radziel/gate-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

/usr/local/opnsense/mvc/script/run_migrations.php made changes @ 2025-12-29T11:57:24.790200 ((system))

Browse Source
This commit is contained in:
(system)
2025-12-29 11:57:25 +01:00
committed by System Administrator
parent a0583e366f
commit e87096844f
1 changed files with 283 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

463
config.xml
View File

@@ -1,205 +1,205 @@
<?xml version="1.0"?>
<opnsense>
<theme>opnsense</theme>
<sysctl>
<item>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
<sysctl version="1.0.1">
<item uuid="1ebdf403-87a7-4aa1-a44e-2b3faaf29ed0">
<tunable>vfs.read_max</tunable>
<value>default</value>
<value/>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
</item>
<item>
<descr>Set the ephemeral port range to be lower.</descr>
<item uuid="37e39ab1-91f9-4a8e-a025-32b623ccd134">
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
<value/>
<descr>Set the ephemeral port range to be lower.</descr>
</item>
<item>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<item uuid="964634ad-ae4c-44d7-8bf1-06dedebcfc4b">
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
<value/>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
</item>
<item>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<item uuid="1e5dfceb-08e1-491c-9a30-6fdfd19aa956">
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
<value/>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
</item>
<item>
<descr>Randomize the ID field in IP packets</descr>
<item uuid="35f4cbda-5f57-4a06-8c25-8f7f61dcee2d">
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
<value/>
<descr>Randomize the ID field in IP packets</descr>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<item uuid="f90b5f7a-e3a3-45b2-b5cc-14068ab249a7">
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<value/>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<item uuid="07e9c9ea-3ccd-42df-9fe5-dcad7e6a8938">
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value/>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
</item>
<item uuid="5478d495-4fac-4763-9ad9-a8216c5d423a">
<tunable>net.inet.icmp.log_redirect</tunable>
<value/>
<descr>
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
</descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<item uuid="05d38280-35d7-46ab-b695-2082f3abdcfb">
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
<value/>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
</item>
<item>
<descr>Enable sending IPv6 redirects</descr>
<item uuid="6a75a9d8-5ed4-41c2-b7c1-82b90b3e277a">
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
<value/>
<descr>Enable sending IPv6 redirects</descr>
</item>
<item>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<item uuid="301000bb-72ff-406f-ba60-8a3235068949">
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
<value/>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
</item>
<item>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<item uuid="2dc02b02-6d68-4cdf-b514-a766d10e783b">
