commit 8dfc2da813c684e9e0331545a18ec1375a92ae8b
Author: (system) <(system)@rno1.home.arpa>
Date:   Fri May 16 00:00:03 2025 -0700

    /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php made changes @ 2025-05-16T00:00:03.167700 ((system))

diff --git a/config.xml b/config.xml
new file mode 100644
index 0000000..fddb909
--- /dev/null
+++ b/config.xml
@@ -0,0 +1,5929 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense-dark</theme>
+  <sysctl version="1.0.1">
+    <item uuid="2bbed4b2-e248-4f91-bae1-7988c8dede3b">
+      <tunable>vfs.read_max</tunable>
+      <value/>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+    </item>
+    <item uuid="888f6cf3-d7ab-4534-8b28-b7d63ffa9206">
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value/>
+      <descr>Set the ephemeral port range to be lower.</descr>
+    </item>
+    <item uuid="e86ae077-e917-449a-852a-f3a6393ce0b4">
+      <tunable>net.inet.tcp.blackhole</tunable>
+      <value/>
+      <descr>Drop packets to closed TCP ports without returning a RST</descr>
+    </item>
+    <item uuid="05eb9f20-e8ad-41ab-ae7e-6615a36ddf9f">
+      <tunable>net.inet.udp.blackhole</tunable>
+      <value/>
+      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
+    </item>
+    <item uuid="edcd5f19-223a-44df-adbd-e597902ac1ea">
+      <tunable>net.inet.ip.random_id</tunable>
+      <value/>
+      <descr>Randomize the ID field in IP packets</descr>
+    </item>
+    <item uuid="e8047d6b-51e4-4e9d-8750-4a53673707f3">
+      <tunable>net.inet.ip.sourceroute</tunable>
+      <value/>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
+    </item>
+    <item uuid="9cca4203-629e-497f-8d01-685105e64c33">
+      <tunable>net.inet.ip.accept_sourceroute</tunable>
+      <value/>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
+    </item>
+    <item uuid="4381fa6d-dcbf-4285-9b4e-885143c7bb50">
+      <tunable>net.inet.icmp.log_redirect</tunable>
+      <value/>
+      <descr>
+        This option turns off the logging of redirect packets because there is no limit and this could fill
+        up your logs consuming your whole hard drive.
+      </descr>
+    </item>
+    <item uuid="cc520bc7-9acc-4759-88a6-7df7f208971f">
+      <tunable>net.inet.tcp.drop_synfin</tunable>
+      <value/>
+      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
+    </item>
+    <item uuid="28f0d11f-dbbf-4a29-8be0-da3710fe6664">
+      <tunable>net.inet6.ip6.redirect</tunable>
+      <value/>
+      <descr>Enable sending IPv6 redirects</descr>
+    </item>
+    <item uuid="92c7ebc7-32b7-4156-84f0-9ec8e0faf119">
+      <tunable>net.inet6.ip6.use_tempaddr</tunable>
+      <value/>
+      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
+    </item>
+    <item uuid="a0d196dd-54e8-43a6-b481-09874aae5f89">
+      <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
+      <value/>
+      <descr>Prefer privacy addresses and use them over the normal addresses</descr>
+    </item>
+    <item uuid="58f41fd4-889c-438e-bf8f-0dd1fce17204">
+      <tunable>net.inet.tcp.syncookies</tunable>
+      <value/>
+      <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
+    </item>
+    <item uuid="f9268691-2957-4f14-b81a-b8004943ca86">
+      <tunable>net.inet.tcp.recvspace</tunable>
+      <value/>
+      <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
+    </item>
+    <item uuid="69fa9f58-79b0-4afc-b0da-5d79bad7e9fc">
+      <tunable>net.inet.tcp.sendspace</tunable>
+      <value/>
+      <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
+    </item>
+    <item uuid="05252c7f-0ab5-439b-bf7e-8e46bfade8f5">
+      <tunable>net.inet.tcp.delayed_ack</tunable>
+      <value/>
+      <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
+    </item>
+    <item uuid="21be9c12-ab76-4939-a90e-7e2da4b1738f">
+      <tunable>net.inet.udp.maxdgram</tunable>
+      <value/>
+      <descr>Maximum outgoing UDP datagram size</descr>
+    </item>
+    <item uuid="e8626367-847c-4600-876d-94f86b77f4fa">
+      <tunable>net.link.bridge.pfil_onlyip</tunable>
+      <value/>
+      <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
+    </item>
+    <item uuid="a70caaa2-bb96-4247-a582-7dac36798f23">
+      <tunable>net.link.bridge.pfil_local_phys</tunable>
+      <value/>
+      <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
+    </item>
+    <item uuid="42357d67-29a2-46d8-8c81-ca02c8f442ba">
+      <tunable>net.link.bridge.pfil_member</tunable>
+      <value/>
+      <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
+    </item>
+    <item uuid="a12ad762-3376-4ab8-b570-861c2bdd3bf3">
+      <tunable>net.link.bridge.pfil_bridge</tunable>
+      <value/>
+      <descr>Set to 1 to enable filtering on the bridge interface</descr>
+    </item>
+    <item uuid="5e4a19a8-fe41-49de-b041-0db7b01eaae3">
+      <tunable>net.link.tap.user_open</tunable>
+      <value/>
+      <descr>Allow unprivileged access to tap(4) device nodes</descr>
+    </item>
+    <item uuid="95ef1209-ce93-4eb5-97d4-f69ecc4f9a1f">
+      <tunable>kern.randompid</tunable>
+      <value/>
+      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
+    </item>
+    <item uuid="9d138c6f-03b3-4c9a-a9d7-fa2b5ac297a7">
+      <tunable>hw.syscons.kbd_reboot</tunable>
+      <value/>
+      <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
+    </item>
+    <item uuid="a586da7a-fd84-40d6-8874-d9d5b4ee8b30">
+      <tunable>net.inet.tcp.log_debug</tunable>
+      <value/>
+      <descr>Enable TCP extended debugging</descr>
+    </item>
+    <item uuid="60f5d170-c151-4498-b99f-f2b4f224d4f3">
+      <tunable>net.inet.icmp.icmplim</tunable>
+      <value/>
+      <descr>Set ICMP Limits</descr>
+    </item>
+    <item uuid="5efc1e82-feee-4b38-8357-2c024e0b911c">
+      <tunable>net.inet.tcp.tso</tunable>
+      <value/>
+      <descr>TCP Offload Engine</descr>
+    </item>
+    <item uuid="d2d251b3-852e-46ee-9117-e2c5ffa55b23">
+      <tunable>net.inet.udp.checksum</tunable>
+      <value/>
+      <descr>UDP Checksums</descr>
+    </item>
+    <item uuid="05339cc2-c116-4245-940a-455b573816b6">
+      <tunable>kern.ipc.maxsockbuf</tunable>
+      <value/>
+      <descr>Maximum socket buffer size</descr>
+    </item>
+    <item uuid="f0b75f56-7da0-4547-85a9-84bf4c6c4b77">
+      <tunable>vm.pmap.pti</tunable>
+      <value>0</value>
+      <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
+    </item>
+    <item uuid="3b86305c-332f-4bcf-aa82-7c57c7185322">
+      <tunable>hw.ibrs_disable</tunable>
+      <value>1</value>
+      <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
+    </item>
+    <item uuid="8fe314b8-01b4-45f2-a809-1d927de35162">
+      <tunable>security.bsd.see_other_gids</tunable>
+      <value/>
+      <descr>Hide processes running as other groups</descr>
+    </item>
+    <item uuid="8fd2242c-2bd7-4356-85be-73bdc04b7f11">
+      <tunable>security.bsd.see_other_uids</tunable>
+      <value/>
+      <descr>Hide processes running as other users</descr>
+    </item>
+    <item uuid="9bdb0d2d-3e97-45d2-8891-a10b55ad60bc">
+      <tunable>net.inet.ip.redirect</tunable>
+      <value/>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+        and for the sender directly reachable, route and next hop is known.
+      </descr>
+    </item>
+    <item uuid="e498141c-b2d0-4bb0-b27c-6c75ee6cd25c">
+      <tunable>net.local.dgram.maxdgram</tunable>
+      <value/>
+      <descr>Maximum outgoing UDP datagram size</descr>
+    </item>
+  </sysctl>
+  <system>
+    <optimization>conservative</optimization>
+    <hostname>rno1</hostname>
+    <domain>home.arpa</domain>
+    <group uuid="cb76a6ca-948f-4b1d-9272-53e1cf9eb924">
+      <gid>1999</gid>
+      <name>admins</name>
+      <scope>system</scope>
+      <description>System Administrators</description>
+      <priv>page-all</priv>
+      <member>0,2000</member>
+    </group>
+    <user uuid="a092b36b-480c-4661-91a7-254bf448c5de">
+      <uid>0</uid>
+      <name>root</name>
+      <disabled>0</disabled>
+      <scope>system</scope>
+      <expires/>
+      <authorizedkeys>c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSVB6eWRlMk1CTEhHVXBZUFpiMnl2V0dvNkV6VTBvei9WTklHVElNSXNDMWIga2Vu</authorizedkeys>
+      <otp_seed/>
+      <shell/>
+      <password>$2y$11$r1zHIfGti8A0TV1wAj0Tq.6xeO2/iHv.vmQy3/AjUv1QkeWNZAv3C</password>
+      <pwd_changed_at/>
+      <landing_page/>
+      <comment/>
+      <email>ken@blkdoor.com</email>
+      <apikeys/>
+      <priv/>
+      <language/>
+      <descr>System Administrator</descr>
+      <dashboard>eyJvcHRpb25zIjpbXSwid2lkZ2V0cyI6W3siaWQiOiJzeXN0ZW1pbmZvcm1hdGlvbiIsIm1pblciOjIsIngiOjAsInkiOjAsImgiOjUxMiwid2lkZ2V0IjpbXSwidyI6Mn0seyJpZCI6Im1lbW9yeSIsIm1pblciOjEsIngiOjIsInkiOjAsImgiOjExMCwid2lkZ2V0IjpbXSwidyI6bnVsbH0seyJpZCI6ImRpc2siLCJtaW5XIjoxLCJ4IjozLCJ5IjowLCJoIjoxNjAsIndpZGdldCI6W10sInciOm51bGx9LHsiaWQiOiJpbnRlcmZhY2VzdGF0aXN0aWNzIiwibWluVyI6MiwieCI6NCwieSI6MCwidyI6NCwic2l6ZVRvQ29udGVudCI6NjUwLCJoIjoyODQsIndpZGdldCI6W119LHsiaWQiOiJ0cmFmZmljIiwibWluVyI6MiwieCI6OCwieSI6MCwidyI6NCwiaCI6NTk0LCJ3aWRnZXQiOnsiaW50ZXJmYWNlcyI6WyJsYW4iLCJ3YW4iXX19LHsiaWQiOiJnYXRld2F5cyIsIm1pblciOjIsIngiOjIsInkiOjE2MCwic2l6ZVRvQ29udGVudCI6NjUwLCJoIjoyOTYsIndpZGdldCI6eyJnYXRld2F5cyI6WyIwN2YyYjAwYy04OWFmLTQ1MmQtOGRiMy1hMzBlZDZlZmNhOTEiLCJMQU5fREhDUCIsIldBTl9ESENQNiJdfSwidyI6Mn0seyJpZCI6ImZpcmV3YWxsIiwibWluVyI6MiwieCI6NCwieSI6Mjg0LCJ3Ijo0LCJoIjoyODQsIndpZGdldCI6W119LHsiaWQiOiJjcHUiLCJtaW5XIjoyLCJ4IjowLCJ5Ijo1MTIsImgiOjE3OCwid2lkZ2V0Ijp7ImdyYXBocyI6WyJ0b3RhbCJdfSwidyI6Mn1dfQ==</dashboard>
+    </user>
+    <user uuid="8c2ab192-b6dd-4bfc-93d2-a8048a0bdc70">
+      <uid>2000</uid>
+      <name>ken</name>
+      <disabled>0</disabled>
+      <scope>user</scope>
+      <expires/>
+      <authorizedkeys>c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSVB6eWRlMk1CTEhHVXBZUFpiMnl2V0dvNkV6VTBvei9WTklHVElNSXNDMWIga2Vu</authorizedkeys>
+      <otp_seed/>
+      <shell>/usr/local/bin/bash</shell>
+      <password>$2y$11$pX.BHOUklN0PAGOyembxduWnMNGtEWLyYPiWNYYQ4/SfdQflhllZe</password>
+      <pwd_changed_at/>
+      <landing_page/>
+      <comment/>
+      <email>ken@blkdoor.com</email>
+      <apikeys/>
+      <priv/>
+      <language/>
+      <descr>Ken Johnson</descr>
+      <dashboard>eyJvcHRpb25zIjpbXSwid2lkZ2V0cyI6W3siaWQiOiJzeXN0ZW1pbmZvcm1hdGlvbiIsIm1pblciOjIsIngiOjAsInkiOjAsImgiOjUxMiwid2lkZ2V0IjpbXSwidyI6Mn0seyJpZCI6Im1lbW9yeSIsIm1pblciOjEsIngiOjIsInkiOjAsImgiOjExNywid2lkZ2V0IjpbXSwidyI6bnVsbH0seyJpZCI6ImRpc2siLCJtaW5XIjoxLCJ4IjozLCJ5IjowLCJoIjoxMTcsIndpZGdldCI6W10sInciOm51bGx9LHsiaWQiOiJpbnRlcmZhY2VzIiwibWluVyI6Miwic2l6ZVRvQ29udGVudCI6MzAyLCJ4Ijo0LCJ5IjowLCJ3Ijo0LCJoIjozMDIsIndpZGdldCI6W119LHsiaWQiOiJ0cmFmZmljIiwibWluVyI6MiwieCI6OCwieSI6MCwidyI6NCwiaCI6NDQ2LCJ3aWRnZXQiOnsiaW50ZXJmYWNlcyI6WyJsYW4iLCJvcHQzIiwib3B0NSIsIndhbiJdfX0seyJpZCI6ImdhdGV3YXlzIiwibWluVyI6MiwieCI6MiwieSI6MTE3LCJzaXplVG9Db250ZW50IjozMjgsImgiOjMyOCwid2lkZ2V0Ijp7ImdhdGV3YXlzIjpbImY0NzMyNzYyLTRiOTgtNDJmYS1hZGE4LTMzMTEzMjE4ODUzOSIsIjA3ZjJiMDBjLTg5YWYtNDUyZC04ZGIzLWEzMGVkNmVmY2E5MSIsImVjNzk4OTQ0LThhZGEtNGFiMC1iMzNiLWE5MTU4MGJmMjliNSJdfSwidyI6Mn0seyJpZCI6ImZpcmV3YWxsIiwibWluVyI6MiwieCI6NCwieSI6MzAyLCJ3Ijo0LCJoIjozMDIsIndpZGdldCI6W119LHsiaWQiOiJUYWlsc2NhbGUiLCJtaW5XIjoyLCJzaXplVG9Db250ZW50Ijo1MDksIngiOjIsInkiOjQ0NSwiaCI6NTA5LCJ3aWRnZXQiOltdLCJ3IjoyfSx7ImlkIjoiY3B1IiwibWluVyI6MiwieCI6MCwieSI6NTEyLCJoIjoxNzcsIndpZGdldCI6eyJncmFwaHMiOlsidG90YWwiXX0sInciOjJ9LHsiaWQiOiJXaXJlZ3VhcmQiLCJtaW5XIjoyLCJzaXplVG9Db250ZW50IjoxMjYsIngiOjQsInkiOjYwNCwiaCI6MTI2LCJ3aWRnZXQiOltdLCJ3IjoyfSx7ImlkIjoiaW50ZXJmYWNlc3RhdGlzdGljcyIsIm1pblciOjIsIngiOjYsInkiOjYwNCwic2l6ZVRvQ29udGVudCI6MTY4LCJoIjoxNjgsIndpZGdldCI6W10sInciOjJ9LHsiaWQiOiJ0aGVybWFsc2Vuc29ycyIsIm1pblciOjIsIngiOjAsInkiOjY4OSwiaCI6MTQ2LCJ3aWRnZXQiOnsic2Vuc29ycyI6W119LCJ3IjoyfV19</dashboard>
+    </user>
+    <user uuid="768ebc99-3284-46e3-9b20-a522d0fdb28d">
+      <uid>2001</uid>
+      <name>HomeAssistant</name>
+      <disabled>0</disabled>
+      <scope>user</scope>
+      <expires/>
+      <authorizedkeys/>
+      <otp_seed/>
+      <shell/>
+      <password>$2y$11$nAeFuOV8b7S4yZwOyFshy.LJvqqENW4MSHTr3gbsjdml3cxthcHWi</password>
+      <pwd_changed_at/>
+      <landing_page/>
+      <comment>HomeAssistant Integation</comment>
+      <email/>
+      <apikeys>O7rmzwnJ55/R3d3IoePl8cC/CLVh83bTKz63cRwQ0GE26KkXdbLKSZ+FeoPZtQ6yUrR3Yqaqtn1OZlIz|$6$$.k6o..NDGhrS2R7UBk4OmfldJcy4f4GQJflJ.RQFfLFzIz6gQkMWzDzyrPOZtnZ50.l/vraPrYDC9xAQXCEzx1</apikeys>
+      <priv>page-all,page-diagnostics-arptable,page-diagnostics-netflow</priv>
+      <language/>
+      <descr>Home Assistant</descr>
+      <dashboard/>
+    </user>
+    <nextuid>2000</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>America/Los_Angeles</timezone>
+    <timeservers>0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>67a9532677f13</ssl-certref>
+      <port>10443</port>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression>5</compression>
+      <disablehttpredirect>1</disablehttpredirect>
+      <authmode>Local Database</authmode>
+      <nodnsrebindcheck>1</nodnsrebindcheck>
+      <althostnames>rno1.rail-city.net</althostnames>
+      <ssl-hsts>1</ssl-hsts>
+    </webgui>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>weekly</interval>
+    </bogons>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces>lan,opt3</interfaces>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <keysig/>
+      <rekeylimit/>
+      <enabled>enabled</enabled>
+      <permitrootlogin>1</permitrootlogin>
+      <passwordauth>1</passwordauth>
+    </ssh>
+    <rrdbackup>-1</rrdbackup>
