Skip to content

Instantly share code, notes, and snippets.

@jlopp

jlopp/OPNsense-3.1-config-WireGuard.xml

Created January 28, 2023 22:28
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jlopp/ff8a10111f6b53f211c3e43ce8018e4f to your computer and use it in GitHub Desktop.
Save jlopp/ff8a10111f6b53f211c3e43ce8018e4f to your computer and use it in GitHub Desktop.
Download ZIP
OPNSense config file for whole-home WireGuard VPN per https://blog.lopp.net/how-to-protect-your-home-network-with-a-gigabit-vpn
Raw
OPNsense-3.1-config-WireGuard.xml
<?xml version="1.0"?>
<opnsense>
<theme>opnsense</theme>
<sysctl>
<item>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
<tunable>vfs.read_max</tunable>
<value>default</value>
</item>
<item>
<descr>Set the ephemeral port range to be lower.</descr>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
</item>
<item>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize the ID field in IP packets</descr>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
</descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv6 redirects</descr>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
</item>
<item>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
</item>
<item>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
</item>
<item>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<tunable>kern.randompid</tunable>
<value>default</value>
</item>
<item>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
</item>
<item>
<descr>Enable TCP extended debugging</descr>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
</item>
<item>
<descr>Set ICMP Limits</descr>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
</item>
<item>
<descr>TCP Offload Engine</descr>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
</item>
<item>
<descr>UDP Checksums</descr>
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
</item>
<item>
<tunable>kern.ipc.maxsockbuf</tunable>
<value>614400000</value>
<descr>Maximum socket buffer size</descr>
</item>
<item>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
<tunable>vm.pmap.pti</tunable>
<value>default</value>
</item>
<item>
<tunable>hw.ibrs_disable</tunable>
<value>1</value>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
</item>
<item>
<descr>Hide processes running as other groups</descr>
<tunable>security.bsd.see_other_gids</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other users</descr>
<tunable>security.bsd.see_other_uids</tunable>
<value>default</value>
</item>
<item>
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
and for the sender directly reachable, route and next hop is known.
</descr>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
packets without returning a response.
</descr>
<tunable>net.inet.icmp.drop_redirect</tunable>
<value>1</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.local.dgram.maxdgram</tunable>
<value>default</value>
</item>
<item>
<tunable>net.isr.maxthreads</tunable>
<value>-1</value>
<descr/>
</item>
<item>
<tunable>net.isr.bindthreads</tunable>
<value>1</value>
<descr/>
</item>
<item>
<tunable>net.isr.dispatch</tunable>
<value>deferred</value>
<descr/>
</item>
<item>
<tunable>net.inet.tcp.soreceive_stream</tunable>
<value>1</value>
<descr/>
</item>
<item>
<tunable>net.pf.source_nodes_hashsize</tunable>
<value>1048576</value>
<descr/>
</item>
<item>
<tunable>net.inet.tcp.mssdflt</tunable>
<value>1240</value>
<descr/>
</item>
<item>
<tunable>net.inet.tcp.abc_l_var</tunable>
<value>52</value>
<descr/>
</item>
<item>
<tunable>net.inet.tcp.minmss</tunable>
<value>536</value>
<descr/>
</item>
<item>
<tunable>kern.random.fortuna.minpoolsize</tunable>
<value>128</value>
<descr/>
</item>
<item>
<tunable>net.isr.defaultqlimit</tunable>
<value>2048</value>
<descr/>
</item>
</sysctl>
<system>
<optimization>normal</optimization>
