├── .gitignore
├── opn.go
├── .idea
    ├── encodings.xml
    ├── misc.xml
    ├── vcs.xml
    ├── sonarlint.xml
    ├── modules.xml
    ├── opnsense-cli.iml
    ├── dictionaries
    │   └── em.xml
    ├── php.xml
    └── runConfigurations
    │   ├── list.xml
    │   ├── status.xml
    │   ├── restart.xml
    │   ├── reconfigure.xml
    │   ├── delete.xml
    │   ├── show.xml
    │   ├── create.xml
    │   └── update.xml
├── cmd
    ├── unbound.go
    ├── unbound_service.go
    ├── unbound_service_restart.go
    ├── unbound_service_status.go
    ├── unbound_hostoverride.go
    ├── unbound_service_reconfigure.go
    ├── unbound_hostoverride_list.go
    ├── root.go
    ├── unbound_hostoverride_show.go
    ├── unbound_hostoverride_rm.go
    └── unbound_hostoverride_create_update.go
├── go.mod
├── Makefile
├── .github
    └── workflows
    │   └── build.yml
├── http
    └── opn_unbound.http
├── go.sum
├── LICENSE
├── opnsense
    └── api
    │   ├── api.go
    │   └── unbound
    │       ├── service.go
    │       └── hostoverride.go
├── Vagrantfile
├── README.md
└── config.xml


/.gitignore:
--------------------------------------------------------------------------------
1 | .idea/workspace.xml
2 | .env
3 | vendor
4 | #dist/
5 | http/*.private.env.json
6 | dist/*
7 | 


--------------------------------------------------------------------------------
/opn.go:
--------------------------------------------------------------------------------
 1 | package main
 2 | 
 3 | import (
 4 | 	"github.com/eugenmayer/opnsense-cli/cmd"
 5 | )
 6 | 
 7 | func main() {
 8 | 	cmd.Execute()
 9 | }
10 | 


--------------------------------------------------------------------------------
/.idea/encodings.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <project version="4">
3 |   <component name="Encoding" addBOMForNewFiles="with NO BOM" />
4 | </project>


--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <project version="4">
3 |   <component name="ProjectType">
4 |     <option name="id" value="jpab" />
5 |   </component>
6 | </project>


--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <project version="4">
3 |   <component name="VcsDirectoryMappings">
4 |     <mapping directory="$PROJECT_DIR$" vcs="Git" />
5 |   </component>
6 | </project>


--------------------------------------------------------------------------------
/.idea/sonarlint.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <project version="4">
3 |   <component name="SonarLintProjectSettings">
4 |     <option name="bindingSuggestionsEnabled" value="false" />
5 |   </component>
6 | </project>


--------------------------------------------------------------------------------
/cmd/unbound.go:
--------------------------------------------------------------------------------
 1 | package cmd
 2 | 
 3 | import (
 4 | 	"github.com/spf13/cobra"
 5 | )
 6 | 
 7 | var unboundCmd = &cobra.Command{
 8 | 	Use:   "unbound",
 9 | 	Short: "Manage Unbound using the OPNsense API",
10 | }
11 | 
12 | func init() {
13 | 	RootCmd.AddCommand(unboundCmd)
14 | }
15 | 


--------------------------------------------------------------------------------
/cmd/unbound_service.go:
--------------------------------------------------------------------------------
 1 | package cmd
 2 | 
 3 | import (
 4 | 	"github.com/spf13/cobra"
 5 | )
 6 | 
 7 | var unboundServiceCmd = &cobra.Command{
 8 | 	Use:   "service",
 9 | 	Short: "Manage Unbound service",
10 | }
11 | 
12 | func init() {
13 | 	unboundCmd.AddCommand(unboundServiceCmd)
14 | }
15 | 


--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
 1 | module github.com/eugenmayer/opnsense-cli
 2 | 
 3 | go 1.22
 4 | 
 5 | require (
 6 | 	github.com/joho/godotenv v1.5.1
 7 | 	github.com/spf13/cobra v1.8.0
 8 | )
 9 | 
10 | require (
11 | 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
12 | 	github.com/spf13/pflag v1.0.5 // indirect
13 | )
14 | 


--------------------------------------------------------------------------------
/.idea/modules.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <project version="4">
3 |   <component name="ProjectModuleManager">
4 |     <modules>
5 |       <module fileurl="file://$PROJECT_DIR$/.idea/opnsense-cli.iml" filepath="$PROJECT_DIR$/.idea/opnsense-cli.iml" />
6 |     </modules>
7 |   </component>
8 | </project>


--------------------------------------------------------------------------------
/.idea/opnsense-cli.iml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <module type="WEB_MODULE" version="4">
3 |   <component name="Go" enabled="true" />
4 |   <component name="NewModuleRootManager">
5 |     <content url="file://$MODULE_DIR$" />
6 |     <orderEntry type="inheritedJdk" />
7 |     <orderEntry type="sourceFolder" forTests="false" />
8 |   </component>
9 | </module>


--------------------------------------------------------------------------------
/.idea/dictionaries/em.xml:
--------------------------------------------------------------------------------
 1 | <component name="ProjectDictionaryState">
 2 |   <dictionary name="em">
 3 |     <words>
 4 |       <w>apisecret</w>
 5 |       <w>coreapi</w>
 6 |       <w>hostentry</w>
 7 |       <w>hostoverride</w>
 8 |       <w>mxprio</w>
 9 |       <w>nosslverify</w>
10 |       <w>nsense</w>
11 |       <w>openvpn</w>
12 |     </words>
13 |   </dictionary>
14 | </component>


--------------------------------------------------------------------------------
/.idea/php.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project version="4">
 3 |   <component name="MessDetectorOptionsConfiguration">
 4 |     <option name="transferred" value="true" />
 5 |   </component>
 6 |   <component name="PHPCSFixerOptionsConfiguration">
 7 |     <option name="transferred" value="true" />
 8 |   </component>
 9 |   <component name="PHPCodeSnifferOptionsConfiguration">
10 |     <option name="transferred" value="true" />
11 |   </component>
12 | </project>


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | init:
 2 | 	go mod tidy
 3 | 	go mod verify
 4 | 	go mod vendor
 5 | 
 6 | update:
 7 | 	go get -u
 8 | 	go mod tidy
 9 | 
10 | start:
11 | 	vagrant up opnsense
12 | 	docker-compose up -d
13 | 
14 | rm:
15 | 	vagrant destroy
16 | 	docker-compose down -v
17 | 
18 | build: init
19 | 	go build -o dist/opn-macos-amd64 opn.go
20 | 	env GOSS=linux go build -o dist/opn-linux-amd64 opn.go
21 | 	env GOSS=windows go build -o dist/opn-windows-amd64 opn.go
22 | release:
23 | 	go build -o dist/opn-macos-amd64-${VERSION} opn.go
24 | 	env GOSS=linux go build -o dist/opn-linux-amd64-${VERSION} opn.go
25 | 


--------------------------------------------------------------------------------
/.idea/runConfigurations/list.xml:
--------------------------------------------------------------------------------
 1 | <component name="ProjectRunConfigurationManager">
 2 |   <configuration default="false" name="list" type="GoApplicationRunConfiguration" factoryName="Go Application">
 3 |     <module name="opnsense-cli" />
 4 |     <working_directory value="$PROJECT_DIR$" />
 5 |     <parameters value="unbound hostoverride list" />
 6 |     <kind value="PACKAGE" />
 7 |     <package value="github.com/eugenmayer/opnsense-cli" />
 8 |     <directory value="$PROJECT_DIR$" />
 9 |     <filePath value="$PROJECT_DIR$/opn.go" />
10 |     <method v="2" />
11 |   </configuration>
12 | </component>


--------------------------------------------------------------------------------
/.idea/runConfigurations/status.xml:
--------------------------------------------------------------------------------
 1 | <component name="ProjectRunConfigurationManager">
 2 |   <configuration default="false" name="status" type="GoApplicationRunConfiguration" factoryName="Go Application">
 3 |     <module name="opnsense-cli" />
 4 |     <working_directory value="$PROJECT_DIR$" />
 5 |     <parameters value="unbound service status" />
 6 |     <kind value="PACKAGE" />
 7 |     <package value="github.com/eugenmayer/opnsense-cli" />
 8 |     <directory value="$PROJECT_DIR$" />
 9 |     <filePath value="$PROJECT_DIR$/opn.go" />
10 |     <method v="2" />
11 |   </configuration>
12 | </component>


--------------------------------------------------------------------------------
/.idea/runConfigurations/restart.xml:
--------------------------------------------------------------------------------
 1 | <component name="ProjectRunConfigurationManager">
 2 |   <configuration default="false" name="restart" type="GoApplicationRunConfiguration" factoryName="Go Application">
 3 |     <module name="opnsense-cli" />
 4 |     <working_directory value="$PROJECT_DIR$" />
 5 |     <parameters value="unbound service restart" />
 6 |     <kind value="PACKAGE" />
 7 |     <package value="github.com/eugenmayer/opnsense-cli" />
 8 |     <directory value="$PROJECT_DIR$" />
 9 |     <filePath value="$PROJECT_DIR$/opn.go" />
10 |     <method v="2" />
11 |   </configuration>
12 | </component>


--------------------------------------------------------------------------------
/.idea/runConfigurations/reconfigure.xml:
--------------------------------------------------------------------------------
 1 | <component name="ProjectRunConfigurationManager">
 2 |   <configuration default="false" name="reconfigure" type="GoApplicationRunConfiguration" factoryName="Go Application">
 3 |     <module name="opnsense-cli" />
 4 |     <working_directory value="$PROJECT_DIR$" />
 5 |     <parameters value="unbound service reconfigure" />
 6 |     <kind value="PACKAGE" />
 7 |     <package value="github.com/eugenmayer/opnsense-cli" />
 8 |     <directory value="$PROJECT_DIR$" />
 9 |     <filePath value="$PROJECT_DIR$/opn.go" />
10 |     <method v="2" />
11 |   </configuration>
12 | </component>


--------------------------------------------------------------------------------
/.idea/runConfigurations/delete.xml:
--------------------------------------------------------------------------------
 1 | <component name="ProjectRunConfigurationManager">
 2 |   <configuration default="false" name="delete" type="GoApplicationRunConfiguration" factoryName="Go Application">
 3 |     <module name="opnsense-cli" />
 4 |     <working_directory value="$PROJECT_DIR$" />
 5 |     <parameters value="unbound hostoverride rm --host test --domain test.local" />
 6 |     <kind value="PACKAGE" />
 7 |     <package value="github.com/eugenmayer/opnsense-cli" />
 8 |     <directory value="$PROJECT_DIR$" />
 9 |     <filePath value="$PROJECT_DIR$/opn.go" />
10 |     <method v="2" />
11 |   </configuration>
12 | </component>


--------------------------------------------------------------------------------
/.idea/runConfigurations/show.xml:
--------------------------------------------------------------------------------
 1 | <component name="ProjectRunConfigurationManager">
 2 |   <configuration default="false" name="show" type="GoApplicationRunConfiguration" factoryName="Go Application">
 3 |     <module name="opnsense-cli" />
 4 |     <working_directory value="$PROJECT_DIR$" />
 5 |     <parameters value="unbound hostoverride show --host test --domain test.local" />
 6 |     <kind value="PACKAGE" />
 7 |     <package value="github.com/eugenmayer/opnsense-cli" />
 8 |     <directory value="$PROJECT_DIR$" />
 9 |     <filePath value="$PROJECT_DIR$/opn.go" />
10 |     <method v="2" />
11 |   </configuration>
12 | </component>


--------------------------------------------------------------------------------
/.idea/runConfigurations/create.xml:
--------------------------------------------------------------------------------
 1 | <component name="ProjectRunConfigurationManager">
 2 |   <configuration default="false" name="create" type="GoApplicationRunConfiguration" factoryName="Go Application">
 3 |     <module name="opnsense-cli" />
 4 |     <working_directory value="$PROJECT_DIR$" />
 5 |     <parameters value="unbound hostoverride create --host test --domain test.local --ip 10.10.254.254 --rr A" />
 6 |     <kind value="PACKAGE" />
 7 |     <package value="github.com/eugenmayer/opnsense-cli" />
 8 |     <directory value="$PROJECT_DIR$" />
 9 |     <filePath value="$PROJECT_DIR$/opn.go" />
10 |     <method v="2" />
11 |   </configuration>
12 | </component>


--------------------------------------------------------------------------------
/.idea/runConfigurations/update.xml:
--------------------------------------------------------------------------------
 1 | <component name="ProjectRunConfigurationManager">
 2 |   <configuration default="false" name="update" type="GoApplicationRunConfiguration" factoryName="Go Application">
 3 |     <module name="opnsense-cli" />
 4 |     <working_directory value="$PROJECT_DIR$" />
 5 |     <parameters value="unbound hostoverride update --host test --domain test.local --ip 10.10.233.233 --rr A" />
 6 |     <kind value="PACKAGE" />
 7 |     <package value="github.com/eugenmayer/opnsense-cli" />
 8 |     <directory value="$PROJECT_DIR$" />
 9 |     <filePath value="$PROJECT_DIR$/opn.go" />
10 |     <method v="2" />
11 |   </configuration>
12 | </component>


--------------------------------------------------------------------------------
/.github/workflows/build.yml:
--------------------------------------------------------------------------------
 1 | name: build
 2 | 
 3 | on:
 4 |   push:
 5 | 
 6 | jobs:
 7 |   build:
 8 |     runs-on: ubuntu-latest
 9 |     steps:
10 |       - name: Checkout
11 |         uses: actions/checkout@v3
12 |       - uses: actions/setup-go@v3
13 |         with:
14 |           go-version-file: 'go.mod'
15 |       # push only on main
16 |       - name: build
17 |         run: make build
18 |       - name: Release
19 |         uses: softprops/action-gh-release@v1
20 |         if: startsWith(github.ref, 'refs/tags/')
21 |         with:
22 |           files: |
23 |             dist/opn-linux-amd64
24 |             dist/opn-macos-amd64
25 |             dist/opn-windows-amd64
26 | 


--------------------------------------------------------------------------------
/cmd/unbound_service_restart.go:
--------------------------------------------------------------------------------
 1 | package cmd
 2 | 
 3 | import (
 4 | 	"github.com/eugenmayer/opnsense-cli/opnsense/api/unbound"
 5 | 	"github.com/spf13/cobra"
 6 | 	"log"
 7 | )
 8 | 
 9 | var unboundRestartCmd = &cobra.Command{
10 | 	Use:   "restart",
11 | 	Short: "Restart the unbound server",
12 | 	Run:   unboundRestartRun,
13 | }
14 | 
15 | func init() {
16 | 	unboundServiceCmd.AddCommand(unboundRestartCmd)
17 | }
18 | 
19 | func unboundRestartRun(_ *cobra.Command, _ []string) {
20 | 	var unboundApi = unbound.UnboundApi{OPNsense: GetOPNsenseApi()}
21 | 
22 | 	var err = unboundApi.ServiceRestart()
23 | 	if err != nil {
24 | 		log.Fatal(err)
25 | 	}
26 | 
27 | 	log.Printf("Service restarted")
28 | }
29 | 


