
<EncodeUsername>0</EncodeUsername>
<UsernameHeader>X-Username</UsernameHeader>
<EnablePreview>1</EnablePreview>
<PreviewSize>1024</PreviewSize>
<OptionsTTL>60</OptionsTTL>
<exclude/>
</icap>
<authentication>
<method/>
<realm>OPNsense proxy authentication</realm>
<credentialsttl>2</credentialsttl>
<children>5</children>
</authentication>
</forward>
</proxy>
<TrafficShaper version="1.0.1">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
<quagga>
<bgp version="0.0.0">
<enabled>1</enabled>
<asnumber>64522</asnumber>
<networks>10.253.9.0/24,10.253.3.0/24,192.168.194.0/30</networks>
<redistribute/>
<neighbors>
<neighbor uuid="e56fc4ba-e5c4-48d6-8219-69250f2b8222">
<enabled>1</enabled>
<address>192.168.194.1</address>
<remoteas>64517</remoteas>
<updatesource>openvpn</updatesource>
<nexthopself>0</nexthopself>
<defaultoriginate>0</defaultoriginate>
<linkedPrefixlistIn/>
<linkedPrefixlistOut/>
<linkedRoutemapIn/>
<linkedRoutemapOut/>
</neighbor>
</neighbors>
<aspaths/>
<prefixlists/>
<routemaps/>
</bgp>
<general version="0.0.0">
<enabled>1</enabled>
<enablelogfile>0</enablelogfile>
<logfilelevel>notifications</logfilelevel>
<enablesyslog>0</enablesyslog>
<sysloglevel>notifications</sysloglevel>
</general>
</quagga>
</OPNsense>
<cert>
<refid>5acd29581b4ba</refid>
<descr>Web GUI SSL certificate</descr>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZiekNDQTFlZ0F3SUJBZ0lKQUlNTlZ4N1QzSWM3TUEwR0NTcUdTSWIzRFFFQkN3VUFNRTR4Q3pBSkJnTlYKQkFZVEFrNU1NUlV3RXdZRFZRUUlEQXhhZFdsa0xVaHZiR3hoYm1ReEZUQVRCZ05WQkFjTURFMXBaR1JsYkdoaApjbTVwY3pFUk1BOEdBMVVFQ2d3SVQxQk9jMlZ1YzJVd0hoY05NVGd3TkRFd01qRXhOVEEwV2hjTk1Ua3dOREV3Ck1qRXhOVEEwV2pCT01Rc3dDUVlEVlFRR0V3Sk9UREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXcKRXdZRFZRUUhEQXhOYVdSa1pXeG9ZWEp1YVhNeEVUQVBCZ05WQkFvTUNFOVFUbk5sYm5ObE1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQTFiaDZkSEdTZkRSZU55YzhGbis2b0dEa3ltbmp6YWhCCkM4Z1JpWDMwWWR3SVBYcWhpYllLQmdkWVFZZDRoNGgzWERPelllMmxZZVRVYUVaZkRsVkxqV2FyL0hMYW5HODMKQW04eE9MdXdwQmdGc0lNTGZUR0FEcUJDd1BaMDlnU0UwT0t1dkdFUGoyNkg4eWhNeDNXT2VvVGJ2RENKMVdCYgpvQjFSTDJmVG1GbkdxMTZTSTJpVDc2VndBM3BUQXlFb1pmRllmeGRMSTBpbmp5dnU3aWNCQVBNU09pWXowbVJXClVZZDNHKzUrcmI0QkVkSXl3TGpDRzd2SjdYQTJlWXJlZTY3YlpTeTVqNVc0eXpjTFJNbkZzZGMrb1EwR3dJanIKVFowQzYvZWowUWpWbE5ERFNQaGM0dkJaZ2xWMTJlL3FtekN0MnNPYzVxS3Zyc1JtckNGL3RSelV5cU9ZaGt2eAp2c0huODVnTmswS05YbEkwUGNWM2NhTWo0RlJVNXI3clpEb0hnTi9UTFpFaUVmVUJXMFlJM25FSUZrY3VyVngyCm5KNWNxWjBZK1NiSk1BZzVPYUhWcTZxRWhsdEExa1BvQWllcXBhQjdzb2lDT0hQZ08rQ09YNUlCK1FMM2h2dmMKMHc0YUplNEErS0ROS21ReVRpQ21JYXdrU0l0V2Fka1lUMFNnVjVnMUJKYnRQdnJKZytOM1dpN3dKdkxqOXVnZQovVWx0V3VPeXM3eXQyWDRIbFdWQXdUSC9XMEN3enVaUXpsbk02ODJHdThacGxMWGt6OU1DVFRkbm5oQnErRXllCnJrM3lONk4zRWZSMTN2T2lyM1VWcEVVVkVvSm9sRERGNERpMDQxR3BWU25xVFVBeUs2aGQxQVpFYXVVd1RyeUkKSDZtMWwrVUIvdHNDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRlA3OWZLUU5sM0VWaGdLdm8xOFNqd3NGWDBjcgpNQjhHQTFVZEl3UVlNQmFBRlA3OWZLUU5sM0VWaGdLdm8xOFNqd3NGWDBjck1Bd0dBMVVkRXdRRk1BTUJBZjh3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFGZ245NlYrMEhqRlFtaEd5RDZBM1lXenByaitiZkd1RWZCcmZhcUMKbVd2NTM4TVlTOEE2MWswMEhOZjZoZUZISUpWSzI1akN6dXZDMC8rZmJGRForZmtkcllNUFNjNzBOQm9oOFJnaApxTDNoOW9KenR4bEVCbkc2Z3lQdG1ISDVYbW1mZmYzWTU0U0ljT0x0c3BTWlNUVDlMbUpNcm4wNmhRbE5Cd3Z3Cm1XWXBqTklMRWJSN1BWN3ZtZjQ3MW1OTmVqczZSK2Y2Z2RpMDdCcVl6YVppWldsdGZFb2FsNk5qRFRUUUhTdEUKcVlVSGpXWHZGU0g5SVRjdzN3QVRjdGVZVW8rOFI1dWEvNmhMUEViMERUeUo3Y0FuZDFjNVpwK1lEUzRDcDd2dgowdVFybDliNWtKdWYrWDUzL3lMMmNMK1dDdFJsU0tKOW9kV1NzRlRqLzhLUTBWNUJOcGFqcnE2dnp2c2FVaTNqCkk2Z0dFVlphak9YQVdYdmxhWDdLQXduSi9EZzVmUmFXT0oxTmpuSFZibFNsbWRPdWh3cHVJM0cyc3hsaDIxa28KQkZiOVo0V3ZoODBEWXBxQnRScEFpRDRaMGVkOCtLelkzQ0NyQzBOS1pUVjhPbFRmRWZlSzdxNzRDbmMyQmJhSwp5UUI2SlVlRVU1VVd5K1paQkNrM2kzN3dBcmhyc0UwU1B4N2ZKUXJQZlNpbUQxZE0wcHcrdExZMDFQaUxudlZTCk9SaEw0S09NMDAydVhBUW1CbDZBMXlGRjBsMzhwR1cvbFNDNktId3lnQ0Znb2hHYnFsQmw3eDM1czR0Vkoyak4KdEpXRFdWYmt4eFZEbFFGbW5DTURzbzBEaFBBbGJNbVJ0OC8yeEx5cVRsV2F1SGpvZ3B5dStpdmhrOXcvc3VGUQpkSndXCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRFZ1SHAwY1pKOE5GNDMKSnp3V2Y3cWdZT1RLYWVQTnFFRUx5QkdKZmZSaDNBZzllcUdKdGdvR0IxaEJoM2lIaUhkY003Tmg3YVZoNU5SbwpSbDhPVlV1TlpxdjhjdHFjYnpjQ2J6RTR1N0NrR0FXd2d3dDlNWUFPb0VMQTluVDJCSVRRNHE2OFlRK1Bib2Z6CktFekhkWTU2aE51OE1JblZZRnVnSFZFdlo5T1lXY2FyWHBJamFKUHZwWEFEZWxNRElTaGw4VmgvRjBzalNLZVAKSys3dUp3RUE4eEk2SmpQU1pGWlJoM2NiN242dHZnRVIwakxBdU1JYnU4bnRjRFo1aXQ1N3J0dGxMTG1QbGJqTApOd3RFeWNXeDF6NmhEUWJBaU90Tm5RTHI5NlBSQ05XVTBNTkkrRnppOEZtQ1ZYWFo3K3FiTUszYXc1em1vcSt1CnhHYXNJWCsxSE5US281aUdTL0crd2Vmem1BMlRRbzFlVWpROXhYZHhveVBnVkZUbXZ1dGtPZ2VBMzlNdGtTSVIKOVFGYlJnamVjUWdXUnk2dFhIYWNubHlwblJqNUpza3dDRGs1b2RXcnFvU0dXMERXUStnQ0o2cWxvSHV5aUlJNApjK0E3NEk1ZmtnSDVBdmVHKzl6VERob2w3Z0Q0b00wcVpESk9JS1lockNSSWkxWnAyUmhQUktCWG1EVUVsdTArCitzbUQ0M2RhTHZBbTh1UDI2Qjc5U1cxYTQ3S3p2SzNaZmdlVlpVREJNZjliUUxETzVsRE9XY3pyellhN3htbVUKdGVUUDB3Sk5OMmVlRUdyNFRKNnVUZkkzbzNjUjlIWGU4Nkt2ZFJXa1JSVVNnbWlVTU1YZ09MVGpVYWxWS2VwTgpRRElycUYzVUJrUnE1VEJPdklnZnFiV1g1UUgrMndJREFRQUJBb0lDQUJBdzhxNEJzS3hTTjFVTVZ1UUpkelVSClFpUUhrNmVQK0tXUTJhdEY3STdCWWFwdXNQQkM1MDEvbnZNUDlWU25SUXVxS3d2Zk9pbEpjY0lZbXJqMlEwd0sKSER0NjVBNzM2ZjM0T0kxb3dzQWJ4Y3FTa3Z0QUZjaUY0YWpHd3lPa1FmK2xQTUd1eE1RRUJxNm9QZkRhZWhuVQpHT1dQODlGRGhJMkR5eFBCVk9sMDI3VTk2K3BjME9CVjh6K0FNK3ZIeGt5NjFRNkQwRUJ6RDZhc0dHVFlkWjRCCnpENjFpRFdIUG5iY3dXeFBUQytUZG5kSUttb3BWU05PdmNTTVBNUkdmZ1oydjg1UmJobHZxVmxUNlRtajQ2Tk8KZ0VNcFBucTFwTVh6Z0RZcVE3SGhiblRndi9xMlBpcy9ORGpJaXE0aEcrLzM1eVBzcitWVksrUWNvdjZsWnd4SgpDRG9oRnFvQlZzNlBiK2YvSGZjUlBCRnBmY1FjeDNnQ2ZWTWh5a3dPN3dBak56cGh1SDNZSlZucGN0Lytnc2p3CkUzMVVLbkZ0eEhmM0NCemNhVDFiR21idzMxekFLalZRTUdOcjFJd2x5Q2o5RmdLdERURzFqcWVKS3pFZy9qMUQKakl6TUo2QUVJMVR1cjlxTi8rZmxQVE53YXVjRmpUMWRRMzVpeG92RFpyY3ZKMEhlTStkSUdTVnNqKzl1K0NTdApzb3ZvdGprWGpsWmdIUngvY1hId1dEbUQ3SFp3MlRuNnBBeGE0aEplRFc0MlJOQURrODRSM3dpSzZzVEl1VHZZClFGUGJJN0I3a3BlMWlzVTduamVjbkcweS8wcjJkbUZNUFpncUNPYXFtSTYwMTl4N09zVjFUNkxHSXBkMDRHY1YKUlYrN1ZuWmcrS0NHenhHaTEvWlJBb0lCQVFENVlhY1NCTGlmYnoxeHpjWEM2bEJ3cE5KNW5wT1M2SG16QlJocQpJcHI4WlVWcDBHTkw3SnBJYzE0cDY4RzRlWDB0NTh5eDRKMDRTdVZDVDMvOFMwamtaV01RckVmbTg0ZmM3RitsCk1vakxEcS9uWmQ2a1ZnUjdCSU5DZjJpaXc2ZEpkOFVTWWc3K2pLakpYK2J2cGsvbWdoYW9yRE1FYVZaN2UvQUoKM0VNenV5TVMrSWgvRGJRYTEyNUV2QkZzdm1CR3NveWNGYmJMMHFDc3BBNjBzcTd2UHNCdlIvVVN3d1ZyVGhmagoxV0ltSmtNdHlwVVNLSVBSZXJUaHZjMlhCL1R0Zk9ieXJnc0l6RnRMOTFtOWRDNXNRTzhSUzZWYTloc3hhMTZZCkVlSGZ2N3NuTTY3M2w1YVgzd2ZrclpWN3g5ZEJCNU5sek9Wa2lkNzZKSmlvb1JYREFvSUJBUURiWklueno4T1IKV013cXNsQWVqLzVXTk8wYzE1U0RoOTB1RkVneFJ1Qmw2dDNqRVZlV0g5U1VLRlRoUkQxWGxsRkpGY3k0YmdBTApIaEQvakE5QTVSdnowczhlVHduODcxM0o1YmdNMWFOb092MVJTS2dZeFN1UWwzdkRYSHFNQ3Rrd3JUOFhsL3lEClo3bU9LVXU4bHhnS1Q1UllXc1dtZ3FuQXJMSG1Ca1FKMU4zdVpiVHU0cWx0WGtoelhaL2swN1B5ZlZvOFMrb2UKU1hwVy85RkpDcEd0Z21PT05WSXcvbU1MNy9ZZ3hFTFRRUS9udmIrSkFKb2xQWWp6ZkVFYy9TYkQ1ckFob09XcwpCYmRKYXkyWGRmWC83ZVZZQnptblllZ2Zod2h4WDVTWGZ3b2lCc2c1VUtvekhaSVhpckVkeTQrdk1wUzl0eWs3Cks1bkN0Mk1QOUNrSkFvSUJBUURLRml4QkdicFMyTjQ5L3JZbmdhRzE1cHI1RzF3VFRIaHliY3FmRjNQbzNGZ24KcTBzTUY2dmUwajZZVWdnbDZhMWJLZUJpdE5ZeTY5NWtvZS9oRDFEK1pIcW01RFZRSGtFVzhpVi94VGU4OVNYdQpxa3FGZVg4Z0FVUXMrdnBjQzVqZ25FSUM1NXVuQTIwejRwZE4xTVFpMDRCeEp6b2dkUXd6L1BkRHhrNWUrV011CjJHQWtOWUtoemJuNTBUMTlsYmlIRWVHSUNzQ2E0eEI1Vm1qa1hYZ05RQmpKRk5Ld1pZRmF0Mm44b3NwcWg4OGcKcUcyc3pWQWt6UDhQZjdPK2xDQVM0NGh6V0Q1dzNzbU5BZUNpK2ljMGFscFE5YkFGeWpHM0ZuOE5WRkJwOVFGQQpmMDFtTGwxR3JPSEVtalhzbk1EK1habEFnWTNTcnpjV0ZkbnZyTG5wQW9JQkFERXlVbDBCOGZEZDRLcVNZYlQ0CnhTZS9wb3daSzR4ekl2MzZQbFlPZHJOai8yMnpyZGhVT3U4ZVBDcG5pdm5oRTBrNFFqZjVNcmxMZkxSUlMvcFoKWmZNL0NvTFpabnY1a1NaOUJOQ2I5NUNmNmI0WWRObFpIWFBIQkZIQ294aFVObS9iNlpINDJ2NzhlM2VOZXhaSApLM1RrYzNkOG8yVzdWeVdGbEQ3b21NazdtcWlpMWZmYmkvS2llY3lrNmYzK0d4UDlXQWE5WHpwN2I1dWlzZU9YCkl5T3RZWFc2THp3ZFQwaVYvck5LVDFIZi9Sa1NTNmtGSVl2SVNMV1EzMmtJdTNDaWdreUlML2hyTDdhZStoSkUKdVcweWc0TkIyNFBWU0tBSlA3TnNvMzExVjJoWjdQd3RRbjFEM0VhN0t3eHJZVVVBS3FxQU1CYThxRFlwdVdVUwpjMEVDZ2dFQWRudXFjWENTeFNicXFQbEc3VU5VZ0dyS28zMHJyWDJaSFlxVkNPc0c4TmZBZC9Id3dRc3pmMEpmCmJqc1JGQlVEYzFLdTk1dFRpWU5VWnArd211S2pxcEZIcjFhNmtQOEgxNWFTUllSTTNITHYwUDYxSGVqa29NeUMKZ3A4QlJibDRuUzh1N3o5YjNWV3FuOVJKOEIrWFRDTGh5Qy9DVTZRZEZCZC9ZUXpOTGNNQktEckppd0pNN3U4YgpFSUZ5MWpRZVlOTC9WcWNuSDY0dm9INEdDZzc5eFJLdlBmWnhBaUZTckhIUVdQWWVJRllDRnlVTUhwMmpTdE43CjVOZ01RWXArbkZZL2d5cWJId2JHQ0JtYWp0bWVYRU1WcnR5SzZ2QXE1RUM2djFrWS9tVFRDb1Jtdmk1djE2ZWoKbWx4azdLanhCWTAvd2tHREY5bkhEMGNEVHpYaHdBPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<ppps/>
<vlans>
<vlan>
<if>vtnet0</if>
<tag>9</tag>
<pcp>0</pcp>
<descr>tsys</descr>
<vlanif>vtnet0_vlan9</vlanif>
</vlan>
<vlan>
<if>vtnet1</if>
<tag>3</tag>
<pcp>0</pcp>
<descr>mgmt</descr>
<vlanif>vtnet1_vlan3</vlanif>
</vlan>
</vlans>
<gateways>
<gateway_item>
<descr>Interface WAN Gateway</descr>
<defaultgw>1</defaultgw>
<ipprotocol>inet</ipprotocol>
<interface>wan</interface>
<gateway>158.69.183.166</gateway>
<monitor_disable>1</monitor_disable>
<name>GW_WAN</name>
<interval>1</interval>
<weight>1</weight>
</gateway_item>
<gateway_item>
<descr>Interface WAN Gateway</descr>
<defaultgw>1</defaultgw>
<ipprotocol>inet</ipprotocol>
<interface>wan</interface>
<gateway>158.69.183.166</gateway>