<hostname>OPNsense</hostname>
<domain>localdomain</domain>
<group>
<name>admins</name>
<description>System Administrators</description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>page-all</priv>
</group>
<user>
<name>root</name>
<descr>System Administrator</descr>
<scope>system</scope>
<groupname>admins</groupname>
<password>$2y$10$/KxEWx3gxj1BdoJiUzp4Iuz7MUg2.uE7RVuJUhWP.fmvF05/pmoGW</password>
<uid>0</uid>
<expires/>
<authorizedkeys/>
<otp_seed/>
</user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timezone>America/New_York</timezone>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<ssl-certref>638682ed1f3b2</ssl-certref>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu/>
<disablevlanhwfilter>1</disablevlanhwfilter>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<ipv6allow/>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<pf_share_forward>1</pf_share_forward>
<lb_use_sticky>1</lb_use_sticky>
<ssh>
<group>admins</group>
</ssh>
<rrdbackup>-1</rrdbackup>
<netflowbackup>-1</netflowbackup>
<firmware version="1.0.0">
<mirror/>
<flavour/>
<plugins>os-wireguard</plugins>
</firmware>
<language>en_US</language>
<dnsserver>9.9.9.9</dnsserver>
<dnsserver>1.1.1.1</dnsserver>
<dns1gw>WireGuard</dns1gw>
<dns2gw>WireGuard</dns2gw>
<dns3gw>none</dns3gw>
<dns4gw>none</dns4gw>
<dns5gw>none</dns5gw>
<dns6gw>none</dns6gw>
<dns7gw>none</dns7gw>
<dns8gw>none</dns8gw>
<prefer_ipv4>1</prefer_ipv4>
</system>
<interfaces>
<wan>
<enable>1</enable>
<if>igb0</if>
<ipaddr>dhcp</ipaddr>
<ipaddrv6>dhcp6</ipaddrv6>
<gateway/>
<blockbogons>on</blockbogons>
<media/>
<mediaopt/>
<dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
</wan>
<lan>
<enable>1</enable>
<if>igb1</if>
<ipaddr>192.168.1.1</ipaddr>
<subnet>24</subnet>
<ipaddrv6>track6</ipaddrv6>
<subnetv6>64</subnetv6>
<media/>
<mediaopt/>
<track6-interface>wan</track6-interface>
<track6-prefix-id>0</track6-prefix-id>
</lan>
<lo0>
<internal_dynamic>1</internal_dynamic>
<descr>Loopback</descr>
<enable>1</enable>
<if>lo0</if>
<ipaddr>127.0.0.1</ipaddr>
<ipaddrv6>::1</ipaddrv6>
<subnet>8</subnet>
<subnetv6>128</subnetv6>
<type>none</type>
<virtual>1</virtual>
</lo0>
<opt2>
<if>igb3</if>
<descr>OPT2</descr>
</opt2>
<opt3>
<if>igb4</if>
<descr>OPT3</descr>
</opt3>
<opt4>
<if>igb5</if>
<descr>OPT4</descr>
</opt4>
<opt1>
<descr>OPT1</descr>
<if>igb2</if>
</opt1>
<opt5>
<if>wg1</if>
<descr>Wireguard</descr>
<enable>1</enable>
<lock>1</lock>
<spoofmac/>
<mtu>1420</mtu>
<mss>1420</mss>
</opt5>
<wireguard>
<internal_dynamic>1</internal_dynamic>
<enable>1</enable>
<if>wireguard</if>
<descr>WireGuard (Group)</descr>
<type>group</type>
<virtual>1</virtual>
<networks/>
</wireguard>
</interfaces>
<dhcpd>
<lan>
<enable>1</enable>
<ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
<numberoptions>
<item/>
</numberoptions>
<range>
<from>192.168.1.10</from>
<to>192.168.1.245</to>
</range>
<winsserver/>
<dnsserver/>
<ntpserver/>
<staticmap>
<mac>88:88:88:88:88:88</mac>
<ipaddr>192.168.1.102</ipaddr>
<hostname>LG-Smart-TV</hostname>
<descr>Smart TV</descr>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
</lan>
</dhcpd>
<unbound>
<enable>1</enable>
<outgoing_interface>opt5</outgoing_interface>
</unbound>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<nat>
<outbound>
<mode>hybrid</mode>
<rule>
<source>
<network>WireGuard_Routed_Devices</network>
</source>
<destination>
<any>1</any>
</destination>
<descr>WireGuard NAT</descr>
<category/>
<interface>opt5</interface>
<tag/>
<tagged/>
<poolopts/>
<poolopts_sourcehashkey/>
<ipprotocol>inet</ipprotocol>
<created>
<username>root@192.168.1.101</username>
<time>1674476031.1913</time>
<description>/firewall_nat_out_edit.php made changes</description>
</created>
<target/>
<targetip_subnet>0</targetip_subnet>
<sourceport/>
<updated>
<username>root@192.168.1.101</username>
<time>1674512995.7868</time>