+    <netflowbackup>-1</netflowbackup>
+    <backup>
+      <git version="1.0.0">
+        <enabled>1</enabled>
+        <url>ssh://gitea.coldsprings.dev:2222/kenjreno/OPNSenseBackup.git</url>
+        <branch>main</branch>
+        <privkey>-----BEGIN OPENSSH PRIVATE KEY-----&#xD;
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW&#xD;
+QyNTUxOQAAACC7cx3TjYZlayN5VeOZXD7Xhh0kl/3Hi6dJXc+PnssKLAAAAJgdsVzbHbFc&#xD;
+2wAAAAtzc2gtZWQyNTUxOQAAACC7cx3TjYZlayN5VeOZXD7Xhh0kl/3Hi6dJXc+PnssKLA&#xD;
+AAAECtYwZAx6u1ADbu+Vy3IQYHdDSQ2G2exBwQ2WPpOPpXsrtzHdONhmVrI3lV45lcPteG&#xD;
+HSSX/ceLp0ldz4+eywosAAAAFWdpdHVzZXJAb3Buc2VzZS5sb2NhbA==&#xD;
+-----END OPENSSH PRIVATE KEY-----</privkey>
+        <user>git</user>
+        <password/>
+      </git>
+      <nextcloud version="1.0.0">
+        <enabled>0</enabled>
+        <url>https://railcloud.us</url>
+        <user>kenjreno</user>
+        <password>6dEcp-dC5QR-JJJAd-pRbaf-2FbFi</password>
+        <password_encryption/>
+        <backupdir>OPNsense-Backup</backupdir>
+      </nextcloud>
+    </backup>
+    <firmware version="1.0.1">
+      <mirror>https://mirror.sfo12.us.leaseweb.net/opnsense</mirror>
+      <flavour/>
+      <plugins>os-acme-client,os-dmidecode,os-frr,os-git-backup,os-haproxy,os-iperf,os-mdns-repeater,os-netdata,os-nextcloud-backup,os-node_exporter,os-qemu-guest-agent,os-rfc2136,os-tailscale</plugins>
+      <type/>
+      <subscription/>
+      <reboot>0</reboot>
+    </firmware>
+    <language>en_US</language>
+    <dnsserver>100.100.100.100</dnsserver>
+    <dnsserver>192.168.10.11</dnsserver>
+    <dnsallowoverride_exclude/>
+    <dns1gw>none</dns1gw>
+    <dns2gw>none</dns2gw>
+    <dns3gw>none</dns3gw>
+    <dns4gw>none</dns4gw>
+    <dns5gw>none</dns5gw>
+    <dns6gw>none</dns6gw>
+    <dns7gw>none</dns7gw>
+    <dns8gw>none</dns8gw>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>video</primaryconsole>
+    <sudo_allow_wheel>1</sudo_allow_wheel>
+    <sudo_allow_group>admins</sudo_allow_group>
+    <backupcount>10</backupcount>
+    <dnssearchdomain>home.arpa</dnssearchdomain>
+    <powerd_enable>1</powerd_enable>
+    <crypto_hardware>qat</crypto_hardware>
+    <use_mfs_var>1</use_mfs_var>
+    <use_mfs_tmp>1</use_mfs_tmp>
+    <authserver>
+      <refid>67a9ff977c4fc</refid>
+      <type>voucher</type>
+      <name>Captive Vouchers</name>
+      <simplePasswords/>
+      <usernameLength/>
+      <passwordLength/>
+    </authserver>
+    <enablenatreflectionhelper>yes</enablenatreflectionhelper>
+    <maximumstates/>
+    <maximumfrags/>
+    <aliasesresolveinterval/>
+    <maximumtableentries/>
+    <pfdebug>urgent</pfdebug>
+    <thermal_hardware>coretemp</thermal_hardware>
+    <secondaryconsole/>
+    <serialusb/>
+  </system>
+  <interfaces>
+    <wan>
+      <if>vtnet0</if>
+      <descr>Wan</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <ipaddr>71.83.99.150</ipaddr>
+      <subnet>29</subnet>
+      <gateway>WAN_GW</gateway>
+      <ipaddrv6>dhcp6</ipaddrv6>
+      <dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
+      <adv_dhcp6_interface_statement_send_options/>
+      <adv_dhcp6_interface_statement_request_options/>
+      <adv_dhcp6_interface_statement_information_only_enable/>
+      <adv_dhcp6_interface_statement_script/>
+      <adv_dhcp6_id_assoc_statement_address_enable/>
+      <adv_dhcp6_id_assoc_statement_address/>
+      <adv_dhcp6_id_assoc_statement_address_id/>
+      <adv_dhcp6_id_assoc_statement_address_pltime/>
+      <adv_dhcp6_id_assoc_statement_address_vltime/>
+      <adv_dhcp6_id_assoc_statement_prefix_enable/>
+      <adv_dhcp6_id_assoc_statement_prefix/>
+      <adv_dhcp6_id_assoc_statement_prefix_id/>
+      <adv_dhcp6_id_assoc_statement_prefix_pltime/>
+      <adv_dhcp6_id_assoc_statement_prefix_vltime/>
+      <adv_dhcp6_prefix_interface_statement_sla_len/>
+      <adv_dhcp6_authentication_statement_authname/>
+      <adv_dhcp6_authentication_statement_protocol/>
+      <adv_dhcp6_authentication_statement_algorithm/>
+      <adv_dhcp6_authentication_statement_rdm/>
+      <adv_dhcp6_key_info_statement_keyname/>
+      <adv_dhcp6_key_info_statement_realm/>
+      <adv_dhcp6_key_info_statement_keyid/>
+      <adv_dhcp6_key_info_statement_secret/>
+      <adv_dhcp6_key_info_statement_expire/>
+      <adv_dhcp6_config_advanced/>
+      <adv_dhcp6_config_file_override/>
+      <adv_dhcp6_config_file_override_path/>
+    </wan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <if>lo0</if>
+      <ipaddr>127.0.0.1</ipaddr>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnet>8</subnet>
+      <subnetv6>128</subnetv6>
+      <type>none</type>
+      <virtual>1</virtual>
+    </lo0>
+    <opt1>
+      <if>vtnet2</if>
+      <descr>ETH3</descr>
+    </opt1>
+    <opt2>
+      <if>vtnet3</if>
+      <descr>ETH4</descr>
+    </opt2>
+    <lan>
+      <if>vtnet1</if>
+      <descr/>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <mtu>9000</mtu>
+      <ipaddr>192.168.5.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>fdcf:39d9:630d::1</ipaddrv6>
+      <subnetv6>48</subnetv6>
+    </lan>
+    <opt3>
+      <if>vlan00</if>
+      <descr>Servers</descr>
+      <enable>1</enable>
+      <spoofmac/>
+      <mtu>9000</mtu>
+      <ipaddr>192.168.10.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>2001:470:1f05:a::1</ipaddrv6>
+      <subnetv6>64</subnetv6>
+    </opt3>
+    <opt4>
+      <if>vlan01</if>
+      <descr>Cameras</descr>
+      <enable>1</enable>
+      <spoofmac/>
+      <mtu>9000</mtu>
+      <ipaddr>192.168.3.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>fd04:87b2:9345::1</ipaddrv6>
+      <subnetv6>48</subnetv6>
+    </opt4>
+    <opt5>
+      <if>tailscale0</if>
+      <descr>Tailscale</descr>
+      <enable>1</enable>
+      <spoofmac/>
+    </opt5>
+    <opt6>
+      <if>vlan02</if>
+      <descr>Phones</descr>
+      <enable>1</enable>
+      <spoofmac/>
+      <mtu>9000</mtu>
+      <ipaddr>192.168.2.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>fd36:94be:70a6::1</ipaddrv6>
+      <subnetv6>48</subnetv6>
+    </opt6>
+    <opt7>
+      <if>vlan03</if>
+      <descr>Christmas</descr>
+      <enable>1</enable>
+      <spoofmac/>
+      <mtu>9000</mtu>
+      <ipaddr>192.168.70.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>fddb:45f0:de98::1</ipaddrv6>
+      <subnetv6>48</subnetv6>
+    </opt7>
+    <Trust>
+      <internal_dynamic>1</internal_dynamic>
+      <enable>1</enable>
+      <networks/>
+      <if>Trust</if>
+      <descr>Trust</descr>
+      <virtual>1</virtual>
+      <type>group</type>
+    </Trust>
+    <Untrust>
+      <internal_dynamic>1</internal_dynamic>
+      <enable>1</enable>
+      <networks/>
+      <if>Untrust</if>
+      <descr>Untrust</descr>
+      <virtual>1</virtual>
+      <type>group</type>
+    </Untrust>
+    <opt8>
+      <if>gif0</if>
+      <descr>TunnelBroker</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+    </opt8>
+    <opt9>
+      <descr>Guest</descr>
+      <if>vlan04</if>
+    </opt9>
+    <opt10>
+      <descr>IoT</descr>
+      <if>vlan05</if>
+    </opt10>
+    <opt11>
+      <if>vtnet4</if>
+      <descr>Kubernetes</descr>
+      <enable>1</enable>
+      <spoofmac/>
+      <mtu>9000</mtu>
+      <ipaddr>192.168.146.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>fd00:146::1</ipaddrv6>
+      <subnetv6>64</subnetv6>
+    </opt11>
+    <wireguard>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>WireGuard (Group)</descr>
+      <if>wireguard</if>
+      <virtual>1</virtual>
+      <enable>1</enable>
+      <type>group</type>
+      <networks/>
+    </wireguard>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable>1</enable>
+      <defaultleasetime>7200</defaultleasetime>
+      <gateway>192.168.5.1</gateway>
+      <domain>home.arpa</domain>
+      <domainsearchlist>home.arpa</domainsearchlist>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <numberoptions>
+        <item>
+          <number>43</number>
+          <type>string</type>
+          <value>"http://pbx.internal.rail-city.net:5000/provisioning/s6xyrhxwvxuzli9"</value>
+        </item>
+        <item>
+          <number>66</number>
+          <type>string</type>
+          <value>"http://pbx.internal.rail-city.net:5000/provisioning/s6xyrhxwvxuzli9"</value>
+        </item>
+        <item>
+          <number>100</number>
+          <type>text</type>
+          <value>PST8PDT,M3.2.0/2:00:00,M11.1.0/2:00:00</value>
+        </item>
+        <item>
+          <number>101</number>
+          <type>text</type>
+          <value>America/Los_Angeles</value>
+        </item>
+        <item>
+          <number>120</number>
+          <type>ip-address</type>
+          <value>192.168.5.48</value>
+        </item>
+        <item>
+          <number>160</number>
+          <type>text</type>
+          <value>http://pbx.internal.rail-city.net:5000/provisioning/s6xyrhxwvxuzli9</value>
+        </item>
+        <item>
+          <number>2</number>
+          <type>signed integer 32</type>
+          <value>-28800</value>
+        </item>
+      </numberoptions>
+      <range>
+        <from>192.168.5.50</from>
+        <to>192.168.5.229</to>
+      </range>
+      <winsserver/>
+      <dnsserver>192.168.5.1</dnsserver>
+      <ntpserver>192.168.5.1</ntpserver>
+      <staticmap>
+        <mac>0c:c4:7a:36:5a:bc</mac>
+        <hostname>gizmo-bnc</hostname>
+        <descr>Supermicro IPMI - Gizmo</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>00:25:90:f3:5a:aa</mac>
+        <ipaddr>192.168.5.10</ipaddr>
+        <hostname>zoey</hostname>
+        <descr>Proxmox - Zoey</descr>
+        <domain>coldsprings.dev</domain>
+        <domainsearchlist>coldsprings.dev</domainsearchlist>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>00:25:90:f2:19:68</mac>
+        <ipaddr>192.168.5.12</ipaddr>
+        <hostname>roxy</hostname>
+        <descr>Proxmox - Roxy</descr>
+        <domain>coldsprings.dev</domain>
+        <domainsearchlist>coldsprings.dev</domainsearchlist>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>0c:c4:7a:32:f9:20</mac>
+        <ipaddr>192.168.5.14</ipaddr>
+        <hostname>gizmo</hostname>
+        <descr>Proxmox - Gizmo</descr>
+        <domain>coldsprings.dev</domain>
+        <domainsearchlist>coldspring.dev</domainsearchlist>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>0c:c4:7a:95:c8:f6</mac>
+        <ipaddr>192.168.5.16</ipaddr>
+        <hostname>jonah</hostname>
+        <descr>Proxmox - Jonah</descr>
+        <domain>coldsprings.dev</domain>
+        <domainsearchlist>coldsprings.dev</domainsearchlist>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>0c:c4:7a:63:9a:b8</mac>
+        <ipaddr>192.168.5.20</ipaddr>
+        <hostname>lacey</hostname>
+        <descr>Proxmox - Lacey/pve2</descr>
+        <domain>coldsprings.dev</domain>
+        <domainsearchlist>coldsprings.dev</domainsearchlist>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>00:0e:f3:2a:aa:50</mac>
+        <ipaddr>192.168.5.21</ipaddr>
+        <hostname>hub-2242</hostname>
+        <descr>Insteon Hub v1</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>a8:b8:e0:01:18:29</mac>
+        <ipaddr>192.168.5.22</ipaddr>
+        <hostname>foggy</hostname>
+        <descr>Proxmox - Foggy</descr>
+        <domain>coldsprings.dev</domain>
+        <domainsearchlist>coldsprings.dev</domainsearchlist>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>00:0e:f3:3c:a2:8f</mac>
+        <ipaddr>192.168.5.23</ipaddr>
+        <hostname>hub-2245</hostname>
+        <descr>Insteon Hub v2</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>0c:c4:7a:d3:54:2a</mac>
+        <ipaddr>192.168.5.24</ipaddr>
+        <hostname>joe</hostname>
+        <descr>Proxmox - Joe/pve1</descr>
+        <domain>coldsprings.dev</domain>
+        <domainsearchlist>coldsprings.dev</domainsearchlist>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>d8:9e:f3:47:12:af</mac>
+        <ipaddr>192.168.5.26</ipaddr>
+        <hostname>suzie</hostname>
+        <descr>Proxmox - Suzie</descr>
+        <domain>coldsprings.dev</domain>
+        <domainsearchlist>coldsprings.dev</domainsearchlist>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:9e:4b:e2</mac>
+        <ipaddr>192.168.5.36</ipaddr>
+        <hostname>pbs</hostname>
+        <descr>Proxmox Backup Server</descr>
+        <domain>coldsprings.dev</domain>
+        <domainsearchlist>coldsprings.dev</domainsearchlist>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:c1:27:60</mac>
+        <ipaddr>192.168.5.48</ipaddr>
+        <hostname>pbx</hostname>
+        <descr>3CX PBX</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:e9:44:9a</mac>
+        <ipaddr>192.168.5.49</ipaddr>
+        <hostname>haos_5</hostname>
+        <descr>Home Assistant - Home Network</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:7a:a6:76</mac>
+        <ipaddr>192.168.5.195</ipaddr>
+        <hostname>ollama</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>0c:c4:7a:d5:6a:17</mac>
+        <ipaddr>192.168.5.233</ipaddr>
+        <hostname>joe_bnc</hostname>
+        <descr>Supermicro IPMI - joe</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+    </lan>
+    <opt7>
+      <enable>1</enable>
+      <domain>xmascity.net</domain>
+      <domainsearchlist>xmascity.net</domainsearchlist>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+      <range>
+        <from>192.168.70.50</from>
+        <to>192.168.70.127</to>
+      </range>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </opt7>