<monitor_disable>1</monitor_disable>
<name>GW_WAN</name>
<interval>1</interval>
<weight>1</weight>
</gateway_item>
</gateways>
<openvpn>
<openvpn-client>
<protocol>UDP</protocol>
<dev_mode>tun</dev_mode>
<server_addr>158.69.183.162</server_addr>
<server_port>1194</server_port>
<proxy_authtype>none</proxy_authtype>
<description>ASN2NET Backbone</description>
<mode>p2p_shared_key</mode>
<crypto>AES-128-CBC</crypto>
<digest>SHA1</digest>
<engine>none</engine>
<tunnel_network>192.168.194.0/30</tunnel_network>
<verbosity_level>1</verbosity_level>
<interface>wan</interface>
<vpnid>1</vpnid>
<custom_options/>
<shared_key>Iw0KIyAyMDQ4IGJpdCBPcGVuVlBOIHN0YXRpYyBrZXkNCiMNCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0NCjRhYjBlYzc3NGNlZmFjNDk0ZDkxMmRlOGRkMzkyN2JhDQowZGZjMzI2MGMwZmQwOGE2ZmI0NjVjMGNmZjQ1MzU1YQ0KMDBmODc5MzQwMDI0YjU1OTQ2MDAzNmUyOTJjNDhiNWQNCjkzMjg3ZjY3ZTIwOTI4ZDA2MzczMjM2NjliMjNmZjNiDQoxZjY3MDJlYzkwZWEzOGU3MWZjN2JjMDA5ZTI1YzdiYw0KZjVmNGE4YTNlMzdhMDUyOTkxMGEzNDVjMTQ4Mjk5OTkNCjU0OWE4NGIzYTAyZTg4M2Y1M2ZkZWYzNGZlYzlhNTg3DQpiMDBjMWM3ZjU4YjFlOTYyZTQ1ZjEyMjI0MGI0YTBlMQ0KMTgxZTU3NjY0Y2UwZmIxNTg5YTA1NmZjYWYyNDYwNGYNCmU3M2I4OTJmN2JmNzRlZjMxODEzYzc5ODJhZjkwNmNhDQo4YzAwYTY1OWEwMzI3MGQ3ZGFiNjE0YzkwM2RjYWRlZQ0KNmEwZjQ2MDFhMWE4ODAzMjQxZjY4MTY5M2UyZWFjN2ENCmUyZWNkMDBkYmU4Mjc1MDY2OWQ0MTkwNTZmYjE4OWE0DQpiYzY1YzAyOWY1ZjM2YzI1MTM0MzkzM2M3OTRkZjdhMg0KY2E3OWUyN2E1ZDNjNDhiNjgwNjg2Yjc5MmQ3ZGZiOGUNCmIwODZkMzAyNzNiN2U0ZmNjNTdiNGVjZTQyOTgyMjg2DQotLS0tLUVORCBPcGVuVlBOIFN0YXRpYyBrZXkgVjEtLS0tLQ==</shared_key>
</openvpn-client>
</openvpn>
<staticroutes/>
<virtualip>
<vip>
<type>single</type>
<subnet_bits>29</subnet_bits>
<mode>carp</mode>
<interface>wan</interface>
<descr>tsys-cloud-www</descr>
<subnet>158.69.183.163</subnet>
<vhid>1</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>123</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>lan</interface>
<descr>floating gw tsys </descr>
<subnet>10.253.9.254</subnet>
<vhid>2</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>vip123</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt1</interface>
<descr>toolbox/ucs</descr>
<subnet>10.253.3.254</subnet>
<vhid>3</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>c0l0rad0</password>
</vip>
</virtualip>
</opnsense>