opnsense-backup/config.xml

<?xml version="1.0"?>
<opnsense>
  <theme>opnsense</theme>
  <sysctl version="1.0.1" persisted_at="1759220133.28">
    <item/>
  </sysctl>
  <system>
    <optimization>normal</optimization>
    <hostname>kai-vpn01</hostname>
    <domain>infra.kaiser-zehnder.ch</domain>
    <dnsallowoverride>1</dnsallowoverride>
    <dnsallowoverride_exclude/>
    <group uuid="5e7f8fe9-7b59-4453-9933-924fb92c3899">
      <gid>1999</gid>
      <name>admins</name>
      <scope>system</scope>
      <description>System Administrators</description>
      <priv>page-all</priv>
      <member>0</member>
      <source_networks/>
    </group>
    <user uuid="6eeaeadf-3606-4ac4-829b-285ddcd4147b">
      <uid>0</uid>
      <name>root</name>
      <disabled>0</disabled>
      <scope>system</scope>
      <expires/>
      <authorizedkeys/>
      <otp_seed/>
      <shell/>
      <password>$2y$11$9J1gO8mVI7XgczEGqZVV6ejuszDv9aqhyQ25bEZ3gizmUvOjBmCR.</password>
      <pwd_changed_at/>
      <landing_page/>
      <comment/>
      <email/>
      <apikeys/>
      <priv/>
      <language/>
      <descr>System Administrator</descr>
      <dashboard/>
    </user>
    <timezone>Europe/Zurich</timezone>
    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
    <webgui>
      <protocol>https</protocol>
      <ssl-certref>68db91b18331c</ssl-certref>
    </webgui>
    <disablenatreflection>yes</disablenatreflection>
    <usevirtualterminal>1</usevirtualterminal>
    <disableconsolemenu/>
    <disablevlanhwfilter>1</disablevlanhwfilter>
    <disablechecksumoffloading>1</disablechecksumoffloading>
    <disablesegmentationoffloading>1</disablesegmentationoffloading>
    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
    <ipv6allow>1</ipv6allow>
    <powerd_ac_mode>hadp</powerd_ac_mode>
    <powerd_battery_mode>hadp</powerd_battery_mode>
    <powerd_normal_mode>hadp</powerd_normal_mode>
    <bogons>
      <interval>monthly</interval>
    </bogons>
    <pf_share_forward>1</pf_share_forward>
    <lb_use_sticky>1</lb_use_sticky>
    <ssh>
      <group>admins</group>
    </ssh>
    <rrdbackup>-1</rrdbackup>
    <netflowbackup>-1</netflowbackup>
    <firmware version="1.0.1" persisted_at="1759220133.19">
      <mirror/>
      <flavour/>
      <plugins>os-git-backup</plugins>
      <type/>
      <subscription/>
      <reboot>0</reboot>
    </firmware>
    <dnsserver>10.100.88.1</dnsserver>
    <language>en_US</language>
    <backup>
      <git version="1.0.0" persisted_at="1759221074.34">
        <enabled>1</enabled>
        <url>https://git.newday.ch/opnbkp/opnsense-backup.git</url>
        <branch>master</branch>
        <privkey/>
        <user>opnbkp</user>
        <password>Ghith$BiWom7</password>
      </git>
    </backup>
    <backupcount>100</backupcount>
  </system>
  <interfaces>
    <lo0>
      <internal_dynamic>1</internal_dynamic>
      <descr>Loopback</descr>
      <enable>1</enable>
      <if>lo0</if>
      <ipaddr>127.0.0.1</ipaddr>
      <ipaddrv6>::1</ipaddrv6>
      <subnet>8</subnet>
      <subnetv6>128</subnetv6>
      <type>none</type>
      <virtual>1</virtual>
    </lo0>
    <wan>
      <if>hn0</if>
      <enable>1</enable>
      <ipaddr>dhcp</ipaddr>
      <ipaddrv6>dhcp6</ipaddrv6>
      <blockbogons>0</blockbogons>
      <subnet/>
      <dhcphostname/>
      <spoofmac/>
      <mtu/>
      <mss/>
      <blockpriv>0</blockpriv>
    </wan>
  </interfaces>
  <dnsmasq version="1.0.8" persisted_at="1759220815.06">
    <enable>1</enable>
    <regdhcp>0</regdhcp>
    <regdhcpstatic>0</regdhcpstatic>
    <dhcpfirst>0</dhcpfirst>
    <strict_order>0</strict_order>
    <domain_needed>0</domain_needed>
    <no_private_reverse>0</no_private_reverse>
    <no_resolv>0</no_resolv>
    <log_queries>0</log_queries>
