From 9e2c48ed496f26b1710d96c6f7605ff72d02836f Mon Sep 17 00:00:00 2001 From: Josef Chessor Date: Thu, 12 Apr 2018 15:24:46 -0500 Subject: [PATCH] Adding pfv-core-rtr02. --- mtp-configs/pfv-core-rtr02.pfv.turnsys.net | 1011 ++++++++++++++++++++ 1 file changed, 1011 insertions(+) create mode 100644 mtp-configs/pfv-core-rtr02.pfv.turnsys.net diff --git a/mtp-configs/pfv-core-rtr02.pfv.turnsys.net b/mtp-configs/pfv-core-rtr02.pfv.turnsys.net new file mode 100644 index 0000000..14430c4 --- /dev/null +++ b/mtp-configs/pfv-core-rtr02.pfv.turnsys.net @@ -0,0 +1,1011 @@ + + + opnsense + + + Disable the pf ftp proxy handler. + debug.pfftpproxy + default + + + Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html + vfs.read_max + default + + + Set the ephemeral port range to be lower. + net.inet.ip.portrange.first + default + + + Drop packets to closed TCP ports without returning a RST + net.inet.tcp.blackhole + default + + + Do not send ICMP port unreachable messages for closed UDP ports + net.inet.udp.blackhole + default + + + Randomize the ID field in IP packets (default is 0: sequential IP IDs) + net.inet.ip.random_id + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.sourceroute + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.accept_sourceroute + default + + + + Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects + to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect + packets without returning a response. + + net.inet.icmp.drop_redirect + default + + + + This option turns off the logging of redirect packets because there is no limit and this could fill + up your logs consuming your whole hard drive. + + net.inet.icmp.log_redirect + default + + + Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) + net.inet.tcp.drop_synfin + default + + + Enable sending IPv4 redirects + net.inet.ip.redirect + default + + + Enable sending IPv6 redirects + net.inet6.ip6.redirect + default + + + Enable privacy settings for IPv6 (RFC 4941) + net.inet6.ip6.use_tempaddr + default + + + Prefer privacy addresses and use them over the normal addresses + net.inet6.ip6.prefer_tempaddr + default + + + Generate SYN cookies for outbound SYN-ACK packets + net.inet.tcp.syncookies + default + + + Maximum incoming/outgoing TCP datagram size (receive) + net.inet.tcp.recvspace + default + + + Maximum incoming/outgoing TCP datagram size (send) + net.inet.tcp.sendspace + default + + + Do not delay ACK to try and