Project

General

Profile

Download (26.6 KB)

Bug #3769 » config-2_2-aws.xml

Matthew Smith, 07/23/2014 11:13 AM

 
1 
<?xml version="1.0"?>
2 
<pfsense>
3 
	<version>10.9</version>
4 
	<lastchange/>
5 
	<theme>pfsense_ng</theme>
6 
	<sysctl>
7 
		<item>
8 
			<descr><![CDATA[Enable mounting the FS read only with more checks.]]></descr>
9 
			<tunable>vfs.forcesync</tunable>
10 
			<value>default</value>
11 
		</item>
12 
		<item>
13 
			<descr><![CDATA[Disable the pf ftp proxy handler.]]></descr>
14 
			<tunable>debug.pfftpproxy</tunable>
15 
			<value>default</value>
16 
		</item>
17 
		<item>
18 
			<descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr>
19 
			<tunable>vfs.read_max</tunable>
20 
			<value>default</value>
21 
		</item>
22 
		<item>
23 
			<descr><![CDATA[Set the ephemeral port range to be lower.]]></descr>
24 
			<tunable>net.inet.ip.portrange.first</tunable>
25 
			<value>default</value>
26 
		</item>
27 
		<item>
28 
			<descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr>
29 
			<tunable>net.inet.tcp.blackhole</tunable>
30 
			<value>default</value>
31 
		</item>
32 
		<item>
33 
			<descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr>
34 
			<tunable>net.inet.udp.blackhole</tunable>
35 
			<value>default</value>
36 
		</item>
37 
		<item>
38 
			<descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr>
39 
			<tunable>net.inet.ip.random_id</tunable>
40 
			<value>default</value>
41 
		</item>
42 
		<item>
43 
			<descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>
44 
			<tunable>net.inet.tcp.drop_synfin</tunable>
45 
			<value>default</value>
46 
		</item>
47 
		<item>
48 
			<descr><![CDATA[Enable sending IPv4 redirects]]></descr>
49 
			<tunable>net.inet.ip.redirect</tunable>
50 
			<value>default</value>
51 
		</item>
52 
		<item>
53 
			<descr><![CDATA[Enable sending IPv6 redirects]]></descr>
54 
			<tunable>net.inet6.ip6.redirect</tunable>
55 
			<value>default</value>
56 
		</item>
57 
		<item>
58 
			<descr><![CDATA[Enable privacy settings for IPv6 (RFC 4941)]]></descr>
59 
			<tunable>net.inet6.ip6.use_tempaddr</tunable>
60 
			<value>default</value>
61 
		</item>
62 
		<item>
63 
			<descr><![CDATA[Prefer privacy addresses and use them over the normal addresses]]></descr>
64 
			<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
65 
			<value>default</value>
66 
		</item>
67 
		<item>
68 
			<descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
69 
			<tunable>net.inet.tcp.syncookies</tunable>
70 
			<value>default</value>
71 
		</item>
72 
		<item>
73 
			<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
74 
			<tunable>net.inet.tcp.recvspace</tunable>
75 
			<value>default</value>
76 
		</item>
77 
		<item>
78 
			<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
79 
			<tunable>net.inet.tcp.sendspace</tunable>
80 
			<value>default</value>
81 
		</item>
82 
		<item>
83 
			<descr><![CDATA[IP Fastforwarding]]></descr>
84 
			<tunable>net.inet.ip.fastforwarding</tunable>
85 
			<value>default</value>
86 
		</item>
87 
		<item>
88 
			<descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
89 
			<tunable>net.inet.tcp.delayed_ack</tunable>
90 
			<value>default</value>
91 
		</item>
92 
		<item>
93 
			<descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
94 
			<tunable>net.inet.udp.maxdgram</tunable>
95 
			<value>default</value>
96 
		</item>
97 
		<item>
98 
			<descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
99 
			<tunable>net.link.bridge.pfil_onlyip</tunable>
100 
			<value>default</value>
101 
		</item>
102 
		<item>
103 
			<descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr>
104 
			<tunable>net.link.bridge.pfil_member</tunable>
105 
			<value>default</value>
106 
		</item>
107 
		<item>
108 