    <no_hosts>0</no_hosts>
    <strictbind>0</strictbind>
    <dnssec>0</dnssec>
    <regdhcpdomain/>
    <interface>lan</interface>
    <port>0</port>
    <dns_forward_max/>
    <cache_size/>
    <local_ttl/>
    <add_mac/>
    <add_subnet>0</add_subnet>
    <strip_subnet>0</strip_subnet>
    <dhcp>
      <no_interface/>
      <fqdn>1</fqdn>
      <domain/>
      <local>1</local>
      <lease_max/>
      <authoritative>0</authoritative>
      <default_fw_rules>1</default_fw_rules>
      <reply_delay/>
      <enable_ra>0</enable_ra>
      <nosync>0</nosync>
    </dhcp>
    <no_ident>1</no_ident>
  </dnsmasq>
  <snmpd>
    <syslocation/>
    <syscontact/>
    <rocommunity>public</rocommunity>
  </snmpd>
  <filter>
    <rule>
      <type>pass</type>
      <ipprotocol>inet</ipprotocol>
      <descr>Default allow LAN to any rule</descr>
      <interface>lan</interface>
      <source>
        <network>lan</network>
      </source>
      <destination>
        <any/>
      </destination>
    </rule>
    <rule>
      <type>pass</type>
      <ipprotocol>inet6</ipprotocol>
      <descr>Default allow LAN IPv6 to any rule</descr>
      <interface>lan</interface>
      <source>
        <network>lan</network>
      </source>
      <destination>
        <any/>
      </destination>
    </rule>
  </filter>
  <rrd>
    <enable/>
  </rrd>
  <ntpd>
    <prefer>0.opnsense.pool.ntp.org</prefer>
  </ntpd>
  <revision>
    <username>root@10.100.88.11</username>
    <description>/diag_backup.php made changes</description>
    <time>1759221074.34</time>
  </revision>
  <OPNsense>
    <wireguard>
      <client version="1.0.0" persisted_at="1759220133.04">
        <clients/>
      </client>
      <general version="0.0.1" persisted_at="1759220133.04">
        <enabled>0</enabled>
      </general>
      <server version="1.0.0" persisted_at="1759220133.04">
        <servers/>
      </server>
    </wireguard>
    <IPsec version="1.0.5" persisted_at="1759220815.24">
      <general>
        <enabled/>
        <preferred_oldsa>0</preferred_oldsa>
        <disablevpnrules>0</disablevpnrules>
        <passthrough_networks/>
        <user_source/>
        <local_group/>
      </general>
      <charon>
        <max_ikev1_exchanges/>
        <threads>16</threads>
        <ikesa_table_size>32</ikesa_table_size>
        <ikesa_table_segments>4</ikesa_table_segments>
        <init_limit_half_open>1000</init_limit_half_open>
        <ignore_acquire_ts>1</ignore_acquire_ts>
        <install_routes>0</install_routes>
        <cisco_unity>0</cisco_unity>
        <make_before_break>0</make_before_break>
        <retransmit_tries/>
        <retransmit_timeout/>
        <retransmit_base/>
        <retransmit_jitter/>
        <retransmit_limit/>
        <syslog>
          <daemon>
            <ike_name>1</ike_name>
            <log_level>0</log_level>
            <app>1</app>
            <asn>1</asn>
            <cfg>1</cfg>
            <chd>1</chd>
            <dmn>1</dmn>
            <enc>1</enc>
            <esp>1</esp>
            <ike>1</ike>
            <imc>1</imc>
            <imv>1</imv>
            <job>1</job>
            <knl>1</knl>
            <lib>1</lib>
            <mgr>1</mgr>
            <net>1</net>
            <pts>1</pts>
            <tls>1</tls>
            <tnc>1</tnc>
          </daemon>
        </syslog>
        <plugins>
          <attr>
            <subnet/>
            <split-include/>
            <x_28674/>
            <x_28675/>
            <x_28672/>
            <x_28673>0</x_28673>
            <x_28679/>
            <dns/>
            <nbns/>
          </attr>
          <eap-radius>
            <servers/>
            <accounting>0</accounting>
            <class_group>0</class_group>
          </eap-radius>