--------------------------------------------------------------------------------
/cmd/unbound_service_status.go:
--------------------------------------------------------------------------------
 1 | package cmd
 2 | 
 3 | import (
 4 | 	"github.com/eugenmayer/opnsense-cli/opnsense/api/unbound"
 5 | 	"github.com/spf13/cobra"
 6 | 	"log"
 7 | )
 8 | 
 9 | var unboundStatusCmd = &cobra.Command{
10 | 	Use:   "status",
11 | 	Short: "Status of your unbound server",
12 | 	Run:   unboundRStatusRun,
13 | }
14 | 
15 | func init() {
16 | 	unboundServiceCmd.AddCommand(unboundStatusCmd)
17 | }
18 | 
19 | func unboundRStatusRun(_ *cobra.Command, _ []string) {
20 | 	var unboundApi = unbound.UnboundApi{OPNsense: GetOPNsenseApi()}
21 | 
22 | 	var status, err = unboundApi.ServiceStatus()
23 | 	if err != nil {
24 | 		log.Fatal(err)
25 | 	}
26 | 
27 | 	log.Printf("Service status: %s", status)
28 | }
29 | 


--------------------------------------------------------------------------------
/cmd/unbound_hostoverride.go:
--------------------------------------------------------------------------------
 1 | package cmd
 2 | 
 3 | import (
 4 | 	"github.com/spf13/cobra"
 5 | )
 6 | 
 7 | var (
 8 | 	HOSTOVERRIDEhost        string
 9 | 	HOSTOVERRIDEdomain      string
10 | 	HOSTOVERRIDEuuid        string
11 | 	HOSTOVERRIDEip          string
12 | 	HOSTOVERRIDErr          string
13 | 	HOSTOVERRIDEmxprio      string
14 | 	HOSTOVERRIDEmx          string
15 | 	HOSTOVERRIDEdescription string
16 | 	// HOSTOVERRIDEnabled 0 for disabled, 1 for enabled
17 | 	HOSTOVERRIDEnabled string
18 | )
19 | 
20 | var unboundHostOverrideCmd = &cobra.Command{
21 | 	Use:   "hostoverride",
22 | 	Short: "Manage Unbound Host Override entries",
23 | }
24 | 
25 | func init() {
26 | 	unboundCmd.AddCommand(unboundHostOverrideCmd)
27 | }
28 | 


--------------------------------------------------------------------------------
/cmd/unbound_service_reconfigure.go:
--------------------------------------------------------------------------------
 1 | package cmd
 2 | 
 3 | import (
 4 | 	"github.com/eugenmayer/opnsense-cli/opnsense/api/unbound"
 5 | 	"github.com/spf13/cobra"
 6 | 	"log"
 7 | )
 8 | 
 9 | var unboundReconfigureCmd = &cobra.Command{
10 | 	Use:   "reconfigure",
11 | 	Short: "Reconfigure the unbound server",
12 | 	Run:   unboundReconfigureRun,
13 | }
14 | 
15 | func init() {
16 | 	unboundServiceCmd.AddCommand(unboundReconfigureCmd)
17 | }
18 | 
19 | func unboundReconfigureRun(_ *cobra.Command, _ []string) {
20 | 	var unboundApi = unbound.UnboundApi{OPNsense: GetOPNsenseApi()}
21 | 
22 | 	var err = unboundApi.ServiceReconfigure()
23 | 	if err != nil {
24 | 		log.Fatal(err)
25 | 	}
26 | 
27 | 	log.Printf("Service reconfigured")
28 | }
29 | 


--------------------------------------------------------------------------------
/cmd/unbound_hostoverride_list.go:
--------------------------------------------------------------------------------
 1 | package cmd
 2 | 
 3 | import (
 4 | 	"fmt"
 5 | 	"github.com/eugenmayer/opnsense-cli/opnsense/api/unbound"
 6 | 	"github.com/spf13/cobra"
 7 | 	"log"
 8 | )
 9 | 
10 | var unboundHostOverrideListCmd = &cobra.Command{
11 | 	Use:   "list",
12 | 	Short: "List all Unbound Host Override entries",
13 | 	Run:   hostEntryListRun,
14 | }
15 | 
16 | func init() {
17 | 	unboundHostOverrideCmd.AddCommand(unboundHostOverrideListCmd)
18 | }
19 | 
20 | func hostEntryListRun(_ *cobra.Command, _ []string) {
21 | 	var unboundApi = unbound.UnboundApi{OPNsense: GetOPNsenseApi()}
22 | 
23 | 	var hostOverrideEntries, err = unboundApi.HostOverrideList()
24 | 	if err != nil {
25 | 		log.Fatal(err)
26 | 	}
27 | 	for _, hostEntry := range hostOverrideEntries {
28 | 		fmt.Println(hostEntry)
29 | 	}
30 | }
31 | 


--------------------------------------------------------------------------------
/cmd/root.go:
--------------------------------------------------------------------------------
 1 | package cmd
 2 | 
 3 | import (
 4 | 	"fmt"
 5 | 	opnsenseapi "github.com/eugenmayer/opnsense-cli/opnsense/api"
 6 | 	"github.com/spf13/cobra"
 7 | 	"log"
 8 | 	"os"
 9 | )
10 | 
11 | var RootCmd = &cobra.Command{
12 | 	Use:   "opnsense",
13 | 	Short: "OPNsense cli to operate with a opnsense API",
14 | }
15 | 
16 | // Execute adds all child commands to the root command and sets flags appropriately.
17 | // This is called by main.main(). It only needs to happen once to the RootCmd.
18 | func Execute() {
19 | 	if err := RootCmd.Execute(); err != nil {
20 | 		fmt.Println(err)
21 | 		os.Exit(1)
22 | 	}
23 | }
24 | 
25 | func init() {
26 | 	RootCmd.PersistentFlags().BoolP("verbose", "v", false, "Activate for verbose")
27 | }
28 | 
29 | func GetOPNsenseApi() *opnsenseapi.OPNsense {
30 | 	connection, err := opnsenseapi.ConfigureFromEnv()
31 | 	if err != nil {
32 | 		log.Fatal()
33 | 	}
34 | 	return connection
35 | }
36 | 
37 | func BoolToInt(b bool) int {
38 | 	if b {
39 | 		return 1
40 | 	}
41 | 	return 0
42 | }
43 | 


--------------------------------------------------------------------------------
/http/opn_unbound.http:
--------------------------------------------------------------------------------
 1 | ###
 2 | ### Add host override
 3 | ###
 4 | POST {{baseUrl}}/api/unbound/settings/addHostOverride
 5 | Authorization: Basic {{username}} {{password}}
 6 | Content-Type: application/json
 7 | Accept: application/json
 8 | 
 9 | {
10 |   "host" : {
11 |     "enabled": "1",
12 |     "hostname": "test",
13 |     "domain": "fest.local",
14 |     "rr": "A",
15 |     "server": "1.1.1.1"
16 |   }
17 | }
18 | 
19 | ###
20 | ### Delete host override
21 | ###
22 | POST {{baseUrl}}/api/unbound/settings/delHostOverride/84364c29-dce8-4d81-9681-a7e789e8c035
23 | Authorization: Basic {{username}} {{password}}
24 | Accept: application/json
25 | 
26 | 
27 | ###
28 | ### Search host override
29 | ###
30 | POST {{baseUrl}}/api/unbound/settings/searchHostOverride
31 | Authorization: Basic {{username}} {{password}}
32 | Accept: application/json
33 | 
34 | 
35 | ###
36 | ### Search host override with search phrase
37 | ###
38 | POST {{baseUrl}}/api/unbound/settings/searchHostOverride?searchPhrase=test.local
39 | Authorization: Basic {{username}} {{password}}
40 | Accept: application/json
41 | 


--------------------------------------------------------------------------------
/cmd/unbound_hostoverride_show.go:
--------------------------------------------------------------------------------
 1 | package cmd
 2 | 
 3 | import (
 4 | 	"fmt"
 5 | 	"github.com/eugenmayer/opnsense-cli/opnsense/api/unbound"
 6 | 	"github.com/spf13/cobra"
 7 | 	"log"
 8 | )
 9 | 
10 | var unboundHostOverrideShowCmd = &cobra.Command{
11 | 	Use:   "show",
12 | 	Short: "Show a Unbound Host override",
13 | 	Run:   hostOverrideShowRun,
14 | }
15 | 
16 | func init() {
17 | 	unboundHostOverrideShowCmd.Flags().StringVarP(&HOSTOVERRIDEhost, "host", "", "", "the host part")
18 | 	unboundHostOverrideShowCmd.Flags().StringVarP(&HOSTOVERRIDEdomain, "domain", "", "", "the domain part")
19 | 
20 | 	_ = unboundHostOverrideShowCmd.MarkFlagRequired("host")
21 | 	_ = unboundHostOverrideShowCmd.MarkFlagRequired("domain")
22 | 
23 | 	unboundHostOverrideCmd.AddCommand(unboundHostOverrideShowCmd)
24 | }
25 | 
26 | func hostOverrideShowRun(_ *cobra.Command, _ []string) {
27 | 	var openvpnApi = unbound.UnboundApi{OPNsense: GetOPNsenseApi()}
28 | 
29 | 	var ccd, err = openvpnApi.HostEntryGetByFQDN(HOSTOVERRIDEhost, HOSTOVERRIDEdomain)
30 | 	if err != nil {
31 | 		log.Fatal(err)
32 | 	}
33 | 	fmt.Println(ccd)
34 | }
35 | 


--------------------------------------------------------------------------------
/go.sum:
--------------------------------------------------------------------------------
 1 | github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 2 | github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 3 | github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 4 | github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 5 | github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 6 | github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 7 | github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
 8 | github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 9 | github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
10 | github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
11 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
12 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
13 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2019 Eugen Mayer
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/cmd/unbound_hostoverride_rm.go:
--------------------------------------------------------------------------------
 1 | package cmd
 2 | 
 3 | import (
 4 | 	"fmt"
 5 | 	"github.com/eugenmayer/opnsense-cli/opnsense/api/unbound"
 6 | 	"github.com/spf13/cobra"
 7 | 	"log"
 8 | )
 9 | 
10 | var unboundHostOverrideRmCmd = &cobra.Command{
11 | 	Use:   "rm",
12 | 	Short: "Remove a Unbound host override entry",
13 | 	Run:   hostEntryRmRun,
14 | }
15 | 
16 | func init() {
17 | 	unboundHostOverrideRmCmd.Flags().StringVarP(&HOSTOVERRIDEhost, "host", "", "", "lookup entry by the host / domain the host part")
18 | 	unboundHostOverrideRmCmd.Flags().StringVarP(&HOSTOVERRIDEdomain, "domain", "", "", "lookup entry by the host / domainthe domain part")
19 | 	unboundHostOverrideRmCmd.Flags().StringVarP(&HOSTOVERRIDEuuid, "uuid", "", "", "delete by uuid explicitly")
20 | 
21 | 	unboundHostOverrideCmd.AddCommand(unboundHostOverrideRmCmd)
22 | }
23 | 
24 | func hostEntryRmRun(_ *cobra.Command, _ []string) {
25 | 	var openvpnApi = unbound.UnboundApi{OPNsense: GetOPNsenseApi()}
26 | 
27 | 	if HOSTOVERRIDEhost == "" || HOSTOVERRIDEdomain == "" && HOSTOVERRIDEuuid == "" {
28 | 		log.Fatal("Please either set host and domain or set uuid")
29 | 	}
30 | 
31 | 	if HOSTOVERRIDEhost != "" && HOSTOVERRIDEdomain != "" {
32 | 		var entry, err = openvpnApi.HostEntryGetByFQDN(HOSTOVERRIDEhost, HOSTOVERRIDEdomain)
33 | 		if err != nil {
34 | 			log.Fatal(err.Error())
35 | 		}
36 | 		HOSTOVERRIDEuuid = entry.Uuid
37 | 		log.Printf("Found Uuid %s for FQDM %s.%s", HOSTOVERRIDEuuid, HOSTOVERRIDEhost, HOSTOVERRIDEdomain)
38 | 	}
39 | 
40 | 	var err = openvpnApi.HostEntryRemove(HOSTOVERRIDEuuid)
41 | 	if err != nil {
42 | 		log.Fatal(err)
43 | 	}
44 | 	fmt.Println("deleted successfully")
45 | }
46 | 


--------------------------------------------------------------------------------
/cmd/unbound_hostoverride_create_update.go:
--------------------------------------------------------------------------------
 1 | package cmd
 2 | 
 3 | import (
 4 | 	"fmt"
 5 | 	"github.com/eugenmayer/opnsense-cli/opnsense/api/unbound"
 6 | 	"github.com/spf13/cobra"
 7 | 	"log"
 8 | 	"net"
 9 | )
10 | 
11 | var unboundHostOverrideCreateCmd = &cobra.Command{
12 | 	Use:   "create",
13 | 	Short: "Create an Unbound Host Override",
14 | 	Run:   hostOverrideCreateUpdateRun,
15 | }
16 | 
17 | var unboundHostOverrideUpdateCmd = &cobra.Command{
18 | 	Use:   "update",
19 | 	Short: "Update an Unbound Host Override",
20 | 	Run:   hostOverrideCreateUpdateRun,
21 | }
22 | 
23 | func init() {
24 | 	setupUnboundHostOverrideCreateUpdateCommand(unboundHostOverrideCreateCmd)
25 | 	setupUnboundHostOverrideCreateUpdateCommand(unboundHostOverrideUpdateCmd)
26 | 	unboundHostOverrideCmd.AddCommand(unboundHostOverrideCreateCmd)
27 | 	unboundHostOverrideCmd.AddCommand(unboundHostOverrideUpdateCmd)
28 | }
29 | 
30 | func setupUnboundHostOverrideCreateUpdateCommand(command *cobra.Command) {
31 | 	command.Flags().StringVarP(&HOSTOVERRIDEhost, "host", "", "", "the host part")
32 | 	command.Flags().StringVarP(&HOSTOVERRIDEdomain, "domain", "", "", "the domain part")
33 | 	command.Flags().StringVarP(&HOSTOVERRIDEip, "ip", "", "", "the ip4 address like 10.10.10.10")
34 | 	command.Flags().StringVarP(&HOSTOVERRIDErr, "rr", "", "A", "Record type, defaults to A")
35 | 	command.Flags().StringVarP(&HOSTOVERRIDEmxprio, "mxprio", "", "", "MX Prio a number, defaults to empty")
36 | 	command.Flags().StringVarP(&HOSTOVERRIDEmx, "mx", "", "", "MX Host, defaults to empty")
37 | 	command.Flags().StringVarP(&HOSTOVERRIDEdescription, "description", "", "", "Entry description")
38 | 	command.Flags().StringVarP(&HOSTOVERRIDEnabled, "enabled", "", "1", "Should the entry be enabled. 1 (true) by default")
39 | 
40 | 	_ = command.MarkFlagRequired("host")
41 | 	_ = command.MarkFlagRequired("domain")
42 | 	_ = command.MarkFlagRequired("ip")
43 | }
44 | 
45 | func hostOverrideCreateUpdateRun(_ *cobra.Command, _ []string) {
46 | 	var unboundApi = unbound.UnboundApi{OPNsense: GetOPNsenseApi()}
47 | 	hostOverride := unbound.HostOverride{
48 | 		Host:        HOSTOVERRIDEhost,
49 | 		Domain:      HOSTOVERRIDEdomain,
50 | 		Ip:          HOSTOVERRIDEip,
51 | 		Mxprio:      HOSTOVERRIDEmxprio,
52 | 		Mx:          HOSTOVERRIDEmx,
53 | 		Description: HOSTOVERRIDEdescription,
54 | 		Rr:          HOSTOVERRIDErr,
55 | 		Enabled:     HOSTOVERRIDEnabled,
56 | 	}
57 | 
58 | 	if net.ParseIP(hostOverride.Ip) == nil {
59 | 		log.Fatal(fmt.Sprintf("your IP is invalid: %s", hostOverride.Ip))
60 | 	}
61 | 
62 | 	var uuid, err = unboundApi.HostOverrideCreateOrUpdate(hostOverride)
63 | 	if err != nil {
64 | 		log.Fatal(err)
65 | 	}
66 | 	fmt.Println(fmt.Sprintf("Create or update successfully, uuid: %s", uuid))
67 | }
68 | 