+    <opt4>
+      <enable>1</enable>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+      <range>
+        <from>192.168.3.50</from>
+        <to>192.168.3.127</to>
+      </range>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </opt4>
+    <opt6>
+      <enable>1</enable>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+      <range>
+        <from>192.168.2.50</from>
+        <to>192.168.2.127</to>
+      </range>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </opt6>
+    <opt3>
+      <enable>1</enable>
+      <domain>coldsprings.dev</domain>
+      <domainsearchlist>coldsprings.dev</domainsearchlist>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+      <range>
+        <from>192.168.10.64</from>
+        <to>192.168.10.127</to>
+      </range>
+      <winsserver/>
+      <dnsserver>192.168.10.1</dnsserver>
+      <dnsserver>192.168.10.13</dnsserver>
+      <ntpserver/>
+      <staticmap>
+        <mac>bc:24:11:72:64:bb</mac>
+        <ipaddr>192.168.10.7</ipaddr>
+        <hostname>filesvr</hostname>
+        <descr>Truenas Scale File Server</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:2a:4e:d1</mac>
+        <ipaddr>192.168.10.9</ipaddr>
+        <hostname>dbsvr01</hostname>
+        <descr>Production MySQL Database</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:ae:d9:b4</mac>
+        <ipaddr>192.168.10.11</ipaddr>
+        <hostname>dc1</hostname>
+        <descr>Domain Controller 1</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:28:ee:dc</mac>
+        <ipaddr>192.168.10.13</ipaddr>
+        <hostname>dc2</hostname>
+        <descr>Domain Controller 2</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:b1:9e:2b</mac>
+        <ipaddr>192.168.10.15</ipaddr>
+        <hostname>lb1</hostname>
+        <descr>Load Balancer 1</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:b1:9e:2c</mac>
+        <ipaddr>192.168.10.17</ipaddr>
+        <hostname>lb2</hostname>
+        <descr>Load Balancer 2</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:b1:9e:2d</mac>
+        <ipaddr>192.168.10.19</ipaddr>
+        <hostname>lb3</hostname>
+        <descr>Load Balancer 3</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:22:02:8b</mac>
+        <ipaddr>192.168.10.25</ipaddr>
+        <hostname>mx</hostname>
+        <descr>Mail Server</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>02:ff:60:27:9a:c0</mac>
+        <ipaddr>192.168.10.26</ipaddr>
+        <hostname>nextcloud</hostname>
+        <descr>Railcloud/Nextcloud</descr>
+        <domain>coldsprings.dev</domain>
+        <domainsearchlist>coldsprings.dev</domainsearchlist>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:5b:89:02</mac>
+        <ipaddr>192.168.10.29</ipaddr>
+        <hostname>dbnp01</hostname>
+        <descr>Non-Production MySQL Server</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:ae:ae:c9</mac>
+        <ipaddr>192.168.10.30</ipaddr>
+        <hostname>docker</hostname>
+        <descr>Docker System</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:ee:08:22</mac>
+        <ipaddr>192.168.10.31</ipaddr>
+        <hostname>dbnp02</hostname>
+        <descr>NonProd MySQL Database 2</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:27:a6:8d</mac>
+        <ipaddr>192.168.10.33</ipaddr>
+        <hostname>dbnp03</hostname>
+        <descr>Non-Prod MySQL Database 3</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:90:c3:e8</mac>
+        <ipaddr>192.168.10.45</ipaddr>
+        <hostname>emqx1</hostname>
+        <descr>Emqx MQTT Server 1</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:b2:1a:9e</mac>
+        <ipaddr>192.168.10.57</ipaddr>
+        <hostname>plexsvr</hostname>
+        <descr>Plex Media Server</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:dc:35:76</mac>
+        <ipaddr>192.168.10.130</ipaddr>
+        <hostname>gitea</hostname>
+        <descr>Gitea GIT Hosting</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:31:20:54</mac>
+        <ipaddr>192.168.10.131</ipaddr>
+        <hostname>pgsqlnp</hostname>
+        <descr>Postgresql NonProd</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:7a:a6:76</mac>
+        <ipaddr>192.168.10.195</ipaddr>
+        <hostname>ollama</hostname>
+        <descr>Ollama AI</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:48:28:01</mac>
+        <ipaddr>192.168.10.241</ipaddr>
+        <hostname>k8s-control-01</hostname>
+        <descr>Kubernetes Control 01</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:48:28:02</mac>
+        <ipaddr>192.168.10.242</ipaddr>
+        <hostname>k8s-control-02</hostname>
+        <descr>Kubernetes Control 02</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:48:28:03</mac>
+        <ipaddr>192.168.10.243</ipaddr>
+        <hostname>k8s-control-03</hostname>
+        <descr>Kubernetes Control 03</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:48:29:01</mac>
+        <ipaddr>192.168.10.244</ipaddr>
+        <hostname>k8s-worker-01</hostname>
+        <descr>Kubernetes Worker 01</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:48:29:02</mac>
+        <ipaddr>192.168.10.245</ipaddr>
+        <hostname>k8s-worker-02</hostname>
+        <descr>Kubernetes Worker 02</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:48:29:03</mac>
+        <ipaddr>192.168.10.246</ipaddr>
+        <hostname>k8s-worker-03</hostname>
+        <descr>kubernetes Worker 03</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:48:28:04</mac>
+        <ipaddr>192.168.10.247</ipaddr>
+        <hostname>talos-staging</hostname>
+        <descr>Talos Staging System</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <pool/>
+    </opt3>
+    <opt11>
+      <enable>1</enable>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+      <range>
+        <from>192.168.146.50</from>
+        <to>192.168.146.240</to>
+      </range>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+      <staticmap>
+        <mac>bc:24:11:48:28:01</mac>
+        <ipaddr>192.168.146.21</ipaddr>
+        <hostname>k8s-control-01</hostname>
+        <descr>Kubernetes Controller 1</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:48:28:02</mac>
+        <ipaddr>192.168.146.23</ipaddr>
+        <hostname>k8s-control-02</hostname>
+        <descr>Kubernetes Controller 2</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:48:28:03</mac>
+        <ipaddr>192.168.146.25</ipaddr>
+        <hostname>k8s-control-03</hostname>
+        <descr>Kubernetes Controller 3</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:48:29:01</mac>
+        <ipaddr>192.168.146.51</ipaddr>
+        <hostname>k8s-worker-01</hostname>
+        <descr>Kubernetes Worker 1</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:48:29:02</mac>
+        <ipaddr>192.168.146.53</ipaddr>
+        <hostname>k8s-worker-02</hostname>
+        <descr>Kubernetes Worker 2</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>bc:24:11:48:29:03</mac>
+        <ipaddr>192.168.146.55</ipaddr>
+        <hostname>k8s-worker-03</hostname>
+        <descr>Kubernetes Worker 3</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+    </opt11>
+  </dhcpd>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <nat>
+    <outbound>
+      <mode>hybrid</mode>
+      <rule>
+        <source>
+          <network>any</network>
+        </source>
+        <destination>
+          <address>192.168.7.0/24</address>
+        </destination>
+        <descr>Allow Lan -&gt; Tailscale</descr>
+        <category/>
+        <interface>opt5</interface>
+        <tag/>
+        <tagged/>
+        <poolopts/>
+        <poolopts_sourcehashkey/>
+        <ipprotocol>inet</ipprotocol>
+        <created>
+          <username>kenjreno@192.168.5.122</username>
+          <time>1739734332.8321</time>
+          <description>/firewall_nat_out_edit.php made changes</description>
+        </created>
+        <target>opt5ip</target>
+        <sourceport/>
+        <updated>
+          <username>kenjreno@192.168.5.122</username>
+          <time>1740009144.6778</time>
+          <description>/firewall_nat_out_edit.php made changes</description>
+        </updated>
+      </rule>
+      <rule>
+        <source>
+          <network>any</network>
+        </source>
+        <destination>
+          <address>100.64.0.0/10</address>
+        </destination>
+        <descr>Allow Server -&gt; Tailscale</descr>
+        <category/>
+        <interface>opt5</interface>
+        <tag/>
+        <tagged/>
+        <poolopts/>
+        <poolopts_sourcehashkey/>
+        <ipprotocol>inet</ipprotocol>
+        <created>
+          <username>kenjreno@192.168.5.122</username>
+          <time>1740007863.868</time>
+          <description>/firewall_nat_out_edit.php made changes</description>
+        </created>
+        <target>opt5ip</target>
+        <sourceport/>
+        <updated>
+          <username>kenjreno@192.168.5.122</username>
+          <time>1740007974.2151</time>
+          <description>/firewall_nat_out_edit.php made changes</description>
+        </updated>
+      </rule>
+      <rule>
+        <source>
+          <network>192.168.10.25/32</network>
+        </source>
+        <destination>
+          <any>1</any>
+        </destination>
+        <descr>Forward Mailserver to .147</descr>
+        <category/>
+        <interface>wan</interface>
+        <tag/>
+        <tagged/>
+        <poolopts/>
+        <poolopts_sourcehashkey/>
+        <ipprotocol>inet</ipprotocol>
+        <target>71.83.99.147</target>
+        <staticnatport>1</staticnatport>
+        <sourceport/>
+        <updated>
+          <username>kenjreno@192.168.5.122</username>
+          <time>1739419236.7432</time>
+          <description>/firewall_nat_out_edit.php made changes</description>
+        </updated>
+        <created>
+          <username>kenjreno@192.168.5.122</username>
+          <time>1739419236.7432</time>
+          <description>/firewall_nat_out_edit.php made changes</description>
+        </created>
+      </rule>
+      <rule>
+        <source>
+          <network>opt3</network>
+        </source>
+        <destination>
+          <any>1</any>
+        </destination>
+        <descr>Redirect Servers Network to .146</descr>
+        <category/>
+        <interface>wan</interface>
+        <tag/>
+        <tagged/>
+        <poolopts/>
+        <poolopts_sourcehashkey/>
+        <ipprotocol>inet</ipprotocol>
+        <created>
+          <username>kenjreno@192.168.5.122</username>
+          <time>1739419295.4079</time>
+          <description>/firewall_nat_out_edit.php made changes</description>
+        </created>
+        <target>71.83.99.146</target>
+        <staticnatport>1</staticnatport>
+        <sourceport/>
+        <updated>
+          <username>kenjreno@192.168.5.122</username>
+          <time>1739419372.3518</time>
+          <description>/firewall_nat_out_edit.php made changes</description>
+        </updated>
+      </rule>
+      <rule>
+        <source>
+          <network>any</network>
+        </source>
+        <destination>
+          <any>1</any>
+        </destination>
+        <descr>Allow Network Tailscale</descr>
+        <category/>
+        <interface>wan</interface>
+        <tag/>
+        <tagged/>
+        <poolopts/>
+        <poolopts_sourcehashkey/>
+        <ipprotocol>inet</ipprotocol>
+        <target>wanip</target>
+        <staticnatport>1</staticnatport>
+        <sourceport/>
+        <protocol>udp</protocol>
+        <updated>
+          <username>kenjreno@192.168.5.122</username>
+          <time>1739419351.8904</time>
+          <description>/firewall_nat_out_edit.php made changes</description>
+        </updated>
+        <created>
+          <username>kenjreno@192.168.5.122</username>
+          <time>1739419351.8904</time>
+          <description>/firewall_nat_out_edit.php made changes</description>
+        </created>
+      </rule>
+    </outbound>
+    <rule>
+      <protocol>tcp/udp</protocol>
+      <interface>lan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Redirect DNS through Firewall</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ba16b66c8d54.75523749</associated-rule-id>
+      <target>127.0.0.1</target>
+      <local-port>53</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>lanip</network>
+        <not>1</not>
+        <port>53</port>
+      </destination>
+      <natreflection>disable</natreflection>
+      <updated>
+        <username>kenjreno@192.168.5.1</username>
+        <time>1740248957.9596</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.1</username>
+        <time>1740248758.4447</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Allow Incoming eMail</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ad709fc3e844.04299527</associated-rule-id>
+      <target>Host_Mailserver</target>
+      <local-port>Ports_eMail</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>71.83.99.147</address>
+        <port>Ports_eMail</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1740010129.2558</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739419807.8025</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp/udp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Allow Access to DNS</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ad70c9eb5df5.72660733</associated-rule-id>
+      <target>Host_Docker</target>
+      <local-port>Ports_DNS</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>71.83.99.146</address>