          <xauth-pam>
            <pam_service>ipsec</pam_service>
            <session>0</session>
            <trim_email>1</trim_email>
          </xauth-pam>
        </plugins>
      </charon>
      <keyPairs/>
      <preSharedKeys/>
    </IPsec>
    <Swanctl version="1.0.0" persisted_at="1759220133.08">
      <Connections/>
      <locals/>
      <remotes/>
      <children/>
      <Pools/>
      <VTIs/>
      <SPDs/>
    </Swanctl>
    <OpenVPNExport version="0.0.1" persisted_at="1759220133.29">
      <servers/>
    </OpenVPNExport>
    <OpenVPN version="1.0.1" persisted_at="1759220133.29">
      <Overwrites/>
      <Instances/>
      <StaticKeys/>
    </OpenVPN>
    <captiveportal version="1.0.4" persisted_at="1759220133.29">
      <zones/>
      <templates/>
    </captiveportal>
    <cron version="1.0.4" persisted_at="1759220133.30">
      <jobs/>
    </cron>
    <DHCRelay version="1.0.1" persisted_at="1759220133.31"/>
    <Firewall>
      <Lvtemplate version="0.0.1" persisted_at="1759220133.32">
        <templates/>
      </Lvtemplate>
      <Alias version="1.0.1" persisted_at="1759220133.53">
        <geoip>
          <url/>
        </geoip>
        <aliases/>
      </Alias>
      <Category version="1.0.0" persisted_at="1759220133.53">
        <categories/>
      </Category>
      <Filter version="1.0.4" persisted_at="1759220133.60">
        <rules/>
        <snatrules/>
        <npt/>
        <onetoone/>
      </Filter>
    </Firewall>
    <Netflow version="1.0.1" persisted_at="1759220133.32">
      <capture>
        <interfaces/>
        <egress_only/>
        <version>v9</version>
        <targets/>
      </capture>
      <collect>
        <enable>0</enable>
      </collect>
      <activeTimeout>1800</activeTimeout>
      <inactiveTimeout>15</inactiveTimeout>
    </Netflow>
    <IDS version="1.1.0" persisted_at="1759220133.82">
      <rules/>
      <policies/>
      <userDefinedRules/>
      <files/>
      <fileTags/>
      <general>
        <enabled>0</enabled>
        <ips>0</ips>
        <promisc>0</promisc>
        <interfaces>wan</interfaces>
        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
        <defaultPacketSize/>
        <UpdateCron/>
        <AlertLogrotate>W0D23</AlertLogrotate>
        <AlertSaveLogs>4</AlertSaveLogs>
        <MPMAlgo/>
        <detect>
          <Profile/>
          <toclient_groups/>
          <toserver_groups/>
        </detect>
        <syslog>0</syslog>
        <syslog_eve>0</syslog_eve>
        <LogPayload>0</LogPayload>
        <verbosity/>
        <eveLog>
          <http>
            <enable>0</enable>
            <extended>0</extended>
            <dumpAllHeaders/>
          </http>
          <tls>
            <enable>0</enable>
            <extended>0</extended>
            <sessionResumption>0</sessionResumption>
            <custom/>
          </tls>
        </eveLog>
      </general>
    </IDS>
    <Interfaces>
      <loopbacks version="1.0.0" persisted_at="1759220133.87"/>
      <neighbors version="1.0.0" persisted_at="1759220133.87"/>
      <vxlans version="1.0.2" persisted_at="1759220133.90"/>
    </Interfaces>
    <Kea>
      <ctrl_agent version="0.0.1" persisted_at="1759220133.90">
        <general>
          <enabled>0</enabled>
          <http_host>127.0.0.1</http_host>
          <http_port>8000</http_port>
        </general>
      </ctrl_agent>
      <dhcp4 version="1.0.4" persisted_at="1759220133.91">
        <general>
          <enabled>0</enabled>
          <manual_config>0</manual_config>
          <interfaces/>
          <valid_lifetime>4000</valid_lifetime>
          <fwrules>1</fwrules>
          <dhcp_socket_type>raw</dhcp_socket_type>
        </general>
        <ha>
          <enabled>0</enabled>
          <this_server_name/>
          <max_unacked_clients>2</max_unacked_clients>
        </ha>
        <subnets/>
        <reservations/>
        <ha_peers/>
      </dhcp4>
      <dhcp6 version="1.0.0" persisted_at="1759220133.91">
        <general>
          <enabled>0</enabled>
          <manual_config>0</manual_config>
          <interfaces/>
          <valid_lifetime>4000</valid_lifetime>
          <fwrules>1</fwrules>
        </general>
        <ha>
          <enabled>0</enabled>
          <this_server_name/>
          <max_unacked_clients>2</max_unacked_clients>
        </ha>
        <subnets/>
        <reservations/>
        <pd_pools/>
        <ha_peers/>
      </dhcp6>
    </Kea>
    <monit version="1.0.14" persisted_at="1759220814.91">
      <general>
        <enabled>0</enabled>
        <interval>120</interval>
        <startdelay>120</startdelay>
        <mailserver>127.0.0.1</mailserver>
        <port>25</port>
        <username/>
        <password/>
        <ssl>0</ssl>
        <sslversion>auto</sslversion>
        <sslverify>1</sslverify>
        <logfile/>
        <statefile/>
        <eventqueuePath/>
        <eventqueueSlots/>
        <httpdEnabled>0</httpdEnabled>
        <httpdUsername>root</httpdUsername>
        <httpdPassword/>
        <httpdPort>2812</httpdPort>
        <httpdAllow/>
        <mmonitUrl/>
        <mmonitTimeout>5</mmonitTimeout>
        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
      </general>
      <alert uuid="c181bef4-c5ff-45a9-b28d-b9cff5dd6209">
        <enabled>0</enabled>
        <recipient>root@localhost.local</recipient>
        <noton>0</noton>
        <events/>
        <format/>
        <reminder/>
        <description/>
      </alert>
      <service uuid="b7cad802-b591-4799-8a5b-b0f98aab4061">
        <enabled>1</enabled>
        <name>$HOST</name>
        <description/>
        <type>system</type>
        <pidfile/>
        <match/>
        <path/>
        <timeout>300</timeout>
        <starttimeout>30</starttimeout>
        <address/>
        <interface/>
        <start/>
        <stop/>
        <tests>0763b2d1-1c1f-4037-847a-39c7fa714c3c,3abc81ef-f64a-423e-bff2-278f44451e75,89294e97-f308-4791-bb55-00ca37afc8ff,2e0f6dde-cbc2-47ab-9b99-815899dc76e7</tests>
        <depends/>
        <polltime/>
      </service>
      <service uuid="37866a3b-ca2e-443d-871d-3a19cbf3d265">
        <enabled>1</enabled>
        <name>RootFs</name>
        <description/>
        <type>filesystem</type>
        <pidfile/>
        <match/>
        <path>/</path>
        <timeout>300</timeout>
        <starttimeout>30</starttimeout>
        <address/>
        <interface/>
        <start/>
        <stop/>
        <tests>ae5eaa04-b3c3-4862-a750-63c42141b553</tests>
        <depends/>
        <polltime/>
      </service>
      <service uuid="a86bfd4e-232a-4602-9ede-cefff74fff32">
        <enabled>0</enabled>
        <name>carp_status_change</name>
        <description/>
        <type>custom</type>
        <pidfile/>
        <match/>
        <path>/usr/local/opnsense/scripts/monit/carp_status.php</path>
        <timeout>300</timeout>
        <starttimeout>30</starttimeout>
        <address/>
        <interface/>
        <start/>
        <stop/>
        <tests>cb81b3da-5363-44f0-bf88-da61b26a2a54</tests>
        <depends/>
        <polltime/>
      </service>
      <service uuid="6dba41f1-1482-459f-aadb-da21df4ac44d">
        <enabled>0</enabled>
        <name>gateway_alert</name>
        <description/>
        <type>custom</type>
        <pidfile/>
        <match/>
        <path>/usr/local/opnsense/scripts/monit/gateway_alert.php</path>
        <timeout>300</timeout>
        <starttimeout>30</starttimeout>
        <address/>
        <interface/>
        <start/>
        <stop/>
        <tests>3966faa2-da92-4f18-b5b6-3bb74cdc145a</tests>
        <depends/>
        <polltime/>
      </service>
      <test uuid="4ad0b264-f36c-47dc-9f64-89010f25ed64">
        <name>Ping</name>
        <type>NetworkPing</type>
        <condition>failed ping</condition>
        <action>alert</action>
        <path/>
      </test>
      <test uuid="8d810eac-151f-4d94-8e35-c0848ef3c395">
        <name>NetworkLink</name>
        <type>NetworkInterface</type>
        <condition>failed link</condition>
        <action>alert</action>
        <path/>
      </test>
      <test uuid="afd37de6-3181-47f6-8fca-ea116aaf517a">
        <name>NetworkSaturation</name>
        <type>NetworkInterface</type>
        <condition>saturation is greater than 75%</condition>
        <action>alert</action>
        <path/>
      </test>
      <test uuid="0763b2d1-1c1f-4037-847a-39c7fa714c3c">
        <name>MemoryUsage</name>
        <type>SystemResource</type>
        <condition>memory usage is greater than 75%</condition>
        <action>alert</action>
        <path/>
      </test>
      <test uuid="3abc81ef-f64a-423e-bff2-278f44451e75">
        <name>CPUUsage</name>
        <type>SystemResource</type>
        <condition>cpu usage is greater than 75%</condition>
        <action>alert</action>
        <path/>
      </test>
      <test uuid="89294e97-f308-4791-bb55-00ca37afc8ff">
        <name>LoadAvg1</name>
        <type>SystemResource</type>
        <condition>loadavg (1min) is greater than 2</condition>
        <action>alert</action>
        <path/>
      </test>
      <test uuid="2e0f6dde-cbc2-47ab-9b99-815899dc76e7">
        <name>LoadAvg5</name>
        <type>SystemResource</type>
        <condition>loadavg (5min) is greater than 1.5</condition>
        <action>alert</action>
        <path/>
      </test>
      <test uuid="675ec514-3a79-45a3-9f3a-7a2986017513">
        <name>LoadAvg15</name>
        <type>SystemResource</type>
        <condition>loadavg (15min) is greater than 1</condition>
        <action>alert</action>
        <path/>
      </test>
      <test uuid="ae5eaa04-b3c3-4862-a750-63c42141b553">
        <name>SpaceUsage</name>
        <type>SpaceUsage</type>
        <condition>space usage is greater than 75%</condition>
        <action>alert</action>
        <path/>
      </test>
      <test uuid="cb81b3da-5363-44f0-bf88-da61b26a2a54">
        <name>ChangedStatus</name>
        <type>ProgramStatus</type>
        <condition>changed status</condition>
        <action>alert</action>
        <path/>
      </test>
      <test uuid="3966faa2-da92-4f18-b5b6-3bb74cdc145a">
        <name>NonZeroStatus</name>
        <type>ProgramStatus</type>
        <condition>status != 0</condition>
        <action>alert</action>
        <path/>
      </test>
    </monit>
    <Gateways version="1.0.0" persisted_at="1759220732.39"/>
    <Syslog version="1.0.2" persisted_at="1759220133.95">
      <general>
        <enabled>1</enabled>
        <loglocal>1</loglocal>
        <maxpreserve>31</maxpreserve>
        <maxfilesize/>
      </general>
      <destinations/>
    </Syslog>
    <TrafficShaper version="1.0.3" persisted_at="1759220133.96">
      <pipes/>
      <queues/>
      <rules/>
    </TrafficShaper>
    <trust>
      <general version="1.0.1" persisted_at="1759220134.18">
        <store_intermediate_certs>0</store_intermediate_certs>
        <install_crls>0</install_crls>
        <fetch_crls>0</fetch_crls>
        <enable_legacy_sect>1</enable_legacy_sect>
        <enable_config_constraints>0</enable_config_constraints>
        <CipherString/>
        <Ciphersuites/>
        <SignatureAlgorithms/>
        <groups/>
        <MinProtocol/>
        <MinProtocol_DTLS/>
      </general>
    </trust>
    <unboundplus version="1.0.12" persisted_at="1759220134.28">
      <general>
        <enabled>1</enabled>
        <port>53</port>
        <stats>0</stats>
        <active_interface/>
        <dnssec>0</dnssec>
        <dns64>0</dns64>
        <dns64prefix/>
        <noarecords>0</noarecords>
        <regdhcp>0</regdhcp>
        <regdhcpdomain/>
        <regdhcpstatic>0</regdhcpstatic>
        <noreglladdr6>0</noreglladdr6>
        <noregrecords>0</noregrecords>
        <txtsupport>0</txtsupport>
        <cacheflush>0</cacheflush>
        <local_zone_type>transparent</local_zone_type>
        <outgoing_interface/>
        <enable_wpad>0</enable_wpad>
      </general>
      <advanced>
        <hideidentity>0</hideidentity>
        <hideversion>0</hideversion>
        <prefetch>0</prefetch>
        <prefetchkey>0</prefetchkey>
        <dnssecstripped>0</dnssecstripped>
        <aggressivensec>1</aggressivensec>
        <serveexpired>0</serveexpired>
        <serveexpiredreplyttl/>
        <serveexpiredttl/>
        <serveexpiredttlreset>0</serveexpiredttlreset>
        <serveexpiredclienttimeout/>
        <qnameminstrict>0</qnameminstrict>
        <extendedstatistics>0</extendedstatistics>
        <logqueries>0</logqueries>
        <logreplies>0</logreplies>
        <logtagqueryreply>0</logtagqueryreply>
        <logservfail>0</logservfail>
        <loglocalactions>0</loglocalactions>
        <logverbosity>1</logverbosity>
        <valloglevel>0</valloglevel>
        <privatedomain/>
        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
        <insecuredomain/>
        <msgcachesize/>
        <rrsetcachesize/>
        <outgoingnumtcp/>
        <incomingnumtcp/>
        <numqueriesperthread/>
        <outgoingrange/>
        <jostletimeout/>
        <discardtimeout/>
        <cachemaxttl/>
        <cachemaxnegativettl/>
        <cacheminttl/>
        <infrahostttl/>
        <infrakeepprobing>0</infrakeepprobing>
        <infracachenumhosts/>
        <unwantedreplythreshold/>
      </advanced>
      <acls>
        <default_action>allow</default_action>
      </acls>
      <dnsbl>
        <enabled>0</enabled>
        <safesearch>0</safesearch>
        <type/>
        <lists/>
        <whitelists/>
        <blocklists/>
        <wildcards/>
        <address/>
        <nxdomain>0</nxdomain>
      </dnsbl>
      <forwarding>
        <enabled>0</enabled>
      </forwarding>
      <dots/>
      <hosts/>
      <aliases/>
    </unboundplus>
  </OPNsense>
  <hasync version="1.0.2" persisted_at="1759220133.23">
    <disablepreempt>0</disablepreempt>
    <disconnectppps>0</disconnectppps>
    <pfsyncinterface/>
    <pfsyncpeerip/>
    <pfsyncversion>1400</pfsyncversion>
    <synchronizetoip/>
    <verifypeer>0</verifypeer>
    <username/>
    <password/>
    <syncitems/>
  </hasync>
  <openvpn/>
  <ifgroups version="1.0.0" persisted_at="1759220133.60"/>
  <bridges version="1.0.0" persisted_at="1759220133.83">
    <bridged/>
  </bridges>
  <gifs version="1.0.0" persisted_at="1759220133.84">
    <gif/>
  </gifs>
  <gres version="1.0.0" persisted_at="1759220133.84">
    <gre/>
  </gres>
  <laggs version="1.0.0" persisted_at="1759220133.87">
    <lagg/>
  </laggs>
  <virtualip version="1.0.1" persisted_at="1759220133.87">
    <vip/>
  </virtualip>
  <vlans version="1.0.0" persisted_at="1759220133.90">
    <vlan/>
  </vlans>
  <staticroutes version="1.0.0" persisted_at="1759220133.92"/>
  <ppps>
    <ppp/>
  </ppps>
  <wireless>
    <clone/>
  </wireless>
  <ca/>
  <dhcpd/>
  <dhcpdv6/>
  <cert uuid="bb23b478-030e-4306-af47-543e454bb90e">
    <refid>68db91b18331c</refid>
    <descr>Web GUI TLS certificate</descr>
    <caref/>