			<descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr>
109 
			<tunable>net.link.bridge.pfil_bridge</tunable>
110 
			<value>default</value>
111 
		</item>
112 
		<item>
113 
			<descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr>
114 
			<tunable>net.link.tap.user_open</tunable>
115 
			<value>default</value>
116 
		</item>
117 
		<item>
118 
			<descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr>
119 
			<tunable>kern.randompid</tunable>
120 
			<value>default</value>
121 
		</item>
122 
		<item>
123 
			<descr><![CDATA[Maximum size of the IP input queue]]></descr>
124 
			<tunable>net.inet.ip.intr_queue_maxlen</tunable>
125 
			<value>default</value>
126 
		</item>
127 
		<item>
128 
			<descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr>
129 
			<tunable>hw.syscons.kbd_reboot</tunable>
130 
			<value>default</value>
131 
		</item>
132 
		<item>
133 
			<descr><![CDATA[Enable TCP Inflight mode]]></descr>
134 
			<tunable>net.inet.tcp.inflight.enable</tunable>
135 
			<value>default</value>
136 
		</item>
137 
		<item>
138 
			<descr><![CDATA[Enable TCP extended debugging]]></descr>
139 
			<tunable>net.inet.tcp.log_debug</tunable>
140 
			<value>default</value>
141 
		</item>
142 
		<item>
143 
			<descr><![CDATA[Set ICMP Limits]]></descr>
144 
			<tunable>net.inet.icmp.icmplim</tunable>
145 
			<value>default</value>
146 
		</item>
147 
		<item>
148 
			<descr><![CDATA[TCP Offload Engine]]></descr>
149 
			<tunable>net.inet.tcp.tso</tunable>
150 
			<value>default</value>
151 
		</item>
152 
		<item>
153 
			<descr><![CDATA[UDP Checksums]]></descr>
154 
			<tunable>net.inet.udp.checksum</tunable>
155 
			<value>default</value>
156 
		</item>
157 
		<item>
158 
			<descr><![CDATA[Maximum socket buffer size]]></descr>
159 
			<tunable>kern.ipc.maxsockbuf</tunable>
160 
			<value>default</value>
161 
		</item>
162 
	</sysctl>
163 
	<system>
164 
		<optimization>normal</optimization>
165 
		<hostname>vpn-test-endpoint2</hostname>
166 
		<domain>staff.pfmechanics.com</domain>
167 
		<group>
168 
			<name>all</name>
169 
			<description><![CDATA[All Users]]></description>
170 
			<scope>system</scope>
171 
			<gid>1998</gid>
172 
		</group>
173 
		<group>
174 
			<name>admins</name>
175 
			<description><![CDATA[System Administrators]]></description>
176 
			<scope>system</scope>
177 
			<gid>1999</gid>
178 
			<member>0</member>
179 
			<priv>page-all</priv>
180 
		</group>
181 
		<user>
182 
			<name>admin</name>
183 
			<descr><![CDATA[System Administrator]]></descr>
184 
			<scope>system</scope>
185 
			<groupname>admins</groupname>
186 
			<password>$1$/3gmYq8S$LKaj07F4blKrsq/EOgwKD.</password>
187 
			<uid>0</uid>
188 
			<priv>user-shell-access</priv>
189 
			<md5-hash>098facdbc6e78d36b3d339dc3e8a8989</md5-hash>
190 
			<nt-hash>6561666635303534303861373466643431613630623164333738663331333837</nt-hash>
191 
			<expires/>
192 
			<authorizedkeys>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDMXZnZmMrM0JidlFCY1N6UXBRZnBtWTFqRFRkczdBWVhiRGk1MkpHbU1iYkxkVGJHdjVGVlRzMUlMSmw3ZEI3QTZuZmx3cXpZMkVYYWxtSWpERk9URWhFaTJ0SDIrYlBnWDBaTk8zdmVaOVpFWnNRZXFEdjhiMTBZeDAvM29kcTZzODJUVGVNdW94RzNRSU1iM3kvYWRBQ2cyYnBHb1dyU0Fock85RnJycHhCOGxFc3dCMStIaWp1d2tCd2NTK2dyYkMwUkJmQXZFNW15UmFXT0g3SmtOOW1HOUE2aHc5dExhUWZ6TWtoQ1NhNnA4UWE1VmVMWTNiRzlKNW9XTFFZVTRSWkFsdUt1ZEYyOGN4bitMcEdUZTB2bDZiNkdLbmkyQitZc2k2K2NLbkJKSytRZkU3VGp0Y2V2ZHpUUUJKcVVuZkRSVXJaZk1OcXgrVlVBckF3bnggbWdzbWl0aEBybTQxMDA=</authorizedkeys>
193 
			<ipsecpsk/>
194 
		</user>
195 
		<nextuid>2000</nextuid>
196 
		<nextgid>2000</nextgid>
197 
		<timezone>US/Central</timezone>
198 
		<time-update-interval/>
199 
		<timeservers>0.pfsense.pool.ntp.org</timeservers>
200 
		<webgui>
201 
			<protocol>https</protocol>
202 