piggyback it onto a data packet + net.inet.tcp.delayed_ack + default + + + Maximum outgoing UDP datagram size + net.inet.udp.maxdgram + default + + + Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) + net.link.bridge.pfil_onlyip + default + + + Set to 1 to additionally filter on the physical interface for locally destined packets + net.link.bridge.pfil_local_phys + default + + + Set to 0 to disable filtering on the incoming and outgoing member interfaces. + net.link.bridge.pfil_member + default + + + Set to 1 to enable filtering on the bridge interface + net.link.bridge.pfil_bridge + default + + + Allow unprivileged access to tap(4) device nodes + net.link.tap.user_open + default + + + Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) + kern.randompid + default + + + Maximum size of the IP input queue + net.inet.ip.intr_queue_maxlen + default + + + Disable CTRL+ALT+Delete reboot from keyboard. + hw.syscons.kbd_reboot + default + + + Enable TCP extended debugging + net.inet.tcp.log_debug + default + + + Set ICMP Limits + net.inet.icmp.icmplim + default + + + TCP Offload Engine + net.inet.tcp.tso + default + + + UDP Checksums + net.inet.udp.checksum + default + + + Maximum socket buffer size + kern.ipc.maxsockbuf + default + + + Page Table Isolation (Meltdown mitigation, requires reboot.) + vm.pmap.pti + default + + + Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) + hw.ibrs_disable + default + + + + normal + pfv-core-rtr02 + pfv.turnsys.net + + admins + System Administrators + system + 1999 + 0 + user-shell-access + page-all + + + root + System Administrator + system + admins + $2b$10$A6E8slPQ47ZeKAAWEZikquT4cKDePehCLY547YFCcOIlQGPcaTeSu + 0 + + c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDbzVUMEZFVUtvWWF4Umhqczl5V3pLdEV5WHVLSnZUV29scnlEMzk1ZXF5QkoweE94YmtYSis4RU13S3RXTTZOVzVxYXFXYlQySkovVnpPSWNvWW14QXUrK3F3U1dPZXNrVnIrRnhQcjJ5cGFXRDk4bkp5K0NwWjlSTjZQdzZLaWtIYWt5cXpTVVdLWGRvdldpVHBkenFSTytqMExtSm1nVWlUM05zaDQyZXlidnQvVDdKTWtWRzRXK2pvUlgrRENTNFVJUlJRZ01SRDRUcUJRL2pyOW03VnMwYUpuMWxmbGdzcHJzYWNnb2crc0hsRXppdHd3Y1JxTU5wcDVKbTBEZmhqNlBxQXZzZ0tKWVdPT01GVm93dkdzcW5ROXdxSm81QWxsbGJUR1YxUkhlSUJPM2ZSUlU4VWQ5VFBBM0FmeDE2L2FwZjFua0xoVjhRWDltSXhFV3A= + + + + 2000 + 2000 + America/Chicago + 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org + + https + 5ab5ea42ad218 + + + + + + yes + 1 + 1 + 1 + 1 + 1 + + hadp + hadp + hadp + + monthly + + + 60 + aesni + 1 + 1 + 1 + en_US + 10.251.30.71 + 115200 + video + + 1 + + enabled + 1 + + none + none + none + none + none + none + none + none + + + + 1 + ue0 + dhcp + dhcp6 + 32 + + on + + + 0 + WAN + + + 1 + bge0_vlan100 + 10.251.100.253 + 24 + + + + + + + LAN + + + 1 + 1 + openvpn + OpenVPN + group + 1 + + + bge0_vlan30 + ProductionManagement + 1 + + 10.251.30.253 + 24 + + + bge0_vlan22 + HouseServices + 1 + + 10.251.22.253 + 24 + + + bge0_vlan200 + Nerdbone + 1 + + 10.251.200.253 + 24 + + + bge0_vlan5 + RRVOIP + 1 + + 10.251.5.253 + 24 + + + bge0_vlan3 + RRAP + 1 + + 10.251.3.253 + 24 + + + + + 1 + + + 10.251.100.10 + 10.251.100.245 + + 10.251.30.71 + + + + on + + + + 1 + 1 + 1 + 1 + 1 + 1 + + 1 + kn3lmgmt + 161 + + + + 162 + + opt1 + + + 1 + 50 + 10.253.3.99 + + + + ipv4 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + + + + automatic + + + + + pass + inet + Default allow LAN to any rule + lan + + lan + + + + + + + pass + inet6 + Default allow LAN IPv6 to any rule + lan + + lan + + + + + + + pass + openvpn + inet + keep state + allow full transit across vpn + + 1 + + + 1 + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + + pass + openvpn + inet + keep state + allow bgp + tcp + +
192.168.198.1/30
+ + +
192.168.198.2/30
+ 179 + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + + pass + opt1 + inet + keep state + + lan + + + opt1 + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + + pass + opt1 + inet + keep state + +
10.40.50.0/24
+ + + opt1 + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + + pass + opt1 + inet + keep state + +
10.253.3.0/24
+ + + opt1 + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + + pass + opt2 + inet + keep state + + lan + + + opt2 + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + + pass + opt3 + inet + keep state + + lan + + + opt3 + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + root@10.251.100.101 + + /firewall_rules_edit.php made changes + + + + + + + + + ICMP + icmp + ICMP + + + + TCP + tcp + Generic TCP + + + + HTTP + http + Generic HTTP + + / + + 200 + + + + HTTPS + https + Generic HTTPS + + / + + 200 + + + + SMTP + send + Generic SMTP + + + 220 * + + + + + 0.opnsense.pool.ntp.org + + + system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show + 2 + + + root@10.40.50.77 + + /services_snmp.php made changes + + + + + + + + + + + + + + + + + + + + + 0 + 0 + 0 + wan + 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 + + + W0D23 + 4 + ac + 0 + 0 + + + + + 0 + + + + 1 + 1 + + + + + + 0 + on + strip + 1 + 0 + admin@localhost.local + + + + 0 + /var/squid/cache + 256 + + 100 + 16 + 256 + 0 + 0 + + + + 0 + 2048 + 1024 + 1024 + 256 + + + + lan + 3128 + 3129 + 0 + 0 + + + 4 + 5 + + 2121 + 0 + 1 + 0 + + + + + + + + + 80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http + 443:https + + + + + + + 0 + icap://[::1]:1344/avscan + icap://[::1]:1344/avscan + 1 + 0 + 0 + X-Username + 1 + 1024 + 60 + + + + + OPNsense proxy authentication + 2 + 5 + + + + + + + wan + v9 + + + + 0 + + + + + 1 + 1 + debugging + 0 + notifications + + + 1 + 64524 + 10.251.0.0/16,192.168.198.0/30 + + + + 1 +
192.168.198.1
+ 64517 + openvpn + 0 + 0 + + + + + + + + + + + + + + 0 + 0 + 1 + 10 + 100 + 30 + 20 + 0 + 0 + 0 + 1 + 1 + 0 + 1 + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 100M + 25M + 16 + 10000 + 0 + database.clamav.net + 60 + + + + + + bge0 + 100 + bge0_vlan100 + + + bge0 + 100 + bge0_vlan100 + + + bge0 + 30 + 0 + ProductionManagement + bge0_vlan30 + + + bge0 + 200 + 0 + Nerdbone + bge0_vlan200 + + + bge0 + 22 + 0 + LabManagement + bge0_vlan22 + + + bge0 + 3 + 0 + RR-AP + bge0_vlan3 + + + bge0 + 4 + 0 + RR-SW + bge0_vlan4 + + + bge0 + 5 + 0 + RR-VOIP + bge0_vlan5 + + + bge0 + 6 + 0 + RR-RTR-LAN1 + bge0_vlan6 + + + bge0 + 7 + 0 + RR-IPTV + bge0_vlan7 + + + bge0 + 8 + 0 + RR-PeanutGallery1 + bge0_vlan8 + + + bge0 + 9 + 0 + RR-MalZoo + bge0_vlan9 + + + bge0 + 10 + 0 + RR-Fstack1 + bge0_vlan10 + + + bge0 + 11 + 0 + RR-RTRWAN-1 + bge0_vlan11 + + + + 5ab5ea42ad218 + Web GUI SSL certificate + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZiekNDQTFlZ0F3SUJBZ0lKQU40UkRYZDJBRkhnTUEwR0NTcUdTSWIzRFFFQkN3VUFNRTR4Q3pBSkJnTlYKQkFZVEFrNU1NUlV3RXdZRFZRUUlEQXhhZFdsa0xVaHZiR3hoYm1ReEZUQVRCZ05WQkFjTURFMXBaR1JsYkdoaApjbTVwY3pFUk1BOEdBMVVFQ2d3SVQxQk9jMlZ1YzJVd0hoY05NVGd3TXpJME1EWXdNelEzV2hjTk1Ua3dNekkwCk1EWXdNelEzV2pCT01Rc3dDUVlEVlFRR0V3Sk9UREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXcKRXdZRFZRUUhEQXhOYVdSa1pXeG9ZWEp1YVhNeEVUQVBCZ05WQkFvTUNFOVFUbk5sYm5ObE1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQTU1NDB5ZmVxOXo0cmxNYW9xRWJmbWxBWTZNUXRjSGNxCi9PZzZMMytlQ1BYa1d6ZjFGZ3lsSVgxRWwyR0xkMk16OGlFRXZLMHZaVzhGVWNxbVlUeDgzN1RNNEVjdUhmSFgKRnBBNm1yYUh6RUNORThUaGpVeTgwL1NJbW9VdnUzdmR1YmFSVFMvMnFjMkhKLzdOWXpXc2hmaUFOYVVLRy9JYwpDY2hCZ1RhczJNVERuUGZ4UEY0YkZTOGtFYXJobFYzYzlJbHNUT3RmTG9iLzBpdkRyUU5RK3BtdlRYeS9Eb05ICi9RMmZyTVZOUWh2M0FUK25neFFKSXQvN3prcDR2YlVocHh5SW1ZSXZyOFNvWTVBeDBTRmR3YkFPTG5qQVZxWlMKUXNRaWdERkZaRi9uS05Zbk55enljMEJIbkdxS0Rxdm9HUGJjTDF2MS9mbG0yNWlPSkFKN1JPdzA5NExoc0l3NApOcmdqRURVQ0ZIWmJsdlBzT09IZlo1b3pCaU93Z2drY210MzVxVjBjcFkrQ0hodFRGZVV3R3BSUGlWRjNBeGUrClVZV1l2dXlVMkt0RDFIYzR6Wmg0a3p0WE0yMGpkMS9IOVRJNkhyQ2owaFJaN2hhSDZvOTJmL2luU0VkS2JuUW8KeHRzKzMyUElHRGRRQnpjNWZHL2dMT3F3NkQ5YjFyNTV0QkkrTUFrNlZ4NVM4STZsamgzeVRzQVI3Y2tiRlp4dApuSWtrbSt4YmJUTUdZd2xuaHpJUDE3dGloS2tyMjg3eGkyNndnK01ZaEJBMkZ2VVNPOHU3Mm1NbDdQUFNqU3hLCjZqTjJST1AzVTBnNElwM3N4K1ltbGdOUnp1Q1M2K0crdHJiVmlER3cvNHZ4UHZTcDJHM0M3cUZlQXF2SkJkY0oKQzhkSlJoZDkyUVVDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRkhXeHZwdituUnFCczJIbHJQZ3lkVUc1Uk5EWgpNQjhHQTFVZEl3UVlNQmFBRkhXeHZwdituUnFCczJIbHJQZ3lkVUc1Uk5EWk1Bd0dBMVVkRXdRRk1BTUJBZjh3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFPS2NyRGNTRCtQbWtLY3poaU5WWGtKYisrdjdUdmh3UHpWbGRCNUMKbnc4R0kxMjRKYS9ZR01hQWVhMEs0ZlJwTjVGTFhZWHpDRUVXYlpDaS9oZm5DaG9IVXljbmtuN2VtR0UrZW9pYwpCcXhZUGNMcVdUcWw4YkpjWlNLSUFwZlBBZStuNktyc2syS0FZb0JpVHppb0lQdlpXanBTNEhCMTlOVkxweVJPCmVuS1BMcmZsZEpBNiszTGgrRXhNb1Y3VXNGc2REbzYxVU81d21PVm4vcDV2MmlvYVVkN3VZVUJSemJDRlF3SzkKNDhPR01WbkZVRnJoV2MxaE44ZkJ1c3A2V0lZOFYwdGJzM3JkQUJXdXladFMxQXFCdG9tR24vTDRhSWVSZmpRZwp1bDkvT0M2dWRjcHEvVkk0SVZDckd6TFpBem9xWit3VUZkaVpCVFRLWEpxU3R5cUVFZDY1Q3Z4Sm5QdllSR0IwCmNhOVRWMGtFYkFONDB6R2J4V3IySGN2UmRRR21FUUVjdjBUTmtUWVlDTjI3YmxWWGZiVHliU2dLL2VXcEF2VSsKaTE2NVRuZFZBeHh5ZkFJZmxwRFFyVDFrVHcwbWxFR2ZNcHRIck1SOXpWTm1nRjhNS041V3psTE9xNDR3bjQ4RAptR0IxZjVkR0VaTVd4NlN3cGpySUxoN0xWYkxSemkxU0t2dGRqOU40SEI0ZXZ0eGhoT0swVmhZMW0zRDR6T25jCkFiQ1dlV0dRWXVtM0pRNFQ1WVJoWTM0bC9rc0ZQMFBXRE1raStod1IxTUJNWU5UMy9CQjl4T0lBbmlhNlhZQ2UKd3RjcXYwQkd6bExkUEp2aWRRcDdEUjFkSk5KYlRnbmkza0RVZ0NaMG45TVIyT3NNSmtYUUN6TzV4SDBjS3EzQQp4TEszCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRRG5ualRKOTZyM1BpdVUKeHFpb1J0K2FVQmpveEMxd2R5cjg2RG92ZjU0STllUmJOL1VXREtVaGZVU1hZWXQzWXpQeUlRUzhyUzlsYndWUgp5cVpoUEh6ZnRNemdSeTRkOGRjV2tEcWF0b2ZNUUkwVHhPR05UTHpUOUlpYWhTKzdlOTI1dHBGTkwvYXB6WWNuCi9zMWpOYXlGK0lBMXBRb2I4aHdKeUVHQk5xell4TU9jOS9FOFhoc1ZMeVFScXVHVlhkejBpV3hNNjE4dWh2L1MKSzhPdEExRDZtYTlOZkw4T2cwZjlEWitzeFUxQ0cvY0JQNmVERkFraTMvdk9Tbmk5dFNHbkhJaVpnaSt2eEtoagprREhSSVYzQnNBNHVlTUJXcGxKQ3hDS0FNVVZrWCtjbzFpYzNMUEp6UUVlY2Fvb09xK2dZOXR3dlcvWDkrV2JiCm1JNGtBbnRFN0RUM2d1R3dqRGcydUNNUU5RSVVkbHVXOCt3NDRkOW5tak1HSTdDQ0NSeWEzZm1wWFJ5bGo0SWUKRzFNVjVUQWFsRStKVVhjREY3NVJoWmkrN0pUWXEwUFVkempObUhpVE8xY3piU04zWDhmMU1qb2VzS1BTRkZudQpGb2ZxajNaLytLZElSMHB1ZENqRzJ6N2ZZOGdZTjFBSE56