Project

General

Profile

Download (90.7 KB)

Bug #6451 » config-remote.avant.ca-20160605201826.xml

HE tunnel definitely was working on this one - Adam Thompson, 06/05/2016 08:27 PM

 
1 
<?xml version="1.0" encoding="utf-8"?>
2 
<pfsense>
3 
  <version>15.4</version>
4 
  <lastchange />
5 
  <theme>pfsense_ng</theme>
6 
  <system>
7 
    <optimization>conservative</optimization>
8 
    <hostname>remote</hostname>
9 
    <domain>avant.ca</domain>
10 
    <group>
11 
      <name>admins</name>
12 
      <description><![CDATA[System Administrators]]></description>
13 
      <scope>system</scope>
14 
      <gid>1999</gid>
15 
      <member>0</member>
16 
      <priv>page-all</priv>
17 
    </group>
18 
    <group>
19 
      <name>all</name>
20 
      <description><![CDATA[All Users]]></description>
21 
      <scope>system</scope>
22 
      <gid>1998</gid>
23 
    </group>
24 
    <group>
25 
      <name>vpnusers</name>
26 
      <description />
27 
      <gid>2000</gid>
28 
      <priv>user-ipsec-xauth-dialin</priv>
29 
      <priv>user-l2tp-dialin</priv>
30 
      <priv>user-pppoe-dialin</priv>
31 
      <priv>user-pptp-dialin</priv>
32 
      <member>2001</member>
33 
    </group>
34 
    <user>
35 
      <name>admin</name>
36 
      <descr><![CDATA[System Administrator]]></descr>
37 
      <scope>system</scope>
38 
      <groupname>admins</groupname>
39 
      <password></password>
40 
      <uid>0</uid>
41 
      <priv>user-shell-access</priv>
42 
      <md5-hash></md5-hash>
43 
    </user>
44 
    <user>
45 
      <scope>user</scope>
46 
      <password></password>
47 
      <md5-hash></md5-hash>
48 
      <name>vpnuser</name>
49 
      <descr><![CDATA[VPN User]]></descr>
50 
      <expires />
51 
      <authorizedkeys />
52 
      <ipsecpsk />
53 
      <uid>2001</uid>
54 
    </user>
55 
    <nextuid>2002</nextuid>
56 
    <nextgid>2001</nextgid>
57 
    <timezone>America/Winnipeg</timezone>
58 
    <time-update-interval />
59 
    <timeservers>2.ca.pool.ntp.org 2.pool.ntp.org ntp6a.rollernet.us clock.fmt.he.net</timeservers>
60 
    <webgui>
61 
      <protocol>https</protocol>
62 
      <loginautocomplete />
63 
      <ssl-certref>55cca9a47b7b3</ssl-certref>
64 
      <port>8443</port>
65 
      <max_procs>2</max_procs>
66 
      <althostnames>remote.avant.ca guardian.asg.local guardian.ad.avant.ca remote guardian</althostnames>
67 
      <dashboardcolumns>2</dashboardcolumns>
68 
      <webguicss>pfSense.css</webguicss>
69 
      <webguileftcolumnhyper />
70 
      <dashboardavailablewidgetspanel />
71 
      <systemlogsfilterpanel />
72 
      <systemlogsmanagelogpanel />
73 
      <statusmonitoringsettingspanel />
74 
    </webgui>
75 
    <disablesegmentationoffloading />
76 
    <disablelargereceiveoffloading />
77 
    <ipv6allow />
78 
    <powerd_ac_mode>hadp</powerd_ac_mode>
79 
    <powerd_battery_mode>hadp</powerd_battery_mode>
80 
    <powerd_normal_mode>hadp</powerd_normal_mode>
81 
    <bogons>
82 
      <interval>daily</interval>
83 
    </bogons>
84 
    <serialspeed>115200</serialspeed>
85 
    <primaryconsole>serial</primaryconsole>
86 
    <enablesshd>enabled</enablesshd>
87 
    <scrubnodf>enabled</scrubnodf>
88 
    <scrubrnid>enabled</scrubrnid>
89 
    <maximumstates />
90 
    <aliasesresolveinterval />
91 
    <maximumtableentries />
92 
    <enablebinatreflection>yes</enablebinatreflection>
93 
    <enablenatreflectionhelper>yes</enablenatreflectionhelper>
94 
    <reflectiontimeout />
95 
    <powerd_enable />
96 
    <use_mfs_tmp_size />
97 
    <use_mfs_var_size />
98 
    <language>en_US</language>
99 
    <dns1gw>none</dns1gw>
100 
    <dns2gw>none</dns2gw>
101 
    <dns3gw>none</dns3gw>
102 
    <dns4gw>none</dns4gw>
103 
    <ssh>
104 
      <port>2022</port>
105 
    </ssh>
106 
    <authserver>
107 
      <refid>562f84c16e1ac</refid>
108 
      <type>ldap</type>
109 
      <name>ad.avant.ca</name>
110 
      <ldap_caref>5540ed69a904b</ldap_caref>
111 
      <host>ad.avant.ca</host>
112 
      <ldap_port>389</ldap_port>
113 
      <ldap_urltype>TCP - Standard</ldap_urltype>
114 
      <ldap_protver>3</ldap_protver>
115 
      <ldap_scope>subtree</ldap_scope>
116 
      <ldap_basedn><![CDATA[DC=AD,DC=AVANT,DC=CA]]></ldap_basedn>
117 
      <ldap_authcn><![CDATA[DC=AD,DC=AVANT,DC=CA]]></ldap_authcn>
118 
      <ldap_extended_enabled />
119 
      <ldap_extended_query />
120 
      <ldap_attr_user><![CDATA[samAccountName]]></ldap_attr_user>
121 
      <ldap_attr_group><![CDATA[cn]]></ldap_attr_group>
122 
      <ldap_attr_member><![CDATA[memberOf]]></ldap_attr_member>
123 
      <ldap_utf8 />
124 
      <ldap_binddn><![CDATA[CN=LDAP BindAccount,OU=Service Accounts,OU=Avant,DC=AD,DC=AVANT,DC=CA]]></ldap_binddn>
125 
      <ldap_bindpw><![CDATA[]]></ldap_bindpw>
126 
    </authserver>
127 
    <dnsserver>192.168.158.10</dnsserver>
128 
    <dnsserver>192.168.158.20</dnsserver>
129 
  </system>
130 
  <interfaces>
131 
    <wan>
132 
      <if>em0</if>
133 
      <blockbogons />
134 
      <descr><![CDATA[MTSDSL]]></descr>
135 
      <spoofmac />
136 
      <alias-address />
137 
      <alias-subnet>32</alias-subnet>
138 
      <enable />
139 
      <ipaddr>dhcp</ipaddr>
140 
      <dhcphostname />
141 
      <dhcprejectfrom />
142 
      <adv_dhcp_pt_timeout />
143 
      <adv_dhcp_pt_retry />
144 
      <adv_dhcp_pt_select_timeout />
145 
      <adv_dhcp_pt_reboot />
146 
      <adv_dhcp_pt_backoff_cutoff />
147 
      <adv_dhcp_pt_initial_interval />
148 
      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
149 
      <adv_dhcp_send_options />
150 
      <adv_dhcp_request_options />
151 
      <adv_dhcp_required_options />
152 
      <adv_dhcp_option_modifiers />
153 
      <adv_dhcp_config_advanced />
154 
      <adv_dhcp_config_file_override />
155 
      <adv_dhcp_config_file_override_path />
156 
    </wan>
157 
    <lan>
158 
      <enable />
159 
      <if>bge0</if>
160 
      <descr><![CDATA[LAN]]></descr>
161 
      <spoofmac />
162 
      <ipaddr>192.168.100.1</ipaddr>
163 
      <subnet>24</subnet>
164 
      <ipaddrv6>fd60:7f9c:65d8:100::1</ipaddrv6>
165 
      <subnetv6>128</subnetv6>
166 
    </lan>
167 
    <opt1>
168 
      <if>bge0_vlan156</if>
169 
      <descr><![CDATA[DMZ]]></descr>
170 
      <enable />
171 
      <spoofmac />
172 
      <ipaddr>192.168.101.1</ipaddr>
173 
      <subnet>24</subnet>
174 
      <ipaddrv6>fd60:7f9c:65d8:101::1</ipaddrv6>
175 
      <subnetv6>64</subnetv6>
176 
    </opt1>
177 
    <opt2>
178 
      <descr><![CDATA[VOICE]]></descr>
179 
      <if>hme0_vlan8</if>
180 
      <enable />
181 
      <alias-address />
182 
      <alias-subnet>32</alias-subnet>
183 
      <spoofmac />
184 
      <ipaddr>192.168.10.1</ipaddr>
185 
      <subnet>24</subnet>
186 
    </opt2>
187 
    <opt3>
188 
      <descr><![CDATA[NEWLAN]]></descr>
189 
      <if>bge0_vlan158</if>
190 
      <enable />
191 
      <spoofmac />
192 
      <ipaddr>192.168.158.1</ipaddr>
193 
      <subnet>24</subnet>
194 
      <ipaddrv6>fd60:7f9c:65d8:158::1</ipaddrv6>
195 
      <subnetv6>64</subnetv6>
196 
    </opt3>
197 
    <opt4>
198 
      <descr><![CDATA[HEtunnel]]></descr>
199 
      <if>gif0</if>
200 
      <enable />
201 
      <spoofmac />
202 
    </opt4>
203 
  </interfaces>
204 
  <staticroutes />
205 
  <dhcpd>
206 
    <lan>
207 
      <range>
208 
        <from>192.168.100.10</from>
209 
        <to>192.168.100.245</to>
210 
      </range>
211 
    </lan>
212 
  </dhcpd>
213 
  <snmpd>
214 
    <syslocation />
215 
    <syscontact />
216 
    <rocommunity>Avant123</rocommunity>
217 
    <modules>
218 
      <mibii />
219 
      <netgraph />
220 
      <pf />
221 
      <hostres />
222 
      <ucd />
223 
      <regex />
224 
    </modules>
225 
    <enable />
226 
    <pollport>161</pollport>
227 
    <trapserver />
228 
    <trapserverport>162</trapserverport>
229 
    <trapstring />
230 
    <bindip />
231 
  </snmpd>
232 
  <diag>
233 
    <ipv6nat />
234 
  </diag>
235 
  <bridge />
236 
  <syslog />
237 
  <nat>
238 
    <outbound>
239 
      <mode>hybrid</mode>
240 
      <rule>
241 
        <source>
242 
          <network>192.168.101.0/24</network>
243 
        </source>
244 
        <sourceport />
245 
        <descr><![CDATA[NAT outbound from DMZ]]></descr>
246 
        <target />
247 
        <targetip />
248 
        <targetip_subnet>0</targetip_subnet>
249 
        <interface>wan</interface>
250 
        <poolopts />
251 
        <destination>
252 
          <any />
253 
        </destination>
254 
        <created>
255 
          <time>1428538526</time>
256 
          <username>admin@192.168.100.114</username>
257 
        </created>
258 
        <updated>
259 
          <time>1428538549</time>
260 
          <username>admin@192.168.100.114</username>
261 
        </updated>
262 
      </rule>
263 
      <rule>
264 
        <source>
265 
          <network>192.168.158.0/24</network>
266 
        </source>
267 
        <sourceport />
268 
        <descr><![CDATA[NAT outbound from NEWLAN]]></descr>
269 
        <target />
270 
        <targetip />
271 
        <targetip_subnet>0</targetip_subnet>
272 
        <interface>wan</interface>
273 
        <poolopts />
274 
        <destination>
275 
          <any />
276 
        </destination>
277 
        <updated>
278 
          <time>1431440946</time>
279 
          <username>admin@192.168.100.114</username>
280 
        </updated>
281 
        <created>
282 
          <time>1431440946</time>
283 
          <username>admin@192.168.100.114</username>
284 
        </created>
285 
      </rule>
286 
      <rule>
287 
        <source>
288 
          <network>192.168.158.0/24</network>
289 
        </source>
290 
        <sourceport />
291 
        <descr><![CDATA[allow NEWLAN-DMZ traffic (required since otherwise remote GW replies to sandbox network instead of back to NEWLAN)]]></descr>
292 
        <target />
293 
        <targetip />
294 
        <targetip_subnet />
295 
        <interface>opt1</interface>
296 
        <poolopts />
297 
        <destination>
298 
          <address>192.168.101.0/24</address>
299 
        </destination>
300 
        <updated>
301 
          <time>1462467438</time>
302 
          <username>admin@192.168.158.159</username>
303 
        </updated>
304 
        <created>
305 
          <time>1462467438</time>
306 
          <username>admin@192.168.158.159</username>
307 
        </created>
308 
      </rule>
309 
    </outbound>
310 
    <rule>
311 
      <source>
312 
        <any />
313 
      </source>
314 
      <destination>
315 
        <network>wanip</network>
316 
        <port>80</port>
317 
      </destination>
318 
      <protocol>tcp</protocol>
319 
      <target>192.168.158.16</target>
320 
      <local-port>80</local-port>
321 
      <interface>wan</interface>
322 
      <descr><![CDATA[support.avant.ca - nginx reverse proxy]]></descr>
323 
      <associated-rule-id>nat_5525c70360ccb0.32850910</associated-rule-id>
324 
      <natreflection>enable</natreflection>
325 
      <created>
326 
        <time>1428539139</time>
327 
        <username>admin@192.168.100.114</username>
328 
      </created>
329 
      <updated>
330 
        <time>1439818233</time>
331 
        <username>admin@192.168.100.114</username>
332 
      </updated>
333 
    </rule>
334 
    <rule>
335 
      <source>
336 
        <any />
337 
      </source>
338 
      <destination>
339 
        <network>wanip</network>
340 
        <port>443</port>
341 
      </destination>
342 
      <protocol>tcp</protocol>
343 
      <target>192.168.158.16</target>
344 
      <local-port>443</local-port>
345 
      <interface>wan</interface>
346 
      <descr><![CDATA[support.avant.ca - nginx reverse proxy]]></descr>
347 
      <associated-rule-id>nat_5525c70e1c0134.82856379</associated-rule-id>
348 
      <natreflection>enable</natreflection>
349 
      <created>
350 
        <time>1428539150</time>
351 
        <username>admin@192.168.100.114</username>
352 
      </created>
353 
      <updated>
354 
        <time>1439818250</time>
355 
        <username>admin@192.168.100.114</username>
356 
      </updated>
357 
    </rule>
358 
    <rule>
359 
      <disabled />
360 
      <source>
361 
        <any />
362 
      </source>
363 
      <destination>
364 
        <network>wanip</network>
365 
        <port>8080</port>
366 
      </destination>
367 
      <protocol>tcp</protocol>
368 
      <target>192.168.101.3</target>
369 
      <local-port>8080</local-port>
370 
      <interface>wan</interface>
371 
      <descr><![CDATA[support.avant.ca]]></descr>
372 
      <associated-rule-id>nat_5525c71c7fc5a4.55088909</associated-rule-id>
373 
      <natreflection>enable</natreflection>
374 
      <created>
375 
        <time>1428539164</time>
376 
        <username>admin@192.168.100.114</username>
377 
      </created>
378 
      <updated>
379 
        <time>1439818320</time>
380 
        <username>admin@192.168.100.114</username>
381 
      </updated>
382 
    </rule>
383 
    <rule>
384 
      <source>
385 
        <any />
386 
      </source>
387 
      <destination>
388 
        <network>(self)</network>
389 
        <port>22</port>
390 
      </destination>
391 
      <protocol>tcp</protocol>
392 
      <target>192.168.100.1</target>