--------------------------------------------------------------------------------
/opnsense/api/api.go:
--------------------------------------------------------------------------------
 1 | package api
 2 | 
 3 | import (
 4 | 	"crypto/tls"
 5 | 	"crypto/x509"
 6 | 	"errors"
 7 | 	"fmt"
 8 | 	"github.com/joho/godotenv"
 9 | 	"net/http"
10 | 	"net/url"
11 | 	"os"
12 | )
13 | 
14 | type OPNsense struct {
15 | 	BaseUrl     url.URL
16 | 	ApiKey      string
17 | 	ApiSecret   string
18 | 	NoSslVerify bool
19 | }
20 | 
21 | func (opn *OPNsense) Send(request *http.Request) (*http.Response, error) {
22 | 	var client = &http.Client{}
23 | 
24 | 	certPool, _ := x509.SystemCertPool()
25 | 	client.Transport = &http.Transport{
26 | 		TLSClientConfig: &tls.Config{
27 | 			InsecureSkipVerify: opn.NoSslVerify,
28 | 			RootCAs:            certPool,
29 | 		},
30 | 	}
31 | 
32 | 	request.SetBasicAuth(opn.ApiKey, opn.ApiSecret)
33 | 	return client.Do(request)
34 | }
35 | 
36 | type NotFoundError struct {
37 | 	Name string
38 | 	Err  error
39 | }
40 | 
41 | type TooManyFoundError struct {
42 | 	Name string
43 | 	Err  error
44 | }
45 | 
46 | func (f *NotFoundError) Error() string {
47 | 	return fmt.Sprintf("not found: %s", f.Name)
48 | }
49 | 
50 | func (f *TooManyFoundError) Error() string {
51 | 	return fmt.Sprintf("too many found: %s", f.Name)
52 | }
53 | 
54 | func ConfigureFromEnv() (*OPNsense, error) {
55 | 	_ = godotenv.Load()
56 | 
57 | 	if _, isset := os.LookupEnv("OPN_URL"); !isset {
58 | 		return nil, errors.New(fmt.Sprintf("Please set the OPN_URL to your opnsense opnUrl like https://myopnsense:10443"))
59 | 	}
60 | 
61 | 	if _, isset := os.LookupEnv("OPN_APIKEY"); !isset {
62 | 		return nil, errors.New(fmt.Sprintf("Please set OPN_APIKEY to your opnsense api apiKey"))
63 | 	}
64 | 
65 | 	if _, isset := os.LookupEnv("OPN_APISECRET"); !isset {
66 | 		return nil, errors.New(fmt.Sprintf("Please set OPN_APISECRET to your opnsense api apiSecret"))
67 | 	}
68 | 
69 | 	var parsedUrl, err = url.Parse(os.Getenv("OPN_URL"))
70 | 	if err != nil {
71 | 		return nil, err
72 | 	}
73 | 
74 | 	return &OPNsense{
75 | 		BaseUrl:     *parsedUrl,
76 | 		ApiKey:      os.Getenv("OPN_APIKEY"),
77 | 		ApiSecret:   os.Getenv("OPN_APISECRET"),
78 | 		NoSslVerify: os.Getenv("OPN_NOSSLVERIFY") == "1",
79 | 	}, nil
80 | }
81 | 
82 | // EndpointForModule so basically api/<plugin>
83 | func (opn *OPNsense) EndpointForModule(module string) string {
84 | 	return fmt.Sprintf("%s/api/%s", opn.BaseUrl.String(), module)
85 | }
86 | 
87 | // EndpointForModuleController so basically api/<plugin>/<controller>
88 | func (opn *OPNsense) EndpointForModuleController(module string, controller string) string {
89 | 	return fmt.Sprintf("%s/%s", opn.EndpointForModule(module), controller)
90 | }
91 | 
92 | // EndpointForPluginControllerMethod so basically api/<plugin>/<controller>/<method>
93 | func (opn *OPNsense) EndpointForPluginControllerMethod(module string, controller string, method string) string {
94 | 	return fmt.Sprintf("%s/%s", opn.EndpointForModuleController(module, controller), method)
95 | }
96 | 


--------------------------------------------------------------------------------
/opnsense/api/unbound/service.go:
--------------------------------------------------------------------------------
  1 | package unbound
  2 | 
  3 | import (
  4 | 	"encoding/json"
  5 | 	"errors"
  6 | 	"fmt"
  7 | 	"net/http"
  8 | )
  9 | 
 10 | func (opn *UnboundApi) ServiceRestart() error {
 11 | 	// endpoint
 12 | 	var endpoint = opn.EndpointForPluginControllerMethod("unbound", "service", "restart")
 13 | 
 14 | 	// create our Request
 15 | 	request, reqCreationErr := http.NewRequest("POST", endpoint, nil)
 16 | 	if reqCreationErr != nil {
 17 | 		return reqCreationErr
 18 | 	}
 19 | 
 20 | 	var response, reqErr = opn.Send(request)
 21 | 	if reqErr != nil {
 22 | 		return reqErr
 23 | 	}
 24 | 
 25 | 	if response.StatusCode == 200 {
 26 | 		// else
 27 | 		return nil
 28 | 	} else {
 29 | 		var container struct {
 30 | 			Status  string `json:"status"`
 31 | 			Message string `json:"message"`
 32 | 		}
 33 | 
 34 | 		if err := json.NewDecoder(response.Body).Decode(&container); err != nil {
 35 | 			return err
 36 | 		}
 37 | 		return errors.New(fmt.Sprintf("%s:%s", container.Message, reqErr))
 38 | 	}
 39 | }
 40 | 
 41 | func (opn *UnboundApi) ServiceReconfigure() error {
 42 | 	// endpoint
 43 | 	var endpoint = opn.EndpointForPluginControllerMethod("unbound", "service", "reconfigure")
 44 | 
 45 | 	// create our Request
 46 | 	request, reqCreationErr := http.NewRequest("POST", endpoint, nil)
 47 | 	if reqCreationErr != nil {
 48 | 		return reqCreationErr
 49 | 	}
 50 | 
 51 | 	var response, reqErr = opn.Send(request)
 52 | 	if reqErr != nil {
 53 | 		return reqErr
 54 | 	}
 55 | 
 56 | 	if response.StatusCode == 200 {
 57 | 		// else
 58 | 		return nil
 59 | 	} else {
 60 | 		var container struct {
 61 | 			Status  string `json:"status"`
 62 | 			Message string `json:"message"`
 63 | 		}
 64 | 
 65 | 		if err := json.NewDecoder(response.Body).Decode(&container); err != nil {
 66 | 			return err
 67 | 		}
 68 | 		return errors.New(fmt.Sprintf("%s:%s", container.Message, reqErr))
 69 | 	}
 70 | }
 71 | 
 72 | func (opn *UnboundApi) ServiceStatus() (string, error) {
 73 | 	// endpoint
 74 | 	var endpoint = opn.EndpointForPluginControllerMethod("unbound", "service", "status")
 75 | 
 76 | 	// create our Request
 77 | 	request, reqCreationErr := http.NewRequest("GET", endpoint, nil)
 78 | 	if reqCreationErr != nil {
 79 | 		return "", reqCreationErr
 80 | 	}
 81 | 
 82 | 	var response, reqErr = opn.Send(request)
 83 | 	if reqErr != nil {
 84 | 		return "", reqErr
 85 | 	}
 86 | 
 87 | 	if response.StatusCode == 200 {
 88 | 		var container struct {
 89 | 			Status string `json:"status"`
 90 | 		}
 91 | 		if err := json.NewDecoder(response.Body).Decode(&container); err != nil {
 92 | 			return "", err
 93 | 		}
 94 | 		// else
 95 | 		return container.Status, nil
 96 | 	} else {
 97 | 		var container struct {
 98 | 			Status  string `json:"status"`
 99 | 			Message string `json:"message"`
100 | 		}
101 | 
102 | 		if err := json.NewDecoder(response.Body).Decode(&container); err != nil {
103 | 			return "", err
104 | 		}
105 | 		return "", errors.New(fmt.Sprintf("%s:%s", container.Message, reqErr))
106 | 	}
107 | }
108 | 


--------------------------------------------------------------------------------
/Vagrantfile:
--------------------------------------------------------------------------------
 1 | module LocalCommand
 2 |   class Config < Vagrant.plugin("2", :config)
 3 |     attr_accessor :command
 4 |   end
 5 | 
 6 |   class Plugin < Vagrant.plugin("2")
 7 |     name "local_shell"
 8 | 
 9 |     config(:local_shell, :provisioner) do
10 |       Config
11 |     end
12 | 
13 |     provisioner(:local_shell) do
14 |       Provisioner
15 |     end
16 |   end
17 | 
18 |   class Provisioner < Vagrant.plugin("2", :provisioner)
19 |     def provision
20 |       result = system "#{config.command}"
21 |     end
22 |   end
23 | end
24 | 
25 | Vagrant.configure("2") do |config|
26 |   config.vm.box = "eugenmayer/opnsense"
27 | 
28 |   config.ssh.sudo_command = "%c"
29 |   config.ssh.shell = "/bin/sh"
30 |   config.ssh.password = "opnsense"
31 |   config.ssh.username = "root"
32 |   config.ssh.port = "10022"
33 |   # we need to use rsync, no vbox drivers for bsd
34 |   config.vm.synced_folder ".", "/vagrant", disabled: true
35 | 
36 |   config.vm.define 'opnsense', autostart: false do |test|
37 |     test.vm.provider 'virtualbox' do |vb|
38 |       vb.customize ['modifyvm',:id, '--nic1', 'intnet', '--nic2', 'nat'] # swap the networks around
39 |       vb.customize ['modifyvm', :id, '--natpf2', "ssh,tcp,127.0.0.1,10022,,22" ] #port forward
40 |       vb.customize ['modifyvm', :id, '--natpf2', "https,tcp,127.0.0.1,10443,,443" ] #port forward
41 |       vb.customize ['modifyvm', :id, '--natpf2', "openvpn,tcp,127.0.0.1,11194,,1194" ] # openvpn
42 |       #vb.customize ['modifyvm', :id, '--natpf1', "https,tcp,127.0.0.1,1443,,443" ] #port forward
43 |     end
44 | 
45 |     # install dev tools
46 |     test.vm.provision "shell",
47 |       inline: "pkg update && pkg install -y vim-lite joe nano gnu-watch git tmux screen",
48 |       run: "once"
49 | 
50 |     # replace the public ssh key for the root user with the one vagrant deployed for comms before we restart - or we lock vagrant out
51 |     test.vm.provision "inject-pubkey-into-config", type: "local_shell", command: "export PUB=$(ssh-keygen -f .vagrant/machines/opnsense/virtualbox/private_key -y | base64) && xmlstarlet ed --inplace -u '/opnsense/system/user/authorizedkeys' -v \"$PUB\" config.xml"
52 |     # apply our configuration so we have a configured radius with users and clients and an active openvpn server
53 |     test.vm.provision "file", source: "./config.xml", destination: "/conf/config.xml"
54 |     test.vm.provision "shell",
55 |       inline: "echo 'rebooting to apply config' && reboot"
56 | 
57 |     test.vm.provision "sleep-for-reboot", type: "local_shell", command: "echo 'waiting for the reboot' && sleep 50"
58 | 
59 |     test.vm.provision "shell",
60 |       inline: "setenv openvpn_version 0.0.4 && curl -Lo os-openvpn-devel-${openvpn_version}.txz https://github.com/EugenMayer/opnsense-openvpn-plugin/raw/master/dist/os-openvpn-devel-${openvpn_version}.txz && pkg add os-openvpn-devel-${openvpn_version}.txz"
61 |     test.vm.provision "shell",
62 |       inline: "setenv unbound_version 0.0.2 && curl -Lo os-unbound-devel-${unbound_version}.txz https://github.com/EugenMayer/opnsense-unbound-plugin/raw/master/dist/os-unbound-devel-${unbound_version}.txz && pkg add os-unbound-devel-${unbound_version}.txz"
63 |   end
64 | end
65 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | [![build](https://github.com/EugenMayer/opnsense-cli/actions/workflows/build.yml/badge.svg)](https://github.com/EugenMayer/opnsense-cli/actions/workflows/build.yml)
 2 | 
 3 | ## WAT
 4 | 
 5 | Implementation of the OPNsense WebAPI to be used on the CLI or as a library - written in Golang
 6 | 
 7 | Compatible with OPNsense 22.1 and higher.
 8 | 
 9 | ## Installation
10 | 
11 | Its precompiled and has no dependencies, so just download the binary, and you are good to go
12 | 
13 |     Pick a release from https://github.com/EugenMayer/opnsense-cli/releases
14 |     chmod +x opn-*
15 | 
16 | You need to create a .env (dotenv) for the secrets, or expose them into your ENV using `export`
17 | 
18 |     OPN_URL=https://localhost:10443
19 |     OPN_APIKEY=5GWbPwKfXVLzgJnewKuu1IPw2HS7s510jKHmTM+rLA1y9VfEFE57yj/kJiWbXREB0EgpBK48u4gnyign
20 |     OPN_APISECRET=EtpPVbiCBdtvG5VDlYJQfLu7Qck2hRffoLi2vb73arn5bKzxEbGdti8+iZetgc9eHABJy6XYG6/UsW/1`
21 |     # if we should not verify SSL while talking to opn, enable that
22 |     #OPN_NOSSLVERIFY=1
23 | 
24 | ## Commands included
25 | 
26 | Just run 
27 | 
28 |     opn 
29 | 
30 | to see a full list. Currently implemented
31 | 
32 | - managing host overrides for unbound (CRUD + list)
33 | 
34 | 
35 | ## Usage: cli
36 | 
37 |     opn --help
38 | 
39 |     # unbound host DNS entries
40 |     opn unbound hostoverride create --host foo --domain bar.tld --ip 10.10.10.1
41 |     opn unbound hostoverride update --host foo --domain bar.tld --ip 10.10.10.2
42 |     opn unbound hostoverride show --host foo --domain bar.tld
43 |     opn unbound hostoverride rm --host foo --domain bar.tld
44 |     opn unbound hostoverride list
45 | 
46 |     # unbound service
47 |     opn unbound service restart
48 |     opn unbound service reconfigure
49 |     opn unbound service status
50 | 
51 | **HINT**: Right now, as of 22.7, you have to run `reconfigure` everytime you change a hostentry on `unbound`, so e.g.
52 | 
53 |     # this will yet not show up when you run a DNS query
54 |     opn unbound hostoverride create --host foo --domain bar.tld --ip 10.10.10.1
55 |     # after that, it will
56 |     opn unbound service reconfigure
57 | 
58 | This might change in later releases.
59 | 
60 | ## Usage: GoLang library
61 | 
62 |     import (
63 |       opn_unbound "github.com/eugenmayer/opnsense-cli/opnsense/api/unbound"
64 |       opn_api "github.com/eugenmayer/opnsense-cli/opnsense/api"
65 |     )
66 |      
67 |     func create_host_entry() error {
68 |         var opnUnboundConnection opn_unbound.UnboundApi
69 | 
70 |         if opnConnection, opnErr := opn_api.ConfiugreFromEnv(); opnErr != nil {
71 |             return errors.New(fmt.Sprintf("Error getting OPNsense connection: %s", opnErr))
72 |         } else {
73 |             opnUnboundConnection = opn_unbound.UnboundApi{opnConnection}
74 |         }
75 |     
76 |         var dnsHostEntry = opn_unbound.HostOverride{
77 |             Host:   "test,
78 |             Domain: "foo.tld,
79 |             Ip:     "10.10.10.1",
80 |         }
81 |         
82 |         _, _ := opnUnboundConnection.HostOverrideCreateOrUpdate(dnsHostEntry)
83 |     }
84 | 
85 | ## Development
86 | 
87 |     # building
88 |     make build
89 | 
90 | ## Contributions
91 | 
92 | If you like to add a new command implementing OPNsense API reference https://docs.opnsense.org/development/api.html#introduction - open a PR and iam happy to add it. Be bold. 
93 | 


