Project

General

Profile

config-2_2-aws.xml

Matthew Smith, 07/23/2014 11:13 AM

 
1
<?xml version="1.0"?>
2
<pfsense>
3
        <version>10.9</version>
4
        <lastchange/>
5
        <theme>pfsense_ng</theme>
6
        <sysctl>
7
                <item>
8
                        <descr><![CDATA[Enable mounting the FS read only with more checks.]]></descr>
9
                        <tunable>vfs.forcesync</tunable>
10
                        <value>default</value>
11
                </item>
12
                <item>
13
                        <descr><![CDATA[Disable the pf ftp proxy handler.]]></descr>
14
                        <tunable>debug.pfftpproxy</tunable>
15
                        <value>default</value>
16
                </item>
17
                <item>
18
                        <descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr>
19
                        <tunable>vfs.read_max</tunable>
20
                        <value>default</value>
21
                </item>
22
                <item>
23
                        <descr><![CDATA[Set the ephemeral port range to be lower.]]></descr>
24
                        <tunable>net.inet.ip.portrange.first</tunable>
25
                        <value>default</value>
26
                </item>
27
                <item>
28
                        <descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr>
29
                        <tunable>net.inet.tcp.blackhole</tunable>
30
                        <value>default</value>
31
                </item>
32
                <item>
33
                        <descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr>
34
                        <tunable>net.inet.udp.blackhole</tunable>
35
                        <value>default</value>
36
                </item>
37
                <item>
38
                        <descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr>
39
                        <tunable>net.inet.ip.random_id</tunable>
40
                        <value>default</value>
41
                </item>
42
                <item>
43
                        <descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>
44
                        <tunable>net.inet.tcp.drop_synfin</tunable>
45
                        <value>default</value>
46
                </item>
47
                <item>
48
                        <descr><![CDATA[Enable sending IPv4 redirects]]></descr>
49
                        <tunable>net.inet.ip.redirect</tunable>
50
                        <value>default</value>
51
                </item>
52
                <item>
53
                        <descr><![CDATA[Enable sending IPv6 redirects]]></descr>
54
                        <tunable>net.inet6.ip6.redirect</tunable>
55
                        <value>default</value>
56
                </item>
57
                <item>
58
                        <descr><![CDATA[Enable privacy settings for IPv6 (RFC 4941)]]></descr>
59
                        <tunable>net.inet6.ip6.use_tempaddr</tunable>
60
                        <value>default</value>
61
                </item>
62
                <item>
63
                        <descr><![CDATA[Prefer privacy addresses and use them over the normal addresses]]></descr>
64
                        <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
65
                        <value>default</value>
66
                </item>
67
                <item>
68
                        <descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
69
                        <tunable>net.inet.tcp.syncookies</tunable>
70
                        <value>default</value>
71
                </item>
72
                <item>
73
                        <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
74
                        <tunable>net.inet.tcp.recvspace</tunable>
75
                        <value>default</value>
76
                </item>
77
                <item>
78
                        <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
79
                        <tunable>net.inet.tcp.sendspace</tunable>
80
                        <value>default</value>
81
                </item>
82
                <item>
83
                        <descr><![CDATA[IP Fastforwarding]]></descr>
84
                        <tunable>net.inet.ip.fastforwarding</tunable>
85
                        <value>default</value>
86
                </item>
87
                <item>
88
                        <descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
89
                        <tunable>net.inet.tcp.delayed_ack</tunable>
90
                        <value>default</value>
91
                </item>
92
                <item>
93
                        <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
94
                        <tunable>net.inet.udp.maxdgram</tunable>
95
                        <value>default</value>
96
                </item>
97
                <item>
98
                        <descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
99
                        <tunable>net.link.bridge.pfil_onlyip</tunable>
100
                        <value>default</value>
101
                </item>
102
                <item>
103
                        <descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr>
104
                        <tunable>net.link.bridge.pfil_member</tunable>
105
                        <value>default</value>
106
                </item>
107
                <item>
108
                        <descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr>
109
                        <tunable>net.link.bridge.pfil_bridge</tunable>