<description>/firewall_nat_out_edit.php made changes</description>
</updated>
</rule>
</outbound>
<rule/>
</nat>
<filter>
<rule uuid="5a383135-2b99-453d-8df5-53c9d2959275">
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<gateway>WireGuard</gateway>
<direction>out</direction>
<floating>yes</floating>
<allowopts>1</allowopts>
<quick>0</quick>
<source>
<network>opt5ip</network>
</source>
<destination>
<network>opt5</network>
<not>1</not>
</destination>
<updated>
<username>root@192.168.1.101</username>
<time>1674512903.7253</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.1.101</username>
<time>1674421928.6829</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="cb40ddce-016d-43cd-b925-da4cd80e9e4b">
<type>block</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<tagged>NO_WAN_EGRESS</tagged>
<statetype>keep state</statetype>
<descr>VPN Kill Switch (block traffic if tunnel goes down)</descr>
<direction>out</direction>
<floating>yes</floating>
<quick>1</quick>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@192.168.1.103</username>
<time>1674933692.2985</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.1.103</username>
<time>1674933665.0812</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="061d8a1f-f331-4e10-99c3-817d199c291b">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@192.168.1.101</username>
<time>1674475758.2962</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.1.101</username>
<time>1674475758.2962</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
<disabled>1</disabled>
</rule>
<rule uuid="e3afb473-580a-4f40-af88-a5bc8109e5ad">
<type>pass</type>
<interface>lan</interface>
<ipprotocol>inet</ipprotocol>
<tag>NO_WAN_EGRESS</tag>
<statetype>keep state</statetype>
<descr>internal wireguard routing</descr>
<gateway>WireGuard</gateway>
<direction>in</direction>
<quick>1</quick>
<source>
<address>WireGuard_Routed_Devices</address>
</source>
<destination>
<address>RFC1918_Networks</address>
<not>1</not>
</destination>
<updated>
<username>root@192.168.1.101</username>
<time>1674512791.4965</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.1.101</username>
<time>1674411649.7547</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="93d57b38-26ec-461b-91a7-487ff1a0a704">
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr>Default allow LAN to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule uuid="41f6794b-b632-42dd-8424-da8d073b2e8f">
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr>Default allow LAN IPv6 to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule uuid="d32191ff-5fc9-4c42-9a26-6f648535a3cc">
<type>pass</type>
<interface>opt5</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow All &#x2013; WG</descr>
<direction>in</direction>
<quick>1</quick>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@192.168.1.101</username>
<time>1674177381.1914</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.1.101</username>
<time>1674177381.1914</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
</filter>
<rrd>
<enable/>
</rrd>
<load_balancer>
<monitor_type>
<name>ICMP</name>
<type>icmp</type>
<descr>ICMP</descr>
<options/>
</monitor_type>
<monitor_type>
<name>TCP</name>
<type>tcp</type>
<descr>Generic TCP</descr>
<options/>
</monitor_type>
<monitor_type>
<name>HTTP</name>
<type>http</type>
<descr>Generic HTTP</descr>
<options>
<path>/</path>
<host/>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>HTTPS</name>
<type>https</type>
<descr>Generic HTTPS</descr>
<options>
<path>/</path>
<host/>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>SMTP</name>
<type>send</type>
<descr>Generic SMTP</descr>
<options>
<send/>
<expect>220 *</expect>
</options>
</monitor_type>
</load_balancer>
<ntpd>
<prefer>0.opnsense.pool.ntp.org</prefer>
</ntpd>
<widgets>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<column_count>2</column_count>