--------------------------------------------------------------------------------
/opnsense/api/unbound/hostoverride.go:
--------------------------------------------------------------------------------
  1 | package unbound
  2 | 
  3 | import (
  4 | 	"bytes"
  5 | 	"encoding/json"
  6 | 	"errors"
  7 | 	"fmt"
  8 | 	coreapi "github.com/eugenmayer/opnsense-cli/opnsense/api"
  9 | 	"io"
 10 | 	"net/http"
 11 | )
 12 | 
 13 | //goland:noinspection GoNameStartsWithPackageName
 14 | type UnboundApi struct {
 15 | 	*coreapi.OPNsense
 16 | }
 17 | 
 18 | type HostOverride struct {
 19 | 	// 0 for disabled, 1 for enabled
 20 | 	Enabled     string `json:"enabled"`
 21 | 	Host        string `json:"hostname"`
 22 | 	Domain      string `json:"domain"`
 23 | 	Ip          string `json:"server"`
 24 | 	Rr          string `json:"rr"`          // A, MX, CNAME...
 25 | 	Mxprio      string `json:"mxprio"`      // 10, 20
 26 | 	Mx          string `json:"mx"`          // mail.domain.tld ...
 27 | 	Description string `json:"description"` // any arbitrary text
 28 | 	Uuid        string `json:"uuid"`
 29 | }
 30 | 
 31 | func (opn *UnboundApi) HostOverrideCreateOrUpdate(hostOverride HostOverride) (string, error) {
 32 | 	if hostOverride.Uuid == "" { // no uuid given use host / domain based fuzzy search
 33 | 		var searchResult, _ = opn.HostEntryGetByFQDN(hostOverride.Host, hostOverride.Domain)
 34 | 
 35 | 		if searchResult.Uuid != "" {
 36 | 			fmt.Println(fmt.Sprintf("Found entry with same FQDN, doing update with uuid: %s", searchResult.Uuid))
 37 | 			hostOverride.Uuid = searchResult.Uuid
 38 | 		}
 39 | 	}
 40 | 
 41 | 	if hostOverride.Uuid == "" {
 42 | 		return opn.HostOverrideCreate(hostOverride)
 43 | 	} else {
 44 | 		return opn.HostOverrideUpdate(hostOverride)
 45 | 	}
 46 | }
 47 | 
 48 | func (opn *UnboundApi) HostOverrideUpdate(hostOverride HostOverride) (string, error) {
 49 | 	// endpoint
 50 | 	var endpoint = opn.EndpointForPluginControllerMethod("unbound", "settings", "setHostOverride")
 51 | 	var fullPath = fmt.Sprintf("%s/%s", endpoint, hostOverride.Uuid)
 52 | 
 53 | 	var container struct {
 54 | 		HostOverride HostOverride `json:"host"`
 55 | 	}
 56 | 
 57 | 	container.HostOverride = hostOverride
 58 | 	// create our Request
 59 | 	jsonBody := new(bytes.Buffer)
 60 | 	if err := json.NewEncoder(jsonBody).Encode(container); err != nil {
 61 | 		return "", err
 62 | 	}
 63 | 
 64 | 	request, reqCreationErr := http.NewRequest("POST", fullPath, jsonBody)
 65 | 	if reqCreationErr != nil {
 66 | 		return "", reqCreationErr
 67 | 	}
 68 | 	request.Header.Set("Content-Type", "application/json")
 69 | 
 70 | 	var response, reqErr = opn.Send(request)
 71 | 	if reqErr != nil {
 72 | 		return "", reqErr
 73 | 	}
 74 | 
 75 | 	if response.StatusCode == 200 {
 76 | 		var resultContainer struct {
 77 | 			ResultStatus string `json:"result"`
 78 | 			Uuid         string `json:"uuid"`
 79 | 		}
 80 | 
 81 | 		if err := json.NewDecoder(response.Body).Decode(&resultContainer); err != nil {
 82 | 			return "", err
 83 | 		}
 84 | 		// else
 85 | 		return resultContainer.Uuid, nil
 86 | 	} else {
 87 | 		var container struct {
 88 | 			Status  string `json:"status"`
 89 | 			Message string `json:"message"`
 90 | 		}
 91 | 
 92 | 		if err := json.NewDecoder(response.Body).Decode(&container); err != nil {
 93 | 			return "", err
 94 | 		}
 95 | 
 96 | 		return "", errors.New(container.Message)
 97 | 	}
 98 | }
 99 | 
100 | func (opn *UnboundApi) HostOverrideCreate(hostOverride HostOverride) (string, error) {
101 | 	// endpoint
102 | 	var endpoint = opn.EndpointForPluginControllerMethod("unbound", "settings", "addHostOverride")
103 | 
104 | 	var container struct {
105 | 		HostOverride HostOverride `json:"host"`
106 | 	}
107 | 
108 | 	container.HostOverride = hostOverride
109 | 	// create our Request
110 | 	jsonBody := new(bytes.Buffer)
111 | 	if err := json.NewEncoder(jsonBody).Encode(container); err != nil {
112 | 		return "", err
113 | 	}
114 | 
115 | 	request, reqCreationErr := http.NewRequest("POST", endpoint, jsonBody)
116 | 	if reqCreationErr != nil {
117 | 		return "", reqCreationErr
118 | 	}
119 | 	request.Header.Set("Content-Type", "application/json")
120 | 
121 | 	var response, reqErr = opn.Send(request)
122 | 	if reqErr != nil {
123 | 		return "", reqErr
124 | 	}
125 | 
126 | 	if response.StatusCode == 200 {
127 | 		var resultContainer struct {
128 | 			ResultStatus string `json:"result"`
129 | 			Uuid         string `json:"uuid"`
130 | 		}
131 | 
132 | 		if err := json.NewDecoder(response.Body).Decode(&resultContainer); err != nil {
133 | 			return "", err
134 | 		}
135 | 		// else
136 | 		return resultContainer.Uuid, nil
137 | 	} else {
138 | 		var container struct {
139 | 			Status  string `json:"status"`
140 | 			Message string `json:"message"`
141 | 		}
142 | 
143 | 		if err := json.NewDecoder(response.Body).Decode(&container); err != nil {
144 | 			return "", err
145 | 		}
146 | 
147 | 		return "", errors.New(container.Message)
148 | 	}
149 | }
150 | 
151 | func (opn *UnboundApi) HostEntryGetByFQDN(host string, domain string) (HostOverride, error) {
152 | 	// endpoint
153 | 	var endpoint = opn.EndpointForPluginControllerMethod("unbound", "settings", "searchHostOverride")
154 | 
155 | 	// we search for the host first and compare the domain later (searchPhrase does not support searching for FQDN)
156 | 	var reqUrl = fmt.Sprintf("%s?searchPhrase=%s", endpoint, host)
157 | 	// create our Request
158 | 	var request, reqCreationErr = http.NewRequest("GET", reqUrl, nil)
159 | 
160 | 	if reqCreationErr != nil {
161 | 		return HostOverride{}, reqCreationErr
162 | 	}
163 | 
164 | 	// send it to the server
165 | 	var response, reqErr = opn.Send(request)
166 | 	if reqErr != nil {
167 | 		bodyBytes, _ := io.ReadAll(response.Body)
168 | 		bodyString := string(bodyBytes)
169 | 		return HostOverride{}, errors.New(fmt.Sprintf("%s:%s", bodyString, reqErr))
170 | 	}
171 | 
172 | 	if response.StatusCode == 200 {
173 | 		var container struct {
174 | 			Overrides []HostOverride `json:"rows"`
175 | 		}
176 | 
177 | 		if err := json.NewDecoder(response.Body).Decode(&container); err != nil {
178 | 			return HostOverride{}, err
179 | 		}
180 | 		// else
181 | 
182 | 		var allWithMatchingDomain = Filter(container.Overrides, func(override HostOverride) bool {
183 | 			return override.Domain == domain
184 | 		})
185 | 
186 | 		if len(allWithMatchingDomain) > 1 {
187 | 			return HostOverride{}, &coreapi.TooManyFoundError{
188 | 				Err:  nil,
189 | 				Name: "found more then one entry",
190 | 			}
191 | 		}
192 | 
193 | 		if len(allWithMatchingDomain) == 0 {
194 | 			return HostOverride{}, &coreapi.NotFoundError{
195 | 				Err:  nil,
196 | 				Name: "hostentry",
197 | 			}
198 | 		}
199 | 
200 | 		// else
201 | 		return allWithMatchingDomain[0], nil
202 | 	} else if response.StatusCode == 404 {
203 | 		return HostOverride{}, &coreapi.NotFoundError{
204 | 			Err:  nil,
205 | 			Name: "hostentry",
206 | 		}
207 | 	} else {
208 | 		var container struct {
209 | 			Status  string `json:"status"`
210 | 			Message string `json:"message"`
211 | 		}
212 | 
213 | 		if err := json.NewDecoder(response.Body).Decode(&container); err != nil {
214 | 			return HostOverride{}, err
215 | 		}
216 | 		return HostOverride{}, errors.New(fmt.Sprintf("%s", container.Message))
217 | 	}
218 | }
219 | 
220 | func (opn *UnboundApi) HostOverrideList() ([]HostOverride, error) {
221 | 	// endpoint
222 | 	var endpoint = opn.EndpointForPluginControllerMethod("unbound", "settings", "searchHostOverride")
223 | 
224 | 	// create our Request
225 | 	var request, reqCreationErr = http.NewRequest("GET", endpoint, nil)
226 | 
227 | 	if reqCreationErr != nil {
228 | 		return []HostOverride{}, reqCreationErr
229 | 	}
230 | 
231 | 	// send it to the server
232 | 	var response, reqErr = opn.Send(request)
233 | 	if reqErr != nil {
234 | 		bodyBytes, _ := io.ReadAll(response.Body)
235 | 		bodyString := string(bodyBytes)
236 | 		return []HostOverride{}, errors.New(fmt.Sprintf("%s:%s", bodyString, reqErr))
237 | 	}
238 | 
239 | 	if response.StatusCode == 200 {
240 | 		var container struct {
241 | 			Overrides []HostOverride `json:"rows"`
242 | 		}
243 | 
244 | 		if err := json.NewDecoder(response.Body).Decode(&container); err != nil {
245 | 			return []HostOverride{}, err
246 | 		}
247 | 
248 | 		// else
249 | 		return container.Overrides, nil
250 | 	} else {
251 | 		var container struct {
252 | 			Status  string `json:"status"`
253 | 			Message string `json:"message"`
254 | 		}
255 | 
256 | 		if err := json.NewDecoder(response.Body).Decode(&container); err != nil {
257 | 			return []HostOverride{}, err
258 | 		}
259 | 		return []HostOverride{}, errors.New(fmt.Sprintf("%s:%s", container.Message, reqErr))
260 | 	}
261 | }
262 | 
263 | func (opn *UnboundApi) HostEntryRemove(uuid string) error {
264 | 	// endpoint
265 | 	var endpoint = opn.EndpointForPluginControllerMethod("unbound", "settings", "delHostOverride")
266 | 	var fullPath = fmt.Sprintf("%s/%s", endpoint, uuid)
267 | 
268 | 	// create our Request
269 | 	request, reqCreationErr := http.NewRequest("POST", fullPath, nil)
270 | 	if reqCreationErr != nil {
271 | 		return reqCreationErr
272 | 	}
273 | 
274 | 	var response, reqErr = opn.Send(request)
275 | 	if reqErr != nil {
276 | 		return reqErr
277 | 	}
278 | 
279 | 	if response.StatusCode == 200 {
280 | 		var resultContainer struct {
281 | 			Result string `json:"result"`
282 | 		}
283 | 
284 | 		if err := json.NewDecoder(response.Body).Decode(&resultContainer); err != nil {
285 | 			return err
286 | 		}
287 | 		// else
288 | 		return nil
289 | 	} else {
290 | 		var container struct {
291 | 			Status  string `json:"status"`
292 | 			Message string `json:"message"`
293 | 		}
294 | 
295 | 		if err := json.NewDecoder(response.Body).Decode(&container); err != nil {
296 | 			return err
297 | 		}
298 | 		return errors.New(fmt.Sprintf("%s:%s", container.Message, reqErr))
299 | 	}
300 | }
301 | 
302 | func (opn *UnboundApi) HostEntryExists(host string, domain string) (bool, error) {
303 | 	if _, err := opn.HostEntryGetByFQDN(host, domain); err != nil {
304 | 		switch err.(type) {
305 | 		case *coreapi.NotFoundError:
306 | 			return false, nil
307 | 		default:
308 | 			return true, err
309 | 		}
310 | 	}
311 | 	// else found something
312 | 	return true, nil
313 | }
314 | 
315 | func Filter[T any](vs []T, f func(T) bool) []T {
316 | 	filtered := make([]T, 0)
317 | 	for _, v := range vs {
318 | 		if f(v) {
319 | 			filtered = append(filtered, v)
320 | 		}
321 | 	}
322 | 	return filtered
323 | }
324 | 