393 
      <local-port>2022</local-port>
394 
      <interface>lan</interface>
395 
      <descr><![CDATA[redirect regular SSH port to 2022 on LAN]]></descr>
396 
      <associated-rule-id>nat_552af2a9573625.75210539</associated-rule-id>
397 
      <natreflection>enable</natreflection>
398 
      <updated>
399 
        <time>1428877993</time>
400 
        <username>admin@192.168.100.114</username>
401 
      </updated>
402 
      <created>
403 
        <time>1428877993</time>
404 
        <username>admin@192.168.100.114</username>
405 
      </created>
406 
    </rule>
407 
    <rule>
408 
      <source>
409 
        <any />
410 
      </source>
411 
      <destination>
412 
        <network>(self)</network>
413 
        <port>22</port>
414 
      </destination>
415 
      <protocol>tcp</protocol>
416 
      <target>192.168.158.1</target>
417 
      <local-port>2022</local-port>
418 
      <interface>opt3</interface>
419 
      <descr><![CDATA[redirect regular SSH port to 2022 on LAN]]></descr>
420 
      <associated-rule-id>nat_55520c83632903.91711398</associated-rule-id>
421 
      <natreflection>enable</natreflection>
422 
      <updated>
423 
        <time>1431440515</time>
424 
        <username>admin@192.168.100.114</username>
425 
      </updated>
426 
      <created>
427 
        <time>1431440515</time>
428 
        <username>admin@192.168.100.114</username>
429 
      </created>
430 
    </rule>
431 
    <rule>
432 
      <source>
433 
        <network>opt3</network>
434 
      </source>
435 
      <destination>
436 
        <network>wanip</network>
437 
        <port>54663</port>
438 
      </destination>
439 
      <protocol>tcp</protocol>
440 
      <target>192.168.158.54</target>
441 
      <local-port>54663</local-port>
442 
      <interface>wan</interface>
443 
      <descr><![CDATA[Bamboo JMS port]]></descr>
444 
      <associated-rule-id>nat_56982a9c514cd4.39339044</associated-rule-id>
445 
      <natreflection>enable</natreflection>
446 
      <created>
447 
        <time>1452812956</time>
448 
        <username>admin@192.168.158.144</username>
449 
      </created>
450 
      <updated>
451 
        <time>1452813136</time>
452 
        <username>admin@192.168.158.144</username>
453 
      </updated>
454 
    </rule>
455 
    <npt>
456 
      <descr><![CDATA[NEWLAN-to-HETUNNEL]]></descr>
457 
      <interface>opt4</interface>
458 
      <source>
459 
        <address>fd60:7f9c:65d8:158::/64</address>
460 
      </source>
461 
      <destination>
462 
        <address>2001:470:1f11:103d::/64</address>
463 
      </destination>
464 
    </npt>
465 
    <separator />
466 
    <onetoone>
467 
      <external>192.168.101.10</external>
468 
      <descr><![CDATA[fake DC1 for sandbox]]></descr>
469 
      <interface>opt1</interface>
470 
      <source>
471 
        <address>192.168.158.10</address>
472 
      </source>
473 
      <destination>
474 
        <any />
475 
      </destination>
476 
    </onetoone>
477 
    <onetoone>
478 
      <external>192.168.101.20</external>
479 
      <descr><![CDATA[fake DC2 for sandbox]]></descr>
480 
      <interface>opt1</interface>
481 
      <source>
482 
        <address>192.168.158.20</address>
483 
      </source>
484 
      <destination>
485 
        <any />
486 
      </destination>
487 
    </onetoone>
488 
  </nat>
489 
  <filter>
490 
    <rule>
491 
      <id />
492 
      <tracker>1428525653</tracker>
493 
      <type>pass</type>
494 
      <interface>wan</interface>
495 
      <ipprotocol>inet46</ipprotocol>
496 
      <tag />
497 
      <tagged />
498 
      <max />
499 
      <max-src-nodes />
500 
      <max-src-conn />
501 
      <max-src-states />
502 
      <statetimeout />
503 
      <statetype>keep state</statetype>
504 
      <os />
505 
      <source>
506 
        <any />
507 
      </source>
508 
      <destination>
509 
        <network>(self)</network>
510 
      </destination>
511 
      <descr><![CDATA[allow all inbound to firewall]]></descr>
512 
      <created>
513 
        <time>1428525653</time>
514 
        <username>admin@192.168.100.114</username>
515 
      </created>
516 
      <updated>
517 
        <time>1429197255</time>
518 
        <username>admin@192.168.100.114</username>
519 
      </updated>
520 
    </rule>
521 
    <rule>
522 
      <source>
523 
        <any />
524 
      </source>
525 
      <interface>wan</interface>
526 
      <protocol>tcp</protocol>
527 
      <destination>
528 
        <address>192.168.158.16</address>
529 
        <port>80</port>
530 
      </destination>
531 
      <descr><![CDATA[NAT support.avant.ca - nginx reverse proxy]]></descr>
532 
      <associated-rule-id>nat_5525c70360ccb0.32850910</associated-rule-id>
533 
      <created>
534 
        <time>1428539139</time>
535 
        <username>NAT Port Forward</username>
536 
      </created>
537 
      <tracker>1460561401</tracker>
538 
    </rule>
539 
    <rule>
540 
      <source>
541 
        <any />
542 
      </source>
543 
      <interface>wan</interface>
544 
      <protocol>tcp</protocol>
545 
      <destination>
546 
        <address>192.168.158.16</address>
547 
        <port>443</port>
548 
      </destination>
549 
      <descr><![CDATA[NAT support.avant.ca - nginx reverse proxy]]></descr>
550 
      <associated-rule-id>nat_5525c70e1c0134.82856379</associated-rule-id>
551 
      <created>
552 
        <time>1428539150</time>
553 
        <username>NAT Port Forward</username>
554 
      </created>
555 
      <tracker>1460561402</tracker>
556 
    </rule>
557 
    <rule>
558 
      <source>
559 
        <any />
560 
      </source>
561 
      <interface>wan</interface>
562 
      <protocol>tcp</protocol>
563 
      <destination>
564 
        <address>192.168.101.3</address>
565 
        <port>8080</port>
566 
      </destination>
567 
      <descr><![CDATA[NAT support.avant.ca]]></descr>
568 
      <associated-rule-id>nat_5525c71c7fc5a4.55088909</associated-rule-id>
569 
      <created>
570 
        <time>1428539164</time>
571 
        <username>NAT Port Forward</username>
572 
      </created>
573 
      <tracker>1460561403</tracker>
574 
    </rule>
575 
    <rule>
576 
      <descr><![CDATA[OpenVPN  wizard]]></descr>
577 
      <direction>in</direction>
578 
      <source>
579 
        <any />
580 
      </source>
581 
      <destination>
582 
        <network>wanip</network>
583 
        <port>1194</port>
584 
      </destination>
585 
      <interface>wan</interface>
586 
      <protocol>udp</protocol>
587 
      <type>pass</type>
588 
      <enabled>on</enabled>
589 
      <created>
590 
        <time>1433942735</time>
591 
        <username>OpenVPN Wizard</username>
592 
      </created>
593 
      <tracker>1460561404</tracker>
594 
    </rule>
595 
    <rule>
596 
      <id />
597 
      <tracker>1439308790</tracker>
598 
      <type>pass</type>
599 
      <interface>wan</interface>
600 
      <ipprotocol>inet</ipprotocol>
601 
      <tag />
602 
      <tagged />
603 
      <max />
604 
      <max-src-nodes />
605 
      <max-src-conn />
606 
      <max-src-states />
607 
      <statetimeout />
608 
      <statetype>keep state</statetype>
609 
      <os />
610 
      <protocol>tcp</protocol>
611 
      <source>
612 
        <any />
613 
      </source>
614 
      <destination>
615 
        <network>wanip</network>
616 
        <port>1195</port>
617 
      </destination>
618 
      <descr><![CDATA[OpenVPN ]]></descr>
619 
      <updated>
620 
        <time>1439308790</time>
621 
        <username>admin@204.16.145.145</username>
622 
      </updated>
623 
      <created>
624 
        <time>1439308790</time>
625 
        <username>admin@204.16.145.145</username>
626 
      </created>
627 
    </rule>
628 
    <rule>
629 
      <id />
630 
      <tracker>1452813164</tracker>
631 
      <type>pass</type>
632 
      <interface>wan</interface>
633 
      <ipprotocol>inet</ipprotocol>
634 
      <tag />
635 
      <tagged />
636 
      <max />
637 
      <max-src-nodes />
638 
      <max-src-conn />
639 
      <max-src-states />
640 
      <statetimeout />
641 
      <statetype>keep state</statetype>
642 
      <os />
643 
      <protocol>tcp</protocol>
644 
      <source>
645 
        <network>opt3</network>
646 
      </source>
647 
      <destination>
648 
        <address>192.168.158.54</address>
649 
        <port>54663</port>
650 
      </destination>
651 
      <descr><![CDATA[NAT Bamboo JMS port]]></descr>
652 
      <associated-rule-id>nat_56982a9c514cd4.39339044</associated-rule-id>
653 
      <created>
654 
        <time>1452812956</time>
655 
        <username>NAT Port Forward</username>
656 
      </created>
657 
      <updated>
658 
        <time>1452813196</time>
659 
        <username>admin@192.168.158.144</username>
660 
      </updated>
661 
    </rule>
662 
    <rule>
663 
      <source>
664 
        <any />
665 
      </source>
666 
      <interface>lan</interface>
667 
      <protocol>tcp</protocol>
668 
      <destination>
669 
        <address>192.168.100.1</address>
670 
        <port>2022</port>
671 
      </destination>
672 
      <descr><![CDATA[NAT redirect regular SSH port to 2022 on LAN]]></descr>
673 
      <associated-rule-id>nat_552af2a9573625.75210539</associated-rule-id>
674 
      <created>
675 
        <time>1428877993</time>
676 
        <username>NAT Port Forward</username>
677 
      </created>
678 
      <tracker>1460561405</tracker>
679 
    </rule>
680 
    <rule>
681 
      <id />
682 
      <tracker>1446059294</tracker>
683 
      <type>pass</type>
684 
      <interface>lan</interface>
685 
      <ipprotocol>inet46</ipprotocol>
686 
      <tcpflags_any />
687 
      <tag />
688 
      <tagged />
689 
      <allowopts />
690 
      <disablereplyto />
691 
      <max />
692 
      <max-src-nodes />
693 
      <max-src-conn />
694 
      <max-src-states />
695 
      <statetimeout />
696 
      <statetype>sloppy state</statetype>
697 
      <os />
698 
      <nopfsync />
699 
      <source>
700 
        <network>lan</network>
701 
      </source>
702 
      <destination>
703 
        <network>opt3</network>
704 
      </destination>
705 
      <descr><![CDATA[skip state on LAN&lt;--&gt;NEWLAN]]></descr>
706 
      <created>
707 
        <time>1446059294</time>
708 
        <username>admin@192.168.100.114</username>
709 
      </created>
710 
      <updated>
711 
        <time>1462463122</time>
712 
        <username>admin@192.168.158.159</username>
713 
      </updated>
714 
    </rule>
715 
    <rule>
716 
      <id />
717 
      <tracker>0100000101</tracker>
718 
      <type>pass</type>
719 
      <interface>lan</interface>
720 
      <ipprotocol>inet46</ipprotocol>
721 
      <tag />
722 
      <tagged />
723 
      <max />
724 
      <max-src-nodes />
725 
      <max-src-conn />
726 
      <max-src-states />
727 
      <statetimeout />
728 
      <statetype>keep state</statetype>
729 
      <os />
730 
      <source>
731 
        <any />
732 
      </source>
733 
      <destination>
734 
        <any />
735 
      </destination>
736 
      <descr><![CDATA[Default allow LAN to any rule]]></descr>
737 
      <updated>
738 
        <time>1446059255</time>
739 
        <username>admin@192.168.100.114</username>
740 
      </updated>
741 
    </rule>
742 
    <rule>
743 
      <id />
744 
      <tracker>1434292491</tracker>
745 
      <type>pass</type>
746 
      <interface>enc0</interface>
747 
      <ipprotocol>inet46</ipprotocol>
748 
      <tag />
749 
      <tagged />
750 
      <max />
751 
      <max-src-nodes />
752 
      <max-src-conn />
753 
      <max-src-states />
754 
      <statetimeout />
755 
      <statetype>keep state</statetype>
756 
      <os />
757 
      <source>
758 
        <any />
759 
      </source>
760 
      <destination>
761 
        <any />
762 
      </destination>
763 
      <descr><![CDATA[Allow all IPSec traffic]]></descr>
764 
      <created>
765 
        <time>1434292491</time>
766 
        <username>admin@137.122.64.20</username>
767 
      </created>
768 
      <updated>
769 
        <time>1434902080</time>
770 
        <username>admin@50.72.224.18</username>
771 
      </updated>
772 
    </rule>
773 
    <rule>
774 
      <id />
775 
      <tracker>1430323239</tracker>
776 
      <type>pass</type>
777 
      <interface>openvpn</interface>
778 
      <ipprotocol>inet46</ipprotocol>
779 
      <tag />
780 
      <tagged />
781 
      <max />
782 
      <max-src-nodes />
783 
      <max-src-conn />
784 
      <max-src-states />
785 
      <statetimeout />
786 
      <statetype>keep state</statetype>
787 
      <os />
788 
      <source>
789 
        <any />
790 
      </source>
791 
      <destination>
792 
        <any />
793 
      </destination>
794 
      <descr />
795 
      <updated>
796 
        <time>1430323239</time>
797 
        <username>admin@198.51.75.21</username>
798 
      </updated>
799 
      <created>
800 
        <time>1430323239</time>
801 
        <username>admin@198.51.75.21</username>
802 
      </created>
803 
    </rule>
804 
    <rule>
805 
      <id />
806 
      <tracker>1428537964</tracker>
807 
      <type>pass</type>
808 
      <interface>opt1</interface>
809 
      <ipprotocol>inet46</ipprotocol>
810 
      <tag />
811 
      <tagged />
812 