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
<value/>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
</item>
<item>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<item uuid="1f6f133b-e3b9-4e77-9893-8c356eaa0569">
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
<value/>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<item uuid="1489a862-f96b-4d85-86ba-40f625daa8b5">
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
<value/>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<item uuid="2cf31a29-0023-490c-bf3b-1e4aaeacc4eb">
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
<value/>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
</item>
<item>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<item uuid="409d6f34-0514-40e5-921b-178b3fc11088">
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
<value/>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<item uuid="0420a8f0-2760-45b5-bdb3-952124f5dd7c">
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
<value/>
<descr>Maximum outgoing UDP datagram size</descr>
</item>
<item>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<item uuid="c51c8085-8ecd-4925-aab3-0027d3e35666">
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
<value/>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
</item>
<item>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<item uuid="e71b86ad-1b3c-4a0d-ad3a-75c6bb7a3425">
<tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value>
<value/>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
</item>
<item>
<item uuid="f5e09ae6-c7fa-459a-a702-e463ed2ef2c5">
<tunable>net.link.bridge.pfil_member</tunable>
<value>0</value>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
</item>
<item>
<item uuid="27a35d74-6003-4590-a75d-a83499d6182d">
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>1</value>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
</item>
<item>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<item uuid="6b967101-9ba8-4133-a123-f965d4ddc5a8">
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
<value/>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
</item>
<item>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<item uuid="6b3f6a9c-b049-4aaf-a46e-1cb2c1f9e1d7">
<tunable>kern.randompid</tunable>
<value>default</value>
<value/>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
</item>
<item>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<item uuid="cee22c27-8be0-4edc-aaf3-e26c7aee4037">
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
<value/>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
</item>
<item>
<descr>Enable TCP extended debugging</descr>
<item uuid="52f7742e-97ed-40fc-b822-27a16c28e51f">
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
<value/>
<descr>Enable TCP extended debugging</descr>
</item>
<item>
<descr>Set ICMP Limits</descr>
<item uuid="25809502-da7c-4eb5-be80-a1eba2f2b7b1">
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
<value/>
<descr>Set ICMP Limits</descr>
</item>
<item>
<descr>TCP Offload Engine</descr>