			<ssl-certref>53ab0f5f4880f</ssl-certref>
203 
			<port/>
204 
			<max_procs>2</max_procs>
205 
		</webgui>
206 
		<disablenatreflection>yes</disablenatreflection>
207 
		<disablesegmentationoffloading/>
208 
		<disablelargereceiveoffloading/>
209 
		<ipv6allow/>
210 
		<powerd_ac_mode>hadp</powerd_ac_mode>
211 
		<powerd_battery_mode>hadp</powerd_battery_mode>
212 
		<bogons>
213 
			<interval>monthly</interval>
214 
		</bogons>
215 
		<kill_states/>
216 
		<language>en_US</language>
217 
		<dns3gw>none</dns3gw>
218 
		<dns4gw>none</dns4gw>
219 
		<dnsserver>172.27.32.5</dnsserver>
220 
		<dnsserver>172.27.32.6</dnsserver>
221 
		<dnsallowoverride/>
222 
		<gitsync>
223 
			<repositoryurl/>
224 
			<branch/>
225 
		</gitsync>
226 
		<serialspeed>9600</serialspeed>
227 
		<primaryconsole>serial</primaryconsole>
228 
		<enablesshd>enabled</enablesshd>
229 
		<firmware>
230 
			<allowinvalidsig/>
231 
		</firmware>
232 
	</system>
233 
	<interfaces>
234 
		<wan>
235 
			<enable/>
236 
			<if>em0</if>
237 
			<mtu/>
238 
			<ipaddr>192.207.126.12</ipaddr>
239 
			<ipaddrv6/>
240 
			<subnet>24</subnet>
241 
			<gateway/>
242 
			<blockpriv/>
243 
			<blockbogons/>
244 
			<dhcphostname/>
245 
			<media/>
246 
			<mediaopt/>
247 
			<dhcp6-duid/>
248 
			<dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
249 
			<subnetv6/>
250 
			<gatewayv6/>
251 
		</wan>
252 
		<lan>
253 
			<enable/>
254 
			<if>em1</if>
255 
			<ipaddr>172.27.32.98</ipaddr>
256 
			<subnet>24</subnet>
257 
			<ipaddrv6/>
258 
			<subnetv6/>
259 
			<media/>
260 
			<mediaopt/>
261 
			<track6-interface>wan</track6-interface>
262 
			<track6-prefix-id>0</track6-prefix-id>
263 
			<gateway/>
264 
			<gatewayv6/>
265 
		</lan>
266 
	</interfaces>
267 
	<staticroutes>
268 
		<route>
269 
			<network>172.16.0.0/24</network>
270 
			<gateway>lan_gw</gateway>
271 
			<descr><![CDATA[mgsmith home]]></descr>
272 
		</route>
273 
		<route>
274 
			<network>172.27.32.0/19</network>
275 
			<gateway>lan_gw</gateway>
276 
			<descr/>
277 
		</route>
278 
	</staticroutes>
279 
	<dhcpd>
280 
		<lan>
281 
			<range>
282 
				<from>192.168.1.100</from>
283 
				<to>192.168.1.199</to>
284 
			</range>
285 
		</lan>
286 
	</dhcpd>
287 
	<pptpd>
288 
		<mode/>
289 
		<redir/>
290 
		<localip/>
291 
		<remoteip/>
292 
	</pptpd>
293 
	<dnsmasq>
294 
		<enable/>
295 
	</dnsmasq>
296 
	<snmpd>
297 
		<syslocation/>
298 
		<syscontact/>
299 
		<rocommunity>public</rocommunity>
300 
	</snmpd>
301 
	<diag>
302 
		<ipv6nat>
303 
			<ipaddr/>
304 
		</ipv6nat>
305 
	</diag>
306 
	<bridge/>
307 
	<syslog/>
308 
	<nat>
309 
		<outbound>
310 
			<mode>automatic</mode>
311 
		</outbound>
312 
	</nat>
313 
	<filter>
314 
		<rule>
315 
			<type>pass</type>
316 
			<ipprotocol>inet</ipprotocol>
317 
			<descr><![CDATA[Default allow LAN to any rule]]></descr>
318 
			<interface>lan</interface>
319 
			<source>
320 
				<network>lan</network>
321 
			</source>
322 
			<destination>
323 
				<any/>
324 
			</destination>
325 
			<tracker>1405547542</tracker>
326 
		</rule>
327 
		<rule>
328 
			<type>pass</type>
329 
			<ipprotocol>inet6</ipprotocol>
330 
			<descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>
331 
			<interface>lan</interface>
332 
			<source>
333 
				<network>lan</network>
334 
			</source>
335 
			<destination>
336 
				<any/>
337 
			</destination>
338 
			<tracker>1405547543</tracker>
339 
		</rule>
340 
		<rule>
341 
			<id/>
342 
			<type>Pass</type>
343 
			<interface>enc0</interface>
344 
			<ipprotocol>inet</ipprotocol>
345 
			<statetype>keep state</statetype>
346 
			<source>
347 
				<address>VPC_Remote_vpc5c35ee39</address>
348 
			</source>
349 
			<destination>
350 
				<address>VPC_Local_vpc5c35ee39</address>
351 
			</destination>
352 