110
                        <value>default</value>
111
                </item>
112
                <item>
113
                        <descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr>
114
                        <tunable>net.link.tap.user_open</tunable>
115
                        <value>default</value>
116
                </item>
117
                <item>
118
                        <descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr>
119
                        <tunable>kern.randompid</tunable>
120
                        <value>default</value>
121
                </item>
122
                <item>
123
                        <descr><![CDATA[Maximum size of the IP input queue]]></descr>
124
                        <tunable>net.inet.ip.intr_queue_maxlen</tunable>
125
                        <value>default</value>
126
                </item>
127
                <item>
128
                        <descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr>
129
                        <tunable>hw.syscons.kbd_reboot</tunable>
130
                        <value>default</value>
131
                </item>
132
                <item>
133
                        <descr><![CDATA[Enable TCP Inflight mode]]></descr>
134
                        <tunable>net.inet.tcp.inflight.enable</tunable>
135
                        <value>default</value>
136
                </item>
137
                <item>
138
                        <descr><![CDATA[Enable TCP extended debugging]]></descr>
139
                        <tunable>net.inet.tcp.log_debug</tunable>
140
                        <value>default</value>
141
                </item>
142
                <item>
143
                        <descr><![CDATA[Set ICMP Limits]]></descr>
144
                        <tunable>net.inet.icmp.icmplim</tunable>
145
                        <value>default</value>
146
                </item>
147
                <item>
148
                        <descr><![CDATA[TCP Offload Engine]]></descr>
149
                        <tunable>net.inet.tcp.tso</tunable>
150
                        <value>default</value>
151
                </item>
152
                <item>
153
                        <descr><![CDATA[UDP Checksums]]></descr>
154
                        <tunable>net.inet.udp.checksum</tunable>
155
                        <value>default</value>
156
                </item>
157
                <item>
158
                        <descr><![CDATA[Maximum socket buffer size]]></descr>
159
                        <tunable>kern.ipc.maxsockbuf</tunable>
160
                        <value>default</value>
161
                </item>
162
        </sysctl>
163
        <system>
164
                <optimization>normal</optimization>
165
                <hostname>vpn-test-endpoint2</hostname>
166
                <domain>staff.pfmechanics.com</domain>
167
                <group>
168
                        <name>all</name>
169
                        <description><![CDATA[All Users]]></description>
170
                        <scope>system</scope>
171
                        <gid>1998</gid>
172
                </group>
173
                <group>
174
                        <name>admins</name>
175
                        <description><![CDATA[System Administrators]]></description>
176
                        <scope>system</scope>
177
                        <gid>1999</gid>
178
                        <member>0</member>
179
                        <priv>page-all</priv>
180
                </group>
181
                <user>
182
                        <name>admin</name>
183
                        <descr><![CDATA[System Administrator]]></descr>
184
                        <scope>system</scope>
185
                        <groupname>admins</groupname>
186
                        <password>$1$/3gmYq8S$LKaj07F4blKrsq/EOgwKD.</password>
187
                        <uid>0</uid>
188
                        <priv>user-shell-access</priv>
189
                        <md5-hash>098facdbc6e78d36b3d339dc3e8a8989</md5-hash>
190
                        <nt-hash>6561666635303534303861373466643431613630623164333738663331333837</nt-hash>
191
                        <expires/>
192
                        <authorizedkeys>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDMXZnZmMrM0JidlFCY1N6UXBRZnBtWTFqRFRkczdBWVhiRGk1MkpHbU1iYkxkVGJHdjVGVlRzMUlMSmw3ZEI3QTZuZmx3cXpZMkVYYWxtSWpERk9URWhFaTJ0SDIrYlBnWDBaTk8zdmVaOVpFWnNRZXFEdjhiMTBZeDAvM29kcTZzODJUVGVNdW94RzNRSU1iM3kvYWRBQ2cyYnBHb1dyU0Fock85RnJycHhCOGxFc3dCMStIaWp1d2tCd2NTK2dyYkMwUkJmQXZFNW15UmFXT0g3SmtOOW1HOUE2aHc5dExhUWZ6TWtoQ1NhNnA4UWE1VmVMWTNiRzlKNW9XTFFZVTRSWkFsdUt1ZEYyOGN4bitMcEdUZTB2bDZiNkdLbmkyQitZc2k2K2NLbkJKSytRZkU3VGp0Y2V2ZHpUUUJKcVVuZkRSVXJaZk1OcXgrVlVBckF3bnggbWdzbWl0aEBybTQxMDA=</authorizedkeys>
193
                        <ipsecpsk/>
194
                </user>
195
                <nextuid>2000</nextuid>
196
                <nextgid>2000</nextgid>
197
                <timezone>US/Central</timezone>
198
                <time-update-interval/>
199
                <timeservers>0.pfsense.pool.ntp.org</timeservers>
200
                <webgui>
201
                        <protocol>https</protocol>
202
                        <ssl-certref>53ab0f5f4880f</ssl-certref>
203
                        <port/>
204
                        <max_procs>2</max_procs>
205
                </webgui>
206
                <disablenatreflection>yes</disablenatreflection>
207
                <disablesegmentationoffloading/>
208
                <disablelargereceiveoffloading/>
209
                <ipv6allow/>
210