+        <port>Ports_DNS</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1740010145.3024</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739419849.9641</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp/udp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Allow access to Websites</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ad70ef6b4af5.38110229</associated-rule-id>
+      <target>Host_Docker</target>
+      <local-port>Ports_Websites</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>71.83.99.146</address>
+        <port>Ports_Websites</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1740010174.475</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739419887.4395</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Allow access to MQTT</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ad71168ffc22.83998313</associated-rule-id>
+      <target>Host_MQTT</target>
+      <local-port>Ports_MQTT</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>71.83.99.146</address>
+        <port>Ports_MQTT</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1740010188.8011</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739419926.5898</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Allow 3CX/PBX Admin</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ad718f3644f0.76381559</associated-rule-id>
+      <target>192.168.5.48</target>
+      <local-port>5001</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>5001</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.237</username>
+        <time>1739942005.3903</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420047.2223</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>udp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Wireguard to HA</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ad71da0b9fd7.03700729</associated-rule-id>
+      <target>192.168.10.49</target>
+      <local-port>51830</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>51830</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420122.0476</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420122.0477</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Allow SSH to Gitea</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ad720729fe94.53585994</associated-rule-id>
+      <target>Host_Docker</target>
+      <local-port>2222</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>71.83.99.146</address>
+        <port>2222</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420167.1721</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420167.1721</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Allow SSH to Filesvr</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ad72502b3fe2.67681864</associated-rule-id>
+      <target>192.168.10.7</target>
+      <local-port>22</local-port>
+      <source>
+        <address>Net_AllowExternal</address>
+      </source>
+      <destination>
+        <address>71.83.99.146</address>
+        <port>10007</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420240.1772</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420240.1772</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Allow SSH to Ansible</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ad728a17fd21.09599110</associated-rule-id>
+      <target>192.168.10.116</target>
+      <local-port>22</local-port>
+      <source>
+        <address>Net_AllowExternal</address>
+      </source>
+      <destination>
+        <address>71.83.99.146</address>
+        <port>10116</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420298.0983</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420298.0983</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Allow SSH to Ansible Too</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ad72c091c571.24304504</associated-rule-id>
+      <disabled>1</disabled>
+      <target>192.168.10.120</target>
+      <local-port>22</local-port>
+      <source>
+        <address>Net_AllowExternal</address>
+      </source>
+      <destination>
+        <address>71.83.99.146</address>
+        <port>10072</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420352.5971</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420352.5971</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Allow SSH to pve1</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ad72fc43d419.05197582</associated-rule-id>
+      <disabled>1</disabled>
+      <target>192.168.10.122</target>
+      <local-port>22</local-port>
+      <source>
+        <address>Net_AllowExternal</address>
+      </source>
+      <destination>
+        <address>71.83.99.146</address>
+        <port>10122</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420412.2779</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420412.2779</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Allow Plex</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ad7333d67b29.89717724</associated-rule-id>
+      <target>192.168.10.57</target>
+      <local-port>32400</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>71.83.99.146</address>
+        <port>17758</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1741044667.4574</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420467.8785</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Allow Plex</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_67ad736c89baf8.57850463</associated-rule-id>
+      <target>192.168.5.102</target>
+      <local-port>32400</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>26476</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1740973748.6959</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420524.5642</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+  </nat>
+  <filter>
+    <rule uuid="bf593e40-ccce-4776-a675-c00a499f01fd">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow HE Tunnel Broker</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>igmp</protocol>
+      <source>
+        <address>66.220.2.74/32</address>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1740784077.2113</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1740782583.8294</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="4f390780-c2f1-4b31-85cd-32365badb8d0">
+      <type>pass</type>
+      <associated-rule-id>nat_67ad709fc3e844.04299527</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>Host_Mailserver</address>
+        <port>Ports_eMail</port>
+      </destination>
+      <descr>Allow Incoming eMail</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739419807.8024</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="7eb3dfb2-a3a3-4a71-b21c-63d04271a2ba">
+      <type>pass</type>
+      <associated-rule-id>nat_67ad70c9eb5df5.72660733</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp/udp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>Host_Docker</address>
+        <port>Ports_DNS</port>
+      </destination>
+      <descr>Allow Access to DNS</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739419849.9641</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="413c2afe-5c3c-4cb6-a5ac-c92234714c67">
+      <type>pass</type>
+      <associated-rule-id>nat_67ad71168ffc22.83998313</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>Host_MQTT</address>
+        <port>Ports_MQTT</port>
+      </destination>
+      <descr>Allow access to MQTT</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739419926.5898</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="dc4abacb-47cb-478e-b010-015ff8ac3fcd">
+      <type>pass</type>
+      <associated-rule-id>nat_67ad70ef6b4af5.38110229</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp/udp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>Host_Docker</address>
+        <port>Ports_Websites</port>
+      </destination>
+      <descr>Allow access to Websites</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739419887.4395</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="052e3cec-0b5d-458a-898f-1ceb55ce0006">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow to HAProxy</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp/udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>Ports_Websites</port>
+      </destination>
+      <updated>
+        <username>ken@192.168.5.122</username>
+        <time>1741275884.5618</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>ken@192.168.5.122</username>
+        <time>1741275884.5618</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="7b58f120-84af-4929-89b5-8d25d959df10">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow Wireguard Traffic</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>(self)</network>
+        <port>51820-51821</port>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739419133.8593</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739419133.8593</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="7754af1f-fb58-4dfc-8f8b-51fe1b8f9d74">
+      <type>pass</type>
+      <associated-rule-id>nat_67ad718f3644f0.76381559</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.5.48</address>
+        <port>5001</port>
+      </destination>
+      <descr>Allow 3CX/PBX Admin</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420047.2223</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="ca8f582f-ff65-489b-bafd-b7a16e0a8bd6">
+      <type>pass</type>
+      <associated-rule-id>nat_67ad71da0b9fd7.03700729</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>udp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.10.49</address>
+        <port>51830</port>
+      </destination>
+      <descr>Wireguard to HA</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420122.0476</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="97e54cf6-c0e4-45b3-936f-c75d8aa5d88e">
+      <type>pass</type>
+      <associated-rule-id>nat_67ad720729fe94.53585994</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>Host_Docker</address>
+        <port>2222</port>
+      </destination>
+      <descr>Allow SSH to Gitea</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420167.172</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="ab753d61-424d-4d4d-bf96-1359ca55a4cd">
+      <type>pass</type>
+      <associated-rule-id>nat_67ad72502b3fe2.67681864</associated-rule-id>
+      <source>
+        <address>Net_AllowExternal</address>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.10.7</address>
+        <port>22</port>
+      </destination>
+      <descr>Allow SSH to Filesvr</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420240.1772</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="57d6c046-db37-4114-8e51-caa4aa5b4d7e">
+      <type>pass</type>
+      <associated-rule-id>nat_67ad728a17fd21.09599110</associated-rule-id>
+      <source>
+        <address>Net_AllowExternal</address>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.10.116</address>
+        <port>22</port>
+      </destination>
+      <descr>Allow SSH to Ansible</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420298.0983</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="f0467623-dd45-4e19-bbe4-657971228213">
+      <type>pass</type>
+      <associated-rule-id>nat_67ad72c091c571.24304504</associated-rule-id>
+      <source>
+        <address>Net_AllowExternal</address>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.10.120</address>
+        <port>22</port>
+      </destination>
+      <disabled>1</disabled>
+      <descr>Allow SSH to Ansible Too</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420352.5971</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="075e8ea4-5cc9-4d21-b408-c311f8a38ed4">
+      <type>pass</type>
+      <associated-rule-id>nat_67ad72fc43d419.05197582</associated-rule-id>
+      <source>
+        <address>Net_AllowExternal</address>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.10.122</address>
+        <port>22</port>
+      </destination>
+      <disabled>1</disabled>
+      <descr>Allow SSH to pve1</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420412.2778</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="a2105c18-befc-42a6-ba98-e72099682a22">
+      <type>pass</type>
+      <associated-rule-id>nat_67ad7333d67b29.89717724</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.10.57</address>
+        <port>32400</port>
+      </destination>
+      <descr>Allow Plex</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420467.8785</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="0f21c516-aef7-49e3-b32d-01fa81906fe4">
+      <type>pass</type>
+      <associated-rule-id>nat_67ad736c89baf8.57850463</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.5.102</address>
+        <port>32400</port>
+      </destination>
+      <descr>Allow Plex</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739420524.5642</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="68e0e841-f3d3-4c07-8d1f-33ad1947fd58">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow Tailscale</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>ken@192.168.5.1</username>
+        <time>1742014945.1588</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>ken@192.168.5.1</username>
+        <time>1742014945.1588</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="9f2a83b1-c552-44d5-b271-318286e739fa">
+      <type>pass</type>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Default allow LAN to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="8683f2a3-e0b6-4d9f-a65d-3a725f86d76f">
+      <type>pass</type>
+      <ipprotocol>inet6</ipprotocol>