    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhFakNDQlBxZ0F3SUJBZ0lVYkZ4YVEzSTljOWJjRHBqVTV3azdhckZrWWV3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZWXhHakFZQmdOVkJBTU1FVTlRVG5ObGJuTmxMbWx1ZEdWeWJtRnNNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWlRBZUZ3MHkKTlRBNU16QXdPREUxTkRoYUZ3MHlOakV4TURFd09ERTFORGhhTUlHR01Sb3dHQVlEVlFRRERCRlBVRTV6Wlc1egpaUzVwYm5SbGNtNWhiREVMTUFrR0ExVUVCaE1DVGt3eEZUQVRCZ05WQkFnTURGcDFhV1F0U0c5c2JHRnVaREVWCk1CTUdBMVVFQnd3TVRXbGtaR1ZzYUdGeWJtbHpNUzB3S3dZRFZRUUtEQ1JQVUU1elpXNXpaU0J6Wld4bUxYTnAKWjI1bFpDQjNaV0lnWTJWeWRHbG1hV05oZEdVd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJSwpBb0lDQVFERnZqTzZwbDlUR0p5SVZxRzdld0JKcGZpZmlZNzc0NHZrVktsckhVZUNFMWpUcHlPVHdxUk1LYVpMCnRFc3pRb1lwZ05JbGRKdDVQSWtSMy81cW5wOE12eGYwc2VuV0hSS1RvalFDaGsrQlg4bUtWNnZSbEtaTTBkcE4KdXVWWXkxOUZTM3d6cVJWa1NSUVBQcUt1TXVCOUpKSGxSOGl0K1Y1aGp1N2k3VmFsZmUrM2JZL0h2S3gxT1NLYwpNenFITkJLazJZeDhVTGlNSmdmdjlub2tVVFpXWG9xU1J3a3NwYWdFSlRpUzcySlNSWGM4eDhpeFlhYlhUWit5Cnd0YVF4WU1oOTByS1psdnlLZCtuaW43SU5YclYzTmp3ai9sc3RXRkQ5MUdraVdpenQ3ZzRIS3FuV2tScndsMjYKaVNpbDYxZThqdUFna1Y1QnJSelo3cWVnN3d6bEhMcThCWnBZQlZTL0xhNnFzWHpaUXFkV3N3QzFEa0lpMklDawp2Zm1hbGxmL0NLdnZwREsyUzVxeTJGNlJsaHMzM0FjQm0rQmFNSkVuWVQxZEgweEl2OFFRZC9NTHZ2emVuVDRXCmcxZ0lXRnU1dmtPbDN4cUJ0OEJqaWpWbE0vSXBjbmsza1BId2Z2Qk51clVsbWpmd3RSUDRJZnRVSFBXcWpndzYKN1lBM2dPZEpnaEJqU3FVUHVia2pUZm92TVVQZVI5YlRyS0hLWWxaejAwUXQyd0NyVXgwMnJvWWdqRzlUNHhnTgpibk1ibTJ4cmg3eHpjNGI2STdqRnd2QlU5TkhFdWl1MkIzaUcvZ1N2Y05rRW1qVzFxMHdGY2VSK2czK09pVUI0CkxPNkQxb3M2OTY3RjZWc2VXUU8xSlg0a0pWWTE2Vlc1eWR4RXdqRUFhcURNekVzUmpRSURBUUFCbzRJQmREQ0MKQVhBd0NRWURWUjBUQkFJd0FEQVJCZ2xnaGtnQmh2aENBUUVFQkFNQ0JrQXdOQVlKWUlaSUFZYjRRZ0VOQkNjVwpKVTlRVG5ObGJuTmxJRWRsYm1WeVlYUmxaQ0JUWlhKMlpYSWdRMlZ5ZEdsbWFXTmhkR1V3SFFZRFZSME9CQllFCkZQaHRwL0tTeWNHa2NiK1NYUGdFbjVNMWNUcFpNSUd3QmdOVkhTTUVnYWd3Z2FXaGdZeWtnWWt3Z1lZeEdqQVkKQmdOVkJBTU1FVTlRVG5ObGJuTmxMbWx1ZEdWeWJtRnNNUXN3Q1FZRFZRUUdFd0pPVERFVk1CTUdBMVVFQ0F3TQpXblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyQmdOVkJBb01KRTlRClRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWJGeGFRM0k5YzliY0RwalUKNXdrN2FyRmtZZXd3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01Bc0dBMVVkRHdRRQpBd0lGb0RBY0JnTlZIUkVFRlRBVGdoRlBVRTV6Wlc1elpTNXBiblJsY201aGJEQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBZ0VBamRUMGttOEViUktzUzhCWjgycnJpRUdBajFzSE9WbGhkM2QwMHI0cmM0OFdCZFJJOXRiRGtBcnAKb3JBZ1FIK3M2M0FKL0VaNW0rdXE3cE9jb1lBTVhSUzk4UE9ySVM1R01PNUVnbTUvRUR2UVNBRzI3K0lDSnBYQgpBZjJBREt6b3I2Q2d4cTF1L3dUZHdaUjhHVERxd1FrVTBJcE9KUURLSkhSVVducjJEL1VsdHo4S0tGT0xIT3JHCkN3RlRQWEE3Z2dNYkhqMnM5ZldtMmpuTjBvclBxUjJTdW9UZ2I3YlVaa1hqbFBpNjdsVTB4V3pTSEJsdWxQdGgKT2RZY3VHK2tWZmNibTlUTVZldGU0bHdhM1pGUnBET3VKVnlOMzdEZy9PbEZqKytDU1dNNjNFV25BK1JrSFp4TgpHdVRZT3RyVlp3Vm9XUldpWWIwMS80a09EaWRyUHV2Tzc2VXZGQzJmUVFWYTFuQUQ1bXhsMEFOQi83VjRRbTMxCnRWTHpJeE5vZmxQM1ZNL2xTeWZ3aVNFUklGbEtvdlZLS1VMbWErRTE3UFkrWnNYSEFIbUxEd05abWpnMTNrSC8KWDJBaDR6ZFFJU1NxYjhSQkhpUFYrdFZHUlFzUWNYZUM5TFQ4bEhET2swRnRSRlhINVNwNHowK3ZLZG1GSmsyTgo3YU91d3FST0xkNnZNTHVHT0lnaDVIK25IOUJoRktRZExjcnd5TDJjRjdlTktGZnJDcitndzZnV2ZaV1hQMUtQCmQ4dlUrTzIxUHRGMDB0Z25ONnQ5WTBBQWlRb3pvT1hLSU5xWWxiWGlEejBYakZ5aG8xOEhRbEQ2aUNZbHkrU28KMTEvREYyK21ObVNHQmpCT0ZCcVMrSEw2ZVJSRjM4VGxsY25qYWxPUEpxR0Rac1RhYjBVPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
    <csr/>
    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREZ2ak82cGw5VEdKeUkKVnFHN2V3QkpwZmlmaVk3NzQ0dmtWS2xySFVlQ0UxalRweU9Ud3FSTUthWkx0RXN6UW9ZcGdOSWxkSnQ1UElrUgozLzVxbnA4TXZ4ZjBzZW5XSFJLVG9qUUNoaytCWDhtS1Y2dlJsS1pNMGRwTnV1Vll5MTlGUzN3enFSVmtTUlFQClBxS3VNdUI5SkpIbFI4aXQrVjVoanU3aTdWYWxmZSszYlkvSHZLeDFPU0tjTXpxSE5CS2syWXg4VUxpTUpnZnYKOW5va1VUWldYb3FTUndrc3BhZ0VKVGlTNzJKU1JYYzh4OGl4WWFiWFRaK3l3dGFReFlNaDkwcktabHZ5S2QrbgppbjdJTlhyVjNOandqL2xzdFdGRDkxR2tpV2l6dDdnNEhLcW5Xa1Jyd2wyNmlTaWw2MWU4anVBZ2tWNUJyUnpaCjdxZWc3d3psSExxOEJacFlCVlMvTGE2cXNYelpRcWRXc3dDMURrSWkySUNrdmZtYWxsZi9DS3Z2cERLMlM1cXkKMkY2UmxoczMzQWNCbStCYU1KRW5ZVDFkSDB4SXY4UVFkL01MdnZ6ZW5UNFdnMWdJV0Z1NXZrT2wzeHFCdDhCagppalZsTS9JcGNuazNrUEh3ZnZCTnVyVWxtamZ3dFJQNElmdFVIUFdxamd3NjdZQTNnT2RKZ2hCalNxVVB1YmtqClRmb3ZNVVBlUjliVHJLSEtZbFp6MDBRdDJ3Q3JVeDAycm9ZZ2pHOVQ0eGdOYm5NYm0yeHJoN3h6YzRiNkk3akYKd3ZCVTlOSEV1aXUyQjNpRy9nU3ZjTmtFbWpXMXEwd0ZjZVIrZzMrT2lVQjRMTzZEMW9zNjk2N0Y2VnNlV1FPMQpKWDRrSlZZMTZWVzV5ZHhFd2pFQWFxRE16RXNSalFJREFRQUJBb0lDQUJJL0YzTGZxejExc0phbXQ4eDBSY3N3Cm4zSnozNjBWTlhGZm05L0xGekFhTE90MWZzT1hCYVlVS2NqT2lDbmd0NVNEZmVDcTZUVy9XajZRckFucjU4S1EKck5zNEY0V3ZCUlI1QzlJMzBTK2ZtOFNYaTc2T1l1ZGFiZDhYb2RZWENMYlNNbEcvVzc2aDU2ZElkbEViVjJUMAp4NVJLa3IvMW1nODlLeTg4QzBUQXR0Vk1MTStYZEtwcHdwY2w1YWxZS3IyVXZYRXpMdlJGQmgwa1llZVJWREdWClk3VlZETFJXb2pHbEVFVlpXczg3VGJkZXVxd2VLMUVEL3FVZ3lXcHViMGZtYVJEOWI2VTIxcHUveHl4emt0N0MKYVlUanpzdUlmbTNSRjhncm94ZXM3NDRZbkdsT01RWVRMS2JyeFJrYVVFR1JSWDU3MWlDNm9wdVJlVno3bktBcgpYVjZXcnh6Vkw0MHZmdjc1QUM0dUpodTFPSjVmM0phNzhVbDJDemRKRk1mRmU4NEFhNTRZbkJUMWM0bUdGUUtvCm5INHJTY0FCOERrcWViM3czTkZwaGd0dkY2S1YrOEoxeGlkT25JbzB0N21Qc1BzRzJxdVNpRVZ1UnpRSldMOXcKZ3pBWWxFTGhkQnpEdHdBWjc1MDBRWXZpMjBiZnNQQkdMblh0bHcrSDNzT2plVnNoSjdhbUZ3SjBTS3dSL1MzMAo1UDVaUElIYVJkb2Z5QVNqSWVtVm9sZFg2emJqOVE3Z0hQN1ZMdGFzODRPRXNNL24zMHB3VkNjaHliaFhDV29HCm5VMWN0MlJCUWpqSDBZV0ErN1NlYzROdWZEd2FVN0Q1RGlYRzlITFlNc1hxYzFPR0hEd3RPc1c5aWNIMjdxMGgKbVlMR1RaNGV6WTA1Nk5udy9hUVpBb0lCQVFEaEhDekNDZG1OWUlpVHUyUXZrOFFoZUZnOTVGRjZlL0dqUHd1cQpMRHlXa3p4OWp3M0c4ZTJIZkJtRWtpaEJJUkNHTEZFZ2lGZWtvYjY1U0FqY2theTF0V1BnTEpCZm50ME5rQ3ZXCkZxS05vWXR4Sm00TFNSMmZ0S3l0SUEybGZQMzNvQnRacE81emFQbWMrb00zR0lySURsQTA0M3FBVzliblRkdlMKdUo5NVora29Kd0NrTVBCdG50VS8yZ1VZMEtudjVsVnJaUHgyMHdEZm9PVWxVTW93YXFDKzM1S0p3a1k5WVdnMgo4S2RzeUg5VzJtSm5tZXdNS0xKclNiYm1SNjB6M0c1NG10Tlo4YWFMT1dpcjJYWW0rK1ViWEs1WlpZU1IxVTBUClB2RjB3eGoxUDdWZUJmQ2Evc0JyangvVGltV0IzZ1h4ZjJjYm1YcDFhdlBwUHY4L0FvSUJBUURnNEtnMXNTT04Kc2xzcEk5cUF0RjdqTWo3Y0cwNHhhSnlaQlBsN3I2MlNiejF3TGM4V1ZXdTFqSzZua1dveDJMeGtCNEEwSFlrMAp2NDNvVW5HSGdHZVBmQnNsWUJRZ0JkbkNrTVkxeFZRRDc1Q1E2SDlnYm9wSW1BamhrbStiUExpZXhxOFFYaWxYCmhDRmFOK1AybC9oS0pvZEJweVRBN2lldE8xVkF4K0tVZ21xNkRLcFAzSlJYWit1STE4S3c2R0k2b2hqSnAxb2YKQUtjQ0hBNDk2eXZibkNvVzhLR0V3S0hZek9hSzhuamdPMnoxV1d0cGZMRGRBWGNqSDBuV3o4K3J0Q3hvYkpxagpHRG5VOWJiY2pzRDJzTHdKcXg4MzJyMGtzZ2E3Y1pPMWoyNHZUM1VRNDNYOENmZHpYMGFyQWFGZi9XYk91UGJBCkZ3NXUzd3NTYThnekFvSUJBUUNrbVNWZy9ETEczVDhBUnBVSzlORUVhQ3FkbHNTOCtzUEV5ZVNObWFyenJ0VWMKT2UybytsemtKQ25FZGRwWlJRUUFGNGQ2Y2pjamVlRXJPVERCbHdMaUdxL2N5cmtHTWZNUVo4cWwwQWNyNkdNOQphUXd0MUZpRTNtY2tiN3VLdGNvOXRpUkpkLytqQTY4QXlXd0liVG1NN21wWFFiM2cvVVkxK3dneEhDMy9aNnRrCllLQm5iaUZmQmpTSGE3TXVZZVRnTlZ0Z0c0YytteXFZV2Qwelc4OTdkM3Z5RlNmZzh0ekpKT0EreTlpZ0FqcWEKRnpTODdCOWRCS1R4TGdVK2ZFcDVFVVQxaXIvZmxJSmlhcWZPZ0VPVVhiczROcHlGWVdWOS9LbE8yVWRVU1JPRwp2LzZ0c1VvdEN2bEhyRzlwRGxrS2pIMXNCK3dza2h5b25udWFvU1doQW9JQkFRRFRyeWNvdzhMd0U4RDBqU2VXCm1EUHFNdFl4WkJMTE4rcVJzTGtZMFZyV3laaFFEUTh2dXVGVldVVGZ3R2J5M1U4WjZtV29xVlVMTG5ackI1Q1AKT1RSRFFWUmNib0VEVS82VXhLdVEybHdvQ0U5UjJVcHVnQi8wRGdudUxXYVoveUxiYzdRLytDTjZtb3E2M25uZApHMWxDazlvbTF5d2w0UW5BYkdYb1FVRHRBNGRyODVndTdUbEd2akJkOUp6MDR3djBuYm92dVRXQWthQ2t2N3c0ClZUUkgyazFVb3Rlb201eSs5TUxnY1RlUC9PQ29aTEJUOEdpYzRsQS80NmdpYWlUWFFSZThoTjljUCtYUXJpeWcKbWxEUzU3TmFkcGRBZ013anl1SERlVHJPWW1JYWJ2V0lIRlpvRndtMHRTOVVzb2d5VDl1REpXSkJtSEtoczV3OApqdkU1QW9JQkFRRFh1SVZyK3ZHeXRtN05VTWs5MU11SWxUM2dwWnNlRWwyeXltRlV5VHlOVmNVbWFxZTZSdnU0ClhMdXRSdFo2YkVzWmEySkVjVER4U0UxNTcrcmYrUjRrL0UxcTVobzZ0eEcvV21OdzF2eGd2eXk5aWE0NGZIL2wKTllub095aVVmTEZrMGRXbk5VcGlmeWdmaWQ1cmJtb2x3dzUyZW9QRDgzbkN5ZmpXL2RFSlZ1Z2dJMTZrRkV5WQo3RHBldnQvcVJHOVh0S3RXbTN2V0hjMUZ3Q0Y5NndtWHpvWDQwUW1xSU9LbE54NEU3NkxBOCtvRkdVdU5sTmk1CnVjZkt5VXZ4a25JU3Z6K0h5YVYxN0c3eUdVb0NRK2w4VVZHZUFIaUp3R0JUQnY1MUFzN2xnQXM1K04rUTVJc20KZllBR09OUkZNOUczQmpuZk8zeHk0S1I3enVHc3FyMm8KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
  </cert>
</opnsense>