                <powerd_ac_mode>hadp</powerd_ac_mode>
211
                <powerd_battery_mode>hadp</powerd_battery_mode>
212
                <bogons>
213
                        <interval>monthly</interval>
214
                </bogons>
215
                <kill_states/>
216
                <language>en_US</language>
217
                <dns3gw>none</dns3gw>
218
                <dns4gw>none</dns4gw>
219
                <dnsserver>172.27.32.5</dnsserver>
220
                <dnsserver>172.27.32.6</dnsserver>
221
                <dnsallowoverride/>
222
                <gitsync>
223
                        <repositoryurl/>
224
                        <branch/>
225
                </gitsync>
226
                <serialspeed>9600</serialspeed>
227
                <primaryconsole>serial</primaryconsole>
228
                <enablesshd>enabled</enablesshd>
229
                <firmware>
230
                        <allowinvalidsig/>
231
                </firmware>
232
        </system>
233
        <interfaces>
234
                <wan>
235
                        <enable/>
236
                        <if>em0</if>
237
                        <mtu/>
238
                        <ipaddr>192.207.126.12</ipaddr>
239
                        <ipaddrv6/>
240
                        <subnet>24</subnet>
241
                        <gateway/>
242
                        <blockpriv/>
243
                        <blockbogons/>
244
                        <dhcphostname/>
245
                        <media/>
246
                        <mediaopt/>
247
                        <dhcp6-duid/>
248
                        <dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
249
                        <subnetv6/>
250
                        <gatewayv6/>
251
                </wan>
252
                <lan>
253
                        <enable/>
254
                        <if>em1</if>
255
                        <ipaddr>172.27.32.98</ipaddr>
256
                        <subnet>24</subnet>
257
                        <ipaddrv6/>
258
                        <subnetv6/>
259
                        <media/>
260
                        <mediaopt/>
261
                        <track6-interface>wan</track6-interface>
262
                        <track6-prefix-id>0</track6-prefix-id>
263
                        <gateway/>
264
                        <gatewayv6/>
265
                </lan>
266
        </interfaces>
267
        <staticroutes>
268
                <route>
269
                        <network>172.16.0.0/24</network>
270
                        <gateway>lan_gw</gateway>
271
                        <descr><![CDATA[mgsmith home]]></descr>
272
                </route>
273
                <route>
274
                        <network>172.27.32.0/19</network>
275
                        <gateway>lan_gw</gateway>
276
                        <descr/>
277
                </route>
278
        </staticroutes>
279
        <dhcpd>
280
                <lan>
281
                        <range>
282
                                <from>192.168.1.100</from>
283
                                <to>192.168.1.199</to>
284
                        </range>
285
                </lan>
286
        </dhcpd>
287
        <pptpd>
288
                <mode/>
289
                <redir/>
290
                <localip/>
291
                <remoteip/>
292
        </pptpd>
293
        <dnsmasq>
294
                <enable/>
295
        </dnsmasq>
296
        <snmpd>
297
                <syslocation/>
298
                <syscontact/>
299
                <rocommunity>public</rocommunity>
300
        </snmpd>
301
        <diag>
302
                <ipv6nat>
303
                        <ipaddr/>
304
                </ipv6nat>
305
        </diag>
306
        <bridge/>
307
        <syslog/>
308
        <nat>
309
                <outbound>
310
                        <mode>automatic</mode>
311
                </outbound>
312
        </nat>
313
        <filter>
314
                <rule>
315
                        <type>pass</type>
316
                        <ipprotocol>inet</ipprotocol>
317
                        <descr><![CDATA[Default allow LAN to any rule]]></descr>
318
                        <interface>lan</interface>
319
                        <source>
320
                                <network>lan</network>
321
                        </source>
322
                        <destination>
323
                                <any/>
324
                        </destination>
325
                        <tracker>1405547542</tracker>
326
                </rule>
327
                <rule>
328
                        <type>pass</type>
329
                        <ipprotocol>inet6</ipprotocol>
330
                        <descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>
331
                        <interface>lan</interface>
332
                        <source>
333
                                <network>lan</network>
334
                        </source>
335
                        <destination>
336
                                <any/>
337
                        </destination>
338
                        <tracker>1405547543</tracker>
339
                </rule>
340
                <rule>
341
                        <id/>
342
                        <type>Pass</type>
343
                        <interface>enc0</interface>
344
                        <ipprotocol>inet</ipprotocol>
345
                        <statetype>keep state</statetype>
346
                        <source>
347
                                <address>VPC_Remote_vpc5c35ee39</address>
348
                        </source>