      <max />
813 
      <max-src-nodes />
814 
      <max-src-conn />
815 
      <max-src-states />
816 
      <statetimeout />
817 
      <statetype>keep state</statetype>
818 
      <os />
819 
      <source>
820 
        <any />
821 
      </source>
822 
      <destination>
823 
        <network>(self)</network>
824 
      </destination>
825 
      <descr><![CDATA[allow all inbound to firewall]]></descr>
826 
      <created>
827 
        <time>1428537964</time>
828 
        <username>admin@192.168.100.114</username>
829 
      </created>
830 
      <updated>
831 
        <time>1429197288</time>
832 
        <username>admin@192.168.100.114</username>
833 
      </updated>
834 
    </rule>
835 
    <rule>
836 
      <id />
837 
      <tracker>1428538625</tracker>
838 
      <type>pass</type>
839 
      <interface>opt1</interface>
840 
      <ipprotocol>inet46</ipprotocol>
841 
      <tag />
842 
      <tagged />
843 
      <max />
844 
      <max-src-nodes />
845 
      <max-src-conn />
846 
      <max-src-states />
847 
      <statetimeout />
848 
      <statetype>keep state</statetype>
849 
      <os />
850 
      <source>
851 
        <network>opt1</network>
852 
      </source>
853 
      <destination>
854 
        <any />
855 
      </destination>
856 
      <descr><![CDATA[allow all outbound from DMZ]]></descr>
857 
      <created>
858 
        <time>1428538625</time>
859 
        <username>admin@192.168.100.114</username>
860 
      </created>
861 
      <updated>
862 
        <time>1429197294</time>
863 
        <username>admin@192.168.100.114</username>
864 
      </updated>
865 
    </rule>
866 
    <rule>
867 
      <id />
868 
      <tracker>1428943315</tracker>
869 
      <type>pass</type>
870 
      <interface>opt2</interface>
871 
      <ipprotocol>inet46</ipprotocol>
872 
      <tag />
873 
      <tagged />
874 
      <max />
875 
      <max-src-nodes />
876 
      <max-src-conn />
877 
      <max-src-states />
878 
      <statetimeout />
879 
      <statetype>keep state</statetype>
880 
      <os />
881 
      <source>
882 
        <any />
883 
      </source>
884 
      <destination>
885 
        <any />
886 
      </destination>
887 
      <descr><![CDATA[allow all from VoIP network]]></descr>
888 
      <created>
889 
        <time>1428943315</time>
890 
        <username>admin@192.168.100.114</username>
891 
      </created>
892 
      <updated>
893 
        <time>1429197303</time>
894 
        <username>admin@192.168.100.114</username>
895 
      </updated>
896 
    </rule>
897 
    <rule>
898 
      <id />
899 
      <tracker>1431440602</tracker>
900 
      <type>pass</type>
901 
      <interface>opt3</interface>
902 
      <ipprotocol>inet46</ipprotocol>
903 
      <tag />
904 
      <tagged />
905 
      <max />
906 
      <max-src-nodes />
907 
      <max-src-conn />
908 
      <max-src-states />
909 
      <statetimeout />
910 
      <statetype>keep state</statetype>
911 
      <os />
912 
      <source>
913 
        <any />
914 
      </source>
915 
      <destination>
916 
        <network>(self)</network>
917 
      </destination>
918 
      <descr><![CDATA[allow all traffic to myself]]></descr>
919 
      <updated>
920 
        <time>1431440602</time>
921 
        <username>admin@192.168.100.114</username>
922 
      </updated>
923 
      <created>
924 
        <time>1431440602</time>
925 
        <username>admin@192.168.100.114</username>
926 
      </created>
927 
    </rule>
928 
    <rule>
929 
      <source>
930 
        <any />
931 
      </source>
932 
      <interface>opt3</interface>
933 
      <protocol>tcp</protocol>
934 
      <destination>
935 
        <address>192.168.158.1</address>
936 
        <port>2022</port>
937 
      </destination>
938 
      <descr><![CDATA[NAT redirect regular SSH port to 2022 on LAN]]></descr>
939 
      <associated-rule-id>nat_55520c83632903.91711398</associated-rule-id>
940 
      <created>
941 
        <time>1431440515</time>
942 
        <username>NAT Port Forward</username>
943 
      </created>
944 
      <tracker>1460561407</tracker>
945 
    </rule>
946 
    <rule>
947 
      <id />
948 
      <tracker>1438007182</tracker>
949 
      <type>block</type>
950 
      <interface>opt3</interface>
951 
      <ipprotocol>inet</ipprotocol>
952 
      <tag />
953 
      <tagged />
954 
      <max />
955 
      <max-src-nodes />
956 
      <max-src-conn />
957 
      <max-src-states />
958 
      <statetimeout />
959 
      <statetype>keep state</statetype>
960 
      <os />
961 
      <source>
962 
        <any />
963 
      </source>
964 
      <destination>
965 
        <address>209.85.220.69</address>
966 
      </destination>
967 
      <descr><![CDATA[silently drop PVE multicast traffic]]></descr>
968 
      <updated>
969 
        <time>1438007182</time>
970 
        <username>admin@192.168.100.114</username>
971 
      </updated>
972 
      <created>
973 
        <time>1438007182</time>
974 
        <username>admin@192.168.100.114</username>
975 
      </created>
976 
    </rule>
977 
    <rule>
978 
      <id />
979 
      <tracker>1446059352</tracker>
980 
      <type>pass</type>
981 
      <interface>opt3</interface>
982 
      <ipprotocol>inet46</ipprotocol>
983 
      <tcpflags_any />
984 
      <tag />
985 
      <tagged />
986 
      <allowopts />
987 
      <disablereplyto />
988 
      <max />
989 
      <max-src-nodes />
990 
      <max-src-conn />
991 
      <max-src-states />
992 
      <statetimeout />
993 
      <statetype>sloppy state</statetype>
994 
      <os />
995 
      <nopfsync />
996 
      <source>
997 
        <network>opt3</network>
998 
      </source>
999 
      <destination>
1000 
        <network>lan</network>
1001 
      </destination>
1002 
      <descr><![CDATA[skip state on all NEWLAN&lt;--&gt;LAN traffic]]></descr>
1003 
      <created>
1004 
        <time>1446059352</time>
1005 
        <username>admin@192.168.100.114</username>
1006 
      </created>
1007 
      <updated>
1008 
        <time>1462463261</time>
1009 
        <username>admin@192.168.158.159</username>
1010 
      </updated>
1011 
    </rule>
1012 
    <rule>
1013 
      <id />
1014 
      <tracker>1431440556</tracker>
1015 
      <type>pass</type>
1016 
      <interface>opt3</interface>
1017 
      <ipprotocol>inet46</ipprotocol>
1018 
      <tag />
1019 
      <tagged />
1020 
      <max />
1021 
      <max-src-nodes />
1022 
      <max-src-conn />
1023 
      <max-src-states />
1024 
      <statetimeout />
1025 
      <statetype>keep state</statetype>
1026 
      <os />
1027 
      <source>
1028 
        <any />
1029 
      </source>
1030 
      <destination>
1031 
        <any />
1032 
      </destination>
1033 
      <descr><![CDATA[allow all outbound traffic]]></descr>
1034 
      <updated>
1035 
        <time>1431440556</time>
1036 
        <username>admin@192.168.100.114</username>
1037 
      </updated>
1038 
      <created>
1039 
        <time>1431440556</time>
1040 
        <username>admin@192.168.100.114</username>
1041 
      </created>
1042 
    </rule>
1043 
    <rule>
1044 
      <id />
1045 
      <tracker>1434737487</tracker>
1046 
      <type>pass</type>
1047 
      <interface>opt4</interface>
1048 
      <ipprotocol>inet46</ipprotocol>
1049 
      <tag />
1050 
      <tagged />
1051 
      <max />
1052 
      <max-src-nodes />
1053 
      <max-src-conn />
1054 
      <max-src-states />
1055 
      <statetimeout />
1056 
      <statetype>keep state</statetype>
1057 
      <os />
1058 
      <source>
1059 
        <any />
1060 
      </source>
1061 
      <destination>
1062 
        <network>(self)</network>
1063 
      </destination>
1064 
      <descr><![CDATA[allow traffic to the firewall]]></descr>
1065 
      <updated>
1066 
        <time>1434737487</time>
1067 
        <username>admin@198.51.75.21</username>
1068 
      </updated>
1069 
      <created>
1070 
        <time>1434737487</time>
1071 
        <username>admin@198.51.75.21</username>
1072 
      </created>
1073 
    </rule>
1074 
    <separator>
1075 
      <lan />
1076 
      <openvpn />
1077 
    </separator>
1078 
  </filter>
1079 
  <shaper>
1080 
    <queue>
1081 
      <interface>wan</interface>
1082 
      <name>wan</name>
1083 
      <scheduler>HFSC</scheduler>
1084 
      <bandwidth>2</bandwidth>
1085 
      <bandwidthtype>Mb</bandwidthtype>
1086 
      <enabled>on</enabled>
1087 
      <queue>
1088 
        <name>qInternet</name>
1089 
        <interface>wan</interface>
1090 
        <bandwidth>2</bandwidth>
1091 
        <bandwidthtype>Mb</bandwidthtype>
1092 
        <enabled>on</enabled>
1093 
        <ecn>ecn</ecn>
1094 
        <linkshare3>1.9Mb</linkshare3>
1095 
        <upperlimit3>1.9Mb</upperlimit3>
1096 
        <queue>
1097 
          <name>qACK</name>
1098 
          <interface>wan</interface>
1099 
          <priority>6</priority>
1100 
          <bandwidth>20</bandwidth>
1101 
          <bandwidthtype>%</bandwidthtype>
1102 
          <enabled>on</enabled>
1103 
          <ecn>on</ecn>
1104 
          <linkshare3>20%</linkshare3>
1105 
          <linkshare>on</linkshare>
1106 
        </queue>
1107 
        <queue>
1108 
          <name>qDefault</name>
1109 
          <interface>wan</interface>
1110 
          <priority>3</priority>
1111 
          <bandwidth>10</bandwidth>
1112 
          <bandwidthtype>%</bandwidthtype>
1113 
          <enabled>on</enabled>
1114 
          <default>on</default>
1115 
          <ecn>on</ecn>
1116 
        </queue>
1117 
        <linkshare>on</linkshare>
1118 
        <upperlimit>on</upperlimit>
1119 
      </queue>
1120 
    </queue>
1121 
    <queue>
1122 
      <interface>lan</interface>
1123 
      <name>lan</name>
1124 
      <scheduler>HFSC</scheduler>
1125 
      <bandwidth>1048576</bandwidth>
1126 
      <bandwidthtype>Kb</bandwidthtype>
1127 
      <enabled>on</enabled>
1128 
      <queue>
1129 
        <name>qLink</name>
1130 
        <interface>lan</interface>
1131 
        <qlimit>500</qlimit>
1132 
        <priority>2</priority>
1133 
        <bandwidth>20</bandwidth>
1134 
        <bandwidthtype>%</bandwidthtype>
1135 
        <enabled>on</enabled>
1136 
        <default>on</default>
1137 
        <ecn>on</ecn>
1138 
      </queue>
1139 
      <queue>
1140 
        <name>qInternet</name>
1141 
        <interface>lan</interface>
1142 
        <bandwidth>26214.4</bandwidth>
1143 
        <bandwidthtype>Kb</bandwidthtype>
1144 
        <enabled>on</enabled>
1145 
        <ecn>on</ecn>
1146 
        <linkshare3>26214.4Kb</linkshare3>
1147 
        <linkshare>on</linkshare>
1148 
        <upperlimit3>26214.4Kb</upperlimit3>
1149 
        <upperlimit>on</upperlimit>
1150 
        <queue>
1151 
          <name>qACK</name>
1152 
          <interface>lan</interface>
1153 
          <priority>6</priority>
1154 
          <bandwidth>20</bandwidth>
1155 
          <bandwidthtype>%</bandwidthtype>
1156 
          <enabled>on</enabled>
1157 
          <ecn>on</ecn>
1158 
          <linkshare3>20%</linkshare3>
1159 
          <linkshare>on</linkshare>
1160 
        </queue>
1161 
      </queue>
1162 
    </queue>
1163 
    <queue>
1164 
      <interface>opt1</interface>
1165 
      <name>opt1</name>
1166 
      <scheduler>HFSC</scheduler>
1167 
      <bandwidth>1048576</bandwidth>
1168 
      <bandwidthtype>Kb</bandwidthtype>
1169 
      <enabled>on</enabled>
1170 
      <queue>
1171 
        <name>qLink</name>
1172 
        <interface>opt1</interface>
1173 
        <qlimit>500</qlimit>
1174 
        <priority>2</priority>
1175 
        <bandwidth>20</bandwidth>
1176 
        <bandwidthtype>%</bandwidthtype>
1177 
        <enabled>on</enabled>
1178 
        <default>on</default>
1179 
        <ecn>on</ecn>
1180 
      </queue>
1181 
      <queue>
1182 
        <name>qInternet</name>
1183 
        <interface>opt1</interface>
1184 
        <bandwidth>26214.4</bandwidth>
1185 
        <bandwidthtype>Kb</bandwidthtype>
1186 
        <enabled>on</enabled>
1187 
        <ecn>on</ecn>
1188 
        <linkshare3>26214.4Kb</linkshare3>
1189 
        <linkshare>on</linkshare>
1190 
        <upperlimit3>26214.4Kb</upperlimit3>
1191 
        <upperlimit>on</upperlimit>
1192 
        <queue>
1193 
          <name>qACK</name>
1194 
          <interface>opt1</interface>
1195 
          <priority>6</priority>
1196 
          <bandwidth>20</bandwidth>
1197 
          <bandwidthtype>%</bandwidthtype>
1198 
          <enabled>on</enabled>
1199 
          <ecn>on</ecn>
1200 
          <linkshare3>20%</linkshare3>
1201 
          <linkshare>on</linkshare>
1202 
        </queue>
1203 
      </queue>
1204 
    </queue>
1205 
    <queue>
1206 
      <interface>opt2</interface>
1207 
      <name>opt2</name>
1208 
      <scheduler>HFSC</scheduler>
1209 
      <bandwidth>1048576</bandwidth>
1210 
      <bandwidthtype>Kb</bandwidthtype>
1211 
      <enabled>on</enabled>
1212 
      <queue>
1213 
        <name>qLink</name>
1214 
        <interface>opt2</interface>
1215 
        <qlimit>500</qlimit>
1216 
        <priority>2</priority>
1217 
        <bandwidth>20</bandwidth>
1218 
        <bandwidthtype>%</bandwidthtype>
1219 
        <enabled>on</enabled>
1220 
        <default>on</default>
1221 
        <ecn>on</ecn>
1222 
      </queue>
1223 
      <queue>
1224 