--------------------------------------------------------------------------------
/config.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0"?>
  2 | <opnsense>
  3 |   <lastchange/>
  4 |   <theme>opnsense</theme>
  5 |   <sysctl>
  6 |     <item>
  7 |       <descr>Disable the pf ftp proxy handler.</descr>
  8 |       <tunable>debug.pfftpproxy</tunable>
  9 |       <value>default</value>
 10 |     </item>
 11 |     <item>
 12 |       <descr>Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html</descr>
 13 |       <tunable>vfs.read_max</tunable>
 14 |       <value>default</value>
 15 |     </item>
 16 |     <item>
 17 |       <descr>Set the ephemeral port range to be lower.</descr>
 18 |       <tunable>net.inet.ip.portrange.first</tunable>
 19 |       <value>default</value>
 20 |     </item>
 21 |     <item>
 22 |       <descr>Drop packets to closed TCP ports without returning a RST</descr>
 23 |       <tunable>net.inet.tcp.blackhole</tunable>
 24 |       <value>default</value>
 25 |     </item>
 26 |     <item>
 27 |       <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
 28 |       <tunable>net.inet.udp.blackhole</tunable>
 29 |       <value>default</value>
 30 |     </item>
 31 |     <item>
 32 |       <descr>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</descr>
 33 |       <tunable>net.inet.ip.random_id</tunable>
 34 |       <value>default</value>
 35 |     </item>
 36 |     <item>
 37 |       <descr>        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.        It can also be used to probe for information about your internal networks. These functions come enabled        as part of the standard FreeBSD core system.      </descr>
 38 |       <tunable>net.inet.ip.sourceroute</tunable>
 39 |       <value>default</value>
 40 |     </item>
 41 |     <item>
 42 |       <descr>        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.        It can also be used to probe for information about your internal networks. These functions come enabled        as part of the standard FreeBSD core system.      </descr>
 43 |       <tunable>net.inet.ip.accept_sourceroute</tunable>
 44 |       <value>default</value>
 45 |     </item>
 46 |     <item>
 47 |       <descr>        Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects        to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect        packets without returning a response.      </descr>
 48 |       <tunable>net.inet.icmp.drop_redirect</tunable>
 49 |       <value>default</value>
 50 |     </item>
 51 |     <item>
 52 |       <descr>        This option turns off the logging of redirect packets because there is no limit and this could fill        up your logs consuming your whole hard drive.      </descr>
 53 |       <tunable>net.inet.icmp.log_redirect</tunable>
 54 |       <value>default</value>
 55 |     </item>
 56 |     <item>
 57 |       <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
 58 |       <tunable>net.inet.tcp.drop_synfin</tunable>
 59 |       <value>default</value>
 60 |     </item>
 61 |     <item>
 62 |       <descr>Enable sending IPv4 redirects</descr>
 63 |       <tunable>net.inet.ip.redirect</tunable>
 64 |       <value>default</value>
 65 |     </item>
 66 |     <item>
 67 |       <descr>Enable sending IPv6 redirects</descr>
 68 |       <tunable>net.inet6.ip6.redirect</tunable>
 69 |       <value>default</value>
 70 |     </item>
 71 |     <item>
 72 |       <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
 73 |       <tunable>net.inet6.ip6.use_tempaddr</tunable>
 74 |       <value>default</value>
 75 |     </item>
 76 |     <item>
 77 |       <descr>Prefer privacy addresses and use them over the normal addresses</descr>
 78 |       <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
 79 |       <value>default</value>
 80 |     </item>
 81 |     <item>
 82 |       <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
 83 |       <tunable>net.inet.tcp.syncookies</tunable>
 84 |       <value>default</value>
 85 |     </item>
 86 |     <item>
 87 |       <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
 88 |       <tunable>net.inet.tcp.recvspace</tunable>
 89 |       <value>default</value>
 90 |     </item>
 91 |     <item>
 92 |       <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
 93 |       <tunable>net.inet.tcp.sendspace</tunable>
 94 |       <value>default</value>
 95 |     </item>
 96 |     <item>
 97 |       <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
 98 |       <tunable>net.inet.tcp.delayed_ack</tunable>
 99 |       <value>default</value>
100 |     </item>
101 |     <item>
102 |       <descr>Maximum outgoing UDP datagram size</descr>
103 |       <tunable>net.inet.udp.maxdgram</tunable>
104 |       <value>default</value>
105 |     </item>
106 |     <item>
107 |       <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
108 |       <tunable>net.link.bridge.pfil_onlyip</tunable>
109 |       <value>default</value>
110 |     </item>
111 |     <item>
112 |       <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
113 |       <tunable>net.link.bridge.pfil_member</tunable>
114 |       <value>default</value>
115 |     </item>
116 |     <item>
117 |       <descr>Set to 1 to enable filtering on the bridge interface</descr>
118 |       <tunable>net.link.bridge.pfil_bridge</tunable>
119 |       <value>default</value>
120 |     </item>
121 |     <item>
122 |       <descr>Allow unprivileged access to tap(4) device nodes</descr>
123 |       <tunable>net.link.tap.user_open</tunable>
124 |       <value>default</value>
125 |     </item>
126 |     <item>
127 |       <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
128 |       <tunable>kern.randompid</tunable>
129 |       <value>default</value>
130 |     </item>
131 |     <item>
132 |       <descr>Maximum size of the IP input queue</descr>
133 |       <tunable>net.inet.ip.intr_queue_maxlen</tunable>
134 |       <value>default</value>
135 |     </item>
136 |     <item>
137 |       <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
138 |       <tunable>hw.syscons.kbd_reboot</tunable>
139 |       <value>default</value>
140 |     </item>
141 |     <item>
142 |       <descr>Enable TCP extended debugging</descr>
143 |       <tunable>net.inet.tcp.log_debug</tunable>
144 |       <value>default</value>
145 |     </item>
146 |     <item>
147 |       <descr>Set ICMP Limits</descr>
148 |       <tunable>net.inet.icmp.icmplim</tunable>
149 |       <value>default</value>
150 |     </item>
151 |     <item>
152 |       <descr>TCP Offload Engine</descr>
153 |       <tunable>net.inet.tcp.tso</tunable>
154 |       <value>default</value>
155 |     </item>
156 |     <item>
157 |       <descr>UDP Checksums</descr>
158 |       <tunable>net.inet.udp.checksum</tunable>
159 |       <value>default</value>
160 |     </item>
161 |     <item>
162 |       <descr>Maximum socket buffer size</descr>
163 |       <tunable>kern.ipc.maxsockbuf</tunable>
164 |       <value>default</value>
165 |     </item>
166 |   </sysctl>
167 |   <system>
168 |     <optimization>normal</optimization>
169 |     <hostname>OPNsense</hostname>
170 |     <domain>localdomain</domain>
171 |     <dnsallowoverride/>
172 |     <group>
173 |       <name>admins</name>
174 |       <description>System Administrators</description>
175 |       <scope>system</scope>
176 |       <gid>1999</gid>
177 |       <member>0</member>
178 |       <priv>user-shell-access</priv>
179 |       <priv>page-all</priv>
180 |     </group>
181 |     <user>
182 |       <name>root</name>
183 |       <descr>System Administrator</descr>
184 |       <scope>system</scope>
185 |       <groupname>admins</groupname>
186 |       <password>$2b$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
187 |       <authorizedkeys>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFEdnErd3RwSXpEbEdvSGlLanN6YzczWGRFeGdta3g1SDd1aTIwelQ1M1h5c2lmL0pwbkFsN2xNVUJNVnlwVFRIZElScmV5OVFBZTJCNkViSHEwdXZua1pHYm5LWDh5OG1TdUxRcjN1TndZdi9ITE1aUmY5MlFNT3R4ZDFBZ1RDQ1JHd0hPT3llMzBBRU9VNmovZDhWUVdLbGhldWcvdmRHeUVPOGVBdWhqL3BVK0svL3Z6cTF0ZldqcVNFREJYd2dVUldld29SNXlHYjlycWEzUmo3NnBiOWZsT2puWmN4YTJFeG4vcWQwNi9WY0Q0S2VSUk9jcGsrOVZYdXFURG9RS3FLejBtMFQ0UzBiU084MUlleFJYTWcxdUhYRGNYUTcxSkhJWTBzMzdvN3kwTm9KYjZWSVZ3V0lGUVRES3NjOTdBU3VjbXA5M0QxV05UTVhVcHFzQ2IK</authorizedkeys>
188 |       <uid>0</uid>
189 |       <apikeys>
190 |         <item>
191 |           <key>5GWbPwKfXVLzgJnewKuu1IPw2HS7s510jKHmTM+rLA1y9VfEFE57yj/kJiWbXREB0EgpBK48u4gnyign</key>
192 |           <secret>$6$$NKsOz2RKrUYnVAIF1GCf2IoFoS7nU35Z.Xsk1PN6SCeCZEl/ZYWvMHFEDi0ICdhxAPW/Y4A5.xfFMhjiInQ0f.</secret>
193 |         </item>
194 |       </apikeys>
195 |     </user>
196 |     <nextuid>2000</nextuid>
197 |     <nextgid>2000</nextgid>
198 |     <timezone>Etc/UTC</timezone>
199 |     <time-update-interval>300</time-update-interval>
200 |     <timeservers>0.nl.pool.ntp.org</timeservers>
201 |     <webgui>
202 |       <protocol>https</protocol>
203 |       <ssl-certref>5a3951eaa0f49</ssl-certref>
204 |     </webgui>
205 |     <disablenatreflection>yes</disablenatreflection>
206 |     <usevirtualterminal>1</usevirtualterminal>
207 |     <disableconsolemenu/>
208 |     <disablechecksumoffloading>1</disablechecksumoffloading>
209 |     <disablesegmentationoffloading>1</disablesegmentationoffloading>
210 |     <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
211 |     <ipv6allow/>
212 |     <powerd_ac_mode>hadp</powerd_ac_mode>
213 |     <powerd_battery_mode>hadp</powerd_battery_mode>
214 |     <powerd_normal_mode>hadp</powerd_normal_mode>
215 |     <bogons>
216 |       <interval>monthly</interval>
217 |     </bogons>
218 |     <kill_states/>
219 |     <enablesshd/>
220 |     <ssh>
221 |       <enabled>enabled</enabled>
222 |       <permitrootlogin>1</permitrootlogin>
223 |       <passwordauth>1</passwordauth>
224 |     </ssh>
225 |     <backupcount>60</backupcount>
226 |     <crypto_hardware>aesni</crypto_hardware>
227 |   </system>
228 |   <interfaces>
229 |     <wan>
230 |       <enable>1</enable>
231 |       <if>em1</if>
232 |       <ipaddr>dhcp</ipaddr>
233 |       <dhcphostname/>
234 |       <mtu/>
235 |       <subnet/>
236 |       <gateway/>
237 |       <media/>
238 |       <mediaopt/>
239 |       <blockbogons>1</blockbogons>
240 |       <ipaddrv6>dhcp6</ipaddrv6>
241 |       <dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
242 |     </wan>
243 |     <lan>
244 |       <enable>1</enable>
245 |       <if>em0</if>
246 |       <ipaddr>10.2.0.1</ipaddr>