</widgets>
<revision>
<username>root@192.168.1.103</username>
<time>1674944123.1917</time>
<description>user "root" changed</description>
</revision>
<OPNsense>
<captiveportal version="1.0.1">
<zones/>
<templates/>
</captiveportal>
<cron version="1.0.3">
<jobs/>
</cron>
<Firewall>
<Lvtemplate version="0.0.1">
<templates/>
</Lvtemplate>
<Category version="1.0.0">
<categories/>
</Category>
<Alias version="1.0.1">
<geoip>
<url/>
</geoip>
<aliases>
<alias uuid="505156d7-6c0b-4ef8-9a12-9b2614b04385">
<enabled>1</enabled>
<name>WireGuard_Routed_Devices</name>
<type>network</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>192.168.1.103/32
192.168.1.104/29
192.168.1.112/28
192.168.1.128/25</content>
<categories/>
<description/>
</alias>
<alias uuid="674b99c4-a2af-4e40-8e02-1d85ec675084">
<enabled>1</enabled>
<name>RFC1918_Networks</name>
<type>network</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>192.168.0.0/16
10.0.0.0/8
172.16.0.0/12</content>
<categories/>
<description/>
</alias>
</aliases>
</Alias>
</Firewall>
<Netflow version="1.0.1">
<capture>
<interfaces/>
<egress_only/>
<version>v9</version>
<targets/>
</capture>
<collect>
<enable>0</enable>
</collect>
<activeTimeout>1800</activeTimeout>
<inactiveTimeout>15</inactiveTimeout>
</Netflow>
<IDS version="1.0.7">
<rules/>
<policies/>
<userDefinedRules/>
<files/>
<fileTags/>
<general>
<enabled>0</enabled>
<ips>0</ips>
<promisc>0</promisc>
<interfaces>wan</interfaces>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<defaultPacketSize/>
<UpdateCron/>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<MPMAlgo>ac</MPMAlgo>
<detect>
<Profile>medium</Profile>
<toclient_groups/>
<toserver_groups/>
</detect>
<syslog>0</syslog>
<syslog_eve>0</syslog_eve>
<LogPayload>0</LogPayload>
</general>
</IDS>
<IPsec version="1.0.1">
<general>
<enabled/>
</general>
<keyPairs/>
<preSharedKeys/>
</IPsec>
<Interfaces>
<vxlans version="1.0.1"/>
<loopbacks version="1.0.0"/>
</Interfaces>
<monit version="1.0.11">
<general>
<enabled>0</enabled>
<interval>120</interval>
<startdelay>120</startdelay>
<mailserver>127.0.0.1</mailserver>
<port>25</port>
<username/>
<password/>
<ssl>0</ssl>
<sslversion>auto</sslversion>
<sslverify>1</sslverify>
<logfile>syslog facility log_daemon</logfile>
<statefile/>
<eventqueuePath/>
<eventqueueSlots/>
<httpdEnabled>0</httpdEnabled>
<httpdUsername>root</httpdUsername>
<httpdPassword>KhZpyvGvVqBrjJCqnFu</httpdPassword>
<httpdPort>2812</httpdPort>
<httpdAllow/>
<mmonitUrl/>
<mmonitTimeout>5</mmonitTimeout>
<mmonitRegisterCredentials>1</mmonitRegisterCredentials>
</general>
<alert uuid="315e6e11-d101-47c9-8c96-b3ad9c5aba9f">
<enabled>0</enabled>
<recipient>root@localhost.local</recipient>
<noton>0</noton>
<events/>
<format/>
<reminder>10</reminder>
<description/>
</alert>
<service uuid="64fbcc2a-62e7-47cf-a342-8961b83197ee">
<enabled>1</enabled>
<name>$HOST</name>
<description/>
<type>system</type>
<pidfile/>
<match/>
<path/>
<timeout>300</timeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>c77429f2-9c57-4f56-a018-890ccd966278,a9556376-a944-48fd-b753-12c6d956adf7,820091ca-133f-4b72-83fc-edf83f6594fb,739c734b-395a-4062-bbc3-e7e6518fbcc3</tests>
<depends/>
<polltime/>
</service>
<service uuid="243bed69-6fde-44fa-8e77-23ce3af3531a">
<enabled>1</enabled>
<name>RootFs</name>
<description/>
<type>filesystem</type>
<pidfile/>
<match/>
<path>/</path>
<timeout>300</timeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>bf5140b8-7545-4188-b47b-fb29501650bd</tests>
<depends/>
<polltime/>
</service>
<service uuid="9de4dd16-dfd1-4b02-9706-a9e24a242a1f">
<enabled>0</enabled>
<name>carp_status_change</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
<timeout>300</timeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>1c179742-6570-46bf-a343-8bedcf910b25</tests>
<depends/>