        <name>qInternet</name>
1225 
        <interface>opt2</interface>
1226 
        <bandwidth>26214.4</bandwidth>
1227 
        <bandwidthtype>Kb</bandwidthtype>
1228 
        <enabled>on</enabled>
1229 
        <ecn>on</ecn>
1230 
        <linkshare3>26214.4Kb</linkshare3>
1231 
        <linkshare>on</linkshare>
1232 
        <upperlimit3>26214.4Kb</upperlimit3>
1233 
        <upperlimit>on</upperlimit>
1234 
        <queue>
1235 
          <name>qACK</name>
1236 
          <interface>opt2</interface>
1237 
          <priority>6</priority>
1238 
          <bandwidth>20</bandwidth>
1239 
          <bandwidthtype>%</bandwidthtype>
1240 
          <enabled>on</enabled>
1241 
          <ecn>on</ecn>
1242 
          <linkshare3>20%</linkshare3>
1243 
          <linkshare>on</linkshare>
1244 
        </queue>
1245 
      </queue>
1246 
    </queue>
1247 
    <queue>
1248 
      <interface>opt3</interface>
1249 
      <name>opt3</name>
1250 
      <scheduler>HFSC</scheduler>
1251 
      <bandwidth>1048576</bandwidth>
1252 
      <bandwidthtype>Kb</bandwidthtype>
1253 
      <enabled>on</enabled>
1254 
      <queue>
1255 
        <name>qLink</name>
1256 
        <interface>opt3</interface>
1257 
        <qlimit>500</qlimit>
1258 
        <priority>2</priority>
1259 
        <bandwidth>20</bandwidth>
1260 
        <bandwidthtype>%</bandwidthtype>
1261 
        <enabled>on</enabled>
1262 
        <default>on</default>
1263 
        <ecn>on</ecn>
1264 
      </queue>
1265 
      <queue>
1266 
        <name>qInternet</name>
1267 
        <interface>opt3</interface>
1268 
        <bandwidth>26214.4</bandwidth>
1269 
        <bandwidthtype>Kb</bandwidthtype>
1270 
        <enabled>on</enabled>
1271 
        <ecn>on</ecn>
1272 
        <linkshare3>26214.4Kb</linkshare3>
1273 
        <linkshare>on</linkshare>
1274 
        <upperlimit3>26214.4Kb</upperlimit3>
1275 
        <upperlimit>on</upperlimit>
1276 
        <queue>
1277 
          <name>qACK</name>
1278 
          <interface>opt3</interface>
1279 
          <priority>6</priority>
1280 
          <bandwidth>20</bandwidth>
1281 
          <bandwidthtype>%</bandwidthtype>
1282 
          <enabled>on</enabled>
1283 
          <ecn>on</ecn>
1284 
          <linkshare3>20%</linkshare3>
1285 
          <linkshare>on</linkshare>
1286 
        </queue>
1287 
      </queue>
1288 
    </queue>
1289 
  </shaper>
1290 
  <ipsec>
1291 
    <client>
1292 
      <enable />
1293 
      <user_source>Local Database</user_source>
1294 
      <group_source>none</group_source>
1295 
      <pool_address>192.168.98.0</pool_address>
1296 
      <pool_netbits>24</pool_netbits>
1297 
      <net_list />
1298 
      <save_passwd />
1299 
      <dns_domain>ad.avant.ca</dns_domain>
1300 
      <dns_split>ad.avant.ca</dns_split>
1301 
      <dns_server1>192.168.158.10</dns_server1>
1302 
      <dns_server2>192.168.158.20</dns_server2>
1303 
      <dns_server3 />
1304 
      <dns_server4 />
1305 
      <wins_server1>192.168.158.10</wins_server1>
1306 
      <wins_server2>192.168.158.20</wins_server2>
1307 
      <login_banner><![CDATA[This is a banner.]]></login_banner>
1308 
    </client>
1309 
    <compression />
1310 
    <uniqueids>yes</uniqueids>
1311 
    <noshuntlaninterfaces />
1312 
    <acceptunencryptedmainmode />
1313 
    <enable />
1314 
    <phase1>
1315 
      <ikeid>2</ikeid>
1316 
      <iketype>ikev2</iketype>
1317 
      <interface>wan</interface>
1318 
      <mobile />
1319 
      <protocol>inet</protocol>
1320 
      <myid_type>fqdn</myid_type>
1321 
      <myid_data>remote.avant.ca</myid_data>
1322 
      <peerid_type>user_fqdn</peerid_type>
1323 
      <peerid_data>vpnuser@avant.ca</peerid_data>
1324 
      <encryption-algorithm>
1325 
        <name>aes</name>
1326 
        <keylen>256</keylen>
1327 
      </encryption-algorithm>
1328 
      <hash-algorithm>sha1</hash-algorithm>
1329 
      <dhgroup>2</dhgroup>
1330 
      <lifetime>28800</lifetime>
1331 
      <pre-shared-key>Avant123</pre-shared-key>
1332 
      <private-key />
1333 
      <certref>557781ff419d8</certref>
1334 
      <caref>557b8b98e24da</caref>
1335 
      <authentication_method>hybrid_rsa_server</authentication_method>
1336 
      <descr />
1337 
      <nat_traversal>on</nat_traversal>
1338 
      <mobike>on</mobike>
1339 
      <responderonly />
1340 
      <dpd_delay>3</dpd_delay>
1341 
      <dpd_maxfail>3</dpd_maxfail>
1342 
      <disabled />
1343 
    </phase1>
1344 
    <phase1>
1345 
      <ikeid>1</ikeid>
1346 
      <iketype>ikev2</iketype>
1347 
      <interface>wan</interface>
1348 
      <remote-gateway>204.16.144.114</remote-gateway>
1349 
      <protocol>inet</protocol>
1350 
      <myid_type>myaddress</myid_type>
1351 
      <myid_data />
1352 
      <peerid_type>peeraddress</peerid_type>
1353 
      <peerid_data />
1354 
      <encryption-algorithm>
1355 
        <name>aes</name>
1356 
        <keylen>256</keylen>
1357 
      </encryption-algorithm>
1358 
      <hash-algorithm>sha1</hash-algorithm>
1359 
      <dhgroup>2</dhgroup>
1360 
      <lifetime>28800</lifetime>
1361 
      <pre-shared-key>r011over</pre-shared-key>
1362 
      <private-key />
1363 
      <certref />
1364 
      <caref />
1365 
      <authentication_method>pre_shared_key</authentication_method>
1366 
      <descr><![CDATA[Adam - home]]></descr>
1367 
      <nat_traversal>on</nat_traversal>
1368 
      <mobike>off</mobike>
1369 
      <dpd_delay>10</dpd_delay>
1370 
      <dpd_maxfail>5</dpd_maxfail>
1371 
      <disabled />
1372 
    </phase1>
1373 
    <phase2>
1374 
      <ikeid>2</ikeid>
1375 
      <uniqid>55ad776349282</uniqid>
1376 
      <mode>tunnel</mode>
1377 
      <reqid>1</reqid>
1378 
      <localid>
1379 
        <type>lan</type>
1380 
      </localid>
1381 
      <remoteid>
1382 
        <type>mobile</type>
1383 
      </remoteid>
1384 
      <protocol>esp</protocol>
1385 
      <encryption-algorithm-option>
1386 
        <name>aes</name>
1387 
        <keylen>auto</keylen>
1388 
      </encryption-algorithm-option>
1389 
      <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
1390 
      <hash-algorithm-option>hmac_sha256</hash-algorithm-option>
1391 
      <pfsgroup>2</pfsgroup>
1392 
      <lifetime>3600</lifetime>
1393 
      <pinghost />
1394 
      <descr />
1395 
      <mobile />
1396 
    </phase2>
1397 
    <phase2>
1398 
      <ikeid>2</ikeid>
1399 
      <uniqid>55ad777de96f0</uniqid>
1400 
      <mode>tunnel</mode>
1401 
      <reqid>2</reqid>
1402 
      <localid>
1403 
        <type>opt3</type>
1404 
      </localid>
1405 
      <remoteid>
1406 
        <type>mobile</type>
1407 
      </remoteid>
1408 
      <protocol>esp</protocol>
1409 
      <encryption-algorithm-option>
1410 
        <name>aes</name>
1411 
        <keylen>auto</keylen>
1412 
      </encryption-algorithm-option>
1413 
      <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
1414 
      <hash-algorithm-option>hmac_sha256</hash-algorithm-option>
1415 
      <pfsgroup>2</pfsgroup>
1416 
      <lifetime>3600</lifetime>
1417 
      <pinghost />
1418 
      <descr />
1419 
      <mobile />
1420 
    </phase2>
1421 
    <phase2>
1422 
      <ikeid>1</ikeid>
1423 
      <uniqid>55edbd1115de9</uniqid>
1424 
      <mode>tunnel</mode>
1425 
      <reqid>3</reqid>
1426 
      <localid>
1427 
        <type>opt3</type>
1428 
      </localid>
1429 
      <remoteid>
1430 
        <type>network</type>
1431 
        <address>192.168.160.0</address>
1432 
        <netbits>24</netbits>
1433 
      </remoteid>
1434 
      <protocol>esp</protocol>
1435 
      <encryption-algorithm-option>
1436 
        <name>aes</name>
1437 
        <keylen>auto</keylen>
1438 
      </encryption-algorithm-option>
1439 
      <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
1440 
      <pfsgroup>0</pfsgroup>
1441 
      <lifetime>3600</lifetime>
1442 
      <pinghost />
1443 
      <descr />
1444 
    </phase2>
1445 
    <phase2>
1446 
      <ikeid>1</ikeid>
1447 
      <uniqid>55edbeeedf087</uniqid>
1448 
      <mode>tunnel</mode>
1449 
      <reqid>4</reqid>
1450 
      <localid>
1451 
        <type>lan</type>
1452 
      </localid>
1453 
      <remoteid>
1454 
        <type>network</type>
1455 
        <address>192.168.160.0</address>
1456 
        <netbits>24</netbits>
1457 
      </remoteid>
1458 
      <protocol>esp</protocol>
1459 
      <encryption-algorithm-option>
1460 
        <name>aes</name>
1461 
        <keylen>auto</keylen>
1462 
      </encryption-algorithm-option>
1463 
      <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
1464 
      <pfsgroup>0</pfsgroup>
1465 
      <lifetime>3600</lifetime>
1466 
      <pinghost />
1467 
      <descr />
1468 
    </phase2>
1469 
    <logging>
1470 
      <dmn>1</dmn>
1471 
      <mgr>1</mgr>
1472 
      <ike>1</ike>
1473 
      <chd>1</chd>
1474 
      <job>1</job>
1475 
      <cfg>1</cfg>
1476 
      <knl>1</knl>
1477 
      <net>1</net>
1478 
      <asn>1</asn>
1479 
      <enc>1</enc>
1480 
      <imc>1</imc>
1481 
      <imv>1</imv>
1482 
      <pts>1</pts>
1483 
      <tls>1</tls>
1484 
      <esp>1</esp>
1485 
      <lib>1</lib>
1486 
    </logging>
1487 
  </ipsec>
1488 
  <aliases />
1489 
  <proxyarp />
1490 
  <cron>
1491 
    <item>
1492 
      <minute>1,31</minute>
1493 
      <hour>0-5</hour>
1494 
      <mday>*</mday>
1495 
      <month>*</month>
1496 
      <wday>*</wday>
1497 
      <who>root</who>
1498 
      <command>/usr/bin/nice -n20 adjkerntz -a</command>
1499 
    </item>
1500 
    <item>
1501 
      <minute>1</minute>
1502 
      <hour>3</hour>
1503 
      <mday>*</mday>
1504 
      <month>*</month>
1505 
      <wday>*</wday>
1506 
      <who>root</who>
1507 
      <command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
1508 
    </item>
1509 
    <item>
1510 
      <minute>*/60</minute>
1511 
      <hour>*</hour>
1512 
      <mday>*</mday>
1513 
      <month>*</month>
1514 
      <wday>*</wday>
1515 
      <who>root</who>
1516 
      <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
1517 
    </item>
1518 
    <item>
1519 
      <minute>*/60</minute>
1520 
      <hour>*</hour>
1521 
      <mday>*</mday>
1522 
      <month>*</month>
1523 
      <wday>*</wday>
1524 
      <who>root</who>
1525 
      <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout</command>
1526 
    </item>
1527 
    <item>
1528 
      <minute>1</minute>
1529 
      <hour>1</hour>
1530 
      <mday>*</mday>
1531 
      <month>*</month>
1532 
      <wday>*</wday>
1533 
      <who>root</who>
1534 
      <command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
1535 
    </item>
1536 
    <item>
1537 
      <minute>*/60</minute>
1538 
      <hour>*</hour>
1539 
      <mday>*</mday>
1540 
      <month>*</month>
1541 
      <wday>*</wday>
1542 
      <who>root</who>
1543 
      <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
1544 
    </item>
1545 
    <item>
1546 
      <minute>30</minute>
1547 
      <hour>12</hour>
1548 
      <mday>*</mday>
1549 
      <month>*</month>
1550 
      <wday>*</wday>
1551 
      <who>root</who>
1552 
      <command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
1553 
    </item>
1554 
    <item>
1555 
      <minute>*/120</minute>
1556 
      <hour>*</hour>
1557 
      <mday>*</mday>
1558 
      <month>*</month>
1559 
      <wday>*</wday>
1560 
      <who>root</who>
1561 
      <command>/etc/rc.haproxy_ocsp.sh</command>
1562 
    </item>
1563 
    <item>
1564 
      <minute>*/5</minute>
1565 
      <hour>*</hour>
1566 
      <mday>*</mday>
1567 
      <month>*</month>
1568 
      <wday>*</wday>
1569 
      <who>root</who>
1570 
      <command>/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc</command>
1571 
    </item>
1572 
    <item>
1573 
      <minute>5</minute>
1574 
      <hour>0,6,12,18</hour>
1575 
      <mday>*</mday>
1576 
      <month>*</month>
1577 
      <wday>*</wday>
1578 
      <who>root</who>
1579 
      <command>/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php</command>
1580 
    </item>
1581 
    <item>
1582 
      <minute>*/5</minute>
1583 
      <hour>*</hour>
1584 
      <mday>*</mday>
1585 
      <month>*</month>
1586 
      <wday>*</wday>
1587 
      <who>root</who>
1588 
      <command>/usr/bin/nice -n20 /sbin/pfctl -q -t snort2c -T expire 3600</command>
1589 
    </item>
1590 
  </cron>
1591 
  <wol />
1592 
  <rrd>
1593 
    <enable />
1594 
  </rrd>
1595 
  <load_balancer>
1596 
    <monitor_type>
1597 
      <name>ICMP</name>
1598 
      <type>icmp</type>
1599 
      <descr><![CDATA[ICMP]]></descr>
1600 
      <options />
1601 
    </monitor_type>
1602 
    <monitor_type>
1603 
      <name>TCP</name>
1604 
      <type>tcp</type>
1605 
      <descr><![CDATA[Generic TCP]]></descr>
1606 
      <options />
1607 
    </monitor_type>
1608 
    <monitor_type>
1609 
      <name>HTTP</name>
1610 
      <type>http</type>
1611 
      <descr><![CDATA[Generic HTTP]]></descr>
1612 
      <options>
1613 
        <path>/</path>
1614 
        <host />
1615 
        <code>200</code>
1616 
      </options>
1617 
    </monitor_type>
1618 
    <monitor_type>
1619 
      <name>HTTPS</name>
1620 
      <type>https</type>
1621 
      <descr><![CDATA[Generic HTTPS]]></descr>
1622 
      <options>
1623 
        <path>/</path>
1624 