<item uuid="a37048c5-cee5-44e8-8f62-06404f3df314">
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
<value/>
<descr>TCP Offload Engine</descr>
</item>
<item>
<descr>UDP Checksums</descr>
<item uuid="63b43df0-0aee-44e2-8e56-5de033d861b1">
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
<value/>
<descr>UDP Checksums</descr>
</item>
<item>
<descr>Maximum socket buffer size</descr>
<item uuid="19041985-ef43-4f39-9e71-c17571ce3e38">
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
<value/>
<descr>Maximum socket buffer size</descr>
</item>
<item>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
<item uuid="a4d8eac7-9918-40ce-a68c-3af464b38e55">
<tunable>vm.pmap.pti</tunable>
<value>default</value>
<value/>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
</item>
<item>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
<item uuid="889f4517-12c4-4576-b1c4-b5a4acf9a79a">
<tunable>hw.ibrs_disable</tunable>
<value>default</value>
<value/>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
</item>
<item>
<descr>Hide processes running as other groups</descr>
<item uuid="a5a28c0d-2630-4944-8654-b6881665f238">
<tunable>security.bsd.see_other_gids</tunable>
<value>default</value>
<value/>
<descr>Hide processes running as other groups</descr>
</item>
<item>
<descr>Hide processes running as other users</descr>
<item uuid="96861863-dcb9-4a2f-9249-a6d141cf58e3">
<tunable>security.bsd.see_other_uids</tunable>
<value>default</value>
<value/>
<descr>Hide processes running as other users</descr>
</item>
<item>
<item uuid="f591135f-ea64-42ac-85c8-eb85f8d15498">
<tunable>net.inet.ip.redirect</tunable>
<value/>
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
and for the sender directly reachable, route and next hop is known.
</descr>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
</item>
<item>
<item uuid="6b1d6efb-ca7f-4170-9be5-350d2942cb42">
<tunable>net.inet.icmp.drop_redirect</tunable>
<value>1</value>
<descr>
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
packets without returning a response.
</descr>
<tunable>net.inet.icmp.drop_redirect</tunable>
<value>1</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<item uuid="1df8e456-219b-4b1b-bae3-1c7b4ee591e3">
<tunable>net.local.dgram.maxdgram</tunable>
<value>default</value>
<value/>
<descr>Maximum outgoing UDP datagram size</descr>
</item>
<item>
<item uuid="e711e801-9a3d-4db1-a839-ba16a8619d9e">
<tunable>net.inet.tcp.mss_ifmtu</tunable>
<value>1</value>
<descr>Enable TCP MSS auto-adjust based on interface MTU</descr>
@@ -210,21 +210,31 @@
<hostname>gate</hostname>
<domain>waw.eldorado.city</domain>
<dnsallowoverride>1</dnsallowoverride>
<group>
<name>admins</name>
<description>System Administrators</description>
<scope>system</scope>
<group uuid="3fc732e2-69ee-404d-abcc-58a09623c6b4">
<gid>1999</gid>
<member>0</member>
<priv>page-all</priv>
</group>
<user>
<name>root</name>
<descr>System Administrator</descr>
<name>admins</name>
<scope>system</scope>
<groupname>admins</groupname>
<password>$2y$11$bze9aco9zESP42qWhxo7yORRiK1mRvoa5aa7lzXetRg4NDULMOyOu</password>