bDhiK0FzNnJEb1Axdld2bm0wRWo0d0NUcFhIbEx3CmpxV09IZkpPd0JIdHlSc1ZuRzJjaVNTYjdGdHRNd1pqQ1dlSE1nL1h1MktFcVN2Ynp2R0xickNENHhpRUVEWVcKOVJJN3k3dmFZeVhzODlLTkxFcnFNM1pFNC9kVFNEZ2luZXpINWlhV0ExSE80SkxyNGI2MnR0V0lNYkQvaS9FKwo5S25ZYmNMdW9WNENxOGtGMXdrTHgwbEdGMzNaQlFJREFRQUJBb0lDQUNxRjRTc3pUVEFYT2VrV2orQlZJcmd4Ci9HQy9vNWdDU09JbHdJajM1UXZBR1N5bUdWankrVjRzb1dzcGZYRnR4UnV1OUMrdm5BUURYZmFtUGVXY05WRGMKNE1CTVVTc3VPMDdwSzlrN3FiTFdKeEI2Rk83Y0o4N0NGbEpJSVh0S1FtcldHZGNSOXpjMWhKclRMT0lKK0tLZgovT25jWXY2K2RHZFhYSzljV2w5eHdIZ1JEVGtJRGZEVnRzbUhsZUxXV0xxTWdGV2U0TnFwN2sybnUwVUlWdFdyCllZUFlZenRHM3ZDV2o3b29md2FrRzdVZStxSVdDNWRiaDk5WHpOTUhiaVpBRnRRWUVxa3ljYmZWd1UrajBKSysKdjl2SVQ0ZVpBWUZBZ1JVSDlyVjI1Zm1aVjVuSnBybUNFNk9qNjdURjJ0YTZlN0kyTC9OdzFuRjZrSjRMMXBWMwpXV3Q1Q3hyL3UvdnQ0RVZqdzIrNkVZR2ZRV1dBcEhNbmw5eXJhb1A4QktQN2FHdWI3WHNCdWZZU3AyNVdDYWtxCnpWWEpIOXBubEZGTFFzUmVIeWMrdTc2SGxzRUtaOFhqQUtmSW01WUNSdkh6dWFxYjFVNGpjMGNkaWk1ckdVaHYKeVlaRDd3cFNDMjAwRkFRTzdHbnFUOWY1ckQ3d3pjZGR3WWZJNk5Hb2p3VnNHWkI4OE5ObWl1UmFPR0pQRmowUApuV1pWRFRGUFJzU20ydDVNbmZIOFlhUTR6UDJkRW1lNitQanB6NE80Q2NjUEY5dzRzUUFFM0xQM2Q0dStVd051ClNwRUVzUjJyWFBuN2djTEFYN2ZZOHlSbzFzMnI0UFlMcVRxbDRDT0loQzlhdktmR2UzSkc1RWZsekx4eFJHRzEKY0dwNnFSMEJxeXc5RHZOQmdtQUJBb0lCQVFENDRhWkxXZ3FUaU8yTjdoelVlRDVDaG9yQnIvQ2hqMzdwQk1pQworTEhBcHJtcGt5SEl5cURnSzYzRnVhMVBXRzhMeC96bG5Qa3ZqSmlvYmRjZFJWZjdLRkF5VkdjR1VmcE53dTFWCmQ1WTYyMGZodVpDNHZQYXgwaGxuTkxZTE14ZnQrejFCWmttK0E4S3BmajV3UTY1dmNweWhIVGR1emUxYVdSUUcKR21ucVMvc2tJVllFMXQ1aGs2WGVreklpSTZTZVZvYUlaL3NkUkh0YkZPYUpycjA1U3IyTk9TNmh1VG0vVHFwMQpZVjYrdWtSMVB1cHljdXFaSHBxSXdaQUxVQ01PK2dGZ2RaTFlUQmJrcGxuN3JseDg3OTIxa2F3V255ZGYzV0xUClVudmVIeHVNSDZtWWRWcEdtNGJRRm41MERteEpxcEh4RlczUU1Qb1RrOTVOcUJ6dEFvSUJBUUR1UGlhY2Z3MDYKNjByL1pPR1cwWmVlQk15RlBDNVY0enQvN01uUU9ZZExBQmVyOTJiT1Z2b21DbHVqODBLQzh1dkhYcTlaQWlKQwpieVo5YSs5SHZ3eE9ycU9FY0hqdDRNM09IdkFicjFBckhmTGY2aDgyaXJyYnNTTk9ScklGZGczNTh4QXUrRVFCCjcrME9VbitHNlZUZkpZbXorbUpYOHhpQ2lXbko3Rzh1dDZNL0o5RmVPNkp6N3JneUx3ZG1MYm1xczNKdlEwNy8KVkVleTFtaEtQbXRVaktlbFdNTStTNThQenFuTmUrY2RpN2pVQlJwekZzYWQrRkhIL0MxVU1TQW04QVVma3JiLwpydzFYRXEyVjJYaFAwSDdka0dxN2VSZm0zOXpBYlN4cy9ieU5MYVZYSHpRekp4dFZLR2ovSW1jOWNXWkg1dFhCCk9TS01VbFc4Y0VGNUFvSUJBQlFtWU1wVS9lbzMrZE8xNVl1bU9KUTJSR0d1RnZOZHBNN0UzbDhNTjRmN2Q2aXQKQ3QwdzJwbUxyOFFFWm0yNElUVjQrWmExZ005Q3VORmFJMEp4Yk5BZTBXOWh1ZjJmQVg3dU96emlNNzJNSjJPMQpIR3g0a0JpUmhCRUJDWVFhbk9OZHBmWDNqQnpnUFJCdjhpb3dzSnpCVU1FU2xueFlHOUZteU9JOW5UbWs4UzVaCnJKY3p0a2w4SkwvQ2R4cWdmQ0Y5cStLN1dHOWtMZ0NQenFKekRVcm9MRFNVM3B1bFhYR0pzdTlSOU5QSVRPYVoKTTI0VXM3MjE1cGtQNHRPbnAwNzlHc051Z1hjVm9memRJd2ZuZEFHQmdoZkROWVdYV1I2LzA5SjhLUjh3c1pCRQp0L3hwOCtjbmpHQ29rWkJmNHBDTVNNaVdEWS8vaHgreXB4cnVjM2tDZ2dFQWVxa0pIQjNWNC9Yc3dSMWhnRk1jCjZzQ3h4QTgrRS81UVRnYk55U1UxWVFvRkpnYlVxWHZpZ3Q5bVd6ME5pM29pcHAwN1RtcG8xU2VBKzZZc3BoWFkKOGxHNzRwNDl4TXV2YW1aSFhSbWYvdk1HYnY2TlgzbUJ4MGFtVk5EVkt6YWk3NE9UVzN0N0dEdzlJdGlhekEwcQpJMUdpV2tXWmlJcWluZUs5MHJhbWI3a2dsWTJjb0JXNENGUnFCWHh0Sk5CNS9VY3lyZEpMdyszU2xHTUxndDRzClNIVzZnc2oyalFaR09NOUFZWWxmYnJqWFNtSHVRajhCdDZkNEE2ejBjWnB4WVZyR2FJRVRNd1VmcXlyMHNHZ3QKSjNyRE5yUDZIOWV5MUsyQmJKbEkvRHlQYldpSTdoZ2t1Z2x5YXgvSkgwTEpRTHMzMitFZlFNSjM1U01tL1VRVwprUUtDQVFBUkVBdnB4a1VzMytPSnBabVFtanZ6UWhtUTdaNXJ1cHlPeXEvUkN0a3diMURBTHV1YzVnWUswMzAxCi9jVVFkRm1rWStUUnhJU3lURFdzN1RsTHhRNzZ1Ty9nUWtSNEhtUVhtb01UWDJwd1ZyMDhycFhEL21yYmNUMGYKRVBWSzBBR3dCNFNBd085a3pXc3g5b25Wc1RscGY5d2dGTnNGeUdtMEZac0VOL1pPUWdqeGZiTGJqYTJ1K0NDaQpueVhIMmZHM0lqU3UxK1p1cGFaL3lRSmRiVDRtYlZOSXRqcTVNcXNZSTFQRWxpUW9QQ0ZYME1kZkI4QXBHNlZDCnpCNktyUmYyWXdjNWlMVDhocFBTcUV2VDBjRWpoSXcwelE5WDJ5WDdhUzRudGQzd3BTVSs0TVlMNW9XcUdFY1AKOVloZFpEV0J1TkxIVDJ0elRBc3g5TTJTdlpNQQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== + + + + + UDP + tun + 158.69.183.162 + 1199 + none + asn2net + p2p_shared_key + AES-128-CBC + SHA1 + none + 192.168.198.0/30 + no + 5 + wan + 1 + + Iw0KIyAyMDQ4IGJpdCBPcGVuVlBOIHN0YXRpYyBrZXkNCiMNCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0NCjM3ZTdhZjg0MjQ3OTA1YmFjMWUzN2U3Y2RjNTIyN2VmDQpjMTMxNTZiZjAyZDE4ZWJjMjk0ODUxOTg0OGQwMDdmYQ0KMTQ0NWNjNzgzY2I5Njc1NDA4ZWExN2ViZjJiNTgwZDcNCjU2NmQxODcxODc1NmNjN2UzZTBiZThjODM2NGJkMGI1DQpjZmVhNzJhYjNmMjFkZmQzOGExMjliODhiNWM1YzQ4ZA0KNzMxNDExOWNjN2E0ZDgxYzZiNzE3ZDVhZDRlNzZhZDMNCjg4YjY5M2YxY2ZmZWRhMjlkOTljMjc4NmQ4MTc3ZjE5DQpkOGQxNGI2ODM5YmZjZTMyN2EwOGYwODgzMGM2N2I2OA0KNmQ4NzA1YmVjYTlkOWZlNzdlMDhkNGVlODc2YTI4NzQNCjNjZThkMzY5YzM2ZGQzOWRhZjdkMDZjNGEzN2MzZWYxDQo3ZDdmZDAyYTMzMTc1NzBhOTE2NGI0Nzk1ZTYwNTNmYQ0KNmQ0ZDhjNThhNGMxZGNjZTQ1ZTI3NzYyNDAzNDQ3M2QNCmIwNjdlMmFlYjNhZDkzY2QyYmRhZWQ4MWRiZWIxNjMxDQowMDRjNzg0ZmMyZWRkZTJkNzM5YWMxY2MxZTFjOTFhNA0KYjA0YTgzNzg1MWQxMzIzOGRiMzhlZWY4MWUwYWQyNGMNCmVhM2M2OWRiYTQxYTgyOGE1MTQ0MWZlODA2ZjYxYjE4DQotLS0tLUVORCBPcGVuVlBOIFN0YXRpYyBrZXkgVjEtLS0tLQ0K + + + + + single + 24 + carp + opt2 + lan gw - vl22 + 10.251.22.254 + 1 + 0 + 1 + vippw + + + single + 24 + carp + opt1 + langw - vl30 + 10.251.30.254 + 2 + 0 + 1 + vippw + + + single + 24 + carp + opt3 + 10.251.200.254 + 3 + 0 + 1 + carpvip + + + +