			<descr><![CDATA[VPC IPsec auto-rule for vpc-5c35ee39]]></descr>
353 
			<created>
354 
				<time>1406128018</time>
355 
				<username>admin@172.16.0.54</username>
356 
			</created>
357 
		</rule>
358 
	</filter>
359 
	<shaper/>
360 
	<ipsec>
361 
		<enable/>
362 
		<phase1>
363 
			<ikeid>1</ikeid>
364 
			<iketype>ikev1</iketype>
365 
			<disabled/>
366 
			<interface>wan</interface>
367 
			<remote-gateway>65.36.83.120</remote-gateway>
368 
			<mode>main</mode>
369 
			<protocol>inet</protocol>
370 
			<myid_type>myaddress</myid_type>
371 
			<myid_data/>
372 
			<peerid_type>peeraddress</peerid_type>
373 
			<peerid_data/>
374 
			<encryption-algorithm>
375 
				<name>aes</name>
376 
				<keylen>256</keylen>
377 
			</encryption-algorithm>
378 
			<hash-algorithm>sha256</hash-algorithm>
379 
			<dhgroup>2</dhgroup>
380 
			<lifetime>28800</lifetime>
381 
			<pre-shared-key>vPu#E6Cz2p9SEwMzFL5ZF9$g</pre-shared-key>
382 
			<private-key/>
383 
			<certref/>
384 
			<caref/>
385 
			<authentication_method>pre_shared_key</authentication_method>
386 
			<descr><![CDATA[Thomspon]]></descr>
387 
			<nat_traversal>on</nat_traversal>
388 
		</phase1>
389 
		<phase1>
390 
			<ikeid>2</ikeid>
391 
			<interface>wan</interface>
392 
			<remote-gateway>54.240.217.160</remote-gateway>
393 
			<mode>main</mode>
394 
			<protocol>inet</protocol>
395 
			<myid_type>address</myid_type>
396 
			<myid_data>192.207.126.12</myid_data>
397 
			<peerid_type>peeraddress</peerid_type>
398 
			<encryption-algorithm>
399 
				<name>aes</name>
400 
				<keylen>128</keylen>
401 
			</encryption-algorithm>
402 
			<hash-algorithm>sha1</hash-algorithm>
403 
			<dhgroup>2</dhgroup>
404 
			<lifetime>28800</lifetime>
405 
			<pre-shared-key>DrVBR2km6OwceZiDCFFFgesSOBE5oghv</pre-shared-key>
406 
			<authentication_method>pre_shared_key</authentication_method>
407 
			<descr><![CDATA[Auto-generated by pfSense - AWS 54.240.217.160]]></descr>
408 
			<nat_traversal>off</nat_traversal>
409 
			<dpd_delay>10</dpd_delay>
410 
			<dpd_maxfail>3</dpd_maxfail>
411 
		</phase1>
412 
		<phase1>
413 
			<ikeid>3</ikeid>
414 
			<interface>wan</interface>
415 
			<remote-gateway>54.240.217.166</remote-gateway>
416 
			<mode>main</mode>
417 
			<protocol>inet</protocol>
418 
			<myid_type>address</myid_type>
419 
			<myid_data>192.207.126.12</myid_data>
420 
			<peerid_type>peeraddress</peerid_type>
421 
			<encryption-algorithm>
422 
				<name>aes</name>
423 
				<keylen>128</keylen>
424 
			</encryption-algorithm>
425 
			<hash-algorithm>sha1</hash-algorithm>
426 
			<dhgroup>2</dhgroup>
427 
			<lifetime>28800</lifetime>
428 
			<pre-shared-key>iFbkQ2gQeIi50RaKeEaqd_hWZbqEc1Tc</pre-shared-key>
429 
			<authentication_method>pre_shared_key</authentication_method>
430 
			<descr><![CDATA[Auto-generated by pfSense - AWS 54.240.217.166]]></descr>
431 
			<nat_traversal>off</nat_traversal>
432 
			<dpd_delay>10</dpd_delay>
433 
			<dpd_maxfail>3</dpd_maxfail>
434 
		</phase1>
435 
		<client/>
436 
		<phase2>
437 
			<ikeid>1</ikeid>
438 
			<mode>tunnel</mode>
439 
			<localid>
440 
				<type>network</type>
441 
				<address>172.27.32.0</address>
442 
				<netbits>19</netbits>
443 
			</localid>
444 
			<remoteid>
445 
				<type>network</type>
446 
				<address>172.21.0.0</address>
447 
				<netbits>24</netbits>
448 
			</remoteid>
449 
			<protocol>esp</protocol>
450 
			<encryption-algorithm-option>
451 
				<name>aes</name>
452 
				<keylen>auto</keylen>
453 
			</encryption-algorithm-option>
454 
			<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
455 
			<hash-algorithm-option>hmac_sha256</hash-algorithm-option>
456 
			<hash-algorithm-option>hmac_sha384</hash-algorithm-option>
457 
			<hash-algorithm-option>hmac_sha512</hash-algorithm-option>
458 