349
                        <destination>
350
                                <address>VPC_Local_vpc5c35ee39</address>
351
                        </destination>
352
                        <descr><![CDATA[VPC IPsec auto-rule for vpc-5c35ee39]]></descr>
353
                        <created>
354
                                <time>1406128018</time>
355
                                <username>admin@172.16.0.54</username>
356
                        </created>
357
                </rule>
358
        </filter>
359
        <shaper/>
360
        <ipsec>
361
                <enable/>
362
                <phase1>
363
                        <ikeid>1</ikeid>
364
                        <iketype>ikev1</iketype>
365
                        <disabled/>
366
                        <interface>wan</interface>
367
                        <remote-gateway>65.36.83.120</remote-gateway>
368
                        <mode>main</mode>
369
                        <protocol>inet</protocol>
370
                        <myid_type>myaddress</myid_type>
371
                        <myid_data/>
372
                        <peerid_type>peeraddress</peerid_type>
373
                        <peerid_data/>
374
                        <encryption-algorithm>
375
                                <name>aes</name>
376
                                <keylen>256</keylen>
377
                        </encryption-algorithm>
378
                        <hash-algorithm>sha256</hash-algorithm>
379
                        <dhgroup>2</dhgroup>
380
                        <lifetime>28800</lifetime>
381
                        <pre-shared-key>vPu#E6Cz2p9SEwMzFL5ZF9$g</pre-shared-key>
382
                        <private-key/>
383
                        <certref/>
384
                        <caref/>
385
                        <authentication_method>pre_shared_key</authentication_method>
386
                        <descr><![CDATA[Thomspon]]></descr>
387
                        <nat_traversal>on</nat_traversal>
388
                </phase1>
389
                <phase1>
390
                        <ikeid>2</ikeid>
391
                        <interface>wan</interface>
392
                        <remote-gateway>54.240.217.160</remote-gateway>
393
                        <mode>main</mode>
394
                        <protocol>inet</protocol>
395
                        <myid_type>address</myid_type>
396
                        <myid_data>192.207.126.12</myid_data>
397
                        <peerid_type>peeraddress</peerid_type>
398
                        <encryption-algorithm>
399
                                <name>aes</name>
400
                                <keylen>128</keylen>
401
                        </encryption-algorithm>
402
                        <hash-algorithm>sha1</hash-algorithm>
403
                        <dhgroup>2</dhgroup>
404
                        <lifetime>28800</lifetime>
405
                        <pre-shared-key>DrVBR2km6OwceZiDCFFFgesSOBE5oghv</pre-shared-key>
406
                        <authentication_method>pre_shared_key</authentication_method>
407
                        <descr><![CDATA[Auto-generated by pfSense - AWS 54.240.217.160]]></descr>
408
                        <nat_traversal>off</nat_traversal>
409
                        <dpd_delay>10</dpd_delay>
410
                        <dpd_maxfail>3</dpd_maxfail>
411
                </phase1>
412
                <phase1>
413
                        <ikeid>3</ikeid>
414
                        <interface>wan</interface>
415
                        <remote-gateway>54.240.217.166</remote-gateway>
416
                        <mode>main</mode>
417
                        <protocol>inet</protocol>
418
                        <myid_type>address</myid_type>
419
                        <myid_data>192.207.126.12</myid_data>
420
                        <peerid_type>peeraddress</peerid_type>
421
                        <encryption-algorithm>
422
                                <name>aes</name>
423
                                <keylen>128</keylen>
424
                        </encryption-algorithm>
425
                        <hash-algorithm>sha1</hash-algorithm>
426
                        <dhgroup>2</dhgroup>
427
                        <lifetime>28800</lifetime>
428
                        <pre-shared-key>iFbkQ2gQeIi50RaKeEaqd_hWZbqEc1Tc</pre-shared-key>
429
                        <authentication_method>pre_shared_key</authentication_method>
430
                        <descr><![CDATA[Auto-generated by pfSense - AWS 54.240.217.166]]></descr>
431
                        <nat_traversal>off</nat_traversal>
432
                        <dpd_delay>10</dpd_delay>
433
                        <dpd_maxfail>3</dpd_maxfail>
434
                </phase1>
435
                <client/>
436
                <phase2>
437
                        <ikeid>1</ikeid>
438
                        <mode>tunnel</mode>
439
                        <localid>
440
                                <type>network</type>
441
                                <address>172.27.32.0</address>
442
                                <netbits>19</netbits>
443
                        </localid>
444
                        <remoteid>
445
                                <type>network</type>
446
                                <address>172.21.0.0</address>
447
                                <netbits>24</netbits>
448
                        </remoteid>
449
                        <protocol>esp</protocol>
450
                        <encryption-algorithm-option>
451
                                <name>aes</name>
452
                                <keylen>auto</keylen>
453
                        </encryption-algorithm-option>
454
                        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
455
                        <hash-algorithm-option>hmac_sha256</hash-algorithm-option>
456
                        <hash-algorithm-option>hmac_sha384</hash-algorithm-option>
457
                        <hash-algorithm-option>hmac_sha512</hash-algorithm-option>
458
                        <pfsgroup>2</pfsgroup>
459
                        <lifetime>3600</lifetime>
460
                        <pinghost/>
461
                        <descr><![CDATA[office to Thompson]]></descr>
462
                </phase2>
463
                <phase2>
464
                        <ikeid>2</ikeid>
465
                        <mode>tunnel</mode>
466
                        <localid>
467
                                <type>network</type>
468
                                <address>169.254.255.74</address>
469
                                <netbits>30</netbits>
470
                        </localid>
471
                        <remoteid>
472
                                <type>network</type>
473
                                <address>169.254.255.73</address>
474
                                <netbits>30</netbits>
475
                        </remoteid>
476
                        <protocol>esp</protocol>
477
                        <encryption-algorithm-option>
478
                                <name>aes</name>
479
                                <keylen>128</keylen>
480
                        </encryption-algorithm-option>
481
                        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
482
                        <pfsgroup>2</pfsgroup>
483
                        <lifetime>3600</lifetime>
484
                        <descr><![CDATA[Tunnel inside endpoint traffic 2]]></descr>
485
                </phase2>
486
                <phase2>
487
                        <ikeid>2</ikeid>
488
                        <mode>tunnel</mode>
489
                        <localid>
490
                                <type>network</type>
491
                                <address>172.27.38.0</address>
492
                                <netbits>24</netbits>
493
                        </localid>
494
                        <remoteid>
495
                                <type>network</type>
496
                                <address>10.3.0.0</address>
497
                                <netbits>16</netbits>
498
                        </remoteid>
499
                        <protocol>esp</protocol>
500
                        <encryption-algorithm-option>
501
                                <name>aes</name>
502
                                <keylen>128</keylen>
503
                        </encryption-algorithm-option>
504
                        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
505
                        <pfsgroup>2</pfsgroup>
506
                        <lifetime>3600</lifetime>
507
                        <descr><![CDATA[Local net 172.27.38.0/24 to VPN net 10.3.0.0/16]]></descr>
508
                </phase2>
509
                <phase2>
510
                        <ikeid>2</ikeid>
511
                        <mode>tunnel</mode>
512
                        <localid>
513
                                <type>network</type>
514
                                <address>172.27.32.0</address>
515
                                <netbits>24</netbits>
516
                        </localid>
517
                        <remoteid>
518
                                <type>network</type>
519
                                <address>10.3.0.0</address>
520
                                <netbits>16</netbits>
521
                        </remoteid>
522
                        <protocol>esp</protocol>
523
                        <encryption-algorithm-option>
524
                                <name>aes</name>
525
                                <keylen>128</keylen>
526
                        </encryption-algorithm-option>
527
                        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
528
                        <pfsgroup>2</pfsgroup>
529
                        <lifetime>3600</lifetime>
530
                        <descr><![CDATA[Local net 172.27.32.0/24 to VPN net 10.3.0.0/16]]></descr>
531
                </phase2>
532
                <phase2>
533
                        <ikeid>3</ikeid>
534
                        <mode>tunnel</mode>
535
                        <localid>
536
                                <type>network</type>
537
                                <address>169.254.255.78</address>
538
                                <netbits>30</netbits>
539
                        </localid>
540
                        <remoteid>
541
                                <type>network</type>
542
                                <address>169.254.255.77</address>
543
                                <netbits>30</netbits>
544
                        </remoteid>
545
                        <protocol>esp</protocol>
546
                        <encryption-algorithm-option>
547
                                <name>aes</name>
548
                                <keylen>128</keylen>
549
                        </encryption-algorithm-option>
550
                        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
551
                        <pfsgroup>2</pfsgroup>
552
                        <lifetime>3600</lifetime>
553
                        <descr><![CDATA[Tunnel inside endpoint traffic 3]]></descr>
554
                </phase2>
555
                <phase2>
556
                        <ikeid>3</ikeid>
557
                        <mode>tunnel</mode>
558
                        <localid>
559
                                <type>network</type>
560
                                <address>172.27.38.0</address>
561
                                <netbits>24</netbits>
562
                        </localid>
563
                        <remoteid>
564
                                <type>network</type>
565
                                <address>10.3.0.0</address>
566
                                <netbits>16</netbits>
567
                        </remoteid>
568
                        <protocol>esp</protocol>
569
                        <encryption-algorithm-option>
570
                                <name>aes</name>
571
                                <keylen>128</keylen>
572
                        </encryption-algorithm-option>
573
                        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
574
                        <pfsgroup>2</pfsgroup>
575
                        <lifetime>3600</lifetime>
576
                        <descr><![CDATA[Local net 172.27.38.0/24 to VPN net 10.3.0.0/16]]></descr>
577
                </phase2>
578
                <phase2>
579
                        <ikeid>3</ikeid>
580
                        <mode>tunnel</mode>
581
                        <localid>
582
                                <type>network</type>
583
                                <address>172.27.32.0</address>
584
                                <netbits>24</netbits>
585
                        </localid>
586
                        <remoteid>
587
                                <type>network</type>
588
                                <address>10.3.0.0</address>
589
                                <netbits>16</netbits>
590
                        </remoteid>
591
                        <protocol>esp</protocol>
592
                        <encryption-algorithm-option>
593
                                <name>aes</name>
594
                                <keylen>128</keylen>
595
                        </encryption-algorithm-option>
596
                        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
597
                        <pfsgroup>2</pfsgroup>
598
                        <lifetime>3600</lifetime>
599
                        <descr><![CDATA[Local net 172.27.32.0/24 to VPN net 10.3.0.0/16]]></descr>
600
                </phase2>
601
                <ipsec_chd>5</ipsec_chd>
602
        </ipsec>
603
        <aliases>
604
                <alias>
605
                        <name>VPC_Remote_vpc5c35ee39</name>
606
                        <type>network</type>
607
                        <descr><![CDATA[Networks on the VPC side for vpc-5c35ee39]]></descr>
608
                        <address>169.254.255.73/32 169.254.255.77/32 10.3.0.0/16</address>
609
                </alias>
610
                <alias>
611
                        <name>VPC_Local_vpc5c35ee39</name>
612
                        <type>network</type>
613
                        <descr><![CDATA[Networks on the pfSense side for vpc-5c35ee39]]></descr>
614
                        <address>169.254.255.74/32 169.254.255.78/32 172.27.38.0/24 172.27.32.0/24</address>
615
                </alias>
616
        </aliases>
617
        <proxyarp/>
618
        <cron>
619
                <item>
620
                        <minute>1,31</minute>
621
                        <hour>0-5</hour>
622
                        <mday>*</mday>
623
                        <month>*</month>
624
                        <wday>*</wday>
625
                        <who>root</who>
626
                        <command>/usr/bin/nice -n20 adjkerntz -a</command>
627
                </item>
628
                <item>
629
                        <minute>1</minute>
630
                        <hour>3</hour>
631
                        <mday>1</mday>
632
                        <month>*</month>
633
                        <wday>*</wday>
634
                        <who>root</who>
635
                        <command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
636
                </item>
637
                <item>
638
                        <minute>*/60</minute>
639
                        <hour>*</hour>
640
                        <mday>*</mday>
641
                        <month>*</month>
642
                        <wday>*</wday>
643
                        <who>root</who>
644
                        <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
645
                </item>
646
                <item>
647
                        <minute>1</minute>
648
                        <hour>1</hour>
649
                        <mday>*</mday>
650
                        <month>*</month>
651
                        <wday>*</wday>
652
                        <who>root</who>
653
                        <command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
654
                </item>
655
                <item>
656
                        <minute>*/60</minute>
657
                        <hour>*</hour>
658
                        <mday>*</mday>
659
                        <month>*</month>
660
                        <wday>*</wday>
661
                        <who>root</who>
662
                        <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
663
                </item>
664
                <item>
665
                        <minute>30</minute>
666
                        <hour>12</hour>
667
                        <mday>*</mday>
668
                        <month>*</month>
669