247 |       <subnet>24</subnet>
248 |       <ipaddrv6>track6</ipaddrv6>
249 |       <subnetv6>64</subnetv6>
250 |       <media/>
251 |       <mediaopt/>
252 |       <track6-interface>wan</track6-interface>
253 |       <track6-prefix-id>0</track6-prefix-id>
254 |     </lan>
255 |     <openvpn>
256 |       <internal_dynamic>1</internal_dynamic>
257 |       <enable>1</enable>
258 |       <if>openvpn</if>
259 |       <descr>OpenVPN</descr>
260 |       <type>group</type>
261 |       <virtual>1</virtual>
262 |     </openvpn>
263 |   </interfaces>
264 |   <dhcpd>
265 |     <lan>
266 |       <enable/>
267 |       <range>
268 |         <from>10.2.0.2</from>
269 |         <to>10.2.0.200</to>
270 |       </range>
271 |     </lan>
272 |   </dhcpd>
273 |   <unbound>
274 |     <enable>1</enable>
275 |     <dnssec>1</dnssec>
276 |     <dnssecstripped>1</dnssecstripped>
277 |   </unbound>
278 |   <snmpd>
279 |     <syslocation/>
280 |     <syscontact/>
281 |     <rocommunity>public</rocommunity>
282 |   </snmpd>
283 |   <syslog>
284 |     <reverse/>
285 |   </syslog>
286 |   <nat>
287 |     <outbound>
288 |       <mode>automatic</mode>
289 |     </outbound>
290 |   </nat>
291 |   <filter>
292 |     <rule>
293 |       <type>pass</type>
294 |       <ipprotocol>inet</ipprotocol>
295 |       <descr>Default allow LAN to any rule</descr>
296 |       <interface>lan</interface>
297 |       <source>
298 |         <network>lan</network>
299 |       </source>
300 |       <destination>
301 |         <any/>
302 |       </destination>
303 |     </rule>
304 |     <rule>
305 |       <type>pass</type>
306 |       <ipprotocol>inet6</ipprotocol>
307 |       <descr>Default allow LAN IPv6 to any rule</descr>
308 |       <interface>lan</interface>
309 |       <source>
310 |         <network>lan</network>
311 |       </source>
312 |       <destination>
313 |         <any/>
314 |       </destination>
315 |     </rule>
316 |     <rule>
317 |       <type>pass</type>
318 |       <interface>wan</interface>
319 |       <ipprotocol>inet</ipprotocol>
320 |       <statetype>keep state</statetype>
321 |       <descr>Allow SSH access</descr>
322 |       <protocol>tcp</protocol>
323 |       <source>
324 |         <any/>
325 |       </source>
326 |       <destination>
327 |         <any/>
328 |         <port>22</port>
329 |       </destination>
330 |     </rule>
331 |     <rule>
332 |       <type>pass</type>
333 |       <interface>wan</interface>
334 |       <ipprotocol>inet</ipprotocol>
335 |       <statetype>keep state</statetype>
336 |       <descr>Allow incoming WebGUI access</descr>
337 |       <protocol>tcp</protocol>
338 |       <source>
339 |         <any/>
340 |       </source>
341 |       <destination>
342 |         <any/>
343 |         <port>443</port>
344 |       </destination>
345 |     </rule>
346 |   </filter>
347 |   <rrd>
348 |     <enable/>
349 |   </rrd>
350 |   <load_balancer>
351 |     <monitor_type>
352 |       <name>ICMP</name>
353 |       <type>icmp</type>
354 |       <descr>ICMP</descr>
355 |       <options/>
356 |     </monitor_type>
357 |     <monitor_type>
358 |       <name>TCP</name>
359 |       <type>tcp</type>
360 |       <descr>Generic TCP</descr>
361 |       <options/>
362 |     </monitor_type>
363 |     <monitor_type>
364 |       <name>HTTP</name>
365 |       <type>http</type>
366 |       <descr>Generic HTTP</descr>
367 |       <options>
368 |         <path>/</path>
369 |         <host/>
370 |         <code>200</code>
371 |       </options>
372 |     </monitor_type>
373 |     <monitor_type>
374 |       <name>HTTPS</name>
375 |       <type>https</type>
376 |       <descr>Generic HTTPS</descr>
377 |       <options>
378 |         <path>/</path>
379 |         <host/>
380 |         <code>200</code>
381 |       </options>
382 |     </monitor_type>
383 |     <monitor_type>
384 |       <name>SMTP</name>
385 |       <type>send</type>
386 |       <descr>Generic SMTP</descr>
387 |       <options>
388 |         <send/>
389 |         <expect>220 *</expect>
390 |       </options>
391 |     </monitor_type>
392 |   </load_balancer>
393 |   <widgets>
394 |     <sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
395 |     <column_count>2</column_count>
396 |   </widgets>
397 |   <revision>
398 |     <username>root@10.0.3.2</username>
399 |     <time>1515856490.7147</time>
400 |     <description>/api/freeradius/user/setUser/fbdbe6a9-2e68-42a2-b410-20bc2537e063 made changes</description>
401 |   </revision>
402 |   <OPNsense>
403 |     <captiveportal version="1.0.0">
404 |       <zones/>
405 |       <templates/>
406 |     </captiveportal>
407 |     <cron version="1.0.0">
408 |       <jobs/>
409 |     </cron>
410 |     <Netflow version="1.0.0">
411 |       <capture>
412 |         <interfaces/>
413 |         <egress_only>wan</egress_only>
414 |         <version>v9</version>
415 |         <targets/>
416 |       </capture>
417 |       <collect>
418 |         <enable>0</enable>
419 |       </collect>
420 |     </Netflow>
421 |     <IDS version="1.0.1">
422 |       <rules/>
423 |       <userDefinedRules/>
424 |       <files/>
425 |       <fileTags/>
426 |       <general>
427 |         <enabled>0</enabled>
428 |         <ips>0</ips>
429 |         <promisc>0</promisc>
430 |         <interfaces>wan</interfaces>
431 |         <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
432 |         <defaultPacketSize/>
433 |         <UpdateCron/>
434 |         <AlertLogrotate>W0D23</AlertLogrotate>
435 |         <AlertSaveLogs>4</AlertSaveLogs>
436 |         <MPMAlgo>ac</MPMAlgo>
437 |         <syslog>0</syslog>
438 |       </general>
439 |     </IDS>
440 |     <proxy version="1.0.0">
441 |       <general>
442 |         <enabled>0</enabled>
443 |         <icpPort/>
444 |         <logging>
445 |           <enable>
446 |             <accessLog>1</accessLog>
447 |             <storeLog>1</storeLog>
448 |           </enable>
449 |           <ignoreLogACL/>
450 |           <target/>
451 |         </logging>
452 |         <alternateDNSservers/>
453 |         <dnsV4First>0</dnsV4First>
454 |         <forwardedForHandling>on</forwardedForHandling>
455 |         <uriWhitespaceHandling>strip</uriWhitespaceHandling>
456 |         <useViaHeader>1</useViaHeader>
457 |         <suppressVersion>0</suppressVersion>
458 |         <VisibleEmail>admin@localhost.local</VisibleEmail>
459 |         <VisibleHostname>localhost</VisibleHostname>
460 |         <cache>
461 |           <local>
462 |             <enabled>0</enabled>
463 |             <directory>/var/squid/cache</directory>
464 |             <cache_mem>256</cache_mem>
465 |             <maximum_object_size/>
466 |             <size>100</size>
467 |             <l1>16</l1>
468 |             <l2>256</l2>
469 |           </local>
470 |         </cache>
471 |         <traffic>
472 |           <enabled>0</enabled>
473 |           <maxDownloadSize>2048</maxDownloadSize>
474 |           <maxUploadSize>1024</maxUploadSize>
475 |           <OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
476 |           <perHostTrotteling>256</perHostTrotteling>
477 |         </traffic>
478 |       </general>
479 |       <forward>
480 |         <interfaces>lan</interfaces>
481 |         <port>3128</port>
482 |         <sslbumpport>3129</sslbumpport>
483 |         <sslbump>0</sslbump>
484 |         <sslurlonly>0</sslurlonly>
485 |         <sslcertificate/>
486 |         <sslnobumpsites/>
487 |         <ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
488 |         <sslcrtd_children>5</sslcrtd_children>
489 |         <ftpInterfaces/>
490 |         <ftpPort>2121</ftpPort>
491 |         <ftpTransparentMode>0</ftpTransparentMode>
492 |         <addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
493 |         <transparentMode>0</transparentMode>
494 |         <acl>
495 |           <allowedSubnets/>
496 |           <unrestricted/>
497 |           <bannedHosts/>
498 |           <whiteList/>
499 |           <blackList/>
500 |           <browser/>
501 |           <mimeType/>
502 |           <safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
503 |           <sslPorts>443:https</sslPorts>
504 |           <remoteACLs>
505 |             <blacklists/>
506 |             <UpdateCron/>
507 |           </remoteACLs>
508 |         </acl>
509 |         <icap>
510 |           <enable>0</enable>
511 |           <RequestURL>icap://[::1]:1344/avscan</RequestURL>
512 |           <ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
513 |           <SendClientIP>1</SendClientIP>
514 |           <SendUsername>0</SendUsername>
515 |           <EncodeUsername>0</EncodeUsername>
516 |           <UsernameHeader>X-Username</UsernameHeader>
517 |           <EnablePreview>1</EnablePreview>
518 |           <PreviewSize>1024</PreviewSize>
519 |           <OptionsTTL>60</OptionsTTL>
520 |           <exclude/>
521 |         </icap>
522 |         <authentication>
523 |           <method/>
524 |           <realm>OPNsense proxy authentication</realm>
525 |           <credentialsttl>2</credentialsttl>
526 |           <children>5</children>
527 |         </authentication>
528 |       </forward>
529 |     </proxy>
530 |     <TrafficShaper version="1.0.1">
531 |       <pipes/>
532 |       <queues/>
533 |       <rules/>
534 |     </TrafficShaper>
535 |     <freeradius>
536 |       <eap version="1.0.0">
537 |         <default_eap_type>md5</default_eap_type>
538 |         <enable_client_cert>0</enable_client_cert>
539 |         <certificate/>
540 |       </eap>
541 |       <ldap version="1.0.0">
542 |         <protocol>LDAPS</protocol>
543 |         <server/>
544 |         <identity/>
545 |         <password/>
546 |         <base_dn>dc=example,dc=domain,dc=com</base_dn>
547 |       </ldap>
548 |       <client version="1.0.0">
549 |         <clients/>
550 |       </client>
551 |       <general version="1.0.0">
552 |         <enabled>1</enabled>
553 |         <vlanassign>0</vlanassign>
554 |         <ldap_enabled>0</ldap_enabled>
555 |         <wispr>0</wispr>
556 |         <chillispot>0</chillispot>
557 |         <sessionlimit>0</sessionlimit>
558 |         <log_destination>files</log_destination>
559 |         <log_authentication_request>0</log_authentication_request>
560 |         <log_authbadpass>0</log_authbadpass>
561 |         <log_authgoodpass>0</log_authgoodpass>
562 |       </general>
563 |       <user version="1.0.0">
564 |         <users>
565 |           <user uuid="fbdbe6a9-2e68-42a2-b410-20bc2537e063">
566 |             <enabled>1</enabled>