+      <descr>Default allow LAN IPv6 to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="bec2cf86-0af1-4cd5-8628-5215de5b0c23">
+      <type>pass</type>
+      <interface>lan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow to Server Network</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <network>opt3</network>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.237</username>
+        <time>1739941759.3207</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739418835.7527</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="20bb58f9-5753-4b7d-9fea-e183a9ff89e8">
+      <type>pass</type>
+      <associated-rule-id>nat_67ba16b66c8d54.75523749</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>lan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp/udp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>127.0.0.1</address>
+        <port>53</port>
+      </destination>
+      <descr>Redirect DNS through Firewall</descr>
+      <category/>
+      <created>
+        <username>kenjreno@192.168.5.1</username>
+        <time>1740248758.4447</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="83f1190c-a9b4-40fe-ba5c-c4658d836e53">
+      <type>pass</type>
+      <interface>lan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow MQTT Dashboard</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>(self)</network>
+        <port>18083</port>
+      </destination>
+      <updated>
+        <username>ken@192.168.5.122</username>
+        <time>1741278252.5283</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>ken@192.168.5.122</username>
+        <time>1741278252.5283</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="36620700-46dd-4f3c-824f-f6937a6072e6">
+      <type>pass</type>
+      <interface>opt3</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow Servers -&gt; LAN Network v4</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <source>
+        <network>opt3</network>
+      </source>
+      <destination>
+        <network>lan</network>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739418940.9601</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739418940.9601</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="737a95d1-f2c6-48a4-bfa0-0279fbffa72d">
+      <type>pass</type>
+      <interface>opt3</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow Servers to Any v4</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <source>
+        <network>opt3</network>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739418979.5863</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1739418887.4939</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="96bf87b1-49c9-4546-a888-fc8a5dcde457">
+      <type>pass</type>
+      <interface>opt3</interface>
+      <ipprotocol>inet6</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow IPv6 to Tunnel Broker</descr>
+      <gateway>TUNNELBROKER_TUNNELV6</gateway>
+      <direction>in</direction>
+      <quick>1</quick>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1740784756.5174</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1740784665.7233</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="8a7aa68a-c541-4237-be77-2da4c8212090">
+      <type>pass</type>
+      <interface>opt4</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow DNS Access</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp/udp</protocol>
+      <source>
+        <network>opt4</network>
+      </source>
+      <destination>
+        <network>(self)</network>
+        <port>Ports_DNS</port>
+      </destination>
+      <updated>
+        <username>ken@192.168.5.122</username>
+        <time>1742387942.3057</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>ken@192.168.5.122</username>
+        <time>1742387942.3057</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="755e3beb-b9dd-408b-8889-3240fa780aec">
+      <type>pass</type>
+      <interface>opt5</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow Tailscale</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <source>
+        <network>opt5</network>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.223</username>
+        <time>1739767144.3324</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.223</username>
+        <time>1739767144.3324</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="6125c54c-4212-49e0-ae1f-e44e53683bfc">
+      <type>pass</type>
+      <interface>opt7</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow DNS Access</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp/udp</protocol>
+      <source>
+        <network>opt7</network>
+      </source>
+      <destination>
+        <network>(self)</network>
+        <port>Ports_DNS</port>
+      </destination>
+      <updated>
+        <username>ken@192.168.5.122</username>
+        <time>1742387923.3043</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>ken@192.168.5.122</username>
+        <time>1742387774.5681</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="5f152c0c-b48d-448b-be88-fc89ca819b28">
+      <type>pass</type>
+      <interface>opt8</interface>
+      <ipprotocol>inet46</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow Tunnelbroker</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <source>
+        <network>opt3</network>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1740782080.7774</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>kenjreno@192.168.5.122</username>
+        <time>1740782080.7774</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+      <disabled>1</disabled>
+    </rule>
+    <rule uuid="eff85891-281f-406b-a068-fd24d2a01239">
+      <type>pass</type>
+      <interface>opt11</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow Servers to Any v4</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <source>
+        <network>opt11</network>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>ken@192.168.5.122</username>
+        <time>1741720202.7631</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>ken@192.168.5.122</username>
+        <time>1741720202.7631</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="b4dbb237-5dd3-4724-934a-07d1b4d90db9">
+      <type>block</type>
+      <interface>opt11</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Deny LAN/Server Access</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <source>
+        <network>opt11</network>
+      </source>
+      <destination>
+        <address>lan,opt3</address>
+      </destination>
+      <updated>
+        <username>ken@192.168.5.122</username>
+        <time>1741715969.9093</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>ken@192.168.5.122</username>
+        <time>1741715969.9093</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+      <disabled>1</disabled>
+    </rule>
+    <rule uuid="9d8629b7-b519-419b-9f07-e011a5c49e3d">
+      <type>pass</type>
+      <interface>opt11</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow Kubernetes to Any</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <source>
+        <network>opt11</network>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>ken@192.168.5.122</username>
+        <time>1741715922.8174</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>ken@192.168.5.122</username>
+        <time>1741712905.7074</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="a7eca768-c480-44d5-a0b9-9220d9e912b3">
+      <type>pass</type>
+      <interface>opt11</interface>
+      <ipprotocol>inet6</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow Kubernetes to Any</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <source>
+        <network>opt11</network>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>ken@192.168.5.122</username>
+        <time>1741715904.7922</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>ken@192.168.5.122</username>
+        <time>1741712928.6766</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+  </filter>
+  <rrd>
+    <enable/>
+  </rrd>
+  <ntpd>
+    <prefer>0.us.pool.ntp.org</prefer>
+    <statsgraph>on</statsgraph>
+  </ntpd>
+  <revision>
+    <username>(system)</username>
+    <description>/usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php made changes</description>
+    <time>1747378803.1677</time>
+  </revision>
+  <OPNsense>
+    <Gateways version="1.0.0">
+      <gateway_item uuid="07f2b00c-89af-452d-8db3-a30ed6efca91">
+        <disabled>0</disabled>
+        <name>WAN_GW</name>
+        <descr>WAN Gateway</descr>
+        <interface>wan</interface>
+        <ipprotocol>inet</ipprotocol>
+        <gateway>71.83.99.145</gateway>
+        <defaultgw>1</defaultgw>
+        <fargw>0</fargw>
+        <monitor_disable>0</monitor_disable>
+        <monitor_noroute>0</monitor_noroute>
+        <monitor>1.1.1.1</monitor>
+        <force_down>0</force_down>
+        <priority>255</priority>
+        <weight>1</weight>
+        <latencylow/>
+        <latencyhigh/>
+        <losslow/>
+        <losshigh/>
+        <interval/>
+        <time_period/>
+        <loss_interval/>
+        <data_length/>
+      </gateway_item>
+      <gateway_item uuid="f4732762-4b98-42fa-ada8-331132188539">
+        <disabled>0</disabled>
+        <name>WAN_DHCP6</name>
+        <descr>Interface WAN_DHCP6 Gateway</descr>
+        <interface>wan</interface>
+        <ipprotocol>inet6</ipprotocol>
+        <gateway/>
+        <defaultgw>1</defaultgw>
+        <fargw>0</fargw>
+        <monitor_disable>0</monitor_disable>
+        <monitor_noroute>0</monitor_noroute>
+        <monitor>2606:4700:4700::1111</monitor>
+        <force_down>0</force_down>
+        <priority>254</priority>
+        <weight>1</weight>
+        <latencylow/>
+        <latencyhigh/>
+        <losslow/>
+        <losshigh/>
+        <interval/>
+        <time_period/>
+        <loss_interval/>
+        <data_length/>
+      </gateway_item>
+      <gateway_item uuid="44e4b8b4-f3c2-4497-a1c1-4ed155d9ea1a">
+        <disabled>0</disabled>
+        <name>TailNet</name>
+        <descr/>
+        <interface>opt5</interface>
+        <ipprotocol>inet</ipprotocol>
+        <gateway>100.124.217.85</gateway>
+        <defaultgw>0</defaultgw>
+        <fargw>0</fargw>
+        <monitor_disable>1</monitor_disable>
+        <monitor_noroute>0</monitor_noroute>
+        <monitor>100.100.100.100</monitor>
+        <force_down>0</force_down>
+        <priority>255</priority>
+        <weight>1</weight>
+        <latencylow/>
+        <latencyhigh/>
+        <losslow/>
+        <losshigh/>
+        <interval/>
+        <time_period/>
+        <loss_interval/>
+        <data_length/>
+      </gateway_item>
+      <gateway_item uuid="ec798944-8ada-4ab0-b33b-a91580bf29b5">
+        <disabled>0</disabled>
+        <name>TUNNELBROKER_TUNNELV6</name>
+        <descr>Interface TUNNELBROKER_TUNNELV6 Gateway</descr>
+        <interface>opt8</interface>
+        <ipprotocol>inet6</ipprotocol>
+        <gateway/>
+        <defaultgw>0</defaultgw>
+        <fargw>0</fargw>
+        <monitor_disable>0</monitor_disable>
+        <monitor_noroute>0</monitor_noroute>
+        <monitor>2001:4860:4860::8888</monitor>
+        <force_down>0</force_down>
+        <priority>250</priority>
+        <weight>1</weight>
+        <latencylow/>
+        <latencyhigh/>
+        <losslow/>
+        <losshigh/>
+        <interval/>
+        <time_period/>
+        <loss_interval/>
+        <data_length/>
+      </gateway_item>
+    </Gateways>
+    <trust>
+      <general version="1.0.1">
+        <store_intermediate_certs>0</store_intermediate_certs>
+        <install_crls>0</install_crls>
+        <fetch_crls>0</fetch_crls>
+        <enable_legacy_sect>1</enable_legacy_sect>
+        <enable_config_constraints>0</enable_config_constraints>
+        <CipherString/>
+        <Ciphersuites/>
+        <SignatureAlgorithms/>
+        <groups/>
+        <MinProtocol/>
+        <MinProtocol_DTLS/>
+      </general>
+    </trust>
+    <DHCRelay version="1.0.1"/>
+    <monit version="1.0.13">
+      <general>
+        <enabled>1</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>smtp.rail-city.com</mailserver>
+        <port>587</port>
+        <username>no-reply@coldsprings.dev</username>
+        <password>91JVutYHdKsGMoT.q24c</password>
+        <ssl>1</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile/>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword/>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="cb7a8a74-7ec5-48a7-b362-78fba1b26807">
+        <enabled>1</enabled>
+        <recipient>ken@blkdoor.com</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder/>
+        <description/>
+      </alert>
+      <service uuid="899b9c69-4e94-4b6a-aa3d-951995915557">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>25cdb1b0-d08d-466c-9dca-6e600270c781,bf58b664-8857-48b4-b90c-d6614d11902c,3f18dfca-35b0-46e3-916e-4d9f9514305d,0ba94dc4-6478-455c-b8b1-1b0450ef9354</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="c2ad66e7-07c2-4cc5-8bc6-f5d351617485">
+        <enabled>1</enabled>
+        <name>RootFs</name>
+        <description/>
+        <type>filesystem</type>
+        <pidfile/>
+        <match/>
+        <path>/</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>0e9ba43e-ec98-4077-b642-1fa069e54ea7</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="f3b3490d-ad62-4996-8600-585cbd86e537">
+        <enabled>0</enabled>
+        <name>carp_status_change</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>e2656eba-4fbd-426a-a6cb-a5f268a0521f</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="6b67b017-87b3-465f-bfae-2ab0a82233f9">