        <host />
1625 
        <code>200</code>
1626 
      </options>
1627 
    </monitor_type>
1628 
    <monitor_type>
1629 
      <name>SMTP</name>
1630 
      <type>send</type>
1631 
      <descr><![CDATA[Generic SMTP]]></descr>
1632 
      <options>
1633 
        <send />
1634 
        <expect>220 *</expect>
1635 
      </options>
1636 
    </monitor_type>
1637 
  </load_balancer>
1638 
  <widgets>
1639 
    <sequence>system_information:col1:open,gmirror_status:col1:open,smart_status:col1:open,services_status:col1:open,snort_alerts:col1:open,interfaces:col2:open,carp_status:col2:open,gateways:col2:open,ipsec:col2:open,openvpn:col2:open,undefined:col2:close,traffic_graphs:col2:open</sequence>
1640 
    <trafficgraphs>
1641 
      <shown>
1642 
        <item>wan</item>
1643 
        <item>lan</item>
1644 
        <item>opt1</item>
1645 
      </shown>
1646 
      <refreshinterval>1</refreshinterval>
1647 
      <scale_type>follow</scale_type>
1648 
    </trafficgraphs>
1649 
    <widget_snort_display_lines>10</widget_snort_display_lines>
1650 
  </widgets>
1651 
  <openvpn>
1652 
    <openvpn-server>
1653 
      <vpnid>1</vpnid>
1654 
      <mode>server_user</mode>
1655 
      <authmode>ad.avant.ca</authmode>
1656 
      <protocol>TCP</protocol>
1657 
      <dev_mode>tun</dev_mode>
1658 
      <ipaddr />
1659 
      <interface>wan</interface>
1660 
      <local_port>1194</local_port>
1661 
      <description />
1662 
      <custom_options />
1663 
      <tls></tls>
1664 
      <caref>5540ed69a904b</caref>
1665 
      <crlref>5540ed9583c81</crlref>
1666 
      <certref>5540ef186ee99</certref>
1667 
      <dh_length>1024</dh_length>
1668 
      <cert_depth>1</cert_depth>
1669 
      <crypto>AES-128-CBC</crypto>
1670 
      <digest>SHA1</digest>
1671 
      <engine>cryptodev</engine>
1672 
      <tunnel_network>192.168.99.0/24</tunnel_network>
1673 
      <tunnel_networkv6>fd60:7f9c:65d8:99::/64</tunnel_networkv6>
1674 
      <remote_network />
1675 
      <remote_networkv6 />
1676 
      <gwredir />
1677 
      <local_network>192.168.100.0/24,192.168.10.0/24,192.168.158.0/24,192.168.101.0/24</local_network>
1678 
      <local_networkv6>fd60:7f9c:65d8::/48</local_networkv6>
1679 
      <maxclients />
1680 
      <compression />
1681 
      <passtos>yes</passtos>
1682 
      <client2client>yes</client2client>
1683 
      <dynamic_ip>yes</dynamic_ip>
1684 
      <pool_enable>yes</pool_enable>
1685 
      <topology>subnet</topology>
1686 
      <serverbridge_dhcp />
1687 
      <serverbridge_interface>none</serverbridge_interface>
1688 
      <serverbridge_dhcp_start />
1689 
      <serverbridge_dhcp_end />
1690 
      <dns_domain>ad.avant.ca</dns_domain>
1691 
      <dns_server1>192.168.158.10</dns_server1>
1692 
      <dns_server2>192.168.158.20</dns_server2>
1693 
      <dns_server3>192.168.158.1</dns_server3>
1694 
      <dns_server4 />
1695 
      <push_register_dns>yes</push_register_dns>
1696 
      <ntp_server1>192.168.158.1</ntp_server1>
1697 
      <ntp_server2 />
1698 
      <netbios_enable>yes</netbios_enable>
1699 
      <netbios_ntype>8</netbios_ntype>
1700 
      <netbios_scope />
1701 
      <no_tun_ipv6 />
1702 
      <verbosity_level>4</verbosity_level>
1703 
      <wins_server1>192.168.158.10</wins_server1>
1704 
      <wins_server2>192.168.158.20</wins_server2>
1705 
      <nbdd_server1 />
1706 
      <duplicate_cn />
1707 
    </openvpn-server>
1708 
    <openvpn-server>
1709 
      <vpnid>2</vpnid>
1710 
      <disable />
1711 
      <mode>p2p_shared_key</mode>
1712 
      <protocol>UDP</protocol>
1713 
      <dev_mode>tun</dev_mode>
1714 
      <ipaddr />
1715 
      <interface>wan</interface>
1716 
      <local_port>1160</local_port>
1717 
      <description><![CDATA[Adam home]]></description>
1718 
      <custom_options />
1719 
      <shared_key></shared_key>
1720 
      <crypto>AES-128-CBC</crypto>
1721 
      <digest>SHA1</digest>
1722 
      <engine>cryptodev</engine>
1723 
      <tunnel_network>192.168.98.0/24</tunnel_network>
1724 
      <tunnel_networkv6>fd60:7f9c:65d8:98::/64</tunnel_networkv6>
1725 
      <remote_network>192.168.160.0/24</remote_network>
1726 
      <remote_networkv6 />
1727 
      <gwredir />
1728 
      <local_network />
1729 
      <local_networkv6 />
1730 
      <maxclients />
1731 
      <compression>adaptive</compression>
1732 
      <passtos>yes</passtos>
1733 
      <client2client />
1734 
      <dynamic_ip />
1735 
      <pool_enable>yes</pool_enable>
1736 
      <topology>subnet</topology>
1737 
      <serverbridge_dhcp />
1738 
      <serverbridge_interface>none</serverbridge_interface>
1739 
      <serverbridge_dhcp_start />
1740 
      <serverbridge_dhcp_end />
1741 
      <netbios_enable />
1742 
      <netbios_ntype>0</netbios_ntype>
1743 
      <netbios_scope />
1744 
      <no_tun_ipv6>yes</no_tun_ipv6>
1745 
      <verbosity_level>1</verbosity_level>
1746 
    </openvpn-server>
1747 
  </openvpn>
1748 
  <dnshaper />
1749 
  <unbound>
1750 
    <dnssec />
1751 
    <active_interface>lan,opt1,opt2,opt3,_vip570e65f92fe6d,lo0</active_interface>
1752 
    <outgoing_interface>all</outgoing_interface>
1753 
    <custom_options />
1754 
    <dnssecstripped />
1755 
    <forwarding />
1756 
    <regdhcp />
1757 
    <regdhcpstatic />
1758 
    <txtsupport />
1759 
    <prefetch />
1760 
    <prefetchkey />
1761 
    <msgcachesize>4</msgcachesize>
1762 
    <outgoing_num_tcp>10</outgoing_num_tcp>
1763 
    <incoming_num_tcp>10</incoming_num_tcp>
1764 
    <edns_buffer_size>4096</edns_buffer_size>
1765 
    <num_queries_per_thread>512</num_queries_per_thread>
1766 
    <jostle_timeout>200</jostle_timeout>
1767 
    <cache_max_ttl>86400</cache_max_ttl>
1768 
    <cache_min_ttl>0</cache_min_ttl>
1769 
    <infra_host_ttl>900</infra_host_ttl>
1770 
    <infra_cache_numhosts>10000</infra_cache_numhosts>
1771 
    <unwanted_reply_threshold>10000000</unwanted_reply_threshold>
1772 
    <log_verbosity>1</log_verbosity>
1773 
    <use_caps />
1774 
    <domainoverrides>
1775 
      <domain>asg.local.</domain>
1776 
      <ip>192.168.100.50</ip>
1777 
      <descr />
1778 
    </domainoverrides>
1779 
    <domainoverrides>
1780 
      <domain>asg.local.</domain>
1781 
      <ip>192.168.100.52</ip>
1782 
      <descr />
1783 
    </domainoverrides>
1784 
    <domainoverrides>
1785 
      <domain>100.168.192.in-addr.arpa.</domain>
1786 
      <ip>192.168.100.50</ip>
1787 
      <descr />
1788 
    </domainoverrides>
1789 
    <domainoverrides>
1790 
      <domain>100.168.192.in-addr.arpa.</domain>
1791 
      <ip>192.168.100.52</ip>
1792 
      <descr />
1793 
    </domainoverrides>
1794 
    <domainoverrides>
1795 
      <domain>158.168.192.in-addr.arpa.</domain>
1796 
      <ip>192.168.158.10</ip>
1797 
      <descr />
1798 
    </domainoverrides>
1799 
    <domainoverrides>
1800 
      <domain>158.168.192.in-addr.arpa.</domain>
1801 
      <ip>192.168.158.20</ip>
1802 
      <descr />
1803 
    </domainoverrides>
1804 
    <hideidentity />
1805 
    <hideversion />
1806 
    <port />
1807 
    <system_domain_local_zone_type>transparent</system_domain_local_zone_type>
1808 
    <enable />
1809 
  </unbound>
1810 
  <revision>
1811 
    <time>1465167925</time>
1812 
    <description><![CDATA[(system): Snort pkg: updated status for updated rules package(s) check.]]></description>
1813 
    <username>(system)</username>
1814 
  </revision>
1815 
  <dhcpdv6>
1816 
    <opt3>
1817 
      <ramode>assist</ramode>
1818 
      <rapriority>medium</rapriority>
1819 
      <rainterface />
1820 
      <radomainsearchlist>ad.avant.ca;asg.local;avant.local;avant.ca</radomainsearchlist>
1821 
      <radnsserver>fd60:7f9c:65d8:158::dc1</radnsserver>
1822 
      <radnsserver>fd60:7f9c:65d8:158::dc2</radnsserver>
1823 
    </opt3>
1824 
  </dhcpdv6>
1825 
  <cert>
1826 
    <refid>551b1fc6bec50</refid>
1827 
    <descr><![CDATA[webConfigurator default (551b1fc6bec50)]]></descr>
1828 
    <type>server</type>
1829 
    <crt></crt>
1830 
    <prv></prv>
1831 
  </cert>
1832 
  <cert>
1833 
    <refid>5540ef186ee99</refid>
1834 
    <descr><![CDATA[Avant-OpenVPN]]></descr>
1835 
    <type>server</type>
1836 
    <caref>5540ed69a904b</caref>
1837 
    <crt></crt>
1838 
    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREJaWlk1d1pab3p0T3gKMGE0RUhRK092Q1o1WHcvVEQ1Vmg0QUJjUUlEVWlxS0F0cVN2UUozb2VPMkZ4UWJoVWtzdVI3Nk45QmlOREh3aApKU1JSTEpGZlk0Q20zMjZJL1ZwK2N0a3RYSEJlMXhLaXFwUnhkdzlmUm5RMC9pM0tmUnZNejFqcllCK1JZN0xzCmhaL015QXZrTmZCcGFZUFRIa1ZVOU9BSzRVdVNNUWM0TXJrZmZzYmRzSThUR05hMTNEeDRSeHEvdEdPYytMc3UKQUVBL01XSTB1K0tpTXI5MjZQUVJ4a3o0U1p6aU93R2FUaXlxOStKU3MvMnZON05rekR4YWlwR2pITkNuL1FlUQptRVdiNUtlOFNjcFJ3Y0VCcUtJZFF6MmpKRnliSmVIRUd1amphZ2M2ZnBCUm94N0MxTmV0bVVZVFppSjdRNFZPCnNIWFZIbTBaQWdNQkFBRUNnZ0VBUld5WVB1ZDFmTzR5SkRVbkNLYjkvTGtoL3BQWGRHYTFzMHJjRmtHNWZaSysKdndIUm9HL0x2N1laWGRuYW5Hd1VQT3JZUnRFSE55cnlMRnZPNjZ6YUNxb0hkdC9pS0I3NnEwWERISHVBZ3lzbApyMnNZbXBxbzFBVFFsbTFnTnI0dWlwa3NUR0pYTXJQZGVQYUc1Tll6SHBzV1VHRG1SNVVvUWxVZFVBcU1QRS9wCmllcU4zRGYzNVJmUDFUdTFnVTI3elgzazFma1d6WDBRQVZMbWhaVmhjWUM0Zm41NW0veFdRZzFtSmJMb29aTnIKb2owUG9tL0NkdlY5QjM0eGRzNTQ0MEl5VUJTcnJsVHpWTFU1dHZoRmR4WFI0K3plTHd0UWdXa3gvdnd2WDJhRApodnFNUVFLemVZVHgxNVcvYVgwaGx5MWZ0ZEIwUFpnNDlDM01QMm9LdVFLQmdRRGhhczdlY2t1YTFhQzdiUVRoCmtQcElTR1htWC94ZXZXVVNuV3RHWnY0NXZrY2YvMkR6QUN2VllvNkhYSUFoeDVjTnBaTS9RMzMraTdjVHE4OHgKaUYyQTI5eTBJZHdDbWloWVByNk10czFubFJtL0tJMzM0MDM5NXBzclkwM2hJUmZZc0o0OHB4RWxCbzViSTE2RQpiZkdSdlJoN3lOQ2xZYW5FV0E4UTFlaTRwd0tCZ1FEYm9xVnQxS0wzMVBjU2JKQWJ2YXNUcjg2TXpJNmppcytPCllTWnhUQmIycmtiY29UaGptcHJpUG5IbUxSRDlzeEdyYkUrb2ZGcUU3UGNVNjJsMFZkUC82ODlCTFZoeE9TZUUKNHFKN2xnRHdTZzlkMGZlaGpkb29ITEpEVFRMTU9QdjJRYXJuOVdraXFiZElRdUhVcjlvVDBNaWU1NG04YUpMMQpLemxMOU1La1B3S0JnUUNPd1RXQmFxQzJ6ZE9jM3MzWWpCZjA3dVNab1BBU2o1OFN5dDdGRnpTcEhQZXVLKzBaCjkySExJVDlpT2hKclVoczNhVVIzTENiK3JUeWtHSXArcy8yRFBibm4yZ21iSEVXd25RdlAwWFVEeEVrcDVtVUMKTjlHTW1oNXF1OWoyV2g3ZisvbzZMeE9NZnpwb1BWMytRQ0pjU1lUWDM3VkRCemFjUWFoSTRTOGd3UUtCZ0RtYgpGaktSVTlFV3ZWckt1SjFlQ05IWUNaK3FRenNudkRxR3hwTnV0cE1xc0pGTGc4TzBHQzJBM1ZUV3V4OGZhV0lCCnZYN2Vac3Q0YjNIQU1OOS9aMlEzVUJ1ekxnQThVbDRySnh5dEFrQUQzTFhwelQ1Rk8xUEwrd0ZsN1EzZFlGQjkKZHJyeUJnbytZMEVEc2NHY0FlR3luL3YxbEkyakMvQmJ6dUphSnZiM0FvR0FHOXhoR3l3dGRiUjczUmxIeE9HdgpGY3VZeVpiSTVTTTIwVlVZYUszUU8vb0ZJSytpWit2dU15STIzaDNTaHUyQyt3T2puOWVka3lFZGxPYmhYclJICmxRRjZqZWRxWEJjOE02SzBGbWNnRjg2OG11NWtXWTY2QUEzeFViV1hXa0NtMktrVW00TlN2S2wvSUY5TzhyMHAKRUNyODRtb2o5WFZMWXB2NjVNK1R2MlE9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K</prv>
1839 
  </cert>
1840 
  <cert>
1841 
    <refid>557781ff419d8</refid>
1842 
    <descr><![CDATA[remote.avant.ca-StartSSL]]></descr>
1843 
    <prv></prv>
1844 
    <crt></crt>
1845 
    <caref>557b8b98e24da</caref>
1846 
  </cert>
1847 
  <cert>
1848 
    <refid>557db4510f671</refid>
1849 
    <descr><![CDATA[IPSec test cert]]></descr>
1850 
    <type>user</type>
1851 
    <caref>5540ed69a904b</caref>
1852 
    <crt></crt>
1853 
    <prv></prv>
1854 
  </cert>
1855 
  <cert>
1856 
    <refid>55cca9a47b7b3</refid>
1857 
    <descr><![CDATA[Wildcard *.avant.ca]]></descr>
1858 
    <crt></crt>
1859 
    <prv></prv>
1860 
    <caref>557b8b98e24da</caref>
1861 
  </cert>
1862 
  <ppps />
1863 
  <notifications>
1864 
    <growl>
1865 
      <ipaddress />
1866 
      <password />
1867 
      <name>PHP-Growl</name>
1868 
      <notification_name>pfSense growl alert</notification_name>
1869 
    </growl>
1870 
    <smtp>
1871 
      <ipaddress>mailrelay.asg.local</ipaddress>
1872 
      <port>25</port>
1873 
      <notifyemailaddress>avantsysadm@avant.ca</notifyemailaddress>
1874 
      <username />
1875 
      <password />
1876 
      <authentication_mechanism>PLAIN</authentication_mechanism>
1877 
      <fromaddress>avantsysadm@avant.ca</fromaddress>
1878 
    </smtp>
1879 
  </notifications>
1880 
  <gateways>
1881 
    <gateway_item>
1882 
      <interface>opt4</interface>
1883 
      <gateway>dynamic</gateway>
1884 
      <name>HETUNNEL_TUNNELV6</name>
1885 
      <weight>1</weight>
1886 
      <ipprotocol>inet6</ipprotocol>
1887 
      <interval />
1888 
      <descr><![CDATA[Interface HETUNNEL_TUNNELV6 Gateway]]></descr>
1889 
      <defaultgw />
1890 
    </gateway_item>
1891 
  </gateways>
1892 
  <installedpackages>
1893 
    <package>
1894 
      <name>LADVD</name>
1895 
      <descr><![CDATA[Send and decode link layer advertisements. Support for LLDP (Link Layer Discovery Protocol), CDP (Cisco Discovery Protocol), EDP (Extreme Discovery Protocol) and NDP (Nortel Discovery Protocol).]]></descr>
1896 
      <website>https://github.com/sspans/ladvd</website>
1897 
      <version>1.2.1_2</version>
1898 
      <configurationfile>ladvd.xml</configurationfile>
1899 
    </package>
1900 
    <package>
1901 
      <name>mtr-nox11</name>
1902 
      <descr><![CDATA[Enhanced traceroute replacement. mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool.]]></descr>
1903 
      <website>http://www.bitwizard.nl/mtr/</website>
1904 
      <version>0.85.6_1</version>
1905 
      <configurationfile>mtr-nox11.xml</configurationfile>
1906 
    </package>
1907 
    <package>
1908 
      <name>nmap</name>
1909 
      <descr><![CDATA[NMap is a utility for network exploration or security auditing.&lt;br/&gt;
1910 
			It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).