<description>System Administrators</description>
<priv>page-all</priv>
<member>0</member>
</group>
<user uuid="400087b3-ddee-42be-be34-a4047af1de21">
<uid>0</uid>
<name>root</name>
<disabled>0</disabled>
<scope>system</scope>
<expires/>
<authorizedkeys/>
<otp_seed/>
<shell/>
<password>$2y$11$bze9aco9zESP42qWhxo7yORRiK1mRvoa5aa7lzXetRg4NDULMOyOu</password>
<landing_page/>
<comment/>
<email/>
<apikeys/>
<priv/>
<language/>
<descr>System Administrator</descr>
<dashboard/>
</user>
<nextuid>2000</nextuid>
@@ -286,44 +296,44 @@
<enabled>1</enabled>
<url>ssh://projects-gate.radziel.com:40294/radziel/gate-config.git</url>
<branch>master</branch>
<privkey>-----BEGIN OPENSSH PRIVATE KEY-----&#xD;
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn&#xD;
NhAAAAAwEAAQAAAYEA0HPzKFtIswRQ5v5riYE/Z0WiKhpLVnXVwxkhTTV3JQ59pmW5fs3b&#xD;
dWqf2qyNnmCu6ITv1deKBTolihh8OLaGvis+DA8U1yPUxjFB/OPv16gIEF1erryOJfx2Q1&#xD;
ikGkWja+Bs/MSI7RY/uKkJyc/w1+plAJQMxy3Q37CSE1m3luGLLvz7tbIkE6ZpJdkXo8mL&#xD;
CF65YyofP9Q67WQ5AWZ5L7pryYUBgpPs4CPzkNESKcsx8S19LyubDpd8tw8IgJB+w0vkre&#xD;
/ikzhIA49kxeyNOcWk+j6nFLSBFT9k36T4BkKbBBJj6KBBzI8j+qhs6WYl4BbVb/ETufmw&#xD;
YzPj5+FZi9six59lPGdqVz8ZsHLbq553HlIlFWWkWpa/qK0ON/K2DmKgqeb9L7AvVQle7C&#xD;
hmkEenIz5Edkl+URW/fGEGaM4/9si3KpwQSegk05aS0DiMQeJNIw7S5aKerymKFOUwAbav&#xD;
LgF5eHeAu6aSXtaIDmLVIYx5YlCfVnz9WrOoKdsvAAAFiAucWlULnFpVAAAAB3NzaC1yc2&#xD;
EAAAGBANBz8yhbSLMEUOb+a4mBP2dFoioaS1Z11cMZIU01dyUOfaZluX7N23Vqn9qsjZ5g&#xD;
ruiE79XXigU6JYoYfDi2hr4rPgwPFNcj1MYxQfzj79eoCBBdXq68jiX8dkNYpBpFo2vgbP&#xD;
zEiO0WP7ipCcnP8NfqZQCUDMct0N+wkhNZt5bhiy78+7WyJBOmaSXZF6PJiwheuWMqHz/U&#xD;
Ou1kOQFmeS+6a8mFAYKT7OAj85DREinLMfEtfS8rmw6XfLcPCICQfsNL5K3v4pM4SAOPZM&#xD;
XsjTnFpPo+pxS0gRU/ZN+k+AZCmwQSY+igQcyPI/qobOlmJeAW1W/xE7n5sGMz4+fhWYvb&#xD;
IsefZTxnalc/GbBy26uedx5SJRVlpFqWv6itDjfytg5ioKnm/S+wL1UJXuwoZpBHpyM+RH&#xD;
ZJflEVv3xhBmjOP/bItyqcEEnoJNOWktA4jEHiTSMO0uWinq8pihTlMAG2ry4BeXh3gLum&#xD;
kl7WiA5i1SGMeWJQn1Z8/VqzqCnbLwAAAAMBAAEAAAGAA0j92TIjFwB86T8I4ShidZVb2m&#xD;
UCsJtNIfTTQ7Jm18nULMX9TTnKTnM+j1rZJS3/OQE1/xKVWsK7/7f7ZoYTNouw6ni8X9hG&#xD;
jKm5vAC4RsJKVOkGdSOElqWqvsyhUsar2NHhyylVF8Nvf/tYq6UKyyRRsNd5zL50mb81y3&#xD;
dGVOrmCiNeMNKyDds5XKmAsrSaQSiuVu6S19XXkzvZSCPeH2Sajpj5g/N32rUbrA8XcFrY&#xD;
RSWYi6CYzNCSBxfbZEdNU3rntvXF37mZZF9CDo/If23D1CLA2PjGqKt9FR+lJu0y6+nKqU&#xD;
9MxoWhZuWpxz6icSL0E5oweWdb/oRYjDTwOm5AF/jEofAVh4mivuOPDFVpFyDDNuTJ5jzS&#xD;
KOGkqOj5SE00RkoCmdUmnt7fxB4T+ZAQ+ZcPzXSBtVdzQolrGLijsSCAVKXR6tgXyKDeRU&#xD;
Ck6RVKlxnu5RrLBp2uzhVU8h5FqaEoWha7lFTeH/TGPvayMaGSfU4FL7RoNfmZrNHZAAAA&#xD;
wQCHDwFjTLSTq6oFNmJtojw83Lz3ObsVFvom27saZlb6iCUq7O972uEnG1iQUpQpGmI99L&#xD;
UlZ3K25v7ePbtjOpuKSv+cR7kOXa3EnvOyz0TwofnUYRRD3nk8dEJ9e1A0dbi76RUxVdmx&#xD;
ygc157MaxI1wClw+CKwsluFvUSigfv9IcyWRtH1bS0GHRVh8vfq0jmLV6g/zQGFGgFomB1&#xD;
sBiZmwdQzk+lkBYgOuqxdJWSVqmrvlIqcwUxSIuOohzNW+LqEAAADBANNcXSwb2TP+ljbu&#xD;
CqdgIvDeB6WEoIqQ/dTYAPZWiKh+T31mzBRqWC+vTHyh/MuhnRy4YCpq7Y9eT970xu+PWA&#xD;
Z3wCpXnXAwt/AU8yqMxA+KAtmX3f9DRBHEWysuDs4LRGBfC8Y5xyPNX1j1nt4WZTxq8jQ7&#xD;
A9KlK61sjcwTnxC0745S1QjGiOq1PookR/fw1gl+zgASMy+wOIkQi/ioSklEJNfYDFPGtG&#xD;