+        <enabled>0</enabled>
+        <name>gateway_alert</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>59ce17ee-a315-49de-8d6e-134fd9ba7913</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="9de33e84-4110-4ae9-87c1-9b306960910b">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="7523b83d-1eb3-4da9-9bc3-80df40768943">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="1e409078-6969-45fd-bb5c-8cee70be049d">
+        <name>NetworkSaturation</name>
+        <type>NetworkInterface</type>
+        <condition>saturation is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="25cdb1b0-d08d-466c-9dca-6e600270c781">
+        <name>MemoryUsage</name>
+        <type>SystemResource</type>
+        <condition>memory usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="bf58b664-8857-48b4-b90c-d6614d11902c">
+        <name>CPUUsage</name>
+        <type>SystemResource</type>
+        <condition>cpu usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="3f18dfca-35b0-46e3-916e-4d9f9514305d">
+        <name>LoadAvg1</name>
+        <type>SystemResource</type>
+        <condition>loadavg (1min) is greater than 4</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="0ba94dc4-6478-455c-b8b1-1b0450ef9354">
+        <name>LoadAvg5</name>
+        <type>SystemResource</type>
+        <condition>loadavg (5min) is greater than 3</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="ad06a4cd-c8b8-46b4-9ddd-76daf351ed88">
+        <name>LoadAvg15</name>
+        <type>SystemResource</type>
+        <condition>loadavg (15min) is greater than 2</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="0e9ba43e-ec98-4077-b642-1fa069e54ea7">
+        <name>SpaceUsage</name>
+        <type>SpaceUsage</type>
+        <condition>space usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="e2656eba-4fbd-426a-a6cb-a5f268a0521f">
+        <name>ChangedStatus</name>
+        <type>ProgramStatus</type>
+        <condition>changed status</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="59ce17ee-a315-49de-8d6e-134fd9ba7913">
+        <name>NonZeroStatus</name>
+        <type>ProgramStatus</type>
+        <condition>status != 0</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <netdata>
+      <general version="0.0.1">
+        <enabled>1</enabled>
+        <listen>127.0.0.1</listen>
+        <port>19999</port>
+      </general>
+    </netdata>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces>lan,opt1,opt2,wan</interfaces>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Alias version="1.0.1">
+        <geoip>
+          <url>https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&amp;license_key=2I5sILOXRtFxiGIG&amp;suffix=zip</url>
+        </geoip>
+        <aliases>
+          <alias uuid="77854fa4-39eb-4280-8fbc-d3e183e23791">
+            <enabled>1</enabled>
+            <name>Host_Docker</name>
+            <type>host</type>
+            <path_expression/>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.10.30</content>
+            <password/>
+            <username/>
+            <authtype/>
+            <categories/>
+            <description>Docker Host</description>
+          </alias>
+          <alias uuid="3d6f827c-7a45-4ff8-bcc4-0bf80fc27c7a">
+            <enabled>1</enabled>
+            <name>Host_Mailserver</name>
+            <type>host</type>
+            <path_expression/>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.10.25
+2001:470:1f05:a::19</content>
+            <password/>
+            <username/>
+            <authtype/>
+            <categories/>
+            <description>Mail Server</description>
+          </alias>
+          <alias uuid="5c561afb-d31f-470a-b070-ac61cdc97b3c">
+            <enabled>1</enabled>
+            <name>Host_MQTT</name>
+            <type>host</type>
+            <path_expression/>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.5.45</content>
+            <password/>
+            <username/>
+            <authtype/>
+            <categories/>
+            <description>MQTT Host</description>
+          </alias>
+          <alias uuid="367b56e9-6001-4895-8435-c66c199b5caa">
+            <enabled>1</enabled>
+            <name>Net_AllowExternal</name>
+            <type>network</type>
+            <path_expression/>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>71.83.99.145/29
+167.154.0.0/16</content>
+            <password/>
+            <username/>
+            <authtype/>
+            <categories/>
+            <description>Allow External Networks</description>
+          </alias>
+          <alias uuid="66667d34-67bb-4c39-bf79-2febcce98fb4">
+            <enabled>1</enabled>
+            <name>RFC1918</name>
+            <type>network</type>
+            <path_expression/>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.0.0/16
+172.16.0.0/12
+10.0.0.0/8</content>
+            <password/>
+            <username/>
+            <authtype/>
+            <categories/>
+            <description>Local Subnets</description>
+          </alias>
+          <alias uuid="74cc526a-513d-4d0e-bc06-864fcec3a452">
+            <enabled>1</enabled>
+            <name>Ports_eMail</name>
+            <type>port</type>
+            <path_expression/>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>25
+465
+587
+143
+995
+110
+993
+4190</content>
+            <password/>
+            <username/>
+            <authtype/>
+            <categories/>
+            <description>Mail Ports</description>
+          </alias>
+          <alias uuid="9c259062-6e8e-4426-80e0-d2d4dbcb5ac1">
+            <enabled>1</enabled>
+            <name>Ports_MQTT</name>
+            <type>port</type>
+            <path_expression/>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>8883
+8084</content>
+            <password/>
+            <username/>
+            <authtype/>
+            <categories/>
+            <description>MQTT Secure Ports</description>
+          </alias>
+          <alias uuid="5cdf7b37-7b26-4129-b058-11db5e5c5d39">
+            <enabled>1</enabled>
+            <name>Ports_Websites</name>
+            <type>port</type>
+            <path_expression/>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>80
+443</content>
+            <password/>
+            <username/>
+            <authtype/>
+            <categories/>
+            <description>Allow access Websites</description>
+          </alias>
+          <alias uuid="c84d1d8b-45c7-4e11-b666-143c91ee309b">
+            <enabled>1</enabled>
+            <name>Ports_DNS</name>
+            <type>port</type>
+            <path_expression/>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>53
+853</content>
+            <password/>
+            <username/>
+            <authtype/>
+            <categories/>
+            <description>Allow Access to DNS</description>
+          </alias>
+        </aliases>
+      </Alias>
+      <Filter version="1.0.4">
+        <rules/>
+        <snatrules/>
+        <npt/>
+        <onetoone/>
+      </Filter>
+      <Category version="1.0.0">
+        <categories/>
+      </Category>
+    </Firewall>
+    <ndproxy version="1.0">
+      <general>
+        <enabled>0</enabled>
+        <ndproxy_uplink_interface/>
+        <ndproxy_downlink_mac_address/>
+        <ndproxy_exception_ipv6_addresses/>
+        <ndproxy_uplink_ipv6_addresses/>
+      </general>
+    </ndproxy>
+    <wireguard>
+      <client version="1.0.0">
+        <clients>
+          <client uuid="b4a304b1-860c-4888-a69d-94f3156e3247">
+            <enabled>1</enabled>
+            <name>TravelRouter</name>
+            <pubkey>vita5XJUJiADjeUy2tL8nXoJaYtBy22D4FFEGTUQaAY=</pubkey>
+            <psk/>
+            <tunneladdress>192.168.5.0/24,192.168.10.0/24</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive>25</keepalive>
+          </client>
+        </clients>
+      </client>
+      <general version="0.0.1">
+        <enabled>1</enabled>
+      </general>
+      <server version="1.0.0">
+        <servers>
+          <server uuid="5b545aca-a127-4939-8b49-c7693d00fe92">
+            <enabled>1</enabled>
+            <name>roadwarrior</name>
+            <instance>0</instance>
+            <pubkey>6B5oRTErX9I7n1U/wtI5vuT/XD7wEb6tE11ga0EFUBM=</pubkey>
+            <privkey>qDqz9Up+GrkdyA7Z/gN9OFkd2NYBAaCRCt2WBI8kj0s=</privkey>
+            <port>51820</port>
+            <mtu/>
+            <dns/>
+            <tunneladdress/>
+            <disableroutes>0</disableroutes>
+            <gateway/>
+            <carp_depend_on/>
+            <peers>b4a304b1-860c-4888-a69d-94f3156e3247</peers>
+            <endpoint/>
+            <peer_dns/>
+          </server>
+        </servers>
+      </server>
+    </wireguard>
+    <MDNSRepeater version="1.0.1">
+      <enabled>0</enabled>
+      <enablecarp>0</enablecarp>
+      <interfaces>lan</interfaces>
+      <blocklist/>
+    </MDNSRepeater>
+    <vnstat>
+      <general version="0.0.1">
+        <enabled>1</enabled>
+        <interface>lan,opt3,opt5</interface>
+      </general>
+    </vnstat>
+    <IDS version="1.1.0">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files>
+        <file uuid="19fc1938-2edd-4d7c-8f32-a4224d849188">
+          <filename>abuse.ch.sslblacklist.rules</filename>
+          <enabled>1</enabled>
+        </file>
+        <file uuid="5d4d8d10-7c52-4cc0-88f1-7f1eade32d6b">
+          <filename>abuse.ch.sslipblacklist.rules</filename>
+          <enabled>1</enabled>
+        </file>
+        <file uuid="5a98c773-5faf-424b-82ac-1570ddf104f2">
+          <filename>abuse.ch.urlhaus.rules</filename>
+          <enabled>1</enabled>
+        </file>
+      </files>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo/>
+        <detect>
+          <Profile/>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+        <eveLog>
+          <http>
+            <enable>0</enable>
+            <extended>0</extended>
+            <dumpAllHeaders/>
+          </http>
+          <tls>
+            <enable>0</enable>
+            <extended>0</extended>
+            <sessionResumption>0</sessionResumption>
+            <custom/>
+          </tls>
+        </eveLog>
+      </general>
+    </IDS>
+    <Kea>
+      <ctrl_agent version="0.0.1">
+        <general>
+          <enabled>0</enabled>
+          <http_host>127.0.0.1</http_host>
+          <http_port>8000</http_port>
+        </general>
+      </ctrl_agent>
+      <dhcp4 version="1.0.3">
+        <general>
+          <enabled>0</enabled>
+          <interfaces>opt4,lan</interfaces>
+          <valid_lifetime>4000</valid_lifetime>
+          <fwrules>1</fwrules>
+          <dhcp_socket_type>raw</dhcp_socket_type>
+        </general>
+        <ha>
+          <enabled>0</enabled>
+          <this_server_name/>
+          <max_unacked_clients>2</max_unacked_clients>
+        </ha>
+        <subnets>
+          <subnet4 uuid="4ac08e5c-0a9c-487e-8ef1-0ea444448e77">
+            <subnet>192.168.5.0/24</subnet>
+            <next_server/>
+            <option_data_autocollect>1</option_data_autocollect>
+            <option_data>
+              <domain_name_servers>192.168.5.159</domain_name_servers>
+              <domain_search>home.arpa</domain_search>
+              <routers>192.168.5.159</routers>
+              <static_routes>192.168.5.1</static_routes>
+              <domain_name>home.arpa</domain_name>
+              <ntp_servers>192.168.5.159</ntp_servers>
+              <time_servers>192.168.5.1</time_servers>
+              <tftp_server_name/>
+              <boot_file_name/>
+            </option_data>
+            <match-client-id>1</match-client-id>
+            <pools>192.168.5.50 - 192.168.5.229</pools>
+            <description>Home</description>
+          </subnet4>
+          <subnet4 uuid="6a36eb1d-1586-4a84-bf9b-b46df1f2d36b">
+            <subnet>192.168.3.0/24</subnet>
+            <next_server/>
+            <option_data_autocollect>1</option_data_autocollect>
+            <option_data>
+              <domain_name_servers/>
+              <domain_search>camera</domain_search>
+              <routers/>
+              <static_routes/>
+              <domain_name>camera</domain_name>
+              <ntp_servers/>
+              <time_servers>192.168.3.1</time_servers>
+              <tftp_server_name/>
+              <boot_file_name/>
+            </option_data>
+            <match-client-id>1</match-client-id>
+            <pools>192.168.3.50 - 192.168.3.100</pools>
+            <description>Cameras</description>
+          </subnet4>
+        </subnets>
+        <reservations>
+          <reservation uuid="2d532966-debd-4e24-a16f-5ca805a19766">
+            <subnet>4ac08e5c-0a9c-487e-8ef1-0ea444448e77</subnet>
+            <ip_address>192.168.5.10</ip_address>
+            <hw_address>00:25:90:f3:5a:aa</hw_address>
+            <hostname>zoey</hostname>
+            <description>Proxmox - Zoey</description>
+          </reservation>
+          <reservation uuid="9e86e688-48c3-46ee-b4b3-2d5e802a480e">
+            <subnet>4ac08e5c-0a9c-487e-8ef1-0ea444448e77</subnet>
+            <ip_address>192.168.5.12</ip_address>
+            <hw_address>00:25:90:F2:19:68</hw_address>
+            <hostname>roxy</hostname>
+            <description>Proxmox - Roxy</description>
+          </reservation>
+          <reservation uuid="6295c3a8-1167-4d26-bfdc-77574066ca66">
+            <subnet>4ac08e5c-0a9c-487e-8ef1-0ea444448e77</subnet>
+            <ip_address>192.168.5.14</ip_address>