1911 
			It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more.]]></descr>
1912 
      <version>1.4.4_1</version>
1913 
      <pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink>
1914 
      <configurationfile>nmap.xml</configurationfile>
1915 
    </package>
1916 
    <package>
1917 
      <name>OpenVPN Client Export Utility</name>
1918 
      <internal_name>openvpn-client-export</internal_name>
1919 
      <descr><![CDATA[Allows a pre-configured OpenVPN Windows Client or Mac OS X's Viscosity configuration bundle to be exported directly from pfSense.]]></descr>
1920 
      <version>1.3.8</version>
1921 
      <configurationfile>openvpn-client-export.xml</configurationfile>
1922 
    </package>
1923 
    <package>
1924 
      <name>snort</name>
1925 
      <pkginfolink>https://doc.pfsense.org/index.php/Setup_Snort_Package</pkginfolink>
1926 
      <website>http://www.snort.org</website>
1927 
      <descr><![CDATA[Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.]]></descr>
1928 
      <version>3.2.9.1_12</version>
1929 
      <configurationfile>/snort.xml</configurationfile>
1930 
      <after_install_info>Please visit Services - Snort - Interfaces tab first and select your desired rules. Afterwards visit the Updates tab to download your configured rulesets.</after_install_info>
1931 
    </package>
1932 
    <package>
1933 
      <name>Zabbix Agent LTS</name>
1934 
      <internal_name>zabbix-agent</internal_name>
1935 
      <descr><![CDATA[LTS (Long Term Support) release of Zabbix Monitoring agent. Zabbix LTS releases are supported for
1936 
			Zabbix customers during five (5) years i.e. 3 years of Full Support (general, critical and security issues)
1937 
			and 2 additional years of Limited Support (critical and security issues only). Zabbix LTS version release
1938 
			will result in change of the first version number.&lt;br /&gt;
1939 
			More info in &lt;a href=&quot;http://www.zabbix.com/life_cycle_and_release_policy.php&quot;&gt;Zabbix Life Cycle and Release Policy&lt;/a&gt;.]]></descr>
1940 
      <website>http://www.zabbix.com/product.php</website>
1941 
      <version>0.8.9_2</version>
1942 
      <configurationfile>zabbix-agent-lts.xml</configurationfile>
1943 
    </package>
1944 
    <package>
1945 
      <name>AutoConfigBackup</name>
1946 
      <descr><![CDATA[Automatically backs up your pfSense configuration. All contents are encrypted before being sent to the server.&lt;br /&gt;
1947 
			Requires Gold Subscription from &lt;a href=&quot;https://portal.pfsense.org&quot;&gt;pfSense Portal&lt;/a&gt;.]]></descr>
1948 
      <website>https://portal.pfsense.org</website>
1949 
      <version>1.45</version>
1950 
      <pkginfolink>https://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink>
1951 
      <configurationfile>autoconfigbackup.xml</configurationfile>
1952 
    </package>
1953 
    <menu>
1954 
      <name>LADVD</name>
1955 
      <tooltiptext>Modify LADVD settings.</tooltiptext>
1956 
      <section>Services</section>
1957 
      <url>/pkg_edit.php?xml=ladvd.xml&amp;id=0</url>
1958 
    </menu>
1959 
    <menu>
1960 
      <name>LADVD Status</name>
1961 
      <tooltiptext />
1962 
      <section>Status</section>
1963 
      <url>/status_ladvd.php</url>
1964 
    </menu>
1965 
    <menu>
1966 
      <name>mtr</name>
1967 
      <tooltiptext>mtr combines the functionality of the "traceroute" and "ping" programs into a single network diagnostic tool</tooltiptext>
1968 
      <section>Diagnostics</section>
1969 
      <configfile>mtr-nox11.xml</configfile>
1970 
    </menu>
1971 
    <menu>
1972 
      <name>NMap</name>
1973 
      <tooltiptext>NMap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is runing on a port), and TCP/IP fingerprinting (remote host OS or device identification). It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and command line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.</tooltiptext>
1974 
      <section>Diagnostics</section>
1975 
      <configfile>nmap.xml</configfile>
1976 
    </menu>
1977 
    <menu>
1978 
      <name>Zabbix Agent LTS</name>
1979 
      <tooltiptext>Setup Zabbix Agent specific settings</tooltiptext>
1980 
      <section>Services</section>
1981 
      <url>/pkg_edit.php?xml=zabbix-agent-lts.xml&amp;id=0</url>
1982 
    </menu>
1983 
    <menu>
1984 
      <name>AutoConfigBackup</name>
1985 
      <tooltiptext>Set autoconfigbackup settings such as password and port.</tooltiptext>
1986 
      <section>Diagnostics</section>
1987 
      <url>/autoconfigbackup.php</url>
1988 
    </menu>
1989 
    <menu>
1990 
      <name>Snort</name>
1991 
      <tooltiptext>Set up snort specific settings</tooltiptext>
1992 
      <section>Services</section>
1993 
      <url>/snort/snort_interfaces.php</url>
1994 
    </menu>
1995 
    <service>
1996 
      <name>ladvd</name>
1997 
      <rcfile>ladvd.sh</rcfile>
1998 
      <executable>ladvd</executable>
1999 
      <description><![CDATA[Send and decode link layer advertisements.]]></description>
2000 
    </service>
2001 
    <service>
2002 
      <name>zabbix_agentd_lts</name>
2003 
      <rcfile>zabbix_agentd_lts.sh</rcfile>
2004 
      <executable>zabbix_agentd</executable>
2005 
      <description><![CDATA[Zabbix Agent LTS Host Monitor Daemon]]></description>
2006 
    </service>
2007 
    <service>
2008 
      <name>snort</name>
2009 
      <rcfile>snort.sh</rcfile>
2010 
      <executable>snort</executable>
2011 
      <description><![CDATA[Snort IDS/IPS Daemon]]></description>
2012 
    </service>
2013 
    <snortglobal>
2014 
      <snort_config_ver>3.2.9.1_12</snort_config_ver>
2015 
      <snortdownload>on</snortdownload>
2016 
      <snortcommunityrules>on</snortcommunityrules>
2017 
      <emergingthreats>on</emergingthreats>
2018 
      <emergingthreats_pro>off</emergingthreats_pro>
2019 
      <clearblocks>on</clearblocks>
2020 
      <verbose_logging>on</verbose_logging>
2021 
      <openappid_detectors>on</openappid_detectors>
2022 
      <oinkmastercode>f93ad62162271d867b9d624b2df19f7854f137ef</oinkmastercode>
2023 
      <etpro_code />
2024 
      <rm_blocked>1h_b</rm_blocked>
2025 
      <autorulesupdate7>6h_up</autorulesupdate7>
2026 
      <rule_update_starttime>00:05</rule_update_starttime>
2027 
      <forcekeepsettings>on</forcekeepsettings>
2028 
      <last_rule_upd_status>success</last_rule_upd_status>
2029 
      <last_rule_upd_time>1465167925</last_rule_upd_time>
2030 
      <auto_manage_sids>on</auto_manage_sids>
2031 
      <enable_log_mgmt>on</enable_log_mgmt>
2032 
      <clearlogs>off</clearlogs>
2033 
      <snortloglimit>on</snortloglimit>
2034 
      <snortloglimitsize>12007</snortloglimitsize>
2035 
      <alert_log_limit_size>500</alert_log_limit_size>
2036 
      <alert_log_retention>336</alert_log_retention>
2037 
      <stats_log_limit_size>500</stats_log_limit_size>
2038 
      <stats_log_retention>168</stats_log_retention>
2039 
      <sid_changes_log_limit_size>250</sid_changes_log_limit_size>
2040 
      <sid_changes_log_retention>336</sid_changes_log_retention>
2041 
      <event_pkts_log_limit_size>0</event_pkts_log_limit_size>
2042 
      <event_pkts_log_retention>336</event_pkts_log_retention>
2043 
      <appid_stats_log_limit_size>1000</appid_stats_log_limit_size>
2044 
      <appid_stats_log_retention>168</appid_stats_log_retention>
2045 
      <dashboard_widget>snort_alerts-container:col1:show</dashboard_widget>
2046 
      <rule>
2047 
        <interface>wan</interface>
2048 
        <enable>on</enable>
2049 
        <uuid>51513</uuid>
2050 
        <descr><![CDATA[MTSDSL]]></descr>
2051 
        <performance>ac-bnfa</performance>
2052 
        <blockoffenders7>off</blockoffenders7>
2053 
        <homelistname>default</homelistname>
2054 
        <externallistname>default</externallistname>
2055 
        <suppresslistname>default</suppresslistname>
2056 
        <alertsystemlog>on</alertsystemlog>
2057 
        <alertsystemlog_facility>log_auth</alertsystemlog_facility>
2058 
        <alertsystemlog_priority>log_alert</alertsystemlog_priority>
2059 
        <cksumcheck>on</cksumcheck>
2060 
        <fpm_split_any_any>off</fpm_split_any_any>
2061 
        <fpm_search_optimize>on</fpm_search_optimize>
2062 
        <fpm_no_stream_inserts>off</fpm_no_stream_inserts>
2063 
        <max_attribute_hosts>10000</max_attribute_hosts>
2064 
        <max_attribute_services_per_host>10</max_attribute_services_per_host>
2065 
        <max_paf>16000</max_paf>
2066 
        <ftp_preprocessor>on</ftp_preprocessor>
2067 
        <ftp_telnet_inspection_type>stateful</ftp_telnet_inspection_type>
2068 
        <ftp_telnet_alert_encrypted>off</ftp_telnet_alert_encrypted>
2069 
        <ftp_telnet_check_encrypted>on</ftp_telnet_check_encrypted>
2070 
        <ftp_telnet_normalize>on</ftp_telnet_normalize>
2071 
        <ftp_telnet_detect_anomalies>on</ftp_telnet_detect_anomalies>
2072 
        <ftp_telnet_ayt_attack_threshold>20</ftp_telnet_ayt_attack_threshold>
2073 
        <ftp_client_engine>
2074 
          <item>
2075 
            <name>default</name>
2076 
            <bind_to>all</bind_to>
2077 
            <max_resp_len>256</max_resp_len>
2078 
            <telnet_cmds>no</telnet_cmds>
2079 
            <ignore_telnet_erase_cmds>yes</ignore_telnet_erase_cmds>
2080 
            <bounce>yes</bounce>
2081 
            <bounce_to_net />
2082 
            <bounce_to_port />
2083 
          </item>
2084 
        </ftp_client_engine>
2085 
        <ftp_server_engine>
2086 
          <item>
2087 
            <name>default</name>
2088 
            <bind_to>all</bind_to>
2089 
            <ports>default</ports>
2090 
            <telnet_cmds>no</telnet_cmds>
2091 
            <ignore_telnet_erase_cmds>yes</ignore_telnet_erase_cmds>
2092 
            <ignore_data_chan>no</ignore_data_chan>
2093 
            <def_max_param_len>100</def_max_param_len>
2094 
          </item>
2095 
        </ftp_server_engine>
2096 
        <smtp_preprocessor>on</smtp_preprocessor>
2097 
        <smtp_memcap>838860</smtp_memcap>
2098 
        <smtp_max_mime_mem>838860</smtp_max_mime_mem>
2099 
        <smtp_b64_decode_depth>65535</smtp_b64_decode_depth>
2100 
        <smtp_qp_decode_depth>65535</smtp_qp_decode_depth>
2101 
        <smtp_bitenc_decode_depth>65535</smtp_bitenc_decode_depth>
2102 
        <smtp_uu_decode_depth>65535</smtp_uu_decode_depth>
2103 
        <smtp_email_hdrs_log_depth>1464</smtp_email_hdrs_log_depth>
2104 
        <smtp_ignore_data>off</smtp_ignore_data>
2105 
        <smtp_ignore_tls_data>on</smtp_ignore_tls_data>
2106 
        <smtp_log_mail_from>on</smtp_log_mail_from>
2107 
        <smtp_log_rcpt_to>on</smtp_log_rcpt_to>
2108 
        <smtp_log_filename>on</smtp_log_filename>
2109 
        <smtp_log_email_hdrs>on</smtp_log_email_hdrs>
2110 
        <dce_rpc_2>on</dce_rpc_2>
2111 
        <dns_preprocessor>on</dns_preprocessor>
2112 
        <ssl_preproc>on</ssl_preproc>
2113 
        <pop_preproc>on</pop_preproc>
2114 
        <pop_memcap>838860</pop_memcap>
2115 
        <pop_b64_decode_depth>0</pop_b64_decode_depth>
2116 
        <pop_qp_decode_depth>0</pop_qp_decode_depth>
2117 
        <pop_bitenc_decode_depth>0</pop_bitenc_decode_depth>
2118 
        <pop_uu_decode_depth>0</pop_uu_decode_depth>
2119 
        <imap_preproc>on</imap_preproc>
2120 
        <imap_memcap>838860</imap_memcap>
2121 
        <imap_b64_decode_depth>65535</imap_b64_decode_depth>
2122 
        <imap_qp_decode_depth>65535</imap_qp_decode_depth>
2123 
        <imap_bitenc_decode_depth>65535</imap_bitenc_decode_depth>
2124 
        <imap_uu_decode_depth>65535</imap_uu_decode_depth>
2125 
        <sip_preproc>on</sip_preproc>
2126 
        <other_preprocs>on</other_preprocs>
2127 
        <pscan_protocol>all</pscan_protocol>
2128 
        <pscan_type>all</pscan_type>
2129 
        <pscan_memcap>10000000</pscan_memcap>
2130 
        <pscan_sense_level>medium</pscan_sense_level>
2131 
        <http_inspect>on</http_inspect>
2132 
        <http_inspect_proxy_alert>off</http_inspect_proxy_alert>
2133 
        <http_inspect_memcap>150994944</http_inspect_memcap>
2134 
        <http_inspect_max_gzip_mem>838860</http_inspect_max_gzip_mem>
2135 
        <http_inspect_engine>
2136 
          <item>
2137 
            <name>default</name>
2138 
            <bind_to>all</bind_to>
2139 
            <server_profile>all</server_profile>
2140 
            <enable_xff>off</enable_xff>
2141 
            <log_uri>off</log_uri>
2142 
            <log_hostname>off</log_hostname>