			<pfsgroup>2</pfsgroup>
459 
			<lifetime>3600</lifetime>
460 
			<pinghost/>
461 
			<descr><![CDATA[office to Thompson]]></descr>
462 
		</phase2>
463 
		<phase2>
464 
			<ikeid>2</ikeid>
465 
			<mode>tunnel</mode>
466 
			<localid>
467 
				<type>network</type>
468 
				<address>169.254.255.74</address>
469 
				<netbits>30</netbits>
470 
			</localid>
471 
			<remoteid>
472 
				<type>network</type>
473 
				<address>169.254.255.73</address>
474 
				<netbits>30</netbits>
475 
			</remoteid>
476 
			<protocol>esp</protocol>
477 
			<encryption-algorithm-option>
478 
				<name>aes</name>
479 
				<keylen>128</keylen>
480 
			</encryption-algorithm-option>
481 
			<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
482 
			<pfsgroup>2</pfsgroup>
483 
			<lifetime>3600</lifetime>
484 
			<descr><![CDATA[Tunnel inside endpoint traffic 2]]></descr>
485 
		</phase2>
486 
		<phase2>
487 
			<ikeid>2</ikeid>
488 
			<mode>tunnel</mode>
489 
			<localid>
490 
				<type>network</type>
491 
				<address>172.27.38.0</address>
492 
				<netbits>24</netbits>
493 
			</localid>
494 
			<remoteid>
495 
				<type>network</type>
496 
				<address>10.3.0.0</address>
497 
				<netbits>16</netbits>
498 
			</remoteid>
499 
			<protocol>esp</protocol>
500 
			<encryption-algorithm-option>
501 
				<name>aes</name>
502 
				<keylen>128</keylen>
503 
			</encryption-algorithm-option>
504 
			<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
505 
			<pfsgroup>2</pfsgroup>
506 
			<lifetime>3600</lifetime>
507 
			<descr><![CDATA[Local net 172.27.38.0/24 to VPN net 10.3.0.0/16]]></descr>
508 
		</phase2>
509 
		<phase2>
510 
			<ikeid>2</ikeid>
511 
			<mode>tunnel</mode>
512 
			<localid>
513 
				<type>network</type>
514 
				<address>172.27.32.0</address>
515 
				<netbits>24</netbits>
516 
			</localid>
517 
			<remoteid>
518 
				<type>network</type>
519 
				<address>10.3.0.0</address>
520 
				<netbits>16</netbits>
521 
			</remoteid>
522 
			<protocol>esp</protocol>
523 
			<encryption-algorithm-option>
524 
				<name>aes</name>
525 
				<keylen>128</keylen>
526 
			</encryption-algorithm-option>
527 
			<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
528 
			<pfsgroup>2</pfsgroup>
529 
			<lifetime>3600</lifetime>
530 
			<descr><![CDATA[Local net 172.27.32.0/24 to VPN net 10.3.0.0/16]]></descr>
531 
		</phase2>
532 
		<phase2>
533 
			<ikeid>3</ikeid>
534 
			<mode>tunnel</mode>
535 
			<localid>
536 
				<type>network</type>
537 
				<address>169.254.255.78</address>
538 
				<netbits>30</netbits>
539 
			</localid>
540 
			<remoteid>
541 
				<type>network</type>
542 
				<address>169.254.255.77</address>
543 
				<netbits>30</netbits>
544 
			</remoteid>
545 
			<protocol>esp</protocol>
546 
			<encryption-algorithm-option>
547 
				<name>aes</name>
548 
				<keylen>128</keylen>
549 
			</encryption-algorithm-option>
550 
			<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
551 
			<pfsgroup>2</pfsgroup>
552 
			<lifetime>3600</lifetime>
553 
			<descr><![CDATA[Tunnel inside endpoint traffic 3]]></descr>
554 
		</phase2>
555 
		<phase2>
556 
			<ikeid>3</ikeid>
557 
			<mode>tunnel</mode>
558 
			<localid>
559 
				<type>network</type>
560 
				<address>172.27.38.0</address>
561 
				<netbits>24</netbits>
562 
			</localid>
563 
			<remoteid>
564 
				<type>network</type>
565 
				<address>10.3.0.0</address>
566 
				<netbits>16</netbits>
567 
			</remoteid>
568 
			<protocol>esp</protocol>
569 
			<encryption-algorithm-option>
570 
				<name>aes</name>
571 
				<keylen>128</keylen>
572 
			</encryption-algorithm-option>
573 
			<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
574 
			<pfsgroup>2</pfsgroup>
575 
			<lifetime>3600</lifetime>
576 
			<descr><![CDATA[Local net 172.27.38.0/24 to VPN net 10.3.0.0/16]]></descr>