+            <hw_address>0C:C4:7A:32:F9:20</hw_address>
+            <hostname>gizmo</hostname>
+            <description>Proxmox - Gizmo</description>
+          </reservation>
+          <reservation uuid="d461a47f-4ab5-4dfb-b6b0-d1937db78bdb">
+            <subnet>4ac08e5c-0a9c-487e-8ef1-0ea444448e77</subnet>
+            <ip_address>192.168.5.49</ip_address>
+            <hw_address>BC:24:11:E9:44:9A</hw_address>
+            <hostname>haos_5</hostname>
+            <description>Home Assistant - Home Net</description>
+          </reservation>
+          <reservation uuid="bd0a0f65-a525-46ff-97e9-2b3e37530ecc">
+            <subnet>4ac08e5c-0a9c-487e-8ef1-0ea444448e77</subnet>
+            <ip_address>192.168.5.48</ip_address>
+            <hw_address>BC:24:11:C1:27:60</hw_address>
+            <hostname>pbx</hostname>
+            <description>3CX PBX</description>
+          </reservation>
+          <reservation uuid="1904232b-f1e3-4cb5-bee4-90bee1725869">
+            <subnet>4ac08e5c-0a9c-487e-8ef1-0ea444448e77</subnet>
+            <ip_address>192.168.5.16</ip_address>
+            <hw_address>0C:C4:7A:95:C8:F6</hw_address>
+            <hostname>jonah</hostname>
+            <description>Proxmox - Jonah</description>
+          </reservation>
+          <reservation uuid="3760511a-41da-4c94-af9d-2c81c0deb383">
+            <subnet>4ac08e5c-0a9c-487e-8ef1-0ea444448e77</subnet>
+            <ip_address>192.168.5.24</ip_address>
+            <hw_address>1C:87:2C:41:19:5F</hw_address>
+            <hostname>joe</hostname>
+            <description>Proxmox - Joe/pve1</description>
+          </reservation>
+          <reservation uuid="7ee710fc-778d-490b-9f4c-70909ca98d3b">
+            <subnet>4ac08e5c-0a9c-487e-8ef1-0ea444448e77</subnet>
+            <ip_address>192.168.5.26</ip_address>
+            <hw_address>D8:9E:F3:47:12:AF</hw_address>
+            <hostname>suzie</hostname>
+            <description>Proxmox - Suzie</description>
+          </reservation>
+          <reservation uuid="da650d10-6d0b-4510-a590-543669a063c3">
+            <subnet>4ac08e5c-0a9c-487e-8ef1-0ea444448e77</subnet>
+            <ip_address>192.168.5.20</ip_address>
+            <hw_address>0C:C4:7A:63:9A:B8</hw_address>
+            <hostname>lacey</hostname>
+            <description>Proxmox - Lacey/pve2</description>
+          </reservation>
+        </reservations>
+        <ha_peers/>
+      </dhcp4>
+      <dhcp6 version="1.0.0">
+        <general>
+          <enabled>0</enabled>
+          <manual_config>0</manual_config>
+          <interfaces/>
+          <valid_lifetime>4000</valid_lifetime>
+          <fwrules>1</fwrules>
+        </general>
+        <ha>
+          <enabled>0</enabled>
+          <this_server_name/>
+          <max_unacked_clients>2</max_unacked_clients>
+        </ha>
+        <subnets/>
+        <reservations/>
+        <pd_pools/>
+        <ha_peers/>
+      </dhcp6>
+    </Kea>
+    <Syslog version="1.0.2">
+      <general>
+        <enabled>1</enabled>
+        <loglocal>1</loglocal>
+        <maxpreserve>31</maxpreserve>
+        <maxfilesize/>
+      </general>
+      <destinations/>
+    </Syslog>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <IPsec version="1.0.4">
+      <general>
+        <enabled/>
+        <preferred_oldsa>0</preferred_oldsa>
+        <disablevpnrules>0</disablevpnrules>
+        <passthrough_networks/>
+        <user_source/>
+        <local_group/>
+      </general>
+      <charon>
+        <max_ikev1_exchanges/>
+        <threads>16</threads>
+        <ikesa_table_size>32</ikesa_table_size>
+        <ikesa_table_segments>4</ikesa_table_segments>
+        <init_limit_half_open>1000</init_limit_half_open>
+        <ignore_acquire_ts>1</ignore_acquire_ts>
+        <install_routes>0</install_routes>
+        <cisco_unity>0</cisco_unity>
+        <make_before_break/>
+        <retransmit_tries/>
+        <retransmit_timeout/>
+        <retransmit_base/>
+        <retransmit_jitter/>
+        <retransmit_limit/>
+        <syslog>
+          <daemon>
+            <ike_name>1</ike_name>
+            <log_level>0</log_level>
+            <app>1</app>
+            <asn>1</asn>
+            <cfg>1</cfg>
+            <chd>1</chd>
+            <dmn>1</dmn>
+            <enc>1</enc>
+            <esp>1</esp>
+            <ike>1</ike>
+            <imc>1</imc>
+            <imv>1</imv>
+            <job>1</job>
+            <knl>1</knl>
+            <lib>1</lib>
+            <mgr>1</mgr>
+            <net>1</net>
+            <pts>1</pts>
+            <tls>1</tls>
+            <tnc>1</tnc>
+          </daemon>
+        </syslog>
+        <plugins>
+          <attr>
+            <subnet/>
+            <split-include/>
+            <x_28674/>
+            <x_28675/>
+            <x_25/>
+            <x_28672/>
+            <x_28673>0</x_28673>
+            <x_28679/>
+            <dns/>
+            <nbns/>
+          </attr>
+          <eap-radius>
+            <servers/>
+            <accounting>0</accounting>
+            <class_group>0</class_group>
+          </eap-radius>
+          <xauth-pam>
+            <pam_service>ipsec</pam_service>
+            <session>0</session>
+            <trim_email>1</trim_email>
+          </xauth-pam>
+        </plugins>
+      </charon>
+      <keyPairs/>
+      <preSharedKeys/>
+    </IPsec>
+    <hwprobe>
+      <general version="0.0.1">
+        <enabled>0</enabled>
+      </general>
+    </hwprobe>
+    <tailscale>
+      <settings version="1.0.0">
+        <enabled>1</enabled>
+        <loginTimeout>10</loginTimeout>
+        <listenPort>41641</listenPort>
+        <acceptDNS>1</acceptDNS>
+        <advertiseExitNode>1</advertiseExitNode>
+        <useExitNode/>
+        <acceptSubnetRoutes>1</acceptSubnetRoutes>
+        <enableSSH>0</enableSSH>
+        <disableSNAT>0</disableSNAT>
+        <subnets>
+          <subnet4 uuid="05d86dc3-e897-4769-85ed-7168860b0fcf">
+            <subnet>192.168.5.0/24</subnet>
+            <description>Home</description>
+          </subnet4>
+          <subnet4 uuid="f9be7625-0bcb-4e22-9334-e8c6f48665ec">
+            <subnet>192.168.10.0/24</subnet>
+            <description>Coldsprings</description>
+          </subnet4>
+        </subnets>
+      </settings>
+      <authentication version="0.0.0">
+        <loginServer>https://headscale.rail-city.net</loginServer>
+        <preAuthKey>a9a6571c76c60a47c3613ea57be273536691de956beaa64d</preAuthKey>
+      </authentication>
+    </tailscale>
+    <Interfaces>
+      <loopbacks version="1.0.0"/>
+      <vxlans version="1.0.2"/>
+      <neighbors version="1.0.0"/>
+    </Interfaces>
+    <cron version="1.0.4">
+      <jobs>
+        <job uuid="b4879549-d595-47bb-bcff-7ec158b94b84">
+          <origin>AcmeClient</origin>
+          <enabled>1</enabled>
+          <minutes>0</minutes>
+          <hours>0</hours>
+          <days>*</days>
+          <months>*</months>
+          <weekdays>*</weekdays>
+          <who>root</who>
+          <command>acmeclient cron-auto-renew</command>
+          <parameters/>
+          <description>AcmeClient Cronjob for Certificate AutoRenewal</description>
+        </job>
+        <job uuid="4001a2b1-4254-42b1-af0c-959218dc8e4b">
+          <origin>cron</origin>
+          <enabled>1</enabled>
+          <minutes>0</minutes>
+          <hours>*/2</hours>
+          <days>*</days>
+          <months>*</months>
+          <weekdays>*</weekdays>
+          <who>root</who>
+          <command>system remote backup</command>
+          <parameters/>
+          <description>Backup Configurations Remotely</description>
+        </job>
+        <job uuid="1a3962d2-465c-4f3c-8bc6-1d0f83636f5b">
+          <origin>cron</origin>
+          <enabled>1</enabled>
+          <minutes>0</minutes>
+          <hours>3</hours>
+          <days>*</days>
+          <months>*</months>
+          <weekdays>4</weekdays>
+          <who>root</who>
+          <command>zfs scrub</command>
+          <parameters>zroot</parameters>
+          <description>Scrub ZFS</description>
+        </job>
+        <job uuid="f5d114f1-3363-4ab5-8a8e-2a620690bd5f">
+          <origin>cron</origin>
+          <enabled>1</enabled>
+          <minutes>42</minutes>
+          <hours>2</hours>
+          <days>*</days>
+          <months>*</months>
+          <weekdays>3</weekdays>
+          <who>root</who>
+          <command>syslog archive</command>
+          <parameters/>
+          <description>Rotate Logs</description>
+        </job>
+        <job uuid="22b6fa06-0146-47ba-9964-4317fa8d576f">
+          <origin>cron</origin>
+          <enabled>1</enabled>
+          <minutes>24</minutes>
+          <hours>1</hours>
+          <days>*</days>
+          <months>*</months>
+          <weekdays>*</weekdays>
+          <who>root</who>
+          <command>firmware poll</command>
+          <parameters/>
+          <description>Firmwarwe Check</description>
+        </job>
+        <job uuid="e83c57e6-071f-4a69-95fc-40eb327c0ba0">
+          <origin>cron</origin>
+          <enabled>1</enabled>
+          <minutes>0</minutes>
+          <hours>0</hours>
+          <days>3</days>
+          <months>*</months>
+          <weekdays>*</weekdays>
+          <who>root</who>
+          <command>ids update</command>
+          <parameters/>
+          <description>Update Intrusion Rules</description>
+        </job>
+        <job uuid="ff489481-0956-4387-b9de-84acf3ac2adf">
+          <origin>cron</origin>
+          <enabled>1</enabled>
+          <minutes>32</minutes>
+          <hours>5</hours>
+          <days>*</days>
+          <months>*</months>
+          <weekdays>*</weekdays>
+          <who>root</who>
+          <command>zfs trim</command>
+          <parameters>zroot</parameters>
+          <description>Daily ZFS Trim</description>
+        </job>
+      </jobs>
+    </cron>
+    <captiveportal version="1.0.4">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <QemuGuestAgent version="1.0.0">
+      <general>
+        <Enabled>1</Enabled>
+        <LogDebug>0</LogDebug>
+        <DisabledRPCs/>
+      </general>
+    </QemuGuestAgent>
+    <unboundplus version="1.0.12">
+      <general>
+        <enabled>1</enabled>
+        <port>53</port>
+        <stats>1</stats>
+        <active_interface>opt4,opt7,opt11,lan,opt3</active_interface>
+        <dnssec>1</dnssec>
+        <dns64>0</dns64>
+        <dns64prefix/>
+        <noarecords>0</noarecords>
+        <regdhcp>1</regdhcp>
+        <regdhcpdomain>home.arpa</regdhcpdomain>
+        <regdhcpstatic>1</regdhcpstatic>
+        <noreglladdr6>0</noreglladdr6>
+        <noregrecords>0</noregrecords>
+        <txtsupport>0</txtsupport>
+        <cacheflush>0</cacheflush>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad>0</enable_wpad>
+      </general>
+      <advanced>
+        <hideidentity>1</hideidentity>
+        <hideversion>1</hideversion>
+        <prefetch>0</prefetch>
+        <prefetchkey>0</prefetchkey>
+        <dnssecstripped>1</dnssecstripped>
+        <aggressivensec>1</aggressivensec>
+        <serveexpired>0</serveexpired>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset>0</serveexpiredttlreset>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict>0</qnameminstrict>
+        <extendedstatistics>0</extendedstatistics>
+        <logqueries>0</logqueries>
+        <logreplies>0</logreplies>
+        <logtagqueryreply>0</logtagqueryreply>
+        <logservfail>0</logservfail>
+        <loglocalactions>0</loglocalactions>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <discardtimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing>0</infrakeepprobing>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl>
+        <enabled>0</enabled>
+        <safesearch/>
+        <type/>
+        <lists/>
+        <whitelists/>
+        <blocklists/>
+        <wildcards/>
+        <address/>
+        <nxdomain/>
+      </dnsbl>
+      <forwarding>
+        <enabled/>
+      </forwarding>
+      <dots/>
+      <hosts>
+        <host uuid="59232b01-45ed-4d3f-999a-e5304c0facd3">
+          <enabled>0</enabled>
+          <hostname/>
+          <domain>mariruth.com</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.10.30</server>
+          <description>Mariruth's Site</description>
+        </host>
+        <host uuid="330a0b42-e97c-46a7-83e0-763bc2f502b4">
+          <enabled>1</enabled>
+          <hostname>filesvr</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.10.7</server>
+          <description>TrueNAS Scale File Server</description>
+        </host>
+        <host uuid="604b705e-0b30-4956-849b-f62cc0e917c9">
+          <enabled>1</enabled>
+          <hostname>pbs</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.5.36</server>
+          <description>Proxmox Backup Server</description>
+        </host>
+        <host uuid="75635f4f-77bd-472d-baf0-f8d92165c0cc">
+          <enabled>1</enabled>
+          <hostname>zoey</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.5.10</server>
+          <description/>
+        </host>
+        <host uuid="f7c0de31-d953-4e36-a7bc-35fd5dc678a1">
+          <enabled>1</enabled>
+          <hostname>roxy</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.5.12</server>
+          <description/>
+        </host>
+        <host uuid="47ed8e1d-6bec-4d42-8d82-3d729e4b14a7">
+          <enabled>1</enabled>
+          <hostname>gizmo</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.5.14</server>
+          <description/>
+        </host>