2143 
            <server_flow_depth>65535</server_flow_depth>
2144 
            <enable_cookie>on</enable_cookie>
2145 
            <client_flow_depth>1460</client_flow_depth>
2146 
            <extended_response_inspection>on</extended_response_inspection>
2147 
            <no_alerts>off</no_alerts>
2148 
            <unlimited_decompress>on</unlimited_decompress>
2149 
            <inspect_gzip>on</inspect_gzip>
2150 
            <normalize_cookies>on</normalize_cookies>
2151 
            <normalize_headers>on</normalize_headers>
2152 
            <normalize_utf>on</normalize_utf>
2153 
            <normalize_javascript>on</normalize_javascript>
2154 
            <allow_proxy_use>off</allow_proxy_use>
2155 
            <inspect_uri_only>off</inspect_uri_only>
2156 
            <max_javascript_whitespaces>200</max_javascript_whitespaces>
2157 
            <post_depth>-1</post_depth>
2158 
            <max_headers>0</max_headers>
2159 
            <max_spaces>0</max_spaces>
2160 
            <max_header_length>0</max_header_length>
2161 
            <ports>default</ports>
2162 
          </item>
2163 
        </http_inspect_engine>
2164 
        <frag3_max_frags>8192</frag3_max_frags>
2165 
        <frag3_memcap>4194304</frag3_memcap>
2166 
        <frag3_detection>on</frag3_detection>
2167 
        <frag3_engine>
2168 
          <item>
2169 
            <name>default</name>
2170 
            <bind_to>all</bind_to>
2171 
            <policy>bsd</policy>
2172 
            <timeout>60</timeout>
2173 
            <min_ttl>1</min_ttl>
2174 
            <detect_anomalies>on</detect_anomalies>
2175 
            <overlap_limit>0</overlap_limit>
2176 
            <min_frag_len>0</min_frag_len>
2177 
          </item>
2178 
        </frag3_engine>
2179 
        <stream5_reassembly>on</stream5_reassembly>
2180 
        <stream5_flush_on_alert>off</stream5_flush_on_alert>
2181 
        <stream5_prune_log_max>1048576</stream5_prune_log_max>
2182 
        <stream5_track_tcp>on</stream5_track_tcp>
2183 
        <stream5_max_tcp>262144</stream5_max_tcp>
2184 
        <stream5_track_udp>on</stream5_track_udp>
2185 
        <stream5_max_udp>131072</stream5_max_udp>
2186 
        <stream5_udp_timeout>30</stream5_udp_timeout>
2187 
        <stream5_track_icmp>off</stream5_track_icmp>
2188 
        <stream5_max_icmp>65536</stream5_max_icmp>
2189 
        <stream5_icmp_timeout>30</stream5_icmp_timeout>
2190 
        <stream5_mem_cap>8388608</stream5_mem_cap>
2191 
        <stream5_tcp_engine>
2192 
          <item>
2193 
            <name>default</name>
2194 
            <bind_to>all</bind_to>
2195 
            <policy>bsd</policy>
2196 
            <timeout>30</timeout>
2197 
            <max_queued_bytes>1048576</max_queued_bytes>
2198 
            <detect_anomalies>off</detect_anomalies>
2199 
            <overlap_limit>0</overlap_limit>
2200 
            <max_queued_segs>2621</max_queued_segs>
2201 
            <require_3whs>off</require_3whs>
2202 
            <startup_3whs_timeout>0</startup_3whs_timeout>
2203 
            <no_reassemble_async>off</no_reassemble_async>
2204 
            <max_window>0</max_window>
2205 
            <use_static_footprint_sizes>off</use_static_footprint_sizes>
2206 
            <check_session_hijacking>off</check_session_hijacking>
2207 
            <dont_store_lg_pkts>off</dont_store_lg_pkts>
2208 
            <ports_client>default</ports_client>
2209 
            <ports_both>default</ports_both>
2210 
            <ports_server>none</ports_server>
2211 
          </item>
2212 
        </stream5_tcp_engine>
2213 
        <appid_preproc>off</appid_preproc>
2214 
        <sf_appid_mem_cap>256</sf_appid_mem_cap>
2215 
        <sf_appid_statslog>on</sf_appid_statslog>
2216 
        <sf_appid_stats_period>300</sf_appid_stats_period>
2217 
        <ips_policy_enable>on</ips_policy_enable>
2218 
        <ips_policy>connectivity</ips_policy>
2219 
        <rulesets />
2220 
        <autoflowbitrules>on</autoflowbitrules>
2221 
        <sdf_alert_data_type>Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers</sdf_alert_data_type>
2222 
        <sdf_alert_threshold>25</sdf_alert_threshold>
2223 
        <sdf_mask_output>off</sdf_mask_output>
2224 
        <ssh_preproc>on</ssh_preproc>
2225 
        <pscan_ignore_scanners />
2226 
        <perform_stat>on</perform_stat>
2227 
        <host_attribute_table>off</host_attribute_table>
2228 
        <sf_portscan>on</sf_portscan>
2229 
        <sensitive_data>off</sensitive_data>
2230 
        <dnp3_preproc>off</dnp3_preproc>
2231 
        <modbus_preproc>off</modbus_preproc>
2232 
        <gtp_preproc>on</gtp_preproc>
2233 
        <preproc_auto_rule_disable>off</preproc_auto_rule_disable>
2234 
        <protect_preproc_rules>off</protect_preproc_rules>
2235 
        <wlist_files />
2236 
        <blist_files />
2237 
        <iprep_memcap>500</iprep_memcap>
2238 
        <iprep_priority>whitelist</iprep_priority>
2239 
        <iprep_nested_ip>both</iprep_nested_ip>
2240 
        <iprep_white>unblack</iprep_white>
2241 
        <reputation_preproc>on</reputation_preproc>
2242 
        <iprep_scan_local>off</iprep_scan_local>
2243 
      </rule>
2244 
      <alertsblocks>
2245 
        <arefresh>on</arefresh>
2246 
        <alertnumber>250</alertnumber>
2247 
      </alertsblocks>
2248 
      <hide_deprecated_rules>off</hide_deprecated_rules>
2249 
    </snortglobal>
2250 
    <ladvd>
2251 
      <config>
2252 
        <enable>on</enable>
2253 
        <iface_array>lan,opt1,opt2,opt3,opt4,wan,lo0</iface_array>
2254 
        <autoenable>on</autoenable>
2255 
        <silent />
2256 
        <management>opt3</management>
2257 
        <location />
2258 
        <lldp>on</lldp>
2259 
        <cdp>on</cdp>
2260 
        <edp>on</edp>
2261 
        <ndp>on</ndp>
2262 
      </config>
2263 
    </ladvd>
2264 
    <snortsync>
2265 
      <config>
2266 
        <varsynconchanges>auto</varsynconchanges>
2267 
        <varsynctimeout>150</varsynctimeout>
2268 
        <vardownloadrules>yes</vardownloadrules>
2269 
        <row>
2270 
          <varsyncprotocol>http</varsyncprotocol>
2271 
          <varsyncipaddress />
2272 
          <varsyncport />
2273 
          <varsyncpassword />
2274 
          <varsyncsnortstart>ON</varsyncsnortstart>
2275 
        </row>
2276 
      </config>
2277 
    </snortsync>
2278 
    <miniupnpd>
2279 
      <config>
2280 
        <enable>on</enable>
2281 
        <enable_upnp>on</enable_upnp>
2282 
        <enable_natpmp>on</enable_natpmp>
2283 
        <ext_iface />
2284 
        <iface_array>lan</iface_array>
2285 
        <download />
2286 
        <upload />
2287 
        <overridewanip />
2288 
        <upnpqueue />
2289 
        <logpackets>on</logpackets>
2290 
        <sysuptime>on</sysuptime>
2291 
        <permdefault />
2292 
      </config>
2293 
    </miniupnpd>
2294 
    <arpwatch>
2295 
      <config>
2296 
        <interface>lan</interface>
2297 
        <enable_email />
2298 
      </config>
2299 
    </arpwatch>
2300 
    <tab>
2301 
      <name>Client Export</name>
2302 
      <tabgroup>OpenVPN</tabgroup>
2303 
      <url>/vpn_openvpn_export.php</url>
2304 
    </tab>
2305 
    <tab>
2306 
      <name>Shared Key Export</name>
2307 
      <tabgroup>OpenVPN</tabgroup>
2308 
      <url>/vpn_openvpn_export_shared.php</url>
2309 
    </tab>
2310 
    <autoconfigbackup>
2311 
      <config>
2312 
        <username>athompso</username>
2313 
        <password>y5ajUBkrDC01</password>
2314 
        <passwordagain>y5ajUBkrDC01</passwordagain>
2315 
        <crypto_password>avant</crypto_password>
2316 
        <crypto_password2>avant</crypto_password2>
2317 
      </config>
2318 
    </autoconfigbackup>
2319 
    <zabbixagentlts>
2320 
      <config>
2321 
        <agentenabled>on</agentenabled>
2322 
        <server>zabbix.ad.avant.ca</server>
2323 
        <serveractive>zabbix.ad.avant.ca</serveractive>
2324 
        <hostname>remote.avant.ca</hostname>
2325 
        <listenip>0.0.0.0</listenip>
2326 
        <listenport>10050</listenport>
2327 
        <refreshactchecks>120</refreshactchecks>
2328 
        <timeout>3</timeout>
2329 
        <buffersend>5</buffersend>
2330 
        <buffersize>100</buffersize>
2331 
        <startagents>3</startagents>
2332 
        <userparams />
2333 
      </config>
2334 
    </zabbixagentlts>
2335 
    <haproxy>
2336 
      <ha_backends>
2337 
        <item>
2338 
          <name>support.avant.ca</name>
2339 
          <desc />
2340 
          <status>disable</status>
2341 
          <secondary />
2342 
          <primary_frontend />
2343 
          <type>http</type>
2344 
          <forwardfor>yes</forwardfor>
2345 
          <httpclose>http-keep-alive</httpclose>
2346 
          <extaddr />
2347 
          <backend_serverpool />
2348 
          <max_connections />
2349 
          <client_timeout />
2350 
          <port />
2351 
          <advanced_bind />
2352 
          <ssloffloadcert>55cca9a47b7b3</ssloffloadcert>
2353 
          <dcertadv />
2354 
          <ssloffload />
2355 
          <ssloffloadacl />
2356 
          <ssloffloadacladditional />
2357 
          <sslclientcert-none>yes</sslclientcert-none>
2358 
          <sslclientcert-invalid>yes</sslclientcert-invalid>
2359 
          <sslocsp>yes</sslocsp>
2360 
          <socket-stats>yes</socket-stats>
2361 
          <dontlognull />
2362 
          <dontlog-normal />
2363 
          <log-separate-errors />
2364 
          <log-detailed>yes</log-detailed>
2365 
          <advanced />
2366 
          <ha_acls />
2367 
          <ha_certificates />
2368 
          <clientcert_ca />
2369 
          <clientcert_crl />
2370 
          <a_extaddr>
2371 
            <item>
2372 
              <extaddr>wan_ipv4</extaddr>
2373 
              <extaddr_custom />
2374 
              <extaddr_port>443</extaddr_port>
2375 
              <extaddr_ssl>yes</extaddr_ssl>
2376 
              <extaddr_advanced />
2377 
              <_index />
2378 
            </item>
2379 
          </a_extaddr>
2380 
          <a_actionitems />
2381 
          <a_errorfiles />
2382 
          <ssloffloadacl_an />
2383 
          <ssloffloadacladditional_an />
2384 
        </item>
2385 
      </ha_backends>
2386 
      <configversion>00.32</configversion>
2387 
      <ha_pools>
2388 
        <item />
2389 
      </ha_pools>
2390 
      <maxconn>1000</maxconn>
2391 
      <enablesync />
2392 
      <remotesyslog>/var/run/log</remotesyslog>
2393 
      <logfacility>local0</logfacility>
2394 
      <loglevel>info</loglevel>
2395 
      <localstatsport>2200</localstatsport>
2396 
      <localstats_refreshtime>10</localstats_refreshtime>
2397 
      <localstats_sticktable_refreshtime>10</localstats_sticktable_refreshtime>
2398 
      <log-send-hostname />
2399 
      <ssldefaultdhparam>2048</ssldefaultdhparam>
2400 
      <email_mailers>
2401 
        <items />
2402 
      </email_mailers>
2403 
      <dns_resolvers />
2404 
      <files>
2405 
        <item />
2406 
      </files>
2407 
      <nbproc />
2408 
      <email_level />
2409 
      <email_myhostname />
2410 
      <email_from />
2411 
      <email_to />
2412 
      <resolver_retries />
2413 
      <resolver_timeoutretry />
2414 
      <resolver_holdvalid />
2415 
    </haproxy>
2416 
  </installedpackages>
2417 
  <ntpd>
2418 
    <statsgraph>yes</statsgraph>
2419 
    <gps>
2420 
      <type>Default</type>
2421 
    </gps>
2422 
    <logpeer>yes</logpeer>
2423 
    <logsys>yes</logsys>
2424 
    <prefer>clock.fmt.he.net </prefer>
2425 
    <clockstats>yes</clockstats>
2426 
    <loopstats>yes</loopstats>
2427 
    <peerstats>yes</peerstats>
2428 
  </ntpd>
2429 
  <vlans>
2430 
    <vlan>
2431 
      <if>hme0</if>
2432 
      <tag>8</tag>
2433 
      <descr><![CDATA[Mitel VoIP VLAN]]></descr>
2434 
      <vlanif>hme0_vlan8</vlanif>
2435 
    </vlan>
2436 
    <vlan>
2437 
      <if>bge0</if>
2438 
      <tag>158</tag>
2439 
      <descr><![CDATA[new LAN]]></descr>
2440 
      <vlanif>bge0_vlan158</vlanif>
2441 
    </vlan>
2442 
    <vlan>
2443 
      <if>bge0</if>
2444 
      <tag>156</tag>
2445 
      <descr><![CDATA[DMZ1]]></descr>
2446 
      <vlanif>bge0_vlan156</vlanif>
2447 
    </vlan>
2448 
  </vlans>
2449 
  <virtualip>
2450 
    <vip>
2451 
      <mode>carp</mode>
2452 
      <interface>lan</interface>
2453 
      <vhid>1</vhid>
2454 
      <advskew>0</advskew>
2455 
      <advbase>1</advbase>
2456 
      <password>asdf</password>
2457 
      <descr><![CDATA[old switch1 IP address]]></descr>
2458 
      <type>single</type>
2459 
      <subnet_bits>24</subnet_bits>
2460 
      <subnet>192.168.100.254</subnet>
2461 
      <uniqid>570e65f92fe6d</uniqid>
2462 
    </vip>
2463 
    <vip>
2464 
      <mode>ipalias</mode>
2465 
      <interface>opt1</interface>
2466 
      <uniqid>572d0132ad85e</uniqid>
2467 
      <descr><![CDATA[fake DC1 for sandbox]]></descr>
2468 
      <type>single</type>
2469 
      <subnet_bits>32</subnet_bits>
2470 
      <subnet>192.168.101.10</subnet>
2471 
    </vip>
2472 
    <vip>
2473 
      <mode>ipalias</mode>
2474 
      <interface>opt1</interface>
2475 
      <uniqid>572d0154590df</uniqid>
2476 
      <descr><![CDATA[fake DC2 for sandbox]]></descr>
2477 
      <type>single</type>
2478 
      <subnet_bits>32</subnet_bits>
2479 
      <subnet>192.168.101.20</subnet>
2480 
    </vip>
2481 
  </virtualip>
2482 
  <hasync>
2483 
    <pfsyncpeerip />
2484 
    <pfsyncinterface>lan</pfsyncinterface>
2485 
    <synchronizetoip />
2486 
    <username />
2487 
    <password />
2488 
  </hasync>
2489 
  <dhcrelay />
2490 
  <dhcrelay6 />
2491 
  <ca>
2492 
    <refid>5540ed69a904b</refid>
2493 
    <descr><![CDATA[Avant-OpenVPN-CA]]></descr>
2494 
    <crt></crt>
2495 
    <prv></prv>
2496 
    <serial>2</serial>
2497 
  </ca>
2498 
  <ca>
2499 
    <refid>557b8b583c276</refid>
2500 
    <descr><![CDATA[StartSSL Root]]></descr>
2501 
    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlIeVRDQ0JiR2dBd0lCQWdJQkFUQU5CZ2txaGtpRzl3MEJBUVVGQURCOU1Rc3dDUVlEVlFRR0V3SkpUREVXDQpNQlFHQTFVRUNoTU5VM1JoY25SRGIyMGdUSFJrTGpFck1Da0dBMVVFQ3hNaVUyVmpkWEpsSUVScFoybDBZV3dnDQpRMlZ5ZEdsbWFXTmhkR1VnVTJsbmJtbHVaekVwTUNjR0ExVUVBeE1nVTNSaGNuUkRiMjBnUTJWeWRHbG1hV05oDQpkR2x2YmlCQmRYUm9iM0pwZEhrd0hoY05NRFl3T1RFM01UazBOak0yV2hjTk16WXdPVEUzTVRrME5qTTJXakI5DQpNUXN3Q1FZRFZRUUdFd0pKVERFV01CUUdBMVVFQ2hNTlUzUmhjblJEYjIwZ1RIUmtMakVyTUNrR0ExVUVDeE1pDQpVMlZqZFhKbElFUnBaMmwwWVd3Z1EyVnlkR2xtYVdOaGRHVWdVMmxuYm1sdVp6RXBNQ2NHQTFVRUF4TWdVM1JoDQpjblJEYjIwZ1EyVnlkR2xtYVdOaGRHbHZiaUJCZFhSb2IzSnBkSGt3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBDQpBNElDRHdBd2dnSUtBb0lDQVFEQmlOc0p2R3hHZkhpZmxYdTFNNUR5Y21MV3dUWWdJaVJlenVsMzhrTUtvZ1prDQpwTXlPTnZnNDVpUHdibTJ4UE4xeW80VWNvZE05dERNcjB5K3YvdXF3UVZsbnRzUUdmUXFlZElYV2VVeUFOM3JmDQpPUVZTV2ZmMEcwWkRwTktGaGRMRGNmTjFZalM2TElwL0hvL3U3VFRRRWNlV3pWSTl1alBXM1UzZUN6dEtTNS9DDQpKaS82dFJZY2NqVjN5anhkNXNyaEpvc2FOblpjQWR0MEZDWCs3YldnaUEvZGVNb3RId2VYTUFFdGNubjZSdFlUDQpLcWk1cHF1RFNSM2w4dS9kNUFHT0dBcVBZMU1XaFdLcERoazZ6TFZtcHNKcmRBZmtLK0YyUHJSdDJQWkU0WE5pDQpIenZFdnFCVFZpVnNVUW4zcXF2S3YzYjliWnZ6bmR1L1BXYThERmFxcjVoSWxUcEwzNmRZVU5rNGRhbGI2a01NDQpBditaNitoc1RYQmJLV1djM2FwZHpLOEJNZXdNNjlLTjZPcWNlK1p1OXlkbURCcEkxMjVDNHovZUlUNTc0UTF3DQorMk9xcUd3YVZMUmNKWHJKb3NtTEZxYTdMSDRYWGdWTldHNFNIUUh1RWhBTnhqSi9HUC84OVByTmJwSG9Oa20rDQpHa2hwaThLV1RSb1NzbWtYd1FxUTF2cDVJa2kvdW50cCtIREgrbm8zMk5nTjBuWlBWLytRdCtPUjB0M3Z3bUMzDQpaenJkL3FxYzhOU0xmM0lpenNhZmw3YjRyNHFnRUtqWit4akd0clZjVWp5SnRoa3Fjd0VLRHdPekVtRHllaStCDQoyNk51L3lZd2wvV0wzWWxYdHEwOXM2OHJ4YmQyQXZDbDFpdWFoaFFxY3Ziak00eGRDVXNUMzd1TWRCTlNTd0lEDQpBUUFCbzRJQ1VqQ0NBazR3REFZRFZSMFRCQVV3QXdFQi96QUxCZ05WSFE4RUJBTUNBYTR3SFFZRFZSME9CQllFDQpGRTRMN3hxa1FGdWxGMm1ITU1vMGFFUFFRYTd5TUdRR0ExVWRId1JkTUZzd0xLQXFvQ2lHSm1oMGRIQTZMeTlqDQpaWEowTG5OMFlYSjBZMjl0TG05eVp5OXpabk5qWVMxamNtd3VZM0pzTUN1Z0thQW5oaVZvZEhSd09pOHZZM0pzDQpMbk4wWVhKMFkyOXRMbTl5Wnk5elpuTmpZUzFqY213dVkzSnNNSUlCWFFZRFZSMGdCSUlCVkRDQ0FWQXdnZ0ZNDQpCZ3NyQmdFRUFZRzFOd0VCQVRDQ0FUc3dMd1lJS3dZQkJRVUhBZ0VXSTJoMGRIQTZMeTlqWlhKMExuTjBZWEowDQpZMjl0TG05eVp5OXdiMnhwWTNrdWNHUm1NRFVHQ0NzR0FRVUZCd0lCRmlsb2RIUndPaTh2WTJWeWRDNXpkR0Z5DQpkR052YlM1dmNtY3ZhVzUwWlhKdFpXUnBZWFJsTG5Ca1pqQ0IwQVlJS3dZQkJRVUhBZ0l3Z2NNd0p4WWdVM1JoDQpjblFnUTI5dGJXVnlZMmxoYkNBb1UzUmhjblJEYjIwcElFeDBaQzR3QXdJQkFScUJsMHhwYldsMFpXUWdUR2xoDQpZbWxzYVhSNUxDQnlaV0ZrSUhSb1pTQnpaV04wYVc5dUlDcE1aV2RoYkNCTWFXMXBkR0YwYVc5dWN5b2diMllnDQpkR2hsSUZOMFlYSjBRMjl0SUVObGNuUnBabWxqWVhScGIyNGdRWFYwYUc5eWFYUjVJRkJ2YkdsamVTQmhkbUZwDQpiR0ZpYkdVZ1lYUWdhSFIwY0RvdkwyTmxjblF1YzNSaGNuUmpiMjB1YjNKbkwzQnZiR2xqZVM1d1pHWXdFUVlKDQpZSVpJQVliNFFnRUJCQVFEQWdBSE1EZ0dDV0NHU0FHRytFSUJEUVFyRmlsVGRHRnlkRU52YlNCR2NtVmxJRk5UDQpUQ0JEWlhKMGFXWnBZMkYwYVc5dUlFRjFkR2h2Y21sMGVUQU5CZ2txaGtpRzl3MEJBUVVGQUFPQ0FnRUFGbXlaDQo5R1lNTlBYUWhWNTlDdXphRUU0NEhGN2ZwaVVGUzVFeXdlZzc4VDNkUkFsYkIwbUtLY3RtQXJleG12Y2xtQWs4DQpqaHZoM1RhSEswdTdhTk01WmoyZ0pzZnlPWkVkVWF1Q2UzN1Z6bHJrNGdOWGNHbVhDUGxlV0tZSzM0d0dta1VXDQpGamdLWGxmMllzZDZBZ1htdkI2MThwNzBxU21EK0xJVTQyNG9oMFREa0JyZU9LazhyRU5OWkVYTzNTaXBYUEp6DQpld1Q0RitpcnNmTXVYR1J1Y3pFNkVyaThzeEhrZlkrQlVabzdqWW4wVFpObWV6d0Q3ZE9hSFpyelpWRDFvTkIxDQpueSt2OE9xQ1E1ajRhWnlKZWNSRGprWnk0MlEyRXEvM0pSNDRpWkIzZnNOcmFybkR5MFJMckhpUWkrZkhMQjVMDQpFVVRJTkZJbnpRcGRuNFhCaWRVYWVQS1ZFRk15M1lDRVpuWFp0V2dvKzJFdXZvU29PTUNaRW9hbEhtZGtyUVl1DQpMNmx3aGNlV0QzeUpaZldPUTFRT3E5MmxnRG1VWU1BMHlaWndMS01TOVI5SWU3MGNmbXUzblpEMElqdXUrUHdxDQp5dnFDVXFEdnIwdFZrK3ZCdGZBaWk2dzBUaVlpQktHSExIVkt0K1Y5RTllNERHVEFOdExKTDRZU2pDTUp3UnVDDQpPM05KbzJwWGg1VGwxbmpGbVVOajQwM2dkeTNoWlpseWFRUWFSd25tRHdGV0pQc2Z2dzU1cVZndXVjUUpBWDZWDQp1bTBBQmo2eTZrb1FPZGpRSy9XLzdIVy9sd0xGQ1JzSTNGVTM0b0g3TjRSRFlpREs1MVpMWmVyK2JNRWtreVNoDQpOT3NGLzVvaXJwdDlQL0ZsVVFxbU1HcXo5SWdjZ0EzOGNvcm9nMTQ9DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo=</crt>
2502 
  </ca>
2503 
  <ca>
2504 
    <refid>557b8b98e24da</refid>
2505 
    <descr><![CDATA[StartSSL Intermediate]]></descr>
2506 
    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGMlRDQ0E4R2dBd0lCQWdJSEhLczJSeTJjVVRBTkJna3Foa2lHOXcwQkFRc0ZBREI5TVFzd0NRWURWUVFHDQpFd0pKVERFV01CUUdBMVVFQ2hNTlUzUmhjblJEYjIwZ1RIUmtMakVyTUNrR0ExVUVDeE1pVTJWamRYSmxJRVJwDQpaMmwwWVd3Z1EyVnlkR2xtYVdOaGRHVWdVMmxuYm1sdVp6RXBNQ2NHQTFVRUF4TWdVM1JoY25SRGIyMGdRMlZ5DQpkR2xtYVdOaGRHbHZiaUJCZFhSb2IzSnBkSGt3SGhjTk1EY3hNREUwTWpBMU56QTVXaGNOTWpJeE1ERTBNakExDQpOekE1V2pDQmpERUxNQWtHQTFVRUJoTUNTVXd4RmpBVUJnTlZCQW9URFZOMFlYSjBRMjl0SUV4MFpDNHhLekFwDQpCZ05WQkFzVElsTmxZM1Z5WlNCRWFXZHBkR0ZzSUVObGNuUnBabWxqWVhSbElGTnBaMjVwYm1jeE9EQTJCZ05WDQpCQU1UTDFOMFlYSjBRMjl0SUVOc1lYTnpJRElnVUhKcGJXRnllU0JKYm5SbGNtMWxaR2xoZEdVZ1UyVnlkbVZ5DQpJRU5CTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE0azg1TDZHTW1vV3RDQTRJDQpQbGZ5aUFFaEc1U3BiT0s0MjZvWkdFWTZVcUgxRC9SdWpPcVdqSmFIZVJOQVVTOGk4Z3lMaHc5bDMzRjBORU5WDQpzVFVKbTltOEgvcnJRdENYUUhLM1E1WTl1cGFkWFZBQ0hKdVJqWnpBck5lN0x4Zlh5ejZDblhQckIwS1NzczFrDQpzM1JWRzdSTGhpRXM5M2lITXVBVzVOcTlUSlhxcEFwK3Rnb05Mb3JQVmF2RDVkMUJpazdtYjJWc3NrRFBGMTI1DQp3Mm9MSnhHRWQySDJ3bnp0d0kxNEZCaVpnWmwxWTdmb1U5TzZZZWtPK3FJdzgwYWl1Y2tmYklCYVFLd243VWhIDQpNN0JVeGtZYTh6Vmh3UUlwa0ZSK1pFM0VNRklDZ3RmZnppRnVHSkhYdUt1TUp4ZTE4S01CTDQ3U0xvYzZQYlFwDQpaNHJFQXdJREFRQUJvNElCVERDQ0FVZ3dFZ1lEVlIwVEFRSC9CQWd3QmdFQi93SUJBREFPQmdOVkhROEJBZjhFDQpCQU1DQVFZd0hRWURWUjBPQkJZRUZCSGJJMFg5Vk14cWNXK0VpZ1BYdnZjQkx5YUdNQjhHQTFVZEl3UVlNQmFBDQpGRTRMN3hxa1FGdWxGMm1ITU1vMGFFUFFRYTd5TUdrR0NDc0dBUVVGQndFQkJGMHdXekFuQmdnckJnRUZCUWN3DQpBWVliYUhSMGNEb3ZMMjlqYzNBdWMzUmhjblJ6YzJ3dVkyOXRMMk5oTURBR0NDc0dBUVVGQnpBQ2hpUm9kSFJ3DQpPaTh2WVdsaExuTjBZWEowYzNOc0xtTnZiUzlqWlhKMGN5OWpZUzVqY25Rd01nWURWUjBmQkNzd0tUQW5vQ1dnDQpJNFloYUhSMGNEb3ZMMk55YkM1emRHRnlkSE56YkM1amIyMHZjMlp6WTJFdVkzSnNNRU1HQTFVZElBUThNRG93DQpPQVlFVlIwZ0FEQXdNQzRHQ0NzR0FRVUZCd0lCRmlKb2RIUndPaTh2ZDNkM0xuTjBZWEowYzNOc0xtTnZiUzl3DQpiMnhwWTNrdWNHUm1NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUJTeWIzenZjdjU2NkxFTXNxR2N2elB2NmN3DQp0ZjJSOTlXQjRTRUVyUUJNLyttTEo5ci84aVROL0I4UGY5TFI1WUdTSTNnVzdtc0RMcDBBU0UrdWdtVXVoMi91DQphZ2RmUzFadTk1WkdRZWJkL2tXNVlpcWFpbmJwcmIzV2M3TzhNU3ZRTE5Wc2E3eHFPaVdIcWFpbERkZUY4V3hzDQpCUTcwd1dqTHV5cUJXS1UrbWNTZjl4K0VqcUI2MFUzYnVBR2NEWUUweW9MK0kySk5QMjJrVXNCTVh2SnBTTEh5DQozNnhFWkdtd1JpbkhyZkR5d0oxb0k0cW9aM0VpRjc3T2lYcDJ2bFJzazF5TDhCcHVydTJPcnNJRnJoTlg1cm5uDQpjTWd6dUo3OVNqRGptTlFUYSs1T3VlYnMzODdxb0o1MmFwZXE2dDgwUlVMMTJrM1doM1p0Lzg1cGhucUJYOXV5DQpUODZ3NEdkZ09VU3dSUkNGWlpjU2VkL1VsOWg0SVF5RW1NNjdUMnNQR2RxRmFaRkJiQmNjeHJuMkZLN3lvWUI2DQo0dW1WN3lLS3pQODQyL3doVnV5QS9XMmloWkVwQStxckE3MHNZRVNDQURYbkZHeDJPMENEVmRWYzM4Y29vMW5WDQppWGcrRCtBRy9kVlhpaVFjcDJJNEhZV1RTL21UZi9ORSttT1ludTBtaVozMi92aERiQ1gvQi9rU1BKNFJzTk9BDQo3dXlyT3d5a2NnT1NGRGJwdnVhS09wR0xyUXdHcUxPRGdtK3A5VFk1Z2lNTWp1cjlYSDdUUzF3ejAyZEl6MDd1DQp5Mk53WVdkVjY3dmNuQXQ2UXhSSVNhcDVSYmFQdml5UVp4ejRuRmFTbFRBd0hvUGFXMXl1VlMxMXRtc1JPTWxSDQpSTnZiYUF4SVU0VTY3WWFaU3c9PQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0K</crt>
2507 
    <caref>557b8b583c276</caref>
2508 
  </ca>
2509 
  <crl>
2510 
    <refid>5540ed9583c81</refid>
2511 
    <descr><![CDATA[Avant-OpenVPN-CRL]]></descr>
2512 
    <caref>5540ed69a904b</caref>
2513 
    <method>internal</method>
2514 
    <serial>9999</serial>
2515 
    <lifetime>9999</lifetime>
2516 
  </crl>
2517 
  <gifs>
2518 
    <gif>
2519 
      <ipaddr />
2520 
      <if>wan</if>
2521 
      <tunnel-local-addr>2001:470:1f10:103d::2</tunnel-local-addr>
2522 
      <tunnel-remote-addr>2001:470:1f10:103d::1</tunnel-remote-addr>
2523 
      <tunnel-remote-net>64</tunnel-remote-net>
2524 
      <remote-addr>184.105.253.14</remote-addr>
2525 
      <descr><![CDATA[HE tunnel]]></descr>
2526 
      <gifif>gif0</gifif>
2527 
    </gif>
2528 
  </gifs>
2529 
  <igmpproxy>
2530 
    <igmpentry>
2531 
      <ifname>wan</ifname>
2532 
      <threshold />
2533 
      <type>upstream</type>
2534 
      <address />
2535 
      <descr />
2536 
    </igmpentry>
2537 
    <igmpentry>
2538 
      <ifname>opt3</ifname>
2539 
      <threshold />
2540 
      <type>downstream</type>
2541 
      <address>192.168.158.0/24</address>
2542 
      <descr />
2543 
    </igmpentry>
2544 
    <igmpentry>
2545 
      <ifname>lan</ifname>
2546 
      <threshold />
2547 
      <type>downstream</type>
2548 
      <address>192.168.100.0/24</address>
2549 
      <descr />
2550 
    </igmpentry>
2551 
  </igmpproxy>
2552 
  <ovpnserver>
2553 
    <step1>
2554 
      <type>local</type>
2555 
    </step1>
2556 
    <step6>
2557 
      <authcertca>5540ed69a904b</authcertca>
2558 
    </step6>
2559 
    <step9>
2560 
      <authcertname>5540ef186ee99</authcertname>
2561 
    </step9>
2562 
    <step10>
2563 
      <protocol>UDP</protocol>
2564 
      <localport>1194</localport>
2565 
      <gentlskey>on</gentlskey>
2566 
      <dhkey>2048</dhkey>
2567 
      <crypto>AES-256-CBC</crypto>
2568 
      <digest>SHA1</digest>
2569 
      <engine>cryptodev</engine>
2570 
      <dynip>on</dynip>
2571 
      <addrpool>on</addrpool>
2572 
      <nbttype>8</nbttype>
2573 
      <interface>wan</interface>
2574 
      <tlsauth>on</tlsauth>
2575 
      <tunnelnet>192.168.99.0/24</tunnelnet>
2576 
      <localnet>192.168.100.0/24</localnet>
2577 
      <defaultdomain>asg.local</defaultdomain>
2578 
      <dns1>192.168.100.50</dns1>
2579 
      <dns2>192.168.100.52</dns2>
2580 
      <ntp1>192.168.100.1</ntp1>
2581 
      <nbtenable>on</nbtenable>
2582 
      <wins1>192.168.100.50</wins1>
2583 
      <wins2>192.168.100.52</wins2>
2584 
    </step10>
2585 
    <step11>
2586 
      <ovpnrule>on</ovpnrule>
2587 
      <ovpnallow>on</ovpnallow>
2588 
    </step11>
2589 
  </ovpnserver>
2590 
  <ezshaper>
2591 
    <step1>
2592 
      <numberofconnections>1</numberofconnections>
2593 
      <numberoflocalinterfaces>4</numberoflocalinterfaces>
2594 
    </step1>
2595 
    <step2>
2596 
      <local0downloadscheduler>HFSC</local0downloadscheduler>
2597 
      <local0interface>lan</local0interface>
2598 
      <local1downloadscheduler>HFSC</local1downloadscheduler>
2599 
      <local1interface>opt1</local1interface>
2600 
      <local2downloadscheduler>HFSC</local2downloadscheduler>
2601 
      <local2interface>opt2</local2interface>
2602 
      <local3downloadscheduler>HFSC</local3downloadscheduler>
2603 
      <local3interface>opt3</local3interface>
2604 
      <conn0uploadscheduler>HFSC</conn0uploadscheduler>
2605 
      <conn0upload>1.9</conn0upload>
2606 
      <conn0uploadspeed>Mb</conn0uploadspeed>
2607 
      <conn0download>25</conn0download>
2608 
      <conn0downloadspeed>Mb</conn0downloadspeed>
2609 
      <conn0interface>wan</conn0interface>
2610 
    </step2>
2611 
    <step3>
2612 
      <local0download>1</local0download>
2613 
      <local0downloadspeed>Mb</local0downloadspeed>
2614 
      <local1download>1</local1download>
2615 
      <local1downloadspeed>Mb</local1downloadspeed>
2616 
      <local2download>1</local2download>
2617 
      <local2downloadspeed>Mb</local2downloadspeed>
2618 
      <local3download>1</local3download>
2619 
      <local3downloadspeed>Mb</local3downloadspeed>
2620 
      <conn0upload>1</conn0upload>
2621 
      <conn0uploadspeed>Mb</conn0uploadspeed>
2622 
    </step3>
2623 
    <step5 />
2624 
    <step7 />
2625 
  </ezshaper>
2626 
  <dyndnses />
2627 
</pfsense>
(1-1/2)