577 
		</phase2>
578 
		<phase2>
579 
			<ikeid>3</ikeid>
580 
			<mode>tunnel</mode>
581 
			<localid>
582 
				<type>network</type>
583 
				<address>172.27.32.0</address>
584 
				<netbits>24</netbits>
585 
			</localid>
586 
			<remoteid>
587 
				<type>network</type>
588 
				<address>10.3.0.0</address>
589 
				<netbits>16</netbits>
590 
			</remoteid>
591 
			<protocol>esp</protocol>
592 
			<encryption-algorithm-option>
593 
				<name>aes</name>
594 
				<keylen>128</keylen>
595 
			</encryption-algorithm-option>
596 
			<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
597 
			<pfsgroup>2</pfsgroup>
598 
			<lifetime>3600</lifetime>
599 
			<descr><![CDATA[Local net 172.27.32.0/24 to VPN net 10.3.0.0/16]]></descr>
600 
		</phase2>
601 
		<ipsec_chd>5</ipsec_chd>
602 
	</ipsec>
603 
	<aliases>
604 
		<alias>
605 
			<name>VPC_Remote_vpc5c35ee39</name>
606 
			<type>network</type>
607 
			<descr><![CDATA[Networks on the VPC side for vpc-5c35ee39]]></descr>
608 
			<address>169.254.255.73/32 169.254.255.77/32 10.3.0.0/16</address>
609 
		</alias>
610 
		<alias>
611 
			<name>VPC_Local_vpc5c35ee39</name>
612 
			<type>network</type>
613 
			<descr><![CDATA[Networks on the pfSense side for vpc-5c35ee39]]></descr>
614 
			<address>169.254.255.74/32 169.254.255.78/32 172.27.38.0/24 172.27.32.0/24</address>
615 
		</alias>
616 
	</aliases>
617 
	<proxyarp/>
618 
	<cron>
619 
		<item>
620 
			<minute>1,31</minute>
621 
			<hour>0-5</hour>
622 
			<mday>*</mday>
623 
			<month>*</month>
624 
			<wday>*</wday>
625 
			<who>root</who>
626 
			<command>/usr/bin/nice -n20 adjkerntz -a</command>
627 
		</item>
628 
		<item>
629 
			<minute>1</minute>
630 
			<hour>3</hour>
631 
			<mday>1</mday>
632 
			<month>*</month>
633 
			<wday>*</wday>
634 
			<who>root</who>
635 
			<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
636 
		</item>
637 
		<item>
638 
			<minute>*/60</minute>
639 
			<hour>*</hour>
640 
			<mday>*</mday>
641 
			<month>*</month>
642 
			<wday>*</wday>
643 
			<who>root</who>
644 
			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
645 
		</item>
646 
		<item>
647 
			<minute>1</minute>
648 
			<hour>1</hour>
649 
			<mday>*</mday>
650 
			<month>*</month>
651 
			<wday>*</wday>
652 
			<who>root</who>
653 
			<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
654 
		</item>
655 
		<item>
656 
			<minute>*/60</minute>
657 
			<hour>*</hour>
658 
			<mday>*</mday>
659 
			<month>*</month>
660 
			<wday>*</wday>
661 
			<who>root</who>
662 
			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
663 
		</item>
664 
		<item>
665 
			<minute>30</minute>
666 
			<hour>12</hour>
667 
			<mday>*</mday>
668 
			<month>*</month>
669 
			<wday>*</wday>
670 
			<who>root</who>
671 
			<command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
672 
		</item>
673 
	</cron>
674 
	<wol/>
675 
	<rrd>
676 
		<enable/>
677 
	</rrd>
678 
	<load_balancer>
679 
		<monitor_type>
680 
			<name>ICMP</name>
681 
			<type>icmp</type>
682 
			<descr><![CDATA[ICMP]]></descr>
683 
			<options/>
684 
		</monitor_type>
685 
		<monitor_type>
686 
			<name>TCP</name>
687 
			<type>tcp</type>
688 
			<descr><![CDATA[Generic TCP]]></descr>
689 
			<options/>
690 
		</monitor_type>
691 
		<monitor_type>
692 
			<name>HTTP</name>
693 
			<type>http</type>
694 
			<descr><![CDATA[Generic HTTP]]></descr>
695 
			<options>
696 
				<path>/</path>
697 
				<host/>
698 
				<code>200</code>
699 
			</options>
700 
		</monitor_type>
701 
		<monitor_type>
702 
			<name>HTTPS</name>
703 
			<type>https</type>
704 
			<descr><![CDATA[Generic HTTPS]]></descr>
705 
			<options>
706 
				<path>/</path>
707 
				<host/>
708 
				<code>200</code>
709 
			</options>
710 
		</monitor_type>
711 