<polltime/>
</service>
<service uuid="c19defcf-d847-4d73-a3b0-d17201095f66">
<enabled>0</enabled>
<name>gateway_alert</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
<timeout>300</timeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>a8b6b926-331a-4bc4-a221-a5fa957a3c43</tests>
<depends/>
<polltime/>
</service>
<test uuid="1ec402c5-57fa-45a5-af63-2b1798ba9b53">
<name>Ping</name>
<type>NetworkPing</type>
<condition>failed ping</condition>
<action>alert</action>
<path/>
</test>
<test uuid="969f9bb7-06d8-4c9a-9a33-f79418d8bd66">
<name>NetworkLink</name>
<type>NetworkInterface</type>
<condition>failed link</condition>
<action>alert</action>
<path/>
</test>
<test uuid="109abb3b-cde9-4a1a-99da-d0d89096136c">
<name>NetworkSaturation</name>
<type>NetworkInterface</type>
<condition>saturation is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c77429f2-9c57-4f56-a018-890ccd966278">
<name>MemoryUsage</name>
<type>SystemResource</type>
<condition>memory usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="a9556376-a944-48fd-b753-12c6d956adf7">
<name>CPUUsage</name>
<type>SystemResource</type>
<condition>cpu usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="820091ca-133f-4b72-83fc-edf83f6594fb">
<name>LoadAvg1</name>
<type>SystemResource</type>
<condition>loadavg (1min) is greater than 4</condition>
<action>alert</action>
<path/>
</test>
<test uuid="739c734b-395a-4062-bbc3-e7e6518fbcc3">
<name>LoadAvg5</name>
<type>SystemResource</type>
<condition>loadavg (5min) is greater than 3</condition>
<action>alert</action>
<path/>
</test>
<test uuid="3cc419ad-e5a1-4f22-8f73-8a1053fbc320">
<name>LoadAvg15</name>
<type>SystemResource</type>
<condition>loadavg (15min) is greater than 2</condition>
<action>alert</action>
<path/>
</test>
<test uuid="bf5140b8-7545-4188-b47b-fb29501650bd">
<name>SpaceUsage</name>
<type>SpaceUsage</type>
<condition>space usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="1c179742-6570-46bf-a343-8bedcf910b25">
<name>ChangedStatus</name>
<type>ProgramStatus</type>
<condition>changed status</condition>
<action>alert</action>
<path/>
</test>
<test uuid="a8b6b926-331a-4bc4-a221-a5fa957a3c43">
<name>NonZeroStatus</name>
<type>ProgramStatus</type>
<condition>status != 0</condition>
<action>alert</action>
<path/>
</test>
</monit>
<OpenVPNExport version="0.0.1">
<servers/>
</OpenVPNExport>
<proxy version="1.0.5">
<general>
<enabled>0</enabled>
<error_pages>opnsense</error_pages>
<icpPort/>
<logging>
<enable>
<accessLog>1</accessLog>
<storeLog>1</storeLog>
</enable>
<ignoreLogACL/>
<target/>
</logging>
<alternateDNSservers/>
<dnsV4First>0</dnsV4First>
<forwardedForHandling>on</forwardedForHandling>
<uriWhitespaceHandling>strip</uriWhitespaceHandling>
<enablePinger>1</enablePinger>
<useViaHeader>1</useViaHeader>
<suppressVersion>0</suppressVersion>
<connecttimeout/>
<VisibleEmail>admin@localhost.local</VisibleEmail>
<VisibleHostname/>
<cache>
<local>
<enabled>0</enabled>
<directory>/var/squid/cache</directory>
<cache_mem>256</cache_mem>
<maximum_object_size/>
<maximum_object_size_in_memory/>
<memory_cache_mode>always</memory_cache_mode>
<size>100</size>
<l1>16</l1>
<l2>256</l2>
<cache_linux_packages>0</cache_linux_packages>
<cache_windows_updates>0</cache_windows_updates>
</local>
</cache>
<traffic>
<enabled>0</enabled>
<maxDownloadSize>2048</maxDownloadSize>
<maxUploadSize>1024</maxUploadSize>
<OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
<perHostTrotteling>256</perHostTrotteling>
</traffic>
<parentproxy>
<enabled>0</enabled>
<host/>
<enableauth>0</enableauth>
<user>username</user>
<password>password</password>
<port/>
<localdomains/>
<localips/>
</parentproxy>
</general>
<forward>
<interfaces>lan</interfaces>
<port>3128</port>
<sslbumpport>3129</sslbumpport>
<sslbump>0</sslbump>
<sslurlonly>0</sslurlonly>
<sslcertificate/>
<sslnobumpsites/>
<ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
<sslcrtd_children>5</sslcrtd_children>
<snmp_enable>0</snmp_enable>
<snmp_port>3401</snmp_port>
<snmp_password>public</snmp_password>
<ftpInterfaces/>
<ftpPort>2121</ftpPort>
<ftpTransparentMode>0</ftpTransparentMode>
<addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
<transparentMode>0</transparentMode>
<acl>
<allowedSubnets/>
<unrestricted/>
<bannedHosts/>
<whiteList/>
<blackList/>
<browser/>
<mimeType/>
<googleapps/>
<youtube/>
<safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
<sslPorts>443:https</sslPorts>
<remoteACLs>
<blacklists/>
<UpdateCron/>
</remoteACLs>
</acl>
<icap>
<enable>0</enable>
<RequestURL>icap://[::1]:1344/avscan</RequestURL>
<ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
<SendClientIP>1</SendClientIP>
<SendUsername>0</SendUsername>
<EncodeUsername>0</EncodeUsername>
<UsernameHeader>X-Username</UsernameHeader>
<EnablePreview>1</EnablePreview>
<PreviewSize>1024</PreviewSize>
<OptionsTTL>60</OptionsTTL>
<exclude/>
</icap>
<authentication>
<method/>
<authEnforceGroup/>
<realm>OPNsense proxy authentication</realm>
<credentialsttl>2</credentialsttl>
<children>5</children>
</authentication>
</forward>
<pac/>
<error_pages>
<template/>
</error_pages>
</proxy>
<Syslog version="1.0.1">
<general>
<enabled>1</enabled>
</general>
<destinations/>
</Syslog>
<TrafficShaper version="1.0.3">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
<unboundplus version="1.0.4">
<service_enabled/>
<advanced>
<hideidentity>0</hideidentity>
<hideversion>0</hideversion>
<prefetch>0</prefetch>
<prefetchkey>0</prefetchkey>
<dnssecstripped>0</dnssecstripped>
<serveexpired>0</serveexpired>
<serveexpiredreplyttl/>
<serveexpiredttl/>
<serveexpiredttlreset>0</serveexpiredttlreset>
<serveexpiredclienttimeout/>
<qnameminstrict>0</qnameminstrict>
<extendedstatistics>0</extendedstatistics>
<logqueries>0</logqueries>
<logreplies>0</logreplies>
<logtagqueryreply>0</logtagqueryreply>
<logverbosity>1</logverbosity>
<privatedomain/>
<privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
<insecuredomain/>
<msgcachesize/>
<rrsetcachesize/>
<outgoingnumtcp/>
<incomingnumtcp/>
<numqueriesperthread/>
<outgoingrange/>
<jostletimeout/>
<cachemaxttl/>
<cacheminttl/>
<infrahostttl/>
<infracachenumhosts/>
<unwantedreplythreshold/>
</advanced>
<dnsbl>
<enabled>0</enabled>
<type/>
<lists/>
<whitelists/>
<blocklists/>
<address/>
<nxdomain>0</nxdomain>
</dnsbl>
<forwarding>
<enabled>1</enabled>
</forwarding>
<dots>
<dot uuid="eb35e964-56c8-4706-b6fb-f55fb7ce850a">
<enabled>0</enabled>
<type>forward</type>
<domain/>
<server>1.1.1.1</server>
<port>53</port>
<verify/>
</dot>
</dots>
<hosts/>
<aliases/>
<domains/>
</unboundplus>
<wireguard>
<general version="0.0.1">
<enabled>1</enabled>
</general>
<client version="0.0.7">
<clients>
<client uuid="ae418043-cc29-4f94-abd6-27a9803ffc6a">
<enabled>1</enabled>
<name>VPS</name>
<pubkey></pubkey>
<psk/>
<tunneladdress>0.0.0.0/0</tunneladdress>
<serveraddress></serveraddress>
<serverport>51820</serverport>
<keepalive>25</keepalive>
</client>
</clients>
</client>
<server version="0.0.4">
<servers>
<server uuid="756a7c9a-f18e-4c63-9454-ca93e72185a0">
<enabled>1</enabled>
<name>WireGuard_VPN</name>
<instance>1</instance>
<pubkey></pubkey>
<privkey></privkey>
<port>51820</port>
<mtu>1420</mtu>
<dns/>
<tunneladdress>10.8.0.2/24</tunneladdress>
<disableroutes>1</disableroutes>
<gateway>10.8.0.240</gateway>
<peers>ae418043-cc29-4f94-abd6-27a9803ffc6a</peers>
</server>
</servers>
</server>
</wireguard>
<Swanctl version="1.0.0">
<Connections/>
<locals/>
<remotes/>
<children/>
<Pools/>
<VTIs/>
<SPDs/>
</Swanctl>
</OPNsense>
<vlans version="1.0.0">
<vlan/>
</vlans>
<staticroutes version="1.0.0">
<route/>
</staticroutes>
<bridges>
<bridged/>
</bridges>
<gifs>
<gif/>
</gifs>
<gres>
<gre/>
</gres>
<ca/>