                        <wday>*</wday>
670
                        <who>root</who>
671
                        <command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
672
                </item>
673
        </cron>
674
        <wol/>
675
        <rrd>
676
                <enable/>
677
        </rrd>
678
        <load_balancer>
679
                <monitor_type>
680
                        <name>ICMP</name>
681
                        <type>icmp</type>
682
                        <descr><![CDATA[ICMP]]></descr>
683
                        <options/>
684
                </monitor_type>
685
                <monitor_type>
686
                        <name>TCP</name>
687
                        <type>tcp</type>
688
                        <descr><![CDATA[Generic TCP]]></descr>
689
                        <options/>
690
                </monitor_type>
691
                <monitor_type>
692
                        <name>HTTP</name>
693
                        <type>http</type>
694
                        <descr><![CDATA[Generic HTTP]]></descr>
695
                        <options>
696
                                <path>/</path>
697
                                <host/>
698
                                <code>200</code>
699
                        </options>
700
                </monitor_type>
701
                <monitor_type>
702
                        <name>HTTPS</name>
703
                        <type>https</type>
704
                        <descr><![CDATA[Generic HTTPS]]></descr>
705
                        <options>
706
                                <path>/</path>
707
                                <host/>
708
                                <code>200</code>
709
                        </options>
710
                </monitor_type>
711
                <monitor_type>
712
                        <name>SMTP</name>
713
                        <type>send</type>
714
                        <descr><![CDATA[Generic SMTP]]></descr>
715
                        <options>
716
                                <send/>
717
                                <expect>220 *</expect>
718
                        </options>
719
                </monitor_type>
720
        </load_balancer>
721
        <widgets>
722
                <sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence>
723
        </widgets>
724
        <revision>
725
                <time>1406128018</time>
726
                <description><![CDATA[admin@172.16.0.54: /aws/test.php made unknown change]]></description>
727
                <username>admin@172.16.0.54</username>
728
        </revision>
729
        <openvpn/>
730
        <l7shaper>
731
                <container/>
732
        </l7shaper>
733
        <dnshaper/>
734
        <cert>
735
                <refid>53ab0f5f4880f</refid>
736
                <descr><![CDATA[webConfigurator default]]></descr>
737
                <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVLRENDQTVHZ0F3SUJBZ0lKQUpvalkzbDAvNzk4TUEwR0NTcUdTSWIzRFFFQkN3VUFNSUcvTVFzd0NRWUQKVlFRR0V3SlZVekVTTUJBR0ExVUVDQk1KVTI5dFpYZG9aWEpsTVJFd0R3WURWUVFIRXdoVGIyMWxZMmwwZVRFVQpNQklHQTFVRUNoTUxRMjl0Y0dGdWVVNWhiV1V4THpBdEJnTlZCQXNUSms5eVoyRnVhWHBoZEdsdmJtRnNJRlZ1CmFYUWdUbUZ0WlNBb1pXY3NJSE5sWTNScGIyNHBNU1F3SWdZRFZRUURFeHREYjIxdGIyNGdUbUZ0WlNBb1pXY3MKSUZsUFZWSWdibUZ0WlNreEhEQWFCZ2txaGtpRzl3MEJDUUVXRFVWdFlXbHNJRUZrWkhKbGMzTXdIaGNOTVRRdwpOakkxTVRnd05URTVXaGNOTVRreE1qRTJNVGd3TlRFNVdqQ0J2ekVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WCkJBZ1RDVk52YldWM2FHVnlaVEVSTUE4R0ExVUVCeE1JVTI5dFpXTnBkSGt4RkRBU0JnTlZCQW9UQzBOdmJYQmgKYm5sT1lXMWxNUzh3TFFZRFZRUUxFeVpQY21kaGJtbDZZWFJwYjI1aGJDQlZibWwwSUU1aGJXVWdLR1ZuTENCegpaV04wYVc5dUtURWtNQ0lHQTFVRUF4TWJRMjl0Ylc5dUlFNWhiV1VnS0dWbkxDQlpUMVZTSUc1aGJXVXBNUnd3CkdnWUpLb1pJaHZjTkFRa0JGZzFGYldGcGJDQkJaR1J5WlhOek1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R04KQURDQmlRS0JnUUM5bDJyaWFZTlFhQjhIOTNoaUZRdGxGWmhYS2ZMRkNHMno5UXVLZkN2YnpEaVBnTnRMTVg5MQpUc1p6WVZBMjB0cjN3N2gyMGNMazc0SEZLdWd4cVdxZDFYbHhkc05xdVBtM0ErUFRiVWhTK1lVRFRBQjBvMEVvCjJWZnBLWWluUkdRMjNZMlArYi9wMWdJek5zZ0xtUDlMcXhCd3dWZ0FUTXFuU3hlQTNqZCs0UUlEQVFBQm80SUIKS0RDQ0FTUXdIUVlEVlIwT0JCWUVGTnk2cGs0bG5xaGFFbzk5b0ZJbmgvWFp6aytUTUlIMEJnTlZIU01FZ2V3dwpnZW1BRk55NnBrNGxucWhhRW85OW9GSW5oL1haemsrVG9ZSEZwSUhDTUlHL01Rc3dDUVlEVlFRR0V3SlZVekVTCk1CQUdBMVVFQ0JNSlUyOXRaWGRvWlhKbE1SRXdEd1lEVlFRSEV3aFRiMjFsWTJsMGVURVVNQklHQTFVRUNoTUwKUTI5dGNHRnVlVTVoYldVeEx6QXRCZ05WQkFzVEprOXlaMkZ1YVhwaGRHbHZibUZzSUZWdWFYUWdUbUZ0WlNBbwpaV2NzSUhObFkzUnBiMjRwTVNRd0lnWURWUVFERXh0RGIyMXRiMjRnVG1GdFpTQW9aV2NzSUZsUFZWSWdibUZ0ClpTa3hIREFhQmdrcWhraUc5dzBCQ1FFV0RVVnRZV2xzSUVGa1pISmxjM09DQ1FDYUkyTjVkUCsvZkRBTUJnTlYKSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkN3VUFBNEdCQUpxRXNURDROaUFXa3dsYlNJdFVUTHhpMUVsTwpsVzE2S0ovcERuNkVxVjdaRFlOMFREV05TRlZteDlDQjZUckY0eHBTUmRMcjh4T1JNS0NJZ3lrVjlGdmF6Y1NvCkQxbDNJM0hSZVErTGRIc29EM0J1V3NpQjZITmNLRFJoRVYwTmRHdThpUkg2Q3MvYS82ZXIyMzJveHRLUXFTc00KOWpQRkJPdTk0N1BPUnZUWgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
738
                <prv>R2VuZXJhdGluZyBSU0EgcHJpdmF0ZSBrZXksIDEwMjQgYml0IGxvbmcgbW9kdWx1cwouLi4uLi4uLi4uKysrKysrCi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4rKysrKysKZSBpcyA2NTUzNyAoMHgxMDAwMSkKLS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlDWGdJQkFBS0JnUUM5bDJyaWFZTlFhQjhIOTNoaUZRdGxGWmhYS2ZMRkNHMno5UXVLZkN2YnpEaVBnTnRMCk1YOTFUc1p6WVZBMjB0cjN3N2gyMGNMazc0SEZLdWd4cVdxZDFYbHhkc05xdVBtM0ErUFRiVWhTK1lVRFRBQjAKbzBFbzJWZnBLWWluUkdRMjNZMlArYi9wMWdJek5zZ0xtUDlMcXhCd3dWZ0FUTXFuU3hlQTNqZCs0UUlEQVFBQgpBb0dCQUtNb3ZBTTlhcFM0Qm55RXJFVThkeUgzQTdOL2xqMmFrMDViaENNWjJXUyt5NjR6NW9VL2c4RWdtZ2lSCnBzYUhqNG5LRmVXcmYxNG1BRGYrUlBUNEo1ZFF1aStFeDBYS21WV0dGVHhrRDVDeDZNeXVHaW4wSExZeVIxZ1QKWmUzZjl5QytZOExuUHFuazUrM080aGdXcGdnMm83VVRmekZDY0tvV1EyQm9rTFpCQWtFQTd4TVU2bVdzT0QwUQpoWjVUY0oyODd6aTFGV0ovRmpVVVJCWE41ZGpaaGkzNGpBVEhmYS81c1FzKzJ2ODRhNkt3c0pGa1JpaS9QSUJrCkdPS1piRktZOHdKQkFNc0RoTndCQng1VjBHWm01VlA2bUtYamNWVUQ5YUdrWmlUK0ZWVkZWTGwzOXd5WDlLbXAKd0RJL0lXMWNKY2lrQUFPRkt5c2lLUVNFS04vdlgxMmdmZHNDUUE3N2FDVWtSLzJpUGdYUm5UTUNmNU9TUHk3ZQo1RTMwOTVjb3NxV0R5R1h6UFk4d3dYdXI2bjdnMElpUzArdFMzN1hBOXNLNnpQa3lwcE0wcUI2MHNtY0NRUUNlCkNjMUJueU0xZ0VSTmswaHZTYVBQYi9GbjV6OHVhRmFEOGJBVnczVWpOTHFEZVQralhGd2NRWHo2TDBQU242akwKRkwzNFJBMStVSXVwV0NUN005Y0ZBa0VBdjNGRUhBZjE2Vk9UTHM3Um1tU2I1UjRHUmxkb0hhWitpZnhyaU5YbQpiaHc2Rkx2MTlVcjFwdkVONFQ4SHVpVlFQdGNRV2YxODBNZ295S0I3azRmVmR3PT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K</prv>
739
        </cert>
740
        <gateways>
741
                <gateway_item>
742
                        <interface>wan</interface>
743
                        <gateway>192.207.126.1</gateway>
744
                        <name>GW_WAN</name>
745
                        <weight>1</weight>
746
                        <ipprotocol>inet</ipprotocol>
747
                        <interval/>
748
                        <avg_delay_samples/>
749
                        <avg_loss_samples/>
750
                        <avg_loss_delay_samples/>
751
                        <descr><![CDATA[Interface wan Gateway]]></descr>
752
                        <monitor_disable/>
753
                        <defaultgw/>
754
                </gateway_item>
755
                <gateway_item>
756
                        <interface>lan</interface>
757
                        <gateway>172.27.32.1</gateway>
758
                        <name>lan_gw</name>
759
                        <weight>1</weight>
760
                        <ipprotocol>inet</ipprotocol>
761
                        <interval/>
762
                        <descr/>
763
                </gateway_item>
764
        </gateways>
765
        <dhcpdv6/>
766
        <dnsupdates>
767
                <dnsupdate>
768
                        <enable/>
769
                        <host>vpntest2.staff.pfmechanics.com</host>
770
                        <ttl>300</ttl>
771
                        <keyname>staffupdate2</keyname>
772
                        <keytype>user</keytype>
773
                        <keydata>wUsDC2I/GSUJGa5Qoe4N0Q==</keydata>
774
                        <server>172.27.32.5</server>
775
                        <interface>wan</interface>
776
                        <descr/>
777
                </dnsupdate>
778
        </dnsupdates>
779
        <virtualip>
780
                <vip>
781
                        <mode>ipalias</mode>
782
                        <interface>lo0</interface>
783
                        <type>single</type>
784
                        <subnet>169.254.255.74</subnet>
785
                        <subnet_bits>30</subnet_bits>
786
                        <descr><![CDATA[Inside address for tunnel to 54.240.217.160]]></descr>
787
                </vip>
788
                <vip>
789
                        <mode>ipalias</mode>
790
                        <interface>lo0</interface>
791
                        <type>single</type>
792
                        <subnet>169.254.255.78</subnet>
793
                        <subnet_bits>30</subnet_bits>
794
                        <descr><![CDATA[Inside address for tunnel to 54.240.217.166]]></descr>
795
                </vip>
796
        </virtualip>
797
        <installedpackages>
798
                <package>
799
                        <name>OpenBGPD</name>
800
                        <descr><![CDATA[OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol. -- WARNING! Installs files to the same place as Quagga OSPF. Installing both will result in a broken state, remove this package before installing Quagga OSPF.]]></descr>
801
                        <category>NET</category>
802
                        <config_file>https://packages.pfsense.org/packages/config/openbgpd/openbgpd.xml</config_file>
803
                        <build_pbi>
804
                                <port>net/openbgpd</port>
805
                        </build_pbi>
806
                        <version>0.9.1</version>
807
                        <status>STABLE</status>
808
                        <pkginfolink>https://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink>
809
                        <required_version>2.2</required_version>
810
                        <configurationfile>openbgpd.xml</configurationfile>
811
                        <depends_on_package_pbi>openbgpd-5.2.20121209-amd64.pbi</depends_on_package_pbi>
812
                        <depends_on_package_base_url>https://files.pfsense.org/packages/10/All/</depends_on_package_base_url>
813
                </package>
814
                <menu>
815
                        <name>OpenBGPD</name>
816
                        <tooltiptext/>
817
                        <section>Services</section>
818
                        <url>/pkg_edit.php?xml=openbgpd.xml&amp;id=0</url>
819
                </menu>
820
                <tab>
821
                        <text>Settings</text>
822
                        <url>/pkg_edit.php?xml=openbgpd.xml&amp;id=0</url>
823
                        <active/>
824
                </tab>
825
                <service>
826
                        <name>bgpd</name>
827
                        <rcfile>bgpd.sh</rcfile>
828
                        <executable>bgpd</executable>
829
                        <description><![CDATA[OpenBSD BGP Daemon]]></description>
830
                </service>
831
        </installedpackages>
832
</pfsense>