uljSlpIeI5J37mA0X7Jc3oRJrflvPF+QAAAMEA/Hpdxpztsc+0XiEZ4psGOFDEpEUfGtFw&#xD;
I2imT340O8OWzpR7bHLdjZJSN+fIlaFqX8u2XOGMwhd/nNMSF6MSp+3PXuUQc+vPNRjQA1&#xD;
2JMspHmjwyRMXZ2qzd7wY8yaDWnX5BHRwoFMm1FhqdevYuMm6QavnRrPFTdji45oo4gUSg&#xD;
+tD7qpNAPHRNrE5A5oMTXCeYUj1w0Gvmz8o7ww5qgRQzXIbf91orhFDiTci6OKcj018r0u&#xD;
xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
-----END OPENSSH PRIVATE KEY-----&#xD;
<privkey>-----BEGIN OPENSSH PRIVATE KEY-----&#13;
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn&#13;
NhAAAAAwEAAQAAAYEA0HPzKFtIswRQ5v5riYE/Z0WiKhpLVnXVwxkhTTV3JQ59pmW5fs3b&#13;
dWqf2qyNnmCu6ITv1deKBTolihh8OLaGvis+DA8U1yPUxjFB/OPv16gIEF1erryOJfx2Q1&#13;
ikGkWja+Bs/MSI7RY/uKkJyc/w1+plAJQMxy3Q37CSE1m3luGLLvz7tbIkE6ZpJdkXo8mL&#13;
CF65YyofP9Q67WQ5AWZ5L7pryYUBgpPs4CPzkNESKcsx8S19LyubDpd8tw8IgJB+w0vkre&#13;
/ikzhIA49kxeyNOcWk+j6nFLSBFT9k36T4BkKbBBJj6KBBzI8j+qhs6WYl4BbVb/ETufmw&#13;
YzPj5+FZi9six59lPGdqVz8ZsHLbq553HlIlFWWkWpa/qK0ON/K2DmKgqeb9L7AvVQle7C&#13;
hmkEenIz5Edkl+URW/fGEGaM4/9si3KpwQSegk05aS0DiMQeJNIw7S5aKerymKFOUwAbav&#13;
LgF5eHeAu6aSXtaIDmLVIYx5YlCfVnz9WrOoKdsvAAAFiAucWlULnFpVAAAAB3NzaC1yc2&#13;
EAAAGBANBz8yhbSLMEUOb+a4mBP2dFoioaS1Z11cMZIU01dyUOfaZluX7N23Vqn9qsjZ5g&#13;
ruiE79XXigU6JYoYfDi2hr4rPgwPFNcj1MYxQfzj79eoCBBdXq68jiX8dkNYpBpFo2vgbP&#13;
zEiO0WP7ipCcnP8NfqZQCUDMct0N+wkhNZt5bhiy78+7WyJBOmaSXZF6PJiwheuWMqHz/U&#13;
Ou1kOQFmeS+6a8mFAYKT7OAj85DREinLMfEtfS8rmw6XfLcPCICQfsNL5K3v4pM4SAOPZM&#13;
XsjTnFpPo+pxS0gRU/ZN+k+AZCmwQSY+igQcyPI/qobOlmJeAW1W/xE7n5sGMz4+fhWYvb&#13;
IsefZTxnalc/GbBy26uedx5SJRVlpFqWv6itDjfytg5ioKnm/S+wL1UJXuwoZpBHpyM+RH&#13;
ZJflEVv3xhBmjOP/bItyqcEEnoJNOWktA4jEHiTSMO0uWinq8pihTlMAG2ry4BeXh3gLum&#13;
kl7WiA5i1SGMeWJQn1Z8/VqzqCnbLwAAAAMBAAEAAAGAA0j92TIjFwB86T8I4ShidZVb2m&#13;
UCsJtNIfTTQ7Jm18nULMX9TTnKTnM+j1rZJS3/OQE1/xKVWsK7/7f7ZoYTNouw6ni8X9hG&#13;
jKm5vAC4RsJKVOkGdSOElqWqvsyhUsar2NHhyylVF8Nvf/tYq6UKyyRRsNd5zL50mb81y3&#13;
dGVOrmCiNeMNKyDds5XKmAsrSaQSiuVu6S19XXkzvZSCPeH2Sajpj5g/N32rUbrA8XcFrY&#13;
RSWYi6CYzNCSBxfbZEdNU3rntvXF37mZZF9CDo/If23D1CLA2PjGqKt9FR+lJu0y6+nKqU&#13;
9MxoWhZuWpxz6icSL0E5oweWdb/oRYjDTwOm5AF/jEofAVh4mivuOPDFVpFyDDNuTJ5jzS&#13;
KOGkqOj5SE00RkoCmdUmnt7fxB4T+ZAQ+ZcPzXSBtVdzQolrGLijsSCAVKXR6tgXyKDeRU&#13;
Ck6RVKlxnu5RrLBp2uzhVU8h5FqaEoWha7lFTeH/TGPvayMaGSfU4FL7RoNfmZrNHZAAAA&#13;
wQCHDwFjTLSTq6oFNmJtojw83Lz3ObsVFvom27saZlb6iCUq7O972uEnG1iQUpQpGmI99L&#13;
UlZ3K25v7ePbtjOpuKSv+cR7kOXa3EnvOyz0TwofnUYRRD3nk8dEJ9e1A0dbi76RUxVdmx&#13;
ygc157MaxI1wClw+CKwsluFvUSigfv9IcyWRtH1bS0GHRVh8vfq0jmLV6g/zQGFGgFomB1&#13;
sBiZmwdQzk+lkBYgOuqxdJWSVqmrvlIqcwUxSIuOohzNW+LqEAAADBANNcXSwb2TP+ljbu&#13;
CqdgIvDeB6WEoIqQ/dTYAPZWiKh+T31mzBRqWC+vTHyh/MuhnRy4YCpq7Y9eT970xu+PWA&#13;
Z3wCpXnXAwt/AU8yqMxA+KAtmX3f9DRBHEWysuDs4LRGBfC8Y5xyPNX1j1nt4WZTxq8jQ7&#13;
A9KlK61sjcwTnxC0745S1QjGiOq1PookR/fw1gl+zgASMy+wOIkQi/ioSklEJNfYDFPGtG&#13;
uljSlpIeI5J37mA0X7Jc3oRJrflvPF+QAAAMEA/Hpdxpztsc+0XiEZ4psGOFDEpEUfGtFw&#13;
I2imT340O8OWzpR7bHLdjZJSN+fIlaFqX8u2XOGMwhd/nNMSF6MSp+3PXuUQc+vPNRjQA1&#13;
2JMspHmjwyRMXZ2qzd7wY8yaDWnX5BHRwoFMm1FhqdevYuMm6QavnRrPFTdji45oo4gUSg&#13;
+tD7qpNAPHRNrE5A5oMTXCeYUj1w0Gvmz8o7ww5qgRQzXIbf91orhFDiTci6OKcj018r0u&#13;
xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#13;
-----END OPENSSH PRIVATE KEY-----&#13;
</privkey>
<user>git</user>
<password/>
@@ -1291,8 +1301,8 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
</widgets>
<revision>
<username>(system)</username>
<description>/usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php made changes</description>
<time>1764717021.9334</time>
<description>/usr/local/opnsense/mvc/script/run_migrations.php made changes</description>
<time>1767005844.7902</time>
</revision>
<OPNsense>
<wireguard>
@@ -1335,12 +1345,14 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
</servers>
</server>
</wireguard>
<IPsec version="1.0.3">
<IPsec version="1.0.4">
<general>
<enabled/>
<preferred_oldsa>0</preferred_oldsa>
<disablevpnrules>0</disablevpnrules>
<passthrough_networks/>
<user_source/>
<local_group/>
</general>
<charon>
<max_ikev1_exchanges/>
@@ -1349,6 +1361,8 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<ikesa_table_segments>4</ikesa_table_segments>
<init_limit_half_open>1000</init_limit_half_open>
<ignore_acquire_ts>1</ignore_acquire_ts>
<install_routes>0</install_routes>
<cisco_unity>0</cisco_unity>
<make_before_break/>
<retransmit_tries/>
<retransmit_timeout/>
@@ -1379,6 +1393,29 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<tnc>1</tnc>
</daemon>
</syslog>
<plugins>
<attr>
<subnet/>
<split-include/>
<x_28674/>
<x_28675/>
<x_28672/>
<x_28673>0</x_28673>
<x_28679/>
<dns/>
<nbns/>
</attr>
<eap-radius>
<servers/>
<accounting>0</accounting>
<class_group>0</class_group>
</eap-radius>
<xauth-pam>
<pam_service>ipsec</pam_service>
<session>0</session>
<trim_email>1</trim_email>
</xauth-pam>
</plugins>
</charon>
<keyPairs/>
<preSharedKeys/>
@@ -1400,7 +1437,7 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<Instances/>
<StaticKeys/>
</OpenVPN>
<captiveportal version="1.0.2">
<captiveportal version="1.0.4">
<zones/>
<templates/>
</captiveportal>
@@ -1580,7 +1617,7 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<http_port>8000</http_port>
</general>
</ctrl_agent>
<dhcp4 version="1.0.2">
<dhcp4 version="1.0.3">
<general>
<enabled>0</enabled>
<interfaces/>
@@ -1597,6 +1634,24 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<reservations/>
<ha_peers/>
</dhcp4>
<dhcp6 version="1.0.0">
<general>
<enabled>0</enabled>
<manual_config>0</manual_config>
<interfaces/>
<valid_lifetime>4000</valid_lifetime>
<fwrules>1</fwrules>
</general>
<ha>
<enabled>0</enabled>
<this_server_name/>
<max_unacked_clients>2</max_unacked_clients>
</ha>
<subnets/>
<reservations/>
<pd_pools/>
<ha_peers/>
</dhcp6>
</Kea>
<monit version="1.0.13">
<general>
@@ -1918,7 +1973,7 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<queues/>
<rules/>
</TrafficShaper>
<unboundplus version="1.0.11">
<unboundplus version="1.0.12">
<general>
<enabled>1</enabled>
<port>53</port>
@@ -2005,6 +2060,7 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<port/>
<verify/>
<forward_tcp_upstream>0</forward_tcp_upstream>
<forward_first>0</forward_first>
<description/>
</dot>
</dots>