567 |             <username>em</username>
568 |             <password>em</password>
569 |             <description/>
570 |             <ip>10.10.10.1</ip>
571 |             <subnet>255.255.255.0</subnet>
572 |             <vlan/>
573 |             <wispr_bw_min_up/>
574 |             <wispr_bw_max_up/>
575 |             <wispr_bw_min_down/>
576 |             <wispr_bw_max_down/>
577 |             <chillispot_bw_max_up/>
578 |             <chillispot_bw_max_down/>
579 |             <sessionlimit_max_session_limit/>
580 |           </user>
581 |         </users>
582 |       </user>
583 |     </freeradius>
584 |     <openvpn version="1.0.0">
585 |       <ccds version="1.0.0">
586 |         <ccd uuid="fbdbe6a9-2e68-42a2-b410-20bc2537e063">
587 |           <common_name>test</common_name>
588 |           <tunnel_network>10.10.10.2/24</tunnel_network>
589 |         </ccd>
590 |       </ccds>
591 |     </openvpn>
592 |   </OPNsense>
593 |   <cert>
594 |     <refid>5a3951eaa0f49</refid>
595 |     <descr>Web GUI SSL certificate</descr>
596 |     <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZiekNDQTFlZ0F3SUJBZ0lKQU9DSU5LLzhkbDBuTUEwR0NTcUdTSWIzRFFFQkN3VUFNRTR4Q3pBSkJnTlYKQkFZVEFrNU1NUlV3RXdZRFZRUUlEQXhhZFdsa0xVaHZiR3hoYm1ReEZUQVRCZ05WQkFjTURFMXBaR1JsYkdoaApjbTVwY3pFUk1BOEdBMVVFQ2d3SVQxQk9jMlZ1YzJVd0hoY05NVGN4TWpFNU1UYzFNalF6V2hjTk1UZ3hNakU1Ck1UYzFNalF6V2pCT01Rc3dDUVlEVlFRR0V3Sk9UREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXcKRXdZRFZRUUhEQXhOYVdSa1pXeG9ZWEp1YVhNeEVUQVBCZ05WQkFvTUNFOVFUbk5sYm5ObE1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQTdFVnRDQ3RnMUlEQ1plTTFDbTRWem1tTHlpRnoveUZtClVseXhRV2VIb0VGenVVQ0JlRkFodWNEUklRZ1hkTUFnbEUxY3dXZzVEdXhkOEtyeWFCYVNLSkFPdGdXRFgwOWoKOGZ5Z3hPZTRHd29MOGZTL0J2SVVFTkw0N1hiQUU3V015NmR2VVFjbkJmSWhYTXJDc25ScjQ1ZE95VzlyNHUrQQozR3lqOS9WR084NUlwN3dLZ2VuM3IxMisvMVN5SDNHaWV4emo4N3hIdnJqTE5TT1RqMUlzYzhyRVZHaFd1T3UyCmtvR2NoUHNjSzFnWE5UbkJxRnRIcVVXOUo3cUo3UGw5NkhrNGlGNkg5TnlpSGxpQWF3WGllaFcrOSs5ay9CQk8KWmpiWENlbjBxa3RVc3gzeFJXbVRsd2kwR1EvMllqV2dYSm8wM0Q3a3JrK01XTkoyR3hERmEvQjcvWGRsODdzawpTYncxemV6T2ZoNE1ZTFhaeExNRy9tRkU2V3B5cGN0MEVYRGd4UDdxcWtITWd2RmdpKzlrZmNGbHNQbGJxK05zCm1Nd0ovMEpoWjhyWWlDNlRsMUY3aWVzemMvd3FSN0NkSC9YN1RwY1hjSzA1aWRDTzA1KzNDS2lpUWpoUnh0NHUKTW5jcEhkVGJxNHRjTG1JTlFvQXlOUVNLK3huUnpQdmtQZTQvOGYzcUVsa0JrMVA0anFiVEJmR1F5bUFJTjZoRwo5QTd4cVJ5UE8rbEo3ZFRRangvdzg4QlNEbmVMRGtJcGxHRHZvVnpHSlBIVVV6cHJXNUtnYTdaNVJ6cEU0WFZWCkxhUGFtdUZnQVpUUVZIUkVnUG1jSmgySFU5SndDZHp2eG11WXlFWG5ueW5KODAxaktUcko0RlQxK2h6dmw3TjcKU2MwZlFrWm53eDhDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRkRNdmZ2T1ZMdFpXUnh2MkF1SE04T3M1VlNMOApNQjhHQTFVZEl3UVlNQmFBRkRNdmZ2T1ZMdFpXUnh2MkF1SE04T3M1VlNMOE1Bd0dBMVVkRXdRRk1BTUJBZjh3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFOZEJscnJJcUdjckpZbThMUENVQ3p6UzF0TXBwNkpzdDZUanJSdGcKV1V6UXgzSHFMbVV2QjA5SWZuM2VXMmtwUnpybzV1Nm5EMEZIbDRTeHlHbXRhbHFBNGZCTld0OTQxOG1zTXdqZApUN2FPcmo4MkZuU1BCaTJNVmEwWmJONGp2RTNrZkRlT2pVWW9nQ0tkRkxTZG5UUjZEWjJhbVZaOWFERC9SdWtGCjdHVTMwVGFvb3k0UytxeUpmR2ViTDlxYUNBQ1ExUDg1UEw3OVNCNWJ2ZEM1VUZnTEtZcjdhbFY0TFZFOWhBYU0KY0wrZnFNNENvTTJHT1YyQWwvK0puamdzbmlZSDJqdFh3ZmNwNmhyaUcxZXNKNFpOUUFjelJjTEZzK1R3SVVBRApCNnlnTmk1SWQzQk5taWJaNmpWSyttZmlYZENzSDFQUXJxN0ZsTk5RSEdIMzVWMHlxUVVqMXJuUXIvSlVwanFaCno3a2ZqUWVCY2UwK1FRQVd0cVg3TjhzTFZQQ2RleWx5d3pkQnBDNEtsSHU1dXVZODJtN0lTWVY0TWpaMEFsMEYKY3U4bHdVeWs0K29rcE1rVk52QXJIRW1XZ2tDUWRpaXB1U1ZmT1pNc3BZQXZzdUhKdlBEL3dZMFRxRllzZ0lnNgpCVVNRa080dCtNdXZwVElIcDVGZTcrTktBUTNJczBZa1N5bDMzSzcyQmxtaGVlMm9nZy80TUwyRUZLeU92WWFBCmdvck5BTW9SdTNPRW01VUZzMDdJMW83RVVHYWRjQVlXRmZMZXlTV2wwRmRQV29kTHBkanYxQzVORjBXYVI2WjMKYjFjejNNa3JocXhUZzlEMnRWcVBBNFoyQjJXN1VOT08zTWJUV0ExRUJSZU5wVmlSb1Ywbk9HNTFpa1VtZERGRwprR1BnCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
597 |     <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRHNSVzBJSzJEVWdNSmwKNHpVS2JoWE9hWXZLSVhQL0lXWlNYTEZCWjRlZ1FYTzVRSUY0VUNHNXdORWhDQmQwd0NDVVRWekJhRGtPN0YzdwpxdkpvRnBJb2tBNjJCWU5mVDJQeC9LREU1N2diQ2d2eDlMOEc4aFFRMHZqdGRzQVR0WXpMcDI5UkJ5Y0Y4aUZjCnlzS3lkR3ZqbDA3SmIydmk3NERjYktQMzlVWTd6a2ludkFxQjZmZXZYYjcvVkxJZmNhSjdIT1B6dkVlK3VNczEKSTVPUFVpeHp5c1JVYUZhNDY3YVNnWnlFK3h3cldCYzFPY0dvVzBlcFJiMG51b25zK1gzb2VUaUlYb2YwM0tJZQpXSUJyQmVKNkZiNzM3MlQ4RUU1bU50Y0o2ZlNxUzFTekhmRkZhWk9YQ0xRWkQvWmlOYUJjbWpUY1B1U3VUNHhZCjBuWWJFTVZyOEh2OWQyWHp1eVJKdkRYTjdNNStIZ3hndGRuRXN3YitZVVRwYW5LbHkzUVJjT0RFL3VxcVFjeUMKOFdDTDcyUjl3V1d3K1Z1cjQyeVl6QW4vUW1Gbnl0aUlMcE9YVVh1SjZ6TnovQ3BIc0owZjlmdE9seGR3clRtSgowSTdUbjdjSXFLSkNPRkhHM2k0eWR5a2QxTnVyaTF3dVlnMUNnREkxQklyN0dkSE0rK1E5N2oveC9lb1NXUUdUClUvaU9wdE1GOFpES1lBZzNxRWIwRHZHcEhJODc2VW50MU5DUEgvRHp3RklPZDRzT1FpbVVZTytoWE1ZazhkUlQKT210YmtxQnJ0bmxIT2tUaGRWVXRvOXFhNFdBQmxOQlVkRVNBK1p3bUhZZFQwbkFKM08vR2E1aklSZWVmS2NuegpUV01wT3NuZ1ZQWDZITytYczN0SnpSOUNSbWZESHdJREFRQUJBb0lDQUJNSjhTUkVZcFFkSUEwWHh2RmxONHFmCmhLMHdEdW5USml5aTNZRzR0dndaNmhwV2NWaGhsS1lrUEhYZDhnM3RZWEt4M1RTVWtteDZiWU4wTXY1aU96cmIKaU9Qd0E4c05XYTlwUFFkQTZOdjg3a044Qmx5bjZ5Z0Q2QjB5Z1gzVkZsaGUwS0NGNUFZZG9jU1piaUQxTXJCdgpRK0VGZ25zUjg1OVBmZE1BUjcyUC9OalBWVVZzdGhIQ2l4NkdFNmhtL3NITzdTdDUwNG94MStZYlRNdXl3blErCk5aM2Jub2xlTFNNWElLYXltVzJBdHJZS1JtbXJtVld4a2ZGK25aaWo3aHBxa2p5aTZXKzR5N09JVENqVG01RmMKNlR1UFplTE42Wk5nL2VrRm1qcVN3V3VCa1N5WHVsWGtWS2JrVzJWRWp2eUhUSlVtMkVTWGttYWg1dlI5WUhzUApqV2dsM2tldVl1QkxtQ3hHbzZhWEx1a2YvSVFGYTZ2akY2dE9BSWN1Zk0xZzNHKzBRTFl4QzRHL0J6K1pHcUlVCmY0MVQvVWd6WnJMc3NrdjBvbm9jeDZuTFE5QkNMdXRNYXVxYXVhK3UzTHd6dUVXMENkcmx5bU1OMmtEWU9pbFkKS0RqZHJqSzM4NzdUV0tmVjZ3VnhGWGZDK1pPbENvbG4xTHk1TnFlQ2tuL2g3N1dXVUhZNnVPb2lPTlA2L3FQZgpsbFJMaVBBeVFPTUduZDBuZWdVUzNZNjNLZjZpYkRHclB4UFMxb2FId2JZU2d4ZC8yUFViLzdlbGg1REFqekNLCjVJYnVoMzNlT0g4cklrelU2a1JsTjJZUlAwNFoxL1h5YXFrNkJRdjVrbFlYVm5tU0NHSEp5bTdHL21DaTdVZzMKT3RrcU9ueE9YaGVhQmowcUg0SXhBb0lCQVFENG9vNjJzRmFQeUNqemNuSm1iTU8wd2E4VUFPRGpwR2ltUmwzaQpKdFBYUXZIR3R5RCt2T2xPVm9tdURCNGdRWWpmeXRUR3NYc3k0YkgvNHpaR3E3T1VvYXY1bnRxUnk1L2tiaXNCCk0wSlZCeHE0bmZtVGVKeUlBZmt3c0NmQzJrZ2d3RkdFU0Z4SWt5VzR5bHFLc01GaUtVWjRNY3FEY25zaDFFSloKZUZENThiQVdha2VIaWozZnk2MkduV2dGN3g0UENhVklEd3luRG5UUDdTanA0QzZaVG1SOWJPRzRIblV2QVJaQQpaa3lkV2tRc1JGeHFCRWROMlRaOFhlY1BSaDlIb0ppVDdpWkJ6MVRSZkRxYzQ3cWVrazk3NTRycG05QlZMM082CmNKL0dkSGNuWGd6WE9TdHU3Zmp6N1QzQXB5TWF1dDVrd0x2VnhOM0RHcVorNG5HSkFvSUJBUUR6UlJ5U3U5YzEKLzF4dldlM2h6M2RIMGJ0dDVoTXNoWkhFVXJwZ053UGlFQkhkamt3VXRsWXJ3WFhlTmJhbXBlM01KZVdUY081ago2RXhpSDk2MEk0TjdOTDkyMm55Uk1MMDM5b2tJdDhueXoxREtqUnZNTy9FQmJaOXlTYXY4SVBwbE1leUtBVm1jClVrQUd4UDA5SW5abFhJM1RBa1NHVUdlQjh3d0k4cUhuazRVTVFiRllSTUVUQkZCa3YxY2MzR1lCN2lsUlR3Z0wKWllSMUJscWM0ck5NZGpOREY1U1ExMG4vcU1GeEp1dURXWkwraisyeDdGVWltNVY3dWtIWm1BRE9sUjJibXVyUgpmTU5kYkRGNllyY28zR0FyaVE2aDZQcmZWdmk4SDRGc1VTYnpXRFcyTzkxQXlXN0VjRnp4b2RYZ2MycjVOTExRCmRaeU93SW9kM3kxbkFvSUJBQjhHbWV4dUlMOGNhUS9IN2tLZHUrWW9iU0ovNFpCR2lkQ0Y0MTAvSHh3emZGd2gKcWZwZnRIVlVFeVltMlBPSmVmMERJSDRTMDU3THp4eHhTK3FScm4wVGw1UTBvRzJsRFRUQ0VwZTV2OE5BZWJNago4MnJWbUNMWXJESEpLWTBGRkE4U01KbmpOYkRRdTlwTlZmTU1qM1VpVldyV084RWZYZ0lnckk3aGxxazU0WkZLCmZkYUtCNktQbGYzQVVxUzY2L05RYnRHSkh6a1JjcjRuaC8xM1BobGZVT2JkMldUU1dDa2ZaNWx0cW8zUUg4V3UKV2lIWW10VTZEN1NCT3o0S3NBaU9IN3dGOGJ3d2xSTDIvNUZvVVhkTUpxTDloN1lTL1hKRDA1c21ScW5MQ3J0YwozeGxVUnZrMnRPUXJiSk5IeC9lajdmQ0FwRy9PZXlYSGc1TTl5cEVDZ2dFQVNHNW1jSVgvTVBPa1dQOGtwZHc0CnZxaUNydGtYRW1WK25qNm5nV2cvL3JvY0o2UnJvS3NkZ3crcUFZeHFvcm02ME5ManhQK1Y2eWRLUHRrUVhRQkoKOEpBbkJjTk4zWWp1ZmRBb3d2Qzk3MDZzMW5Jbk9hc0xPZ3Fpczh1ZHFvZERKb2d6em05U2VBbkJTSUswaDlSUAovaVFOa2lzVnJnd1lsWWVCS05UZFFlOFphU25TSE43endhN0NKUTBYYWQ5eGU5ZW1jN0FkVEE5ZzNkc1RkYXpHCkI5a1ZzRDlBRzlRT0UxSHlycmNRM2wzNE4xVXhSNDEvVjd1TlNYYU9qclFFWVgzaWYrY2pUVlpoY05wNjdONmgKZkVnSlZrMExqMGVvRW9GNXM4R0pybStITW1Nc011TW1JRmtaWXVHMXVyZ2R6eU51VVY3UWN1TGh4MXNxaEhSagp0d0tDQVFFQWtXYlZHTEpZM1FrSCt4WURYVEhqVnBIR0pLYmdZSmxoQXlUalIyNXVGTFppWkEyemFzRUdnVVhUCnFtc3RGc1VaRjU4di9UWGw1WTREazR0WGlsYkpqTnRmWmdxb05KOXM0Z0QvQklqd1psaUhNVzh1RlhYRHg0bUwKRVdmUEo4UUFQUjU4dUNhSU9BaldncGNkQTlYVzhaTzhrNGtSYTZoV0NVL3FObFVSRkJiRzJlZ1NQellJRzBGdAp6Y1REU2s3YUN2bjZ3d3F3bk8vRzJIQXNsazZvWVdzOU0xM3dueE90Qk9kMEhUMWhERW9qNnBzTG02MTFDMGNVCkYxNE1ZcmJ6K1ozeUxNWVlYZVU0bXd2dkRpRThjWXhiS3pOMW1kU3kwQnFyVFo3T1ExZktlZlREcnlKUnBjK0wKZkVWMHRSOXpicUZyRW1lNEpPZjU0aEhwcEZBT0lnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
598 |   </cert>
599 |   <cert>
600 |     <refid>5a59c851eb6f7</refid>
601 |     <descr>openvpn-server</descr>
602 |     <caref>5a59c822be2da</caref>
603 |     <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVrekNDQTN1Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREJ0TVFzd0NRWURWUVFHRXdKQlJERVAKTUEwR0ExVUVDQXdHZEdWemRFTkJNUTh3RFFZRFZRUUhEQVowWlhOMFEwRXhEekFOQmdOVkJBb01CblJsYzNSRApRVEVWTUJNR0NTcUdTSWIzRFFFSkFSWUdkR1Z6ZEVOQk1SUXdFZ1lEVlFRRERBdHBiblJsY201aGJDMWpZVEFlCkZ3MHhPREF4TVRNd09EVXdNalphRncweE9UQXhNVE13T0RVd01qWmFNRzB4Q3pBSkJnTlZCQVlUQWtGRU1ROHcKRFFZRFZRUUlEQVowWlhOMFEwRXhEekFOQmdOVkJBY01CblJsYzNSRFFURVBNQTBHQTFVRUNnd0dkR1Z6ZEVOQgpNUlV3RXdZSktvWklodmNOQVFrQkZnWjBaWE4wUTBFeEZEQVNCZ05WQkFNTUMzUmxjM1F0YzJWeWRtVnlNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFwWVRIQUtoelhGdklxUVA4ZXRnRS9jQkYKZG9VWGhRcXdVSHJrSXBOWVJFTXZFOUwyMnlLd3IrUDNIdVZ2YW9XQTVkdnpvY240MWZwWlFVVHU4SWptUEFzYwpQYXQ5RVFtSjUwMWh4NFNrZThwWjcycHIrTzNWNjR3QUFSTmU4SVJoZmhNRmNyL3piNXAvMUNqcXhibU9HT1kwClBENjA2V2t3aWtNQ3pEQVZKYWxrRFd6b0pBMjRwMGo5VUVqWmRoZzhqUXc1aXVFNHU5UXpabitZQjVabUxlZDAKcXROejBXRnNoMlNXb1ZkZnQ3bk9QV1Z1clpEbXBxa2ZxcEJ6Ukg4ZVJwMFYzc3dkYyt1cGt2VTR5azlaVE0rVQpCbG50TmJhTVVSNjJpYnFvdENOYUNWMXhUYk9ibDRBclNEM1FQdjB2VytDbFpYa1ZLTFdwWG9OdGlHYVlXUUlECkFRQUJvNElCUERDQ0FUZ3dDUVlEVlIwVEJBSXdBREFSQmdsZ2hrZ0JodmhDQVFFRUJBTUNCa0F3TXdZSllJWkkKQVliNFFnRU5CQ1lXSkU5d1pXNVRVMHdnUjJWdVpYSmhkR1ZrSUZObGNuWmxjaUJEWlhKMGFXWnBZMkYwWlRBZApCZ05WSFE0RUZnUVVvZmxtQVB0Z1kwQzBxdGhCaEIya0tWQmZVWjR3Z1pjR0ExVWRJd1NCanpDQmpJQVVpYzlUCjRBSTRWRUhZZTFtT3JkTkw1RG9RK2d1aGNhUnZNRzB4Q3pBSkJnTlZCQVlUQWtGRU1ROHdEUVlEVlFRSURBWjAKWlhOMFEwRXhEekFOQmdOVkJBY01CblJsYzNSRFFURVBNQTBHQTFVRUNnd0dkR1Z6ZEVOQk1SVXdFd1lKS29aSQpodmNOQVFrQkZnWjBaWE4wUTBFeEZEQVNCZ05WQkFNTUMybHVkR1Z5Ym1Gc0xXTmhnZ0VBTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRZ0NBakFMQmdOVkhROEVCQU1DQmFBd0RRWUpLb1pJaHZjTkFRRUwKQlFBRGdnRUJBTGxtZ2h0MG9Qd3djVjlFRU1PZmdLR1FVVXplM09kcG5GOXVjZUhtNzdBN3pTWWdFZTl2MXJJaApQRTE5dEFGK3hlY0Nnb2ZRdUlCbWRnYkZYYnBWYkVIeEZaaFVIUDJjNUhqckxOdUtrQUFKMGlzcXJGRGkvOXFRCitXdXBBb3hHTU54K1JtSEJ1dDZaUG5DdURrOURUSHY4Zkx2YlRGRU5VYXhRSytzVnhpTzJEd2JKZTFDcmR6bU8KRCsrVVBLRGtLNGlURWFtaytkQkNvSWR1dWQ2a3BSZExwQW9TczlsUXZ0Q2FYYisxSDVzbDRhQW4vNUZlY0lFcApSaWZ0MDJZeVl3a05zRTRmS1NiYXowZXZSWkxRbFhKQkE3eW9WNEtjRkJhNnpxaEUwOVAxK2pTNXhXZFVsTEZnCjhPSVQwSmFxUm1HRW5NV1YzWVFHTUxrOXVvWHRsMHM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
604 |     <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2xoTWNBcUhOY1c4aXAKQS94NjJBVDl3RVYyaFJlRkNyQlFldVFpazFoRVF5OFQwdmJiSXJDdjQvY2U1VzlxaFlEbDIvT2h5ZmpWK2xsQgpSTzd3aU9ZOEN4dzlxMzBSQ1lublRXSEhoS1I3eWxudmFtdjQ3ZFhyakFBQkUxN3doR0YrRXdWeXYvTnZtbi9VCktPckZ1WTRZNWpROFByVHBhVENLUXdMTU1CVWxxV1FOYk9na0RiaW5TUDFRU05sMkdEeU5ERG1LNFRpNzFETm0KZjVnSGxtWXQ1M1NxMDNQUllXeUhaSmFoVjErM3VjNDlaVzZ0a09hbXFSK3FrSE5FZng1R25SWGV6QjF6NjZtUwo5VGpLVDFsTXo1UUdXZTAxdG94UkhyYUp1cWkwSTFvSlhYRk5zNXVYZ0N0SVBkQSsvUzliNEtWbGVSVW90YWxlCmcyMklacGhaQWdNQkFBRUNnZ0VBT092aXJCMUNIdjhKa09ab0M2OENlR21JK2V0blhUK0J4d3VjTFMvUzZSYloKdDgyVFMyVXdzaXlKcmJ4bGhwS0c4NFdpMFg3dDdsaDhIWEFoWStNUW1wR1BrcjNJOHZUKzBlYlF1NWFvSWxKQwpmNDF2dUZuQ2VaRFo1NFRMMzVjSEdCNWVmMG4zNCtlVUVsaEg5TnVOUEk3ZVkrR0V3Y2lGQXVkc3JOL1VSZkRmCmNBUW5UM3NOeGt5aURkSmx1dlVETlZkbjEzS0V4dDliemNBSlgwMXU4Vm4vZzJrV3E4Tk1LanN4ZUxlbkhwdkgKR0dvc3ZDeEEvM3RSakFOQXBHSW5WbDhtd29MMWZEeC9KWmgrMEhQcEVvWThBNCsrQ2VtVmdVaWR5UlorR0IxUwpjSTlXV1NRaXByM28rYjI0U25KeGtGZy9PaUJ2RVIwYnZsRkx6ODBDb1FLQmdRRFRWdlljQnVvRGR1RzhrSW1qCndSSUxLUWtVcUd0VUxDZXY0SmdvempsaXJiZHNFTFB6TFIxTHhaaGs3ckVYR1ozU3NtUHh1UVhQRkwxT1ZJUDkKNVRISWdLK1M4V0drZ2RqMk9UUnF4L2dwMWM3WHBLaUppNlJ1dWVKT1lnb1kvbkpINWZhbGJGcVdjV3lJbTFMZApEcmVmdURNaS91akthUklVWTZwY3BOVm94UUtCZ1FESWZ2NUtUOXppVUJFRHMrZjRNa0Z2L3NjTExvbEticGliCkYwWHMyNDRPcXk0NnA1dzREUEtCZzg5SmU5ZkpTT2pmVGFlc2l6Y1g1QnU5UXdDcEsrM3k0UmVNVUQwbTFRU1oKcUFwblhMT0pRczZBaGkzencyMXNMckNwU2VBN043Vnk4QVNPbFhlQ1Nhc01lUzdPUzBCYjFkRVc0RDJpSDhEZwpuS2FRYnZraWhRS0JnUUNUZ1lpNU95SXVWTlZ0dFR3OExVK1l0b1YrQTZjVjB0UEliK3dEM3h3eWdha2FKZlpUCmJsT2FSVW4rZUpMbDJwMUxKL09XRFZ1K2syMGx0TnVEWkdzQTFNQzJ3UDh6d09WYnhjV09HaEJkc3J0eHk1MU8KazBhcmVkWTRlemt0Qkx0aTcyRGRTT2xaUThWSys0NDBlRWMxbFcwcnFkdDFHeXpoU2tibjdxeDlPUUtCZ0YyQQpNOUN1QytHUzIweHh3dlZSWW9qN05SSDI0dG5PVitiRDVMMC82ckRXamRtV3Z0aTQyUU1qV0RENXl6azRnamxaCk9wL1IwS0NZcFlNTzB5a1Jyb2M5QjhGTXppZms0WjlTNlg4b2tTV3EvU2ljNnFNcWVVWWhSQXUrd3c1NnZXamIKbkJSdWlldzl0TUk5WldHWllHc3pmSzRCWjF6TEdDVG5pUm9FVnJVTkFvR0FmajFDaGptT0wzMGlDUU1UTTVZZApLbGl0VUx6ZVZ4WFVwTmxqNHdHbXJjYStqRXZYbGdCWnJXSVF3WmJrN1NqdDlINFdydm43dmc3cldTY21sajVhCkZjck8rMVcyZDIvUjQxd2cyZWRrU0kzS3dwalpaSytyZGFQZERZL21leld4VExVM3ZvUHZReTdZREVVL1dnNkwKVS9yUHlmeXE4cS9jeWUyRGhOMWJNajQ9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K</prv>
605 |   </cert>
606 |   <ca>
607 |     <refid>5a59c822be2da</refid>
608 |     <descr>testCA</descr>
609 |     <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURwVENDQW8yZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJ0TVFzd0NRWURWUVFHRXdKQlJERVAKTUEwR0ExVUVDQXdHZEdWemRFTkJNUTh3RFFZRFZRUUhEQVowWlhOMFEwRXhEekFOQmdOVkJBb01CblJsYzNSRApRVEVWTUJNR0NTcUdTSWIzRFFFSkFSWUdkR1Z6ZEVOQk1SUXdFZ1lEVlFRRERBdHBiblJsY201aGJDMWpZVEFlCkZ3MHhPREF4TVRNd09EUTVNemhhRncweE9UQXhNVE13T0RRNU16aGFNRzB4Q3pBSkJnTlZCQVlUQWtGRU1ROHcKRFFZRFZRUUlEQVowWlhOMFEwRXhEekFOQmdOVkJBY01CblJsYzNSRFFURVBNQTBHQTFVRUNnd0dkR1Z6ZEVOQgpNUlV3RXdZSktvWklodmNOQVFrQkZnWjBaWE4wUTBFeEZEQVNCZ05WQkFNTUMybHVkR1Z5Ym1Gc0xXTmhNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUEzNVhBUTh1TnNIQ25RNGo2UTlQb3ZNamMKbklZVWZiMEtDZTJMWTNQdzhweXJZM29BaDRUT0RhRENmZWo1dHNqK2IzUU0zbXhyLzlDQ24xNVhUMk9VaGRJdQorZmhsL0wwTVIyNERMUW9DQVk4QmpIaEFRSFN5V3lPYnlzaGdUbSttYWhWeXo1QVdsZGI5RExaenM5Nis3NFRICjdhOTdZbDE2aU9ULzhmRVYrZHRwVnk0Y2tSSDFhVlFiOUN5ZGVDVXlPZjR3OVZUWTFsLyt1WEhIOGpUbHRJdmIKV3VDZmxKWE4xYnhBeXQwcHJabVhlV29LZXdmN2l1YlNGT1RScHh3MElQM0piQWxCWkNCaEpTZFJNcTQ0R2JOdgpuMmFxa3BSTGlVemFwbVA1SnZRbUY3OTNzMUhCSTJMd0VjanFiWVBXY3ZPbW5jQWFQWlR1OGw2Q2s5TVlkUUlECkFRQUJvMUF3VGpBZEJnTlZIUTRFRmdRVWljOVQ0QUk0VkVIWWUxbU9yZE5MNURvUStnc3dId1lEVlIwakJCZ3cKRm9BVWljOVQ0QUk0VkVIWWUxbU9yZE5MNURvUStnc3dEQVlEVlIwVEJBVXdBd0VCL3pBTkJna3Foa2lHOXcwQgpBUXNGQUFPQ0FRRUFEM3lCT2lRbnI3Nmc5bHkrWDViV09hNStER2Z6SGVsc0w3QW5OcWZndkQ3SlR4aGJBYVRtClJhbGZDNXFaQkVDSHJIOERsZ1gxWTJBR3FnU29BcHNyeCtIamxQT2V6bDhBd0s5UUw0WTZTSXU1Y01GUGtxQWoKTnBWOFZ4clQzWk95TWNjRzlxQlJEQTFKVk9kcCtoK3VTZklVTjVVSHV5RWFuZHVFcUwwK0wwRlVDN3lQaWJEOQoxTlNCdWZmNEdPVEFXNGxncDN3U2FJbDd2dVhRaDRHSXJrVkNCMUpWWWNHMDZVVk5WKzV4ajM1QVdUOGx1QlVNCk4wZ0kwYUhLaUtuSmNZempYZ3k1MWdHZEEyRE1DUllKa09vclRxbmRiUWFvYVY3SjR2QTc1UzFLNE1PVXN0ZWQKemlxdklDRG9vTlozMkRjb1BxM2htbWJ1dXNTUndMNW5UUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
610 |     <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGZsY0JEeTQyd2NLZEQKaVBwRDAraTh5TnljaGhSOXZRb0o3WXRqYy9EeW5LdGplZ0NIaE00Tm9NSjk2UG0yeVA1dmRBemViR3YvMElLZgpYbGRQWTVTRjBpNzUrR1g4dlF4SGJnTXRDZ0lCandHTWVFQkFkTEpiSTV2S3lHQk9iNlpxRlhMUGtCYVYxdjBNCnRuT3ozcjd2aE1mdHIzdGlYWHFJNVAveDhSWDUyMmxYTGh5UkVmVnBWQnYwTEoxNEpUSTUvakQxVk5qV1gvNjUKY2NmeU5PVzBpOXRhNEorVWxjM1Z2RURLM1NtdG1aZDVhZ3A3Qi91SzV0SVU1TkduSERRZy9jbHNDVUZrSUdFbApKMUV5cmpnWnMyK2ZacXFTbEV1SlROcW1ZL2ttOUNZWHYzZXpVY0VqWXZBUnlPcHRnOVp5ODZhZHdCbzlsTzd5ClhvS1QweGgxQWdNQkFBRUNnZ0VBSzh0a1pxTW5kTWtNS2xGWlhCSFZBNjJBY1BSZWJTYXJJYml5MWQ4dThnYTQKRjNzZFFXNUZBaXhjREZlbkdpT1NtdmdyVVNJQm9aRVJGUEJndjc4c3AyMjlIOStFOHBXQkl6aXNUSlVxUVczbQppc0kvSzZEd0VxUU43eEdDczdwdzZWU2NNWVh5dHBUdTZoK08yRXVvTUxoY2hQVWJnTy80Z1hvQm5EMXg1WWV6CjluTmhYeXJZbW9ESlFYOGZxajVFcTNucldkTk1kTWJvRk9zSDVGN1NBRk9rNWRDa2dzODBLZzNSeVp0YUZkRDQKS3l3QVFDZEV0OWFQN2o2TkhLY2hyQlJVS09XK1pDekgrOU9yUTB2S0RzWU1YbmtiZWFIWis3dmdDaTlVc1VvMwozeHFvalZNbEIxRXd2ck5pNGtHY3B2dk80dk1pSnBaWkg4c3pUUWlHZlFLQmdRRDRrTndxazdnbW9TOHZhTE1mCmgrUU5TK0JuTUhNc09IK0lTQUVHTUFFTUsyU0tEbjg4dC85aThZYzVqZEU0a3p5akt4SnVkUENaQk9BdEY1ZWEKWlF6SFJYZ1R5V2xvM3U3ZktVekNZa1AzM1daT0cyUG1LUktnSk5xbUwySElBQUZEbUl1M3pPbFJlaUN1Z0lwUApLVUZrZFVZd21XcFhyUmJBSi85SnE5L01od0tCZ1FEbVJhQVFJYTV5bWU0V1c3bWFkL3ZFUEJsaVpKdGFGLzhkCjdDbllmQ0YrMEtkc096Z2VjMHd4VUE1RGRMUDJXQzd0ZTZDLzVhS0JXaS9qejgyeWhJWDB3cXlTaUQ0YVFIMFEKOER2NWQyNWtVZXFzTkUvSkg2eGt5T1lJM3FRKyt0RndMazR1R2hDUUtISmdNM1A3QkZxM2liazZ4ZVVrdndkRgpzNUpGMkE5T0l3S0JnRmtQdm5OYS9tNkk3bGswVUlvSnJNSyszeWJhQzBwYTdBY3VsWDljRCtRR1lEMi9PQVBQCmdhZzRGbFdlNU1vNnAwMW5qM0VZWVdUU2hHaGp2YVJLZEt1cHpuNTRlbFpqR24vSFVvT0xwZ0xYeDJKUkdoaEwKdXlxNlNjV2wwSWxTeHlFck5WU2tEUzF1YnV0WGp6Y1I5eVpCaHVhKzhZVjh0VndnZUs0eThUdGRBb0dCQU45bApWSy9SdlVmNUJmNHk1cEZ4TFpObktzbEdDV0VTUHJKczF2dnJFU1BTa1ZweTZUTEJjSDIyeU4rd2JKYmxYa0dPCjJwalEweUxpdCtzdlFzT1p4Y3Q2d2FrMisrakQvNUZiUHhQNlJlS1ZoakdpWG5Va2dUOFZsL1dxNlhVZ0orZkoKUkpkOU9leGhFUFU3ZFoxazBBMlhVMWd0Zk94MVZ6ekx4WEIwK0FRNUFvR0FDaVFQUFhNdzZ0Q3JrenJRempXTgpoOTVHeDBBd2RvdkdiVDl6M3BWellJb0ZBN3ZYcnFFZUN6U1RpUWdzWHIrTlhwM29STjc4TituUUp0bG1HL3AyCnprRUhHN1ZXVjkwdWo0bk9ZQVFlSmE1aDFycGZ2UkM1Zjd4WkFYT2Y5Q0dCNlJuTGErZ3lRZ1U5bHhmMVU2QnIKcW9kZ3NEZ0x2bWF1SmpzKzNwdEQzaUE9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K</prv>
611 |     <serial>1</serial>
612 |   </ca>
613 |   <openvpn>
614 |     <openvpn-server>
615 |       <mode>p2p_tls</mode>
616 |       <protocol>UDP</protocol>
617 |       <dev_mode>tun</dev_mode>
618 |       <local_port>1194</local_port>
619 |       <description>test-openvpn-server</description>
620 |       <crypto>AES-128-CBC</crypto>
621 |       <digest>SHA1</digest>
622 |       <engine>none</engine>
623 |       <tunnel_network>172.20.0.0/24</tunnel_network>
624 |       <pool_enable>yes</pool_enable>
625 |       <topology_subnet>yes</topology_subnet>
626 |       <netbios_ntype>0</netbios_ntype>
627 |       <verbosity_level>1</verbosity_level>
628 |       <dynamic-ccd-lookup>1</dynamic-ccd-lookup>
629 |       <vpnid>1</vpnid>
630 |       <interface>wan</interface>
631 |       <custom_options/>
632 |       <tls>Iw0KIyAyMDQ4IGJpdCBPcGVuVlBOIHN0YXRpYyBrZXkNCiMNCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0NCjI1MjgyNDlhNzVhNTA2MDcxYTkyMjZlZmIxOGI3Y2U3DQo2YmI2NjA0ZjRhOGVmMmE0MzIzMzNlNDliOTdmZGQ1MQ0KNDdkNjAxMmIzMzhmYTA1MmI5OTZhNmUyYTIxYzBjNGUNCjExYTEwNjU5MzY4MDA2NDJmN2ViYTEwOWM5YzgxZDYyDQo5NjEzMWM2NTY4NDg5ZDc4NGVkMDcwYTZlMzdiMzQ5Yg0KNzI4OWNjMDc2ZTRmODcwNGFjYjEwYjVjZDdiYWNjOGENCmVlMzliZTBiNGY2ZDUzYzVmNmMxNjM1Y2MzMWQ0MWRhDQoxM2RlYzEwNjFlYmU2OTg3MzMzMjJlMTY2NzNjNDg5Zg0KYTU1Y2U5NTRiZmQ1MWVhNWM3MDE1MTZlNmM1ODgxMGYNCmU3OWRmMjBmZGU4YWZlMjQyZDU3YmVhMzIzMDI4ODZjDQowNmRlYzMyN2JiZDQ0NThmODU1MjI4YzEyOTI3NjVlNg0KYzlkYjRlMmRmNGNlODFlOTZkM2MzNzVkYTllMTJlMGQNCmJkNTkyZDU0Mjg2NTA3ZmMzOWE3MDI2MjJjNTA1NjJjDQo5NzRhODgyMDFmN2RiMWQzNmQ1ZGFjNzRmYWRjOTEwOQ0KZTBiNTk3NThmODc4OTM4N2U1N2NlZThhNjgzODYzMDUNCjU4ZTIxNDUzYWVhNGQwNGFlYzRlOTE0M2I5YmE5ZjY5DQotLS0tLUVORCBPcGVuVlBOIFN0YXRpYyBrZXkgVjEtLS0tLQ0K</tls>
633 |       <caref>5a59c822be2da</caref>
634 |       <certref>5a59c851eb6f7</certref>
635 |       <dh_length>1024</dh_length>
636 |       <cert_depth>1</cert_depth>
637 |     </openvpn-server>
638 |     <openvpn-server>
639 |       <mode>p2p_tls</mode>
640 |       <protocol>UDP</protocol>
641 |       <dev_mode>tun</dev_mode>
642 |       <local_port>1195</local_port>
643 |       <description>disabled-dynamic-ccd-server</description>
644 |       <crypto>AES-128-CBC</crypto>
645 |       <digest>SHA1</digest>
646 |       <engine>none</engine>
647 |       <tunnel_network>10.10.10.0/24</tunnel_network>
648 |       <pool_enable>yes</pool_enable>
649 |       <netbios_ntype>0</netbios_ntype>
650 |       <verbosity_level>1</verbosity_level>
651 |       <vpnid>2</vpnid>
652 |       <interface>wan</interface>
653 |       <custom_options/>
654 |       <tls>IwojIDIwNDggYml0IE9wZW5WUE4gc3RhdGljIGtleQojCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0KZWI2YzFiNWM1NjA0OTA2ZWU1NjEwYjQxNDkwMzY4MGQKY2Y0MjUwYWQwYTcyMzJlM2YwNWI4OTIwMWUwNzU4ZjEKZDhkMDBjNzFlYzU1ODIzMGRiMTg3ZThiZmFlZjNmN2IKZDNhMzZjNDJmNWRjMjFhMmZlMzM3OTliNDVlYWVkOWEKOTlkMjc4MTFhMWIwYzYzMTdjYWY5MGFmOTlkYjJhOTUKZTQ0YTVjOTA4ZmE0YjNkNjYyMWI4ZDY2OGJmYThhZDcKNDYxZTAyMzNhMTk2OTU1NGQ1NjkxOGUwZWI0ZWI0ZWEKMGNhYTI3MGZmMzQ4N2MzZTdmNzU5MDQwODM4N2FiNzAKODllYjUxZjQ1NTIwMTk2OWI0Y2UyMWYxNDdhY2QxYzkKM2I2Y2MyMWQ2MjQ3YzAyMWQ5NzgyZGMzMGExMTBmYjcKYWE1Yjk2NzlmYmEyNDAwMGY5YzIxZTE3MGU5ZmY2ZTYKMjU1YmU1NmQwZTkxOWMyOWNlYmU0Y2EwNjBmNWYxYTIKNDc0MDc4ZWI2NzQyYzM0ZGY2ODk0Zjc4MGIyZjJhMDIKOWVmYzA5OTZlODI4YzNiZGRiMzYyNWRmMWUwYjQwYTYKNzdiZTIyYTc0NjJmOTZiNjQ5NGUzMzJhZTgxZmQwNWEKODczMzMzMmZiYTEwOTI0Nzc2NGQ1MTAxZWUzMmFiZDIKLS0tLS1FTkQgT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0K</tls>
655 |       <caref>5a59c822be2da</caref>
656 |       <certref>5a3951eaa0f49</certref>
657 |       <dh_length>1024</dh_length>
658 |       <cert_depth>1</cert_depth>
659 |     </openvpn-server>
660 |     <openvpn-csc>
661 |       <common_name>UnmatchingovpnCCDoverride</common_name>
662 |       <tunnel_network>1.1.1.0/24</tunnel_network>
663 |     </openvpn-csc>
664 |     <openvpn-csc>
665 |       <common_name>em</common_name>
666 |       <tunnel_network>2.2.2.1/24</tunnel_network>
667 |     </openvpn-csc>
668 |   </openvpn>
669 |   <staticroutes/>
670 | </opnsense>
671 | 


--------------------------------------------------------------------------------