		<monitor_type>
712 
			<name>SMTP</name>
713 
			<type>send</type>
714 
			<descr><![CDATA[Generic SMTP]]></descr>
715 
			<options>
716 
				<send/>
717 
				<expect>220 *</expect>
718 
			</options>
719 
		</monitor_type>
720 
	</load_balancer>
721 
	<widgets>
722 
		<sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence>
723 
	</widgets>
724 
	<revision>
725 
		<time>1406128018</time>
726 
		<description><![CDATA[admin@172.16.0.54: /aws/test.php made unknown change]]></description>
727 
		<username>admin@172.16.0.54</username>
728 
	</revision>
729 
	<openvpn/>
730 
	<l7shaper>
731 
		<container/>
732 
	</l7shaper>
733 
	<dnshaper/>
734 
	<cert>
735 
		<refid>53ab0f5f4880f</refid>
736 
		<descr><![CDATA[webConfigurator default]]></descr>
737 
		<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVLRENDQTVHZ0F3SUJBZ0lKQUpvalkzbDAvNzk4TUEwR0NTcUdTSWIzRFFFQkN3VUFNSUcvTVFzd0NRWUQKVlFRR0V3SlZVekVTTUJBR0ExVUVDQk1KVTI5dFpYZG9aWEpsTVJFd0R3WURWUVFIRXdoVGIyMWxZMmwwZVRFVQpNQklHQTFVRUNoTUxRMjl0Y0dGdWVVNWhiV1V4THpBdEJnTlZCQXNUSms5eVoyRnVhWHBoZEdsdmJtRnNJRlZ1CmFYUWdUbUZ0WlNBb1pXY3NJSE5sWTNScGIyNHBNU1F3SWdZRFZRUURFeHREYjIxdGIyNGdUbUZ0WlNBb1pXY3MKSUZsUFZWSWdibUZ0WlNreEhEQWFCZ2txaGtpRzl3MEJDUUVXRFVWdFlXbHNJRUZrWkhKbGMzTXdIaGNOTVRRdwpOakkxTVRnd05URTVXaGNOTVRreE1qRTJNVGd3TlRFNVdqQ0J2ekVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WCkJBZ1RDVk52YldWM2FHVnlaVEVSTUE4R0ExVUVCeE1JVTI5dFpXTnBkSGt4RkRBU0JnTlZCQW9UQzBOdmJYQmgKYm5sT1lXMWxNUzh3TFFZRFZRUUxFeVpQY21kaGJtbDZZWFJwYjI1aGJDQlZibWwwSUU1aGJXVWdLR1ZuTENCegpaV04wYVc5dUtURWtNQ0lHQTFVRUF4TWJRMjl0Ylc5dUlFNWhiV1VnS0dWbkxDQlpUMVZTSUc1aGJXVXBNUnd3CkdnWUpLb1pJaHZjTkFRa0JGZzFGYldGcGJDQkJaR1J5WlhOek1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R04KQURDQmlRS0JnUUM5bDJyaWFZTlFhQjhIOTNoaUZRdGxGWmhYS2ZMRkNHMno5UXVLZkN2YnpEaVBnTnRMTVg5MQpUc1p6WVZBMjB0cjN3N2gyMGNMazc0SEZLdWd4cVdxZDFYbHhkc05xdVBtM0ErUFRiVWhTK1lVRFRBQjBvMEVvCjJWZnBLWWluUkdRMjNZMlArYi9wMWdJek5zZ0xtUDlMcXhCd3dWZ0FUTXFuU3hlQTNqZCs0UUlEQVFBQm80SUIKS0RDQ0FTUXdIUVlEVlIwT0JCWUVGTnk2cGs0bG5xaGFFbzk5b0ZJbmgvWFp6aytUTUlIMEJnTlZIU01FZ2V3dwpnZW1BRk55NnBrNGxucWhhRW85OW9GSW5oL1haemsrVG9ZSEZwSUhDTUlHL01Rc3dDUVlEVlFRR0V3SlZVekVTCk1CQUdBMVVFQ0JNSlUyOXRaWGRvWlhKbE1SRXdEd1lEVlFRSEV3aFRiMjFsWTJsMGVURVVNQklHQTFVRUNoTUwKUTI5dGNHRnVlVTVoYldVeEx6QXRCZ05WQkFzVEprOXlaMkZ1YVhwaGRHbHZibUZzSUZWdWFYUWdUbUZ0WlNBbwpaV2NzSUhObFkzUnBiMjRwTVNRd0lnWURWUVFERXh0RGIyMXRiMjRnVG1GdFpTQW9aV2NzSUZsUFZWSWdibUZ0ClpTa3hIREFhQmdrcWhraUc5dzBCQ1FFV0RVVnRZV2xzSUVGa1pISmxjM09DQ1FDYUkyTjVkUCsvZkRBTUJnTlYKSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkN3VUFBNEdCQUpxRXNURDROaUFXa3dsYlNJdFVUTHhpMUVsTwpsVzE2S0ovcERuNkVxVjdaRFlOMFREV05TRlZteDlDQjZUckY0eHBTUmRMcjh4T1JNS0NJZ3lrVjlGdmF6Y1NvCkQxbDNJM0hSZVErTGRIc29EM0J1V3NpQjZITmNLRFJoRVYwTmRHdThpUkg2Q3MvYS82ZXIyMzJveHRLUXFTc00KOWpQRkJPdTk0N1BPUnZUWgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
738 
		<prv>R2VuZXJhdGluZyBSU0EgcHJpdmF0ZSBrZXksIDEwMjQgYml0IGxvbmcgbW9kdWx1cwouLi4uLi4uLi4uKysrKysrCi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4rKysrKysKZSBpcyA2NTUzNyAoMHgxMDAwMSkKLS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlDWGdJQkFBS0JnUUM5bDJyaWFZTlFhQjhIOTNoaUZRdGxGWmhYS2ZMRkNHMno5UXVLZkN2YnpEaVBnTnRMCk1YOTFUc1p6WVZBMjB0cjN3N2gyMGNMazc0SEZLdWd4cVdxZDFYbHhkc05xdVBtM0ErUFRiVWhTK1lVRFRBQjAKbzBFbzJWZnBLWWluUkdRMjNZMlArYi9wMWdJek5zZ0xtUDlMcXhCd3dWZ0FUTXFuU3hlQTNqZCs0UUlEQVFBQgpBb0dCQUtNb3ZBTTlhcFM0Qm55RXJFVThkeUgzQTdOL2xqMmFrMDViaENNWjJXUyt5NjR6NW9VL2c4RWdtZ2lSCnBzYUhqNG5LRmVXcmYxNG1BRGYrUlBUNEo1ZFF1aStFeDBYS21WV0dGVHhrRDVDeDZNeXVHaW4wSExZeVIxZ1QKWmUzZjl5QytZOExuUHFuazUrM080aGdXcGdnMm83VVRmekZDY0tvV1EyQm9rTFpCQWtFQTd4TVU2bVdzT0QwUQpoWjVUY0oyODd6aTFGV0ovRmpVVVJCWE41ZGpaaGkzNGpBVEhmYS81c1FzKzJ2ODRhNkt3c0pGa1JpaS9QSUJrCkdPS1piRktZOHdKQkFNc0RoTndCQng1VjBHWm01VlA2bUtYamNWVUQ5YUdrWmlUK0ZWVkZWTGwzOXd5WDlLbXAKd0RJL0lXMWNKY2lrQUFPRkt5c2lLUVNFS04vdlgxMmdmZHNDUUE3N2FDVWtSLzJpUGdYUm5UTUNmNU9TUHk3ZQo1RTMwOTVjb3NxV0R5R1h6UFk4d3dYdXI2bjdnMElpUzArdFMzN1hBOXNLNnpQa3lwcE0wcUI2MHNtY0NRUUNlCkNjMUJueU0xZ0VSTmswaHZTYVBQYi9GbjV6OHVhRmFEOGJBVnczVWpOTHFEZVQralhGd2NRWHo2TDBQU242akwKRkwzNFJBMStVSXVwV0NUN005Y0ZBa0VBdjNGRUhBZjE2Vk9UTHM3Um1tU2I1UjRHUmxkb0hhWitpZnhyaU5YbQpiaHc2Rkx2MTlVcjFwdkVONFQ4SHVpVlFQdGNRV2YxODBNZ295S0I3azRmVmR3PT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K</prv>
739 
	</cert>
740 
	<gateways>
741 
		<gateway_item>
742 
			<interface>wan</interface>
743 
			<gateway>192.207.126.1</gateway>
744 
			<name>GW_WAN</name>
745 
			<weight>1</weight>
746 
			<ipprotocol>inet</ipprotocol>
747 
			<interval/>
748 
			<avg_delay_samples/>
749 
			<avg_loss_samples/>
750 
			<avg_loss_delay_samples/>
751 
			<descr><![CDATA[Interface wan Gateway]]></descr>
752 
			<monitor_disable/>
753 
			<defaultgw/>
754 
		</gateway_item>
755 
		<gateway_item>
756 
			<interface>lan</interface>
757 
			<gateway>172.27.32.1</gateway>
758 
			<name>lan_gw</name>
759 
			<weight>1</weight>
760 
			<ipprotocol>inet</ipprotocol>
761 
			<interval/>
762 
			<descr/>
763 
		</gateway_item>
764 
	</gateways>
765 
	<dhcpdv6/>
766 
	<dnsupdates>
767 
		<dnsupdate>
768 
			<enable/>
769 
			<host>vpntest2.staff.pfmechanics.com</host>
770 
			<ttl>300</ttl>
771 
			<keyname>staffupdate2</keyname>
772 
			<keytype>user</keytype>
773 
			<keydata>wUsDC2I/GSUJGa5Qoe4N0Q==</keydata>
774 
			<server>172.27.32.5</server>
775 
			<interface>wan</interface>
776 
			<descr/>
777 
		</dnsupdate>
778 
	</dnsupdates>
779 
	<virtualip>
780 
		<vip>
781 
			<mode>ipalias</mode>
782 
			<interface>lo0</interface>
783 
			<type>single</type>
784 
			<subnet>169.254.255.74</subnet>
785 
			<subnet_bits>30</subnet_bits>
786 
			<descr><![CDATA[Inside address for tunnel to 54.240.217.160]]></descr>
787 
		</vip>
788 
		<vip>
789 
			<mode>ipalias</mode>
790 
			<interface>lo0</interface>
791 
			<type>single</type>
792 
			<subnet>169.254.255.78</subnet>
793 
			<subnet_bits>30</subnet_bits>
794 
			<descr><![CDATA[Inside address for tunnel to 54.240.217.166]]></descr>
795 
		</vip>
796 
	</virtualip>
797 
	<installedpackages>
798 
		<package>
799 
			<name>OpenBGPD</name>
800 
			<descr><![CDATA[OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol. -- WARNING! Installs files to the same place as Quagga OSPF. Installing both will result in a broken state, remove this package before installing Quagga OSPF.]]></descr>
801 
			<category>NET</category>
802 
			<config_file>https://packages.pfsense.org/packages/config/openbgpd/openbgpd.xml</config_file>
803 
			<build_pbi>
804 
				<port>net/openbgpd</port>
805 
			</build_pbi>
806 
			<version>0.9.1</version>
807 
			<status>STABLE</status>
808 
			<pkginfolink>https://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink>
809 
			<required_version>2.2</required_version>
810 
			<configurationfile>openbgpd.xml</configurationfile>
811 
			<depends_on_package_pbi>openbgpd-5.2.20121209-amd64.pbi</depends_on_package_pbi>
812 
			<depends_on_package_base_url>https://files.pfsense.org/packages/10/All/</depends_on_package_base_url>
813 
		</package>
814 
		<menu>
815 
			<name>OpenBGPD</name>
816 
			<tooltiptext/>
817 
			<section>Services</section>
818 
			<url>/pkg_edit.php?xml=openbgpd.xml&amp;id=0</url>
819 
		</menu>
820 
		<tab>
821 
			<text>Settings</text>
822 
			<url>/pkg_edit.php?xml=openbgpd.xml&amp;id=0</url>
823 
			<active/>
824 
		</tab>
825 
		<service>
826 
			<name>bgpd</name>
827 
			<rcfile>bgpd.sh</rcfile>
828 
			<executable>bgpd</executable>
829 
			<description><![CDATA[OpenBSD BGP Daemon]]></description>
830 
		</service>
831 
	</installedpackages>
832 
</pfsense>
(1-1/3)