@@ -2016,6 +2072,7 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<rr>A</rr>
<mxprio/>
<mx/>
<ttl/>
<server>192.168.2.253</server>
<description/>
</host>
@@ -2026,6 +2083,7 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<rr>A</rr>
<mxprio/>
<mx/>
<ttl/>
<server>192.168.2.20</server>
<description/>
</host>
@@ -2036,6 +2094,7 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<rr>A</rr>
<mxprio/>
<mx/>
<ttl/>
<server>172.27.72.254</server>
<description/>
</host>
@@ -2046,6 +2105,7 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<rr>A</rr>
<mxprio/>
<mx/>
<ttl/>
<server>172.27.72.1</server>
<description/>
</host>
@@ -2056,6 +2116,7 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<rr>A</rr>
<mxprio/>
<mx/>
<ttl/>
<server>172.27.72.5</server>
<description/>
</host>
@@ -2563,7 +2624,7 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<laggs version="1.0.0">
<lagg/>
</laggs>
<virtualip version="1.0.0"/>
<virtualip version="1.0.1"/>
<vlans version="1.0.0">
<vlan uuid="dfff563c-29ee-424e-8b56-f735b38e9b64">
<if>vtnet5</if>
@@ -2626,21 +2687,27 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<disabled>0</disabled>
</route>
</staticroutes>
<bridges>
<bridged>
<descr>LAN_BRIDGE</descr>
<maxaddr/>
<timeout/>
<bridges version="1.0.0">
<bridged uuid="e6c8b326-966c-47d8-a72d-e0dd8d193b82">
<bridgeif>bridge0</bridgeif>
<members>opt12,opt1,opt2,opt3,opt4,opt5</members>
<linklocal>0</linklocal>
<enablestp>0</enablestp>
<proto>rstp</proto>
<stp/>
<maxage/>
<fwdelay/>
<hellotime/>
<priority/>
<proto>rstp</proto>
<holdcnt/>
<members>opt12,opt1,opt2,opt3,opt4,opt5</members>
<ifpriority/>
<ifpathcost/>
<maxaddr/>
<timeout/>
<span/>
<edge/>
<autoedge/>
<ptp/>
<autoptp/>
<static/>
<private/>
<descr>LAN_BRIDGE</descr>
</bridged>
</bridges>
<gifs version="1.0.0">
@@ -2705,13 +2772,14 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<nologbogons>1</nologbogons>
<nologprivatenets>1</nologprivatenets>
</syslog>
<hasync version="1.0.1">
<hasync version="1.0.2">
<disablepreempt>0</disablepreempt>
<disconnectppps>0</disconnectppps>
<pfsyncinterface/>
<pfsyncpeerip/>
<pfsyncversion>1400</pfsyncversion>
<synchronizetoip/>
<verifypeer>0</verifypeer>
<username/>
<password/>
<syncitems/>
@@ -2732,4 +2800,39 @@ xNByHw9ei5+9RnAAAADnJhZHppZWxAaGVybWVzAQIDBA==&#xD;
<serial/>
<caref/>
</ca>
<dnsmasq version="1.0.7">
<enable>0</enable>
<regdhcp>0</regdhcp>
<regdhcpstatic>0</regdhcpstatic>
<dhcpfirst>0</dhcpfirst>
<strict_order>0</strict_order>
<domain_needed>0</domain_needed>
<no_private_reverse>0</no_private_reverse>
<no_resolv>0</no_resolv>
<log_queries>0</log_queries>
<no_hosts>0</no_hosts>
<strictbind>0</strictbind>
<dnssec>0</dnssec>
<regdhcpdomain/>
<interface/>
<port/>
<dns_forward_max/>
<cache_size/>
<local_ttl/>
<add_mac/>
<add_subnet>0</add_subnet>
<strip_subnet>0</strip_subnet>
<dhcp>
<no_interface/>
<fqdn>1</fqdn>
<domain/>
<lease_max/>
<authoritative>0</authoritative>
<default_fw_rules>1</default_fw_rules>
<reply_delay/>
<enable_ra>0</enable_ra>
<nosync>0</nosync>
</dhcp>
<no_ident>1</no_ident>
</dnsmasq>
</opnsense>