<gateways>
<gateway_item>
<interface>opt5</interface>
<gateway>10.8.0.240</gateway>
<name>WireGuard</name>
<priority>255</priority>
<weight>1</weight>
<ipprotocol>inet</ipprotocol>
<interval/>
<descr/>
<monitor>10.8.0.1</monitor>
<fargw>1</fargw>
</gateway_item>
</gateways>
<virtualip version="1.0.0"/>
<cert>
<refid>638682ed1f3b2</refid>
<descr>Web GUI TLS certificate</descr>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhORENDQlJ5Z0F3SUJBZ0lVTXpDaWp0OW9QMThoYk9mcmxGQWNZV01OVzZFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU1qRXhNamt5TWpBNE5EVmFGdzB5TXpFeU16RXlNakE0TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURQQ01IVmlRSE9lUkdaZ3REM0F5OW5DdWdXaWhYV0I2MXVvSWptSm5oT2trakU3Z0NDCnNCS3hvV2tFUVdxU2M4NmZyVWY1aTAxYXFBTDhGR0d3ODBZK1lLU0ZMM3BuVXBxcWJVUWpyR1V2WE8ybUxFOGwKUGVnVHBVYmYyOEpjRUxSa0NtZGYxeGtTdFRqQ09uelNERFZ6a2xiS2ZwOEJtYlRidHJLM25GMGY2SUp5VE5kRwpSeC9yRzNuT3psdTBGSUhmQkxreVBZVVZqem9iMFlPN2h0bjJydzkzYmNwbTNhNXZhMTRGcGJtd0NMMWhhUHZhCkgwWnJMWUVWaXJKZ2pJSlpXSkE3a0lqcHZNQkI3bjJRVDF5U2taWUtWSUFkQndPS1NmZjlwZmtLZnNPRjQ2T24KeTMvdmpZODZXRWU4eTI3Rnp6dWhnNVQxK0FJTEhhdjhlR09yVUFlTlVZM2ZQWStsQUttZ1JYc3Y5VElYRkhYUQplNm9CeU52cTBXeElWMTdpWWc2M3NhVFNzSHBxMGZkaSs2TlpLUWJHUnpFeFZ2RWpDU3NLbjYwNTZ5WVRhNS9WCjF3VnV1Wm9OK3ZYYUFPYlNjSUF4NUVPV2Rna2YzbFcyQURkYWxCcEVKOWdqcG5LQnhwWHd1eWVRUlRJTFZTMTcKS2c0RVJJaVNiSUxJRHhTTzYzZDZNMngvWEFWRHNBSVZJM3ZYNmI1VHNTK2NrTmYwSldQT2YvWDRjWThBdVFvMQp4UGI4cThVdFZ3ZW9CSGtib01YbVdOWXdocTVMdnVsZnozQmNVdHdFQUlaVlNhY3N0ZDFqYmw5dW5MYWtVQi9kCkxQbDFPSnNzeFByRUhaNFBSTlphUWV4Qm1qcXY1WG94K3ZTRGlLcG5hQ0FPb0MyY3U0eTdta1FYUlFJREFRQUIKbzRJQmtEQ0NBWXd3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRk1pMnpEMkJOMmNsWkdkcHhvTExhM09pL2NQS01JSEpCZ05WSFNNRWdjRXdnYjZBRk1pMnpEMkIKTjJjbFpHZHB4b0xMYTNPaS9jUEtvWUdQcElHTU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1elpXNXpaUzVzYjJOaApiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzYkdGdVpERVZNQk1HCkExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnpaV3htTFhOcFoyNWwKWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1dDRkRNd29vN2ZhRDlmSVd6bjY1UlFIR0ZqRFZ1aE1CMEdBMVVkSlFRVwpNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWdDQWpBTEJnTlZIUThFQkFNQ0JhQXdId1lEVlIwUkJCZ3dGb0lVClQxQk9jMlZ1YzJVdWJHOWpZV3hrYjIxaGFXNHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBTFk1SUd0UFJidW8KUGdRaVBEQ2QxbitOWlhGQXRYU2N0UDFhemZ1OGVQVVBQUlJReVFvMUYya1JqYzBsTjFZUldaM3pEQTNpbGxlVQpaMWptWmR3WGZRUnJuY0liSDhWY2xaN0hmZjhMRk5LL1EwdTZDVkJkODZiSXMzVU5TUE92ZjlsS1BtTzFWaDBmClpuUEZNS1ZOcEc5VXhpQ2kzaVpvdGNiTDRSeWIzOW5YMU1jRGk3RVFqUUNVNHVaOSsxeXd3WXpqRW1hV2xrWEoKcy9TL29uTjhSblR3UGpqZlBUNGVPbTRGazVQQVV1QkhKMnZMczlhYXpuaVR0ZVJ6aW8xazJPeVJuZkh4YkYvbgp1N3h4ZVNCSXFrN25WWC95OUtSTmhFMllLNy9UeGNPeStuMmlxUmhPeDJteEhzeXI0aVMraDMxR3NGakRQMkp5CkVORytjbEVkREhyMWN3N0ZmVHpMangyelViOFNIVk5GcnoyblFQRXB2QWgrS0Z2SEZHanZVbXpicUVrdXhNREwKSXFzWWxlZVppWjhUNG0wYWpHNWlOWWMzYm5TT0x4TklzcE9JeWJ6cnRoSnlhZjBHWlNONXZYVGgxZS9UWm8wdQpIVk41WXRhcW9BMFJDT3krN3pmZkY5TnBhTGgreU1nRjJnTUhaeXJBWm82SG94VTBiUVY4S0pjV0UzQW1razdRCjdsNkIyb2JKVEYwd0FrSHY0bTRqaDFJUFBxdEFRM1IyeERQcFEvK21HazVvSHRYb1hTejUxR2Y5eGRoaVhoQlgKdEtrOXduVy9WNk1Ldk43N242cHh6SHA3UHZjTmhISVhZQTR1Vm9wMVJQTDFKWDhaNzZFN3duTEMrQkNxT3ZFOApaVmRoMDlVOHlHOFRTTU9DVk42bUJzZ1JveVFvUWxWZQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRFBDTUhWaVFIT2VSR1oKZ3REM0F5OW5DdWdXaWhYV0I2MXVvSWptSm5oT2trakU3Z0NDc0JLeG9Xa0VRV3FTYzg2ZnJVZjVpMDFhcUFMOApGR0d3ODBZK1lLU0ZMM3BuVXBxcWJVUWpyR1V2WE8ybUxFOGxQZWdUcFViZjI4SmNFTFJrQ21kZjF4a1N0VGpDCk9uelNERFZ6a2xiS2ZwOEJtYlRidHJLM25GMGY2SUp5VE5kR1J4L3JHM25Pemx1MEZJSGZCTGt5UFlVVmp6b2IKMFlPN2h0bjJydzkzYmNwbTNhNXZhMTRGcGJtd0NMMWhhUHZhSDBackxZRVZpckpnaklKWldKQTdrSWpwdk1CQgo3bjJRVDF5U2taWUtWSUFkQndPS1NmZjlwZmtLZnNPRjQ2T255My92alk4NldFZTh5MjdGenp1aGc1VDErQUlMCkhhdjhlR09yVUFlTlVZM2ZQWStsQUttZ1JYc3Y5VElYRkhYUWU2b0J5TnZxMFd4SVYxN2lZZzYzc2FUU3NIcHEKMGZkaSs2TlpLUWJHUnpFeFZ2RWpDU3NLbjYwNTZ5WVRhNS9WMXdWdXVab04rdlhhQU9iU2NJQXg1RU9XZGdrZgozbFcyQURkYWxCcEVKOWdqcG5LQnhwWHd1eWVRUlRJTFZTMTdLZzRFUklpU2JJTElEeFNPNjNkNk0yeC9YQVZECnNBSVZJM3ZYNmI1VHNTK2NrTmYwSldQT2YvWDRjWThBdVFvMXhQYjhxOFV0Vndlb0JIa2JvTVhtV05Zd2hxNUwKdnVsZnozQmNVdHdFQUlaVlNhY3N0ZDFqYmw5dW5MYWtVQi9kTFBsMU9Kc3N4UHJFSFo0UFJOWmFRZXhCbWpxdgo1WG94K3ZTRGlLcG5hQ0FPb0MyY3U0eTdta1FYUlFJREFRQUJBb0lDQUQrL0Q0ZkROcll2V3Zic2E1RVMvdjU0ClFqdm1hcERMTG1CNHQ0NDkzQjg5TllERlU0enB6K2UzcmxFc0h6ZFd4eEV0VnBNRWpGM1VpNDY0YTlnREgrYkcKOVFFNVBEUWlJQk5IcjRwWVk1Tnd4bys2NXVldHB3NmRmalFoUXpmN3dMOW80S21HM21aL1BDbTV2b01pVlRidgpvUithV3pVdjhac1JKdmdZQWloMysrcGJ0SkVrQnpUcDhkaDJlNC80SElEaHdIQXl0dzZMV2pZRWpjNG8yR1gzClF3amYya2xRQ295dC8zWTNyL1Arek9qNFhVdXRBNDZ1cFNkUDNGcVVDUEtmclZGWjBINC9xdWJpR3ZGYkxrTEcKNXU3cFU4VWNTci9DeE1QcDNjT1lnblZ3UVF6Q1FQTXVvQ0l6Mm1yTUxLQmxqWlBPb3dnVlEvUE9RQTF0dUNvUwpRWWlCclVZTFNrc0VNV3NpMk1ZanFsQXpJL2NJTHFJc1Z5VnIrUmxlcHI4NnBQbXhYaXhueWJhYkRLUFRxeDlHCnE1M3RSUjY3Tm4zcWprTWoraTRHL3ZXZjh3UWVacE9EQVFoTWQvWjJQNlNDRUU5RnhNV3BTUGtPRk9hbktQb1UKTERSbVlReHY5akx6ZExiNVpoaHZhWWFxMnphNVcweEtjaG9PYStqUDNqdWZQamErYXNQVDNhUVFLeW5rdzRhYwp1RWN5QnFSYVpabVF2dWlrZDA1enA4Vm5ZQTM5endFeVRrSW9Gd2Y2aU9zMFBzUmdGYUFyK3V1SnB2d2doSkxuCnhlOTgwS3lVdVBMNmdhWml4cVhNMHJaOVpZUVJlM3FEL2VJZmd5cHVvcVJmL1A2b3g1NlBKYml4Nmx5N3E2STYKMVN4UjNURkNKc0t1ZmpyMlI3ZkJBb0lCQVFEMzlJd2Z3aSthd21tVjR2ZXZ5bnFRM21zUHliOXpZamdFSno3UApqV0p1TG1CTnNMZFo2aFhoL05VaUJ4NUhmWE1tL2kvTmI0anpQd1djbER6Wk5Wb3E2NmtFbWdaZ0JMeWxVS2pPCkdlaVVXWG1WT05MekczUU94dEpPTC9TdkZxOWxpVFZOUnhERW85cVFHYXdTOGF0emRVOVpPTDV3Z3dndXkrNUIKWk42b04zYkdtS3RyaWZDRk5ReVpzZm9RaE5IREJ5VlhrTzZnbFR5MGNENEFqSHlCZDFuWXkrSFAwQmxBd0F1QwpNY3FBN0QyMDdOTTJ6UDBxVnFmZ1A2YSszdUI4clpxR3JlTEhkd1NzcGcwNjFiYXNJZlB3a3NoS3N3WWdGSWNMCm1kMFB4R3V3aFpVa3dmMlgxRFBjN2p5bzJka09veWp5cE9haWdnK3RRRHdjN0FDUkFvSUJBUURWd0ZSOXVoU3cKYVBSWFpmVkwzbkdEaDUvc0crdTdkOXBHRjBMcFE5cEJWV0JoSGg3cHBwZ2txd3hJZy9QMmt6Rm4rN2RWd0hDYQpWV0FVQmMwdERBQkRtTHRIblpjZWQ4SlYvdUpCNEpaUjVZVmp4bEhwZXh4dFpDVm81V210bDFqeVJ1aytaQWJICmI4d3l2MFhJNDlQR1lpT3FiekUwWDNaQ1BHbXozVld1L0U4NCt2OUpLb3p0bXQ2Wi90WGxVRkc0cVhTVUZNS2EKc09sZTU3K1pCdEtXT3p5VEErTzFwLytUK3BWMnljL3g0cnRzdXVMQzZiSm9heTd4c3Q5bGxZTTl1dXlFZk1VYQo0MlQ1MkVxSmZQL1hNNDYyOWZFaUszenJCdnRxaDA0ZkU5R21DS2JsekVFMWFMVG1FRzlKczNtOStNckx4OUdrCmUrMmIrRGRTbFFWMUFvSUJBQkFyb0ovSm1EVXRqSms3emc5bTB3dHpsZVBYc21haDl5aytMZmgzTGY0bGhCNU0KOGdncEhmZzQ5dVZiTlh4UUVCeHc0MGt3aHV2bUprV0ozVllGQnJaWjNCSHl3WXV0ZzJmOGxLV3NSdUMxM1JvQQpOTEdxRHEyUUJkTVhpWXVKblRLditndnFJSXZTYThTT0NBek1PZlF6cUZNWFFrUXdKMjUxMmpubGpDZklSalM1CmJDUjlRSFJQZTF6aW9INUhTeTYrM282Ull4NlIzUDJmZkV1bzNjM0xyTTVZcllkUitQT2lFcDRSQlRYWE1rY0UKVXRuMkVHU2NkaUpIeEdZYVB1V2lwTHMzeDl4ZVJLM0Z2b01od09JRTdOVzVuTnBTUm9uOURMbVM5VG04QTVIbApoRTU3WUVCd2xGbEtLQ2FTM25iMzZRbTUrMWlKeHQvem1uZ0FaQ0VDZ2dFQkFKMnNKT2NsVjFPVjUvOThSMGh5Cnlyc2lWVFplbGpJUVErT0dEeVp3bGRPeHZjbUY1WG1uR1AyYmF4RW12TlE3V2F1Qmc0aHV6dUVaYnlqMTZwWjcKRHNyT0kvKzg0SmRwOGVGcmhjemdkU0h1TThvWXBaMmI0YWxUd1VDeVVaVHFXb05GQ1pLclNGRGZSL3A3RzJnSApudFRzMmJCRUcwQ3QxbGNmcHowMVhKb2FwZm03TklydEowMngrdGdQb2dwb2lBKzJlRGN2WlNta3JGRUVsRkcyCk5hcjZBVUhWRWFpVFJ6VUtHQ3lxeTRoN0hwUWkrMWlaK0srTHVQSXpaeFRSQ0NHRi9DZnl2WmFLL0paTUZSZDgKTEdDN09GLy81YUsxLzR5Qzl2eHEySmFXRVFUdnh1VW1HVWZqZCtWcFpCNHlsUEFzVUxPbkx4NnRCK1lRWUFhNwp4RzBDZ2dFQVB3V29MUDZ3ZDZDMGJHK0FQK3E2MGovbE96c1pNblpLTmNyQjdCWHNzL0hvRkJHYVZoNm5yWTkvClhHSklmSTlPeDNMN2g4MENCL3c2TzJ0UDJlNGhNSlFLbzNDUVZYZitNUnJmWkIwOTNUVGtmd2Y4U1pIYnh4YVoKVlpacytEYTExQmFjZEhxRU9najBVSnRFWVdnT1JnNW1CNTFINVNSSHNTUk03NllPczVwOVFzbFdMRGNaYTY4NAoxNlRXbzJvZnRtcmZKN0F3ME9YSFlYR3dhcXcwdE5oSkdMZmg4eTFKa3BXdDBqRm5JSzVnejRYTmpnQU53K0IzCmVEaVhkQWlVU1VEMEdTVG8zdTQyWkVHVnRuang2dEh4eElsL1Q2SGFOQXhuRGd0VjA0eGRNWEc2UTUwenVURU4KNkYzQXRrekdhWmVGNzEwT0IxU2tuYWYyakpBRGFRPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<ppps>
<ppp/>
</ppps>
<laggs>
<lagg/>
</laggs>
<wireless>
<clone/>
</wireless>
</opnsense>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment