Project

General

Profile

config.xml

Doktor Notor, 03/05/2014 09:22 AM

 
1
<?xml version="1.0"?>
2
<pfsense>
3
        <version>10.1</version>
4
        <lastchange/>
5
        <theme>pfsense_ng</theme>
6
        <sysctl>
7
                <item>
8
                        <descr><![CDATA[Enable mounting the FS read only with more checks.]]></descr>
9
                        <tunable>vfs.forcesync</tunable>
10
                        <value>default</value>
11
                </item>
12
                <item>
13
                        <tunable>debug.pfftpproxy</tunable>
14
                        <value>default</value>
15
                        <descr><![CDATA[Disable the pf ftp proxy handler.]]></descr>
16
                </item>
17
                <item>
18
                        <descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr>
19
                        <tunable>vfs.read_max</tunable>
20
                        <value>default</value>
21
                </item>
22
                <item>
23
                        <descr><![CDATA[Set the ephemeral port range to be lower.]]></descr>
24
                        <tunable>net.inet.ip.portrange.first</tunable>
25
                        <value>default</value>
26
                </item>
27
                <item>
28
                        <descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr>
29
                        <tunable>net.inet.tcp.blackhole</tunable>
30
                        <value>default</value>
31
                </item>
32
                <item>
33
                        <descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr>
34
                        <tunable>net.inet.udp.blackhole</tunable>
35
                        <value>default</value>
36
                </item>
37
                <item>
38
                        <descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr>
39
                        <tunable>net.inet.ip.random_id</tunable>
40
                        <value>default</value>
41
                </item>
42
                <item>
43
                        <descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>
44
                        <tunable>net.inet.tcp.drop_synfin</tunable>
45
                        <value>default</value>
46
                </item>
47
                <item>
48
                        <descr><![CDATA[Enable sending IPv4 redirects]]></descr>
49
                        <tunable>net.inet.ip.redirect</tunable>
50
                        <value>default</value>
51
                </item>
52
                <item>
53
                        <descr><![CDATA[Enable sending IPv6 redirects]]></descr>
54
                        <tunable>net.inet6.ip6.redirect</tunable>
55
                        <value>default</value>
56
                </item>
57
                <item>
58
                        <descr><![CDATA[Enable privacy settings for IPv6 (RFC 4941)]]></descr>
59
                        <tunable>net.inet6.ip6.use_tempaddr</tunable>
60
                        <value>default</value>
61
                </item>
62
                <item>
63
                        <descr><![CDATA[Prefer privacy addresses and use them over the normal addresses]]></descr>
64
                        <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
65
                        <value>default</value>
66
                </item>
67
                <item>
68
                        <descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
69
                        <tunable>net.inet.tcp.syncookies</tunable>
70
                        <value>default</value>
71
                </item>
72
                <item>
73
                        <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
74
                        <tunable>net.inet.tcp.recvspace</tunable>
75
                        <value>default</value>
76
                </item>
77
                <item>
78
                        <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
79
                        <tunable>net.inet.tcp.sendspace</tunable>
80
                        <value>default</value>
81
                </item>
82
                <item>
83
                        <descr><![CDATA[IP Fastforwarding]]></descr>
84
                        <tunable>net.inet.ip.fastforwarding</tunable>
85
                        <value>default</value>
86
                </item>
87
                <item>
88
                        <descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
89
                        <tunable>net.inet.tcp.delayed_ack</tunable>
90
                        <value>default</value>
91
                </item>
92
                <item>
93
                        <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
94
                        <tunable>net.inet.udp.maxdgram</tunable>
95
                        <value>default</value>
96
                </item>
97
                <item>
98
                        <descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
99
                        <tunable>net.link.bridge.pfil_onlyip</tunable>
100
                        <value>default</value>
101
                </item>
102
                <item>
103
                        <descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr>
104
                        <tunable>net.link.bridge.pfil_member</tunable>
105
                        <value>default</value>
106
                </item>
107
                <item>
108
                        <descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr>
109
                        <tunable>net.link.bridge.pfil_bridge</tunable>
110
                        <value>default</value>
111
                </item>
112
                <item>
113
                        <descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr>
114
                        <tunable>net.link.tap.user_open</tunable>
115
                        <value>default</value>
116
                </item>
117
                <item>
118
                        <descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr>
119
                        <tunable>kern.randompid</tunable>
120
                        <value>default</value>
121
                </item>
122
                <item>
123
                        <descr><![CDATA[Maximum size of the IP input queue]]></descr>
124
                        <tunable>net.inet.ip.intr_queue_maxlen</tunable>
125
                        <value>default</value>
126
                </item>
127
                <item>
128
                        <descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr>
129
                        <tunable>hw.syscons.kbd_reboot</tunable>
130
                        <value>default</value>
131
                </item>
132
                <item>
133
                        <descr><![CDATA[Enable TCP Inflight mode]]></descr>
134
                        <tunable>net.inet.tcp.inflight.enable</tunable>
135
                        <value>default</value>
136
                </item>
137
                <item>
138
                        <descr><![CDATA[Enable TCP extended debugging]]></descr>
139
                        <tunable>net.inet.tcp.log_debug</tunable>
140
                        <value>default</value>
141
                </item>
142
                <item>
143
                        <descr><![CDATA[Set ICMP Limits]]></descr>
144
                        <tunable>net.inet.icmp.icmplim</tunable>
145
                        <value>default</value>
146
                </item>
147
                <item>
148
                        <descr><![CDATA[TCP Offload Engine]]></descr>
149
                        <tunable>net.inet.tcp.tso</tunable>
150
                        <value>default</value>
151
                </item>
152
                <item>
153
                        <descr><![CDATA[UDP Checksums]]></descr>
154
                        <tunable>net.inet.udp.checksum</tunable>
155
                        <value>default</value>
156
                </item>
157
                <item>
158
                        <descr><![CDATA[Maximum socket buffer size]]></descr>
159
                        <tunable>kern.ipc.maxsockbuf</tunable>
160
                        <value>default</value>
161
                </item>
162
        </sysctl>
163
        <system>
164
                <optimization>normal</optimization>
165
                <hostname>gw</hostname>
166
                <domain>testdomain.local</domain>
167
                <timezone>Europe/Prague</timezone>
168
                <time-update-interval/>
169
                <timeservers>192.168.0.151</timeservers>
170
                <webgui>
171
                        <protocol>https</protocol>
172
                        <ssl-certref>5228d97bef5af</ssl-certref>
173
                        <port/>
174
                        <max_procs>2</max_procs>
175
                        <disablehttpredirect/>
176
                        <nodnsrebindcheck/>
177
                        <beast_protection/>
178
                        <noautocomplete/>
179
                        <authmode>Active Directory</authmode>
180
                        <backend/>
181
                        <althostnames></althostnames>
182
                </webgui>
183
                <disablesegmentationoffloading/>
184
                <disablelargereceiveoffloading/>
185
                <ipv6allow/>
186
                <powerd_ac_mode>hadp</powerd_ac_mode>
187
                <powerd_battery_mode>hadp</powerd_battery_mode>
188
                <bogons>
189
                        <interval>daily</interval>
190
                </bogons>
191
                <ssh>
192
                        <sshdkeyonly>enabled</sshdkeyonly>
193
                </ssh>
194
                <enableserial/>
195
                <serialspeed>115200</serialspeed>
196
                <enablesshd>enabled</enablesshd>
197
                <sshdkeyonly/>
198
                <maximumstates/>
199
                <aliasesresolveinterval/>
200
                <maximumtables/>
201
                <maximumtableentries>500000</maximumtableentries>
202
                <enablenatreflectionpurenat>yes</enablenatreflectionpurenat>
203
                <enablebinatreflection>yes</enablebinatreflection>
204
                <enablenatreflectionhelper>yes</enablenatreflectionhelper>
205
                <reflectiontimeout/>
206
                <gitsync>
207
                        <repositoryurl>git://github.com/pfsense/pfsense.git</repositoryurl>
208
                        <branch>RELENG_2_1</branch>
209
                        <synconupgrade/>
210
                </gitsync>
211
                <language>en_US</language>
212
                <dns1gw>none</dns1gw>
213
                <dns2gw>none</dns2gw>
214
                <dns3gw>none</dns3gw>
215
                <dns4gw>none</dns4gw>
216
                <authserver>
217
                </authserver>
218
                <use_mfs_tmp_size/>
219
                <use_mfs_var_size/>
220
                <kill_states/>
221
                <dnsserver>127.0.0.1</dnsserver>
222
                <dnsserver>192.168.0.151</dnsserver>
223
                <dnsserver>192.168.0.150</dnsserver>
224
                <firmware>
225
                        <allowinvalidsig/>
226
                        <disablecheck/>
227
                        <alturl>
228
                                <enable/>
229
                                <firmwareurl>http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/i386/pfSense_RELENG_2_1/.updaters/</firmwareurl>
230
                        </alturl>
231
                </firmware>
232
                <earlyshellcmd>/usr/local/bin/php -f /usr/local/bin/apply_patches.php</earlyshellcmd>
233
        </system>
234
        <interfaces>
235
                <wan>
236
                        <if>pppoe0</if>
237
                        <descr><![CDATA[WAN]]></descr>
238
                        <blockbogons/>
239
                        <spoofmac/>
240
                        <enable/>
241
                        <ipaddr>pppoe</ipaddr>
242
                        <blockpriv/>
243
                </wan>
244
                <lan>
245
                        <enable/>
246
                        <if>nfe0</if>
247
                        <descr><![CDATA[LAN]]></descr>
248
                        <spoofmac/>
249
                        <ipaddr>192.168.0.254</ipaddr>
250
                        <subnet>24</subnet>
251
                        <ipaddrv6>2001:470:xxx:xxx:192:168::254</ipaddrv6>
252
                        <subnetv6>64</subnetv6>
253
                </lan>
254
                <opt2>
255
                        <descr><![CDATA[HEIPv6]]></descr>
256
                        <if>gif0</if>
257
                        <enable/>
258
                        <spoofmac/>
259
                        <mtu>1452</mtu>
260
                        <blockbogons/>
261
                        <blockpriv/>
262
                </opt2>
263
                <opt3>
264
                        <descr><![CDATA[ModemAccess]]></descr>
265
                        <if>rl0</if>
266
                        <spoofmac/>
267
                        <enable/>
268
                        <ipaddr>192.168.255.254</ipaddr>
269
                        <subnet>24</subnet>
270
                        <gateway>ModemAccessGW</gateway>
271
                </opt3>
272
        </interfaces>
273
        <staticroutes/>
274
        <dhcpd>
275
                <lan>
276
                        <range>
277
                                <from>192.168.0.10</from>
278
                                <to>192.168.0.245</to>
279
                        </range>
280
                </lan>
281
        </dhcpd>
282
        <pptpd>
283
                <mode/>
284
                <redir/>
285
                <localip/>
286
                <remoteip/>
287
        </pptpd>
288
        <dnsmasq>
289
        </dnsmasq>
290
        <snmpd>
291
        </snmpd>
292
        <diag>
293
                <ipv6nat>
294
                        <ipaddr/>
295
                </ipv6nat>
296
        </diag>
297
        <bridge/>
298
        <syslog>
299
                <reverse/>
300
                <nentries>200</nentries>
301
                <filterdescriptions>1</filterdescriptions>
302
        </syslog>
303
        <nat>
304
                <ipsecpassthru>
305
                        <enable/>
306
                </ipsecpassthru>
307
                <advancedoutbound/>
308
        </nat>
309
        <filter>
310
                <rule>
311
                        <id/>
312
                        <type>pass</type>
313
                        <ipprotocol>inet46</ipprotocol>
314
                        <tag/>
315
                        <tagged/>
316
                        <direction>any</direction>
317
                        <floating>yes</floating>
318
                        <max/>
319
                        <max-src-nodes/>
320
                        <max-src-conn/>
321
                        <max-src-states/>
322
                        <statetimeout/>
323
                        <statetype>keep state</statetype>
324
                        <os/>
325
                        <protocol>icmp</protocol>
326
                        <source>
327
                                <any/>
328
                        </source>
329
                        <destination>
330
                                <any/>
331
                        </destination>
332
                        <descr><![CDATA[Allow IPv4/IPv6 ICMP packets]]></descr>
333
                </rule>
334
                
335
                <rule>
336
                        <id/>
337
                        <type>pass</type>
338
                        <interface>wan</interface>
339
                        <ipprotocol>inet46</ipprotocol>
340
                        <tag/>
341
                        <tagged/>
342
                        <max/>
343
                        <max-src-nodes/>
344
                        <max-src-conn/>
345
                        <max-src-states/>
346
                        <statetimeout/>
347
                        <statetype>keep state</statetype>
348
                        <os/>
349
                        <protocol>tcp</protocol>
350
                        <source>
351
                                <address>RAS</address>
352
                        </source>
353
                        <destination>
354
                                <network>wanip</network>
355
                                <port>ManagementPorts</port>
356
                        </destination>
357
                        <descr><![CDATA[Allow remote firewall management]]></descr>
358
                </rule>
359
                <rule>
360
                        <descr><![CDATA[OpenVPN testdomain OpenVPN wizard]]></descr>
361
                        <direction>in</direction>
362
                        <source>
363
                                <any/>
364
                        </source>
365
                        <destination>
366
                                <network>wanip</network>
367
                                <port>1194</port>
368
                        </destination>
369
                        <interface>wan</interface>
370
                        <protocol>udp</protocol>
371
                        <type>pass</type>
372
                        <enabled>on</enabled>
373
                </rule>
374
                <rule>
375
                        <type>pass</type>
376
                        <ipprotocol>inet</ipprotocol>
377
                        <descr><![CDATA[Default allow LAN to any rule]]></descr>
378
                        <interface>lan</interface>
379
                        <source>
380
                                <network>lan</network>
381
                        </source>
382
                        <destination>
383
                                <any/>
384
                        </destination>
385
                </rule>
386
                <rule>
387
                        <type>pass</type>
388
                        <ipprotocol>inet6</ipprotocol>
389
                        <descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>
390
                        <interface>lan</interface>
391
                        <source>
392
                                <network>lan</network>
393
                        </source>
394
                        <destination>
395
                                <any/>
396
                        </destination>
397
                </rule>
398
                <rule>
399
                        <id/>
400
                        <type>pass</type>
401
                        <interface>enc0</interface>
402
                        <ipprotocol>inet</ipprotocol>
403
                        <tag/>
404
                        <tagged/>
405
                        <max/>
406
                        <max-src-nodes/>
407
                        <max-src-conn/>
408
                        <max-src-states/>
409
                        <statetimeout/>
410
                        <statetype>keep state</statetype>
411
                        <os/>
412
                        <source>
413
                                <any/>
414
                        </source>
415
                        <destination>
416
                                <any/>
417
                        </destination>
418
                        <descr><![CDATA[Allow IPSec IPv4 to any rule]]></descr>
419
                </rule>
420
                <rule>
421
                        <id/>
422
                        <type>pass</type>
423
                        <interface>enc0</interface>
424
                        <ipprotocol>inet6</ipprotocol>
425
                        <tag/>
426
                        <tagged/>
427
                        <max/>
428
                        <max-src-nodes/>
429
                        <max-src-conn/>
430
                        <max-src-states/>
431
                        <statetimeout/>
432
                        <statetype>keep state</statetype>
433
                        <os/>
434
                        <source>
435
                                <any/>
436
                        </source>
437
                        <destination>
438
                                <any/>
439
                        </destination>
440
                        <descr><![CDATA[Allow IPSec IPv6 to any rule]]></descr>
441
                </rule>
442
                <rule>
443
                        <descr><![CDATA[OpenVPN testdomain OpenVPN wizard]]></descr>
444
                        <source>
445
                                <any/>
446
                        </source>
447
                        <destination>
448
                                <any/>
449
                        </destination>
450
                        <interface>openvpn</interface>
451
                        <type>pass</type>
452
                        <enabled>on</enabled>
453
                </rule>
454
                <rule>
455
                        <id/>
456
                        <type>pass</type>
457
                        <interface>openvpn</interface>
458
                        <ipprotocol>inet6</ipprotocol>
459
                        <tag/>
460
                        <tagged/>
461
                        <max/>
462
                        <max-src-nodes/>
463
                        <max-src-conn/>
464
                        <max-src-states/>
465
                        <statetimeout/>
466
                        <statetype>keep state</statetype>
467
                        <os/>
468
                        <source>
469
                                <any/>
470
                        </source>
471
                        <destination>
472
                                <any/>
473
                        </destination>
474
                        <descr><![CDATA[Allow OpenVPN IPv6 to any rule]]></descr>
475
                </rule>
476
                <rule>
477
                        <id/>
478
                        <type>pass</type>
479
                        <interface>opt2</interface>
480
                        <ipprotocol>inet46</ipprotocol>
481
                        <tag/>
482
                        <tagged/>
483
                        <max/>
484
                        <max-src-nodes/>
485
                        <max-src-conn/>
486
                        <max-src-states/>
487
                        <statetimeout/>
488
                        <statetype>keep state</statetype>
489
                        <os/>
490
                        <protocol>tcp</protocol>
491
                        <source>
492
                                <address>RAS</address>
493
                        </source>
494
                        <destination>
495
                                <network>opt2ip</network>
496
                                <port>ManagementPorts</port>
497
                        </destination>
498
                        <descr><![CDATA[Allow remote firewall management]]></descr>
499
                </rule>
500
                <rule>
501
                        <id/>
502
                        <type>pass</type>
503
                        <interface>opt2</interface>
504
                        <ipprotocol>inet6</ipprotocol>
505
                        <tag/>
506
                        <tagged/>
507
                        <max/>
508
                        <max-src-nodes/>
509
                        <max-src-conn/>
510
                        <max-src-states/>
511
                        <statetimeout/>
512
                        <statetype>keep state</statetype>
513
                        <os/>
514
                        <protocol>udp</protocol>
515
                        <source>
516
                                <any/>
517
                        </source>
518
                        <destination>
519
                                <network>opt2ip</network>
520
                                <port>1194</port>
521
                        </destination>
522
                        <descr><![CDATA[OpenVPN testdomain]]></descr>
523
                </rule>
524
        </filter>
525
        <shaper>
526
        </shaper>
527
        <ipsec>
528
                <phase1>
529
                        <ikeid>1</ikeid>
530
                        <interface>wan</interface>
531
                        <remote-gateway>188.xx.xx.xx</remote-gateway>
532
                        <mode>main</mode>
533
                        <protocol>inet</protocol>
534
                        <myid_type>asn1dn</myid_type>
535
                        <myid_data/>
536
                        <peerid_type>asn1dn</peerid_type>
537
                        <peerid_data/>
538
                        <encryption-algorithm>
539
                                <name>aes</name>
540
                                <keylen>128</keylen>
541
                        </encryption-algorithm>
542
                        <hash-algorithm>sha1</hash-algorithm>
543
                        <dhgroup>2</dhgroup>
544
                        <lifetime>28800</lifetime>
545
                        <pre-shared-key/>
546
                        <private-key/>
547
                        <certref>52297a823fe8a</certref>
548
                        <caref>522978178c796</caref>
549
                        <authentication_method>rsasig</authentication_method>
550
                        <generate_policy/>
551
                        <proposal_check>strict</proposal_check>
552
                        <nat_traversal>on</nat_traversal>
553
                        <dpd_delay>10</dpd_delay>
554
                        <dpd_maxfail>5</dpd_maxfail>
555
                </phase1>
556
                <phase1>
557
                        <ikeid>2</ikeid>
558
                        <interface>wan</interface>
559
                        <mobile/>
560
                        <mode>aggressive</mode>
561
                        <protocol>inet</protocol>
562
                        <myid_type>myaddress</myid_type>
563
                        <myid_data/>
564
                        <peerid_type>user_fqdn</peerid_type>
565
                        <peerid_data>vpnusers@testdomain.local</peerid_data>
566
                        <encryption-algorithm>
567
                                <name>aes</name>
568
                                <keylen>128</keylen>
569
                        </encryption-algorithm>
570
                        <hash-algorithm>sha1</hash-algorithm>
571
                        <dhgroup>2</dhgroup>
572
                        <lifetime>86400</lifetime>
573
                        <pre-shared-key></pre-shared-key>
574
                        <private-key/>
575
                        <certref/>
576
                        <caref/>
577
                        <authentication_method>xauth_psk_server</authentication_method>
578
                        <generate_policy>unique</generate_policy>
579
                        <proposal_check>strict</proposal_check>
580
                        <nat_traversal>force</nat_traversal>
581
                        <dpd_delay>60</dpd_delay>
582
                        <dpd_maxfail>5</dpd_maxfail>
583
                </phase1>
584
                <client>
585
                        <enable/>
586
                        <user_source>Active Directory</user_source>
587
                        <group_source>system</group_source>
588
                        <pool_address>192.168.30.0</pool_address>
589
                        <pool_netbits>24</pool_netbits>
590
                        <net_list/>
591
                        <save_passwd/>
592
                        <dns_domain>testdomain.local</dns_domain>
593
                        <dns_server1>192.168.0.151</dns_server1>
594
                        <dns_server2>192.168.0.150</dns_server2>
595
                        <dns_server3/>
596
                        <dns_server4/>
597
                        <wins_server1>192.168.0.151</wins_server1>
598
                        <wins_server2/>
599
                        <login_banner/>
600
                </client>
601
                <phase2>
602
                        <ikeid>1</ikeid>
603
                        <mode>tunnel</mode>
604
                        <localid>
605
                                <type>network</type>
606
                                <address>192.168.0.0</address>
607
                                <netbits>24</netbits>
608
                        </localid>
609
                        <remoteid>
610
                                <type>network</type>
611
                                <address>10.0.0.0</address>
612
                                <netbits>24</netbits>
613
                        </remoteid>
614
                        <protocol>esp</protocol>
615
                        <encryption-algorithm-option>
616
                                <name>aes</name>
617
                                <keylen>128</keylen>
618
                        </encryption-algorithm-option>
619
                        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
620
                        <pfsgroup>2</pfsgroup>
621
                        <lifetime>3600</lifetime>
622
                        <pinghost/>
623
                </phase2>
624
                <phase2>
625
                        <ikeid>2</ikeid>
626
                        <mode>tunnel</mode>
627
                        <localid>
628
                                <type>network</type>
629
                                <address>192.168.0.0</address>
630
                                <netbits>24</netbits>
631
                        </localid>
632
                        <remoteid>
633
                                <type>mobile</type>
634
                        </remoteid>
635
                        <protocol>esp</protocol>
636
                        <encryption-algorithm-option>
637
                                <name>aes</name>
638
                                <keylen>128</keylen>
639
                        </encryption-algorithm-option>
640
                        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
641
                        <pfsgroup>0</pfsgroup>
642
                        <lifetime>28800</lifetime>
643
                        <pinghost/>
644
                        <mobile/>
645
                </phase2>
646
                <enable/>
647
        </ipsec>
648
        <aliases>
649
                <alias>
650
                        <name>DNSServers</name>
651
                        <address></address>
652
                        <descr><![CDATA[DNS Servers]]></descr>
653
                        <type>host</type>
654
                </alias>
655
                <alias>
656
                        <name>ManagementPorts</name>
657
                        <address>22 443</address>
658
                        <descr><![CDATA[Ports used for firewall management]]></descr>
659
                        <type>port</type>
660
                </alias>
661
                <alias>
662
                        <name>Modem</name>
663
                        <address>192.168.255.1</address>
664
                        <descr><![CDATA[VDSL modem]]></descr>
665
                        <type>host</type>
666
                </alias>
667
                <alias>
668
                        <name>PrivateNetworks</name>
669
                        <address>10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.0/8</address>
670
                        <descr><![CDATA[RFC 1918 networks]]></descr>
671
                        <type>network</type>
672
                </alias>
673
                <alias>
674
                        <name>RAS</name>
675
                        <address></address>
676
                        <descr><![CDATA[Hosts with remote access allowed]]></descr>
677
                        <type>network</type>
678
                </alias>
679
        </aliases>
680
        <proxyarp/>
681
        <cron>
682
        </cron>
683
        <wol>
684
        </wol>
685
        <rrd>
686
                <enable/>
687
        </rrd>
688
        <load_balancer>
689
        </load_balancer>
690
        <widgets>
691
        </widgets>
692
        <revision>
693
        </revision>
694
        <openvpn>
695
                <openvpn-server>
696
                        <vpnid>1</vpnid>
697
                        <mode>server_tls_user</mode>
698
                        <authmode>Active Directory</authmode>
699
                        <protocol>UDP</protocol>
700
                        <dev_mode>tun</dev_mode>
701
                        <ipaddr/>
702
                        <interface>wan</interface>
703
                        <local_port>1194</local_port>
704
                        <description><![CDATA[testdomain OpenVPN]]></description>
705
                        <custom_options/>
706
                        <tls></tls>
707
                        <caref>522badb76e1c4</caref>
708
                        <crlref>522bb51a85c3c</crlref>
709
                        <certref>522bb03963c1a</certref>
710
                        <dh_length>2048</dh_length>
711
                        <cert_depth>1</cert_depth>
712
                        <strictusercn/>
713
                        <crypto>AES-256-CBC</crypto>
714
                        <engine>none</engine>
715
                        <tunnel_network>10.22.33.0/24</tunnel_network>
716
                        <tunnel_networkv6>2001:470:xxxx:xxxx::/64</tunnel_networkv6>
717
                        <remote_network/>
718
                        <remote_networkv6/>
719
                        <gwredir/>
720
                        <local_network>192.168.0.0/24</local_network>
721
                        <local_networkv6>2001:470:xx:xx::/64</local_networkv6>
722
                        <maxclients>5</maxclients>
723
                        <compression>yes</compression>
724
                        <passtos/>
725
                        <client2client/>
726
                        <dynamic_ip>yes</dynamic_ip>
727
                        <pool_enable>yes</pool_enable>
728
                        <topology_subnet>yes</topology_subnet>
729
                        <serverbridge_dhcp/>
730
                        <serverbridge_interface>none</serverbridge_interface>
731
                        <serverbridge_dhcp_start/>
732
                        <serverbridge_dhcp_end/>
733
                        <dns_domain>testdomain.local</dns_domain>
734
                        <dns_server1>192.168.0.151</dns_server1>
735
                        <dns_server2>192.168.0.150</dns_server2>
736
                        <dns_server3/>
737
                        <dns_server4/>
738
                        <ntp_server1>192.168.0.151</ntp_server1>
739
                        <ntp_server2/>
740
                        <netbios_enable/>
741
                        <netbios_ntype>0</netbios_ntype>
742
                        <netbios_scope/>
743
                </openvpn-server>
744
        </openvpn>
745
        <l7shaper>
746
                <container/>
747
        </l7shaper>
748
        <dnshaper/>
749
        <dhcpdv6>
750
                <lan>
751
                        <ramode>unmanaged</ramode>
752
                        <rapriority>medium</rapriority>
753
                        <rainterface/>
754
                        <range>
755
                                <from/>
756
                                <to/>
757
                        </range>
758
                        <prefixrange>
759
                                <from/>
760
                                <to/>
761
                                <prefixlength>64</prefixlength>
762
                        </prefixrange>
763
                        <defaultleasetime/>
764
                        <maxleasetime/>
765
                        <netmask/>
766
                        <domain/>
767
                        <domainsearchlist/>
768
                        <ddnsdomain/>
769
                        <tftp/>
770
                        <ldap/>
771
                        <nextserver/>
772
                        <filename/>
773
                        <rootpath/>
774
                        <dhcpv6leaseinlocaltime>yes</dhcpv6leaseinlocaltime>
775
                        <numberoptions/>
776
                        <radnsserver>2001:470:xx:xx::151</radnsserver>
777
                        <radnsserver>2001:470:xx:xx::150</radnsserver>
778
                </lan>
779
        </dhcpdv6>
780
        <ppps>
781
                <ppp>
782
                        <ptpid>0</ptpid>
783
                        <type>pppoe</type>
784
                        <if>pppoe0</if>
785
                        <ports>xl0</ports>
786
                        <username></username>
787
                        <password></password>
788
                        <provider/>
789
                </ppp>
790
        </ppps>
791
        <gifs>
792
                <gif>
793
                        <ipaddr/>
794
                        <if>wan</if>
795
                        <tunnel-local-addr>2001:470:xx:xx::2</tunnel-local-addr>
796
                        <tunnel-remote-addr>2001:470:xx:xx::1</tunnel-remote-addr>
797
                        <tunnel-remote-net>64</tunnel-remote-net>
798
                        <remote-addr>216.66.86.122</remote-addr>
799
                        <descr><![CDATA[HE IPv6 Tunnel]]></descr>
800
                        <gifif>gif0</gifif>
801
                </gif>
802
        </gifs>
803
        <gateways>
804
                <gateway_item>
805
                        <interface>opt3</interface>
806
                        <gateway>192.168.255.1</gateway>
807
                        <name>ModemAccessGW</name>
808
                        <weight>1</weight>
809
                        <ipprotocol>inet</ipprotocol>
810
                        <interval/>
811
                        <descr><![CDATA[VDSL Modem Access]]></descr>
812
                </gateway_item>
813
        </gateways>
814
        <ntpd>
815
                <interface>lan</interface>
816
        </ntpd>
817
        <ezshaper>
818
        </ezshaper>
819
        <dhcrelay>
820
        </dhcrelay>
821
        <dhcrelay6>
822
        </dhcrelay6>
823
        <dyndnses>
824
        </dyndnses>
825
        <ovpnserver>
826
                <step10>
827
                        <interface>wan</interface>
828
                        <protocol>UDP</protocol>
829
                        <localport>1194</localport>
830
                        <descr><![CDATA[testdomain OpenVPN]]></descr>
831
                        <tlsauth>on</tlsauth>
832
                        <gentlskey>on</gentlskey>
833
                        <dhkey>2048</dhkey>
834
                        <crypto>AES-256-CBC</crypto>
835
                        <engine>none</engine>
836
                        <tunnelnet>10.20.30.0/24</tunnelnet>
837
                        <localnet>192.168.0.0/24</localnet>
838
                        <concurrentcon>5</concurrentcon>
839
                        <compression>on</compression>
840
                        <dynip>on</dynip>
841
                        <addrpool>on</addrpool>
842
                        <dns1>192.168.0.150</dns1>
843
                        <dns2>192.168.0.151</dns2>
844
                        <ntp1>192.168.0.151</ntp1>
845
                        <nbttype>0</nbttype>
846
                </step10>
847
                <step11>
848
                        <ovpnrule>on</ovpnrule>
849
                        <ovpnallow>on</ovpnallow>
850
                </step11>
851
        </ovpnserver>
852
</pfsense>