+        <host uuid="552ede08-b02d-46aa-ba7d-4b407fc0f86e">
+          <enabled>1</enabled>
+          <hostname>jonah</hostname>
+          <domain>coldasprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.5.16</server>
+          <description/>
+        </host>
+        <host uuid="c0c5f09f-75a5-4502-b628-b88d81afb96f">
+          <enabled>1</enabled>
+          <hostname>lacey</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.5.20</server>
+          <description/>
+        </host>
+        <host uuid="c83d7b34-1918-47ba-97b5-283d193a24a0">
+          <enabled>1</enabled>
+          <hostname>pve1</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.5.24</server>
+          <description/>
+        </host>
+        <host uuid="cd6b0236-e34b-4322-891b-404390f4aa6d">
+          <enabled>1</enabled>
+          <hostname>foggy</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.5.22</server>
+          <description/>
+        </host>
+        <host uuid="3dad142a-1e1d-4fcf-81eb-e2325bbac10b">
+          <enabled>1</enabled>
+          <hostname>susie</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.5.26</server>
+          <description/>
+        </host>
+        <host uuid="aff1b64c-f372-498f-a037-9f58eb924688">
+          <enabled>1</enabled>
+          <hostname>rooney</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.7.28</server>
+          <description/>
+        </host>
+        <host uuid="60ce3107-2b4d-4c3b-80aa-4eac0c23e6df">
+          <enabled>1</enabled>
+          <hostname>misty</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.7.30</server>
+          <description/>
+        </host>
+        <host uuid="4157f96a-a776-4c22-b81f-3f231e1116ce">
+          <enabled>1</enabled>
+          <hostname>mqtt</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.10.49</server>
+          <description/>
+        </host>
+        <host uuid="8a3dbb9a-4f3f-4bfd-ae37-3036955dee46">
+          <enabled>1</enabled>
+          <hostname>docker</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.10.30</server>
+          <description>Docker Server</description>
+        </host>
+        <host uuid="a545b572-9b8a-4525-b4ca-d570a15c2421">
+          <enabled>1</enabled>
+          <hostname>fw</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.10.1</server>
+          <description>Main Firewall</description>
+        </host>
+        <host uuid="16a4c0e2-3a8a-4631-bf5a-ad875284e973">
+          <enabled>1</enabled>
+          <hostname>dbnp</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.10.29</server>
+          <description>NonProd MySQL Server</description>
+        </host>
+        <host uuid="23bb0626-618d-49a5-bdde-1182b1f9532f">
+          <enabled>1</enabled>
+          <hostname>dbsvr</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.10.9</server>
+          <description>Production MySQL Server</description>
+        </host>
+        <host uuid="bf772e1f-09a5-44e9-87c7-567dfac00550">
+          <enabled>1</enabled>
+          <hostname>kube</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.10.240</server>
+          <description>KubeCtl Channel</description>
+        </host>
+        <host uuid="b4201dfb-9365-4b22-b3c1-4526452bb900">
+          <enabled>1</enabled>
+          <hostname>office</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.10.30</server>
+          <description>Collabora Office</description>
+        </host>
+        <host uuid="cee47435-8476-4c6d-bafb-fcca5168809c">
+          <enabled>1</enabled>
+          <hostname>haos</hostname>
+          <domain>coldsprings.dev</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <ttl/>
+          <server>192.168.10.49</server>
+          <description>Home Assistant</description>
+        </host>
+      </hosts>
+      <aliases>
+        <alias uuid="6dcbdedb-961b-479c-ad86-19c01855fed9">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>adminer</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+        <alias uuid="3c0877c4-276b-49a4-b35c-4c08719f193f">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>ca</hostname>
+          <domain>coldsprings.dev</domain>
+          <description>Smallstep-ca</description>
+        </alias>
+        <alias uuid="dbc24ef5-2ec0-4249-b728-7e080b29f4fd">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>frigate</hostname>
+          <domain>coldsprings.dev</domain>
+          <description>Frigate</description>
+        </alias>
+        <alias uuid="e7fb7fe5-5162-4306-95e8-0e5627c73813">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>gitlab</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+        <alias uuid="592c230d-2b6c-43f8-9066-6269c1d0fc77">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>graylog</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+        <alias uuid="5109fe6c-754b-4f46-924a-1020902a9f8a">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>heimdall</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+        <alias uuid="4a74c0b2-dd0e-40d5-8fb0-17d1f8b2d5aa">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>homarr</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+        <alias uuid="1ca225ba-ed5f-41cd-b49a-badc730619f4">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>jellyfin</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+        <alias uuid="10798f1a-31c8-4d44-b6b6-8d9976bb7910">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>portainer</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+        <alias uuid="e2f500ed-0a4b-476c-873f-887256d3501e">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>postfixadmin</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+        <alias uuid="99436c95-458b-40cb-aca5-1cf395a18217">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>pwm</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+        <alias uuid="8f30f428-783e-458c-8037-a6fd2ac8ad6f">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>signallapi</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+        <alias uuid="143c322d-c234-4b4a-8965-a9724a54202e">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>sonarr</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+        <alias uuid="3faba734-473d-4100-a252-e11b47829241">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>tautulli</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+        <alias uuid="99c78714-73b4-4f45-98cb-fa4aef359e27">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>traefik</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+        <alias uuid="241df613-79ae-425e-bc59-53e7e0738a46">
+          <enabled>1</enabled>
+          <host>8a3dbb9a-4f3f-4bfd-ae37-3036955dee46</host>
+          <hostname>unifi</hostname>
+          <domain>coldsprings.dev</domain>
+          <description/>
+        </alias>
+      </aliases>
+    </unboundplus>
+    <OpenVPN version="1.0.1">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <TrafficShaper version="1.0.3">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <AcmeClient version="4.2.0">
+      <settings>
+        <enabled>1</enabled>
+        <autoRenewal>1</autoRenewal>
+        <UpdateCron>b4879549-d595-47bb-bcff-7ec158b94b84</UpdateCron>
+        <environment/>
+        <challengePort>43580</challengePort>
+        <TLSchallengePort>43581</TLSchallengePort>
+        <restartTimeout>600</restartTimeout>
+        <haproxyIntegration>0</haproxyIntegration>
+        <haproxyAclRef/>
+        <haproxyActionRef/>
+        <haproxyServerRef/>
+        <haproxyBackendRef/>
+        <logLevel>normal</logLevel>
+        <showIntro>0</showIntro>
+      </settings>
+      <accounts>
+        <account uuid="5f44d980-1238-4f71-b092-29340ef2a5be">
+          <id>67a951a8c761b1.57922271</id>
+          <enabled>1</enabled>
+          <name>LEProduction</name>
+          <description>Let's Encrypt Production</description>
+          <email>letsencrypt@blkdoor.com</email>
+          <ca>letsencrypt</ca>
+          <custom_ca/>
+          <eab_kid/>
+          <eab_hmac/>
+          <key>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBM2VHSk10ZjM2ZDJKL2VsY0RPNDVQQnZhWEN4NmJZK0dGL1V0cE1DMzFyNU5weG5kCk9pZUJNQW9KRmVRTnVtd2gvNGtMS2NTN0NoN1FXc2ptTGNiVW83cTJUK0t2R0piZTlLZ3k1VW81QU5RVzRwTmUKaDR1UVZkQVVhblpWNGFDdlBwSXZnc1p5OS95R1JvWWx0dUhiNGtmdzZ5cFp2RnE0QVlJR2prbkkyRlZJMjRFRwoxMldGNXVMa0kwclphVDNEdXBSbkwzQTVETlRYQXVpbG9yVHp0U0d5Vmg1bFJWYlB5Tzh0a0huUUhPZm43ZnFTClQ3ejhCMTFzcGF3NlpJWnVERDFMaWRsOUxEWkpSdzFEbmhsSFNQWkxoTll6Q0NHN2VLY0d3MkdWcEpuUW5DSFQKTUxEb0lJMUFNclR6ZDlhbTYyZ25CbFVHRkJwbmlIdk1MamlNZzFRQ2ZRRVJqUUZ4TGdJU0Vkc0JSMUYxY2ZubAp2MlNMcUgxNVdMQi9DZWVyRWZNUmptbkU1OWt0bEhKRmQ5UkxITVZ1NUtnR1VnWGZiVkVnN0RNNEtNblRWRG5TCloyRWhuM1hOMnp1bmE3aVdWZk9mVWkwWHdmazJvYVQvRVdmZnpXUUpXczR2MzZCMEh0L09WaWtMTGhOa1pzdkUKcTRXL1pHMVB1N2FrbE9iOGNhcEtVeEtGRU1ubEhFM01DRVJwa1NQU2Q4bEZKMnhnWkwvd0pMb3pYbWR2NHFuZAo0dWVIck40UkZJcWtmY3FKMWVvK1A5cGhxaWVHM0hTQ3VXTzU0Y1ZGN2RYcVlDSVNPR0wxUDRpT0NvSDJvaWQ1CjlEa2pJR1hjMHFzeHJnMHlCS29uL3RTSFYrWWZCWkNKOWFXWENsd1FJYnIrdE50dHRFMEd6QXBZRmc4Q0F3RUEKQVFLQ0FnQkQ0UmM1bEVPMmFyMm9EY2ZJOXVwUW5zN0hTeDRyUFhEUERJVnB0VUdvc3pDTGNnaXhuVnRTNkljTwpDT1pBUll1REl4aGtyMWh2U0swQ1VSckdIMkYzTTR4SjFUWXZCaHp3YVRLazNmZWhic0VQa1BrbTY0WDlFcnJrCk5RNmlCNmdGTXZEUkI4Z3RZTFp0aGVXczFOMFJsV081ZGd2YzZUNEl6QkFZWUs5T3E0eXVCb09peXQ3VG0wOGoKRXVkL1lGTnNWYkZabkhIL29HK2s1cXFobzgwNCtUV1hUaFk2Ujh3cWt5MXoyU2hYWjRVWFU0U0dXM0VaQ2JaTwoydWxFVHJJRkVZMTEvekRob1R2NnZpNlZBL1BBZVFUeWZ4cytuaDg5MG85cG40V0p4VHJDUVVEY1VRcTZ4cXZBCnQ0WVNmL3N4NG51cDNzSU16V1VtSm9WNUVIaS90TU5WS05hbERUSEVBTmxTY0s5QmlaRE96SkEzMysvZUtJOXkKbjBBS0Z1TTZsODJoR0ZieVpGYWxidmkzSWtiYjFNTjBxYW8xTEtEaWNoTkovNUNoK05GYklKS3hYaGwzVDlkWgpta2IrRGNWZnpzVUdzT1ExbnQ4eEZBak1CY29udnZDUTZDeUsyWHJ2QU5sZVJTTyt2RlU0akpUYUJIUG93aWwxCkxDK1B4bGVHaHBEeEtQNnlMdnlDRmRUbmppdHlPMWtaa29mZi9ybHF5U3d6Z2pUdTduaUp3WFdDSE5kS3BRQzAKYnV5U2U2SzI4L2M5N1dMc2ltWnJ3dXpGRjF5aDFvUWpaZnBwcTRNRVRoZ3c1SzU0bGRrcU9UaFdpOUVkKzFXRwpaK2R0aHpGdDV0ZENPV2RlM2tuR2VvaTBtWDM0RHZBY1NBa213cHd0NkJ3WjNodTdGUUtDQVFFQTljUlZJYS9YCmw4cTI2NzNrM3gxVklGVHV5NllybUMrUWxMeGhWZDY1Skdld0I4dXA4NkFZc3h2ZnhyK0crTTkvelU3N2xZbUYKMEEvZnAvTWdwS2FPdGt1V2cxWWxwaEx5UlNUenczOEs1WVEvdWh1VHpuU05BNVFDTlRPaVhIZlNGSVJaU1dUTQp4eDdmaTVHY3ZMTGNrdlRBQlJyS29SMTZjNDdHZlVIZEFQZFozMFN6SWFjM09LS2dmYlBTN1ZEdTlqNzZTNzV4CjBKY0FpTEo5WFJrWHc2SEN3Y25ObDRGQTNqME9DYWdIaWY3VS9FWkdnTEJ6SlNFNmRnRTd2MVJvN0xUdjhzUXMKOXQ2OC9oL3NWSGZIWWdlSUIvb3ZDSERTODBiNVRRM2dxMmlKWFBGVG0wVVJVQVVjTlVlMmllMG94Z1NJUkNLVQpXZWo5dFZtNmcwRm9hd0tDQVFFQTV4NlpnbGRDVlVzYTBrR2VtbnZ6ZFUvdCtpalJobTQxNVluT3E5Nld5UnRwClNUYXpCMjlTbFR5YXBZSGtWT2R2UE5jcmVRVDJRalZIT3hzZE1Zcjh3NDBhd0N3cFRyR3QxTG1wMWEyN3lIL1UKaDRnYXcwckYxY2x3ZWwvM3d0V3Y4MGgxekNac3dlRldDTGE1anFRR0Z5NHUyZk9XMVI2cjJaem9qLzJjdjJ4dgpoNm1tcnZPYTNhblJQNDV4OXJBNzVKei9UaEs0a0NzbkQzWUh3b2QyajVZNHdQOVZiTFhrU3dSUStWREVOcHROCkpmRmNnaEwvQjFBMk5JOTQwNm1CZzRrWWVEa0Jmb2diWGlMbVNtaHBJZGIwd2Y3T1dYMU1EblNhZno1NThGOU8KQ01EMHhpR2tnalp0SmQ4ckhkbzlxUVJad1NkVjM5OExCclcrc0tZQjdRS0NBUUJVZi9XWlNJRkM0bUwwT08wcApQVWVZZnpzL2I5bkxVSWRRYkZpM0VvWHJtMjd0cnp1MjFSUEkrVXQrWlRtOThISUxvQjFtTTh0N1Z3bmFFQURvCk81QVQ0M2RUbnRvQStNQ3R2MS9FbHJpalkwNFo2Z051MTZub1VncFVTbldIZjNjT3NOYVdJbjg1ODBaL0VVaW4KcElPc1QxUjZMTlVBZ2tjbzFpMHV3ZWQvdm92NjlQNzJFaTB0WHRUNWcwdUJadk5TWFNMbnlnb040dTAvRXNlQgpxKy84eG5CVSt0S2lSY0dNNThjYzBOWU92enh4cEtQMitUUU56eGZ2bk1yekpNMlNuVDltNDhabDl2MWFEcFhPCkVRVFBrckZWdE5KWS81bTRKVzN2N1ZhUytMVko3SHVIaGo3R21Zc3lVbjdUZTJRcWVVSjAwc0xaQ3YrNFM2cVMKR0hvVEFvSUJBUUM2ZG51UEp1dERlU2FZZjR5QVFvUjNIeGQyZmp3YzR3bmt1THZlK2VSWk9CNUhqVFAvU1pjdApCQW9ZZ2FVL3dzQ0NLMjdOWW0xem1SeHcyVDFDWFVuMFV3RkVEZHo5dW1mdWVpUkZXcmRuMllvVUZvRFJFcUJ1CkRPa01NaVRvTWhLVWl0OU81NmxTK29PNDRBTHd5L0NGL3lLWmdPY3Q1bUxyWEtaY2xWWkRNaThCR3FSNS9kdngKL2pIdHZ2UysvQXcyTTF2ZkYwZUVPT3g0a3RkTDRKS000YnZFS2J3M3lyLzJyZkxPVXBVYklVeXEwZ0c2aDZ6dApyNDhyOUp5YzErSy94bm5SZE54NXcwR2hQekxnMFVBUXB5WXM1WENCem83d0VxOGEvY0xQWlhURnB6ZFVLb3hZCjZhUkJxNzFUaG1HODNOKzA4QkZlWHNxOGpTRGR6L0U1QW9JQkFRQ1BvSytkR0twOHhmY1B4bU1FdmlHM0FxblgKQmRXUmgzcHF3ZjZmcUpoeDhabENnTUZBTkUwSjVLcDBkVFRxcDdsejJNUnBSRDNhYmZodEVJQTRJNmRwUWswNwpjaEQwdHplWFExNWV1S1IzZXI3UkcyWnpjUVZYWEJqdkRGYkhHa1VLUWhoV1lDbWtySFpJWWx4Vjh3L1ZUL0dQCkp1UUE3VWVranE1a1I5MXg1K2l3bm5taXlGSVVSYUhlZGtiNElkNjNNcUxPRmFyOUVzMTJxZTl1MHlTMzZOR2kKdTdubzNqSkREbzVqb1liTzRwSHZ4MWViRmdnUmpGY09MS2t1UXE3MXhOaGJXVXpsc05DOXNwYkprbzZ4TndlVgo3d0h2VEpIekdJTWRCR3A0eUZXditDSEQ0eEtuZnR6SkFHY2FsZEVtZHF1N3ZITTZsZlFoZTNoN1R0TGYKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K</key>
+          <statusCode>200</statusCode>
+          <statusLastUpdate>1739149868</statusLastUpdate>
+        </account>
+        <account uuid="b3dd5da6-5b9e-4697-aef8-4304e4d5ca0b">
+          <id>67a95223cb8428.09564898</id>
+          <enabled>1</enabled>
+          <name>LEStaging</name>
+          <description>Let's Encrypt Staging/Dev</description>
+          <email>letsencrypt@blkdoor.com</email>
+          <ca>letsencrypt_test</ca>
+          <custom_ca/>
+          <eab_kid/>
+          <eab_hmac/>
+          <key>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKSmdJQkFBS0NBZ0VBdDFLTHRHTlppaHBrZ2RvaGZ4U1ErNmdhdlVOWVRwbThncm5VNXM4THlYVHJaK0krClpUcmpGYVlaTGUrTzlHQW8wWHVBRU5nVmJQeGpRNDQrb2NaWUhPN09OeW5laWZVcHN1b0tjR3pjcXZ5Y1UzZmkKTEZBWkxUTDh0TWI2Z0Z6alVEb1Z6bWpTUklHYnlQZ2RScksveGY2b3ZRM0didVgwY2tlUm9rUTlabU44dG5YYwpQZTZha21yN1JMZW9Mbk15Y3N1bVlySmZYajNPYjR4L0V4OUJOeitPNDdlSWQ4ZGNJS0lPY1VaUTJ2djNwd0RzCnJoZ0hwdjhESWluNEtQaWlTbndpaUsxczRBdlRHeEFDYVdlV3A2QmtZV1paYU5MSTNld1dOb3JIcGxOQm5aQXUKNHZla1o4cXdneEpjcGdpU2diQ2Q4M2tOeW9hRFlYeXN2b1hPUVB4VjJwNEp2OVh3RmdPM2RZMi9vNWJtbWI0bQpJcUZTaW91dHZGajJvNStiQUowS3pHdVVETFQ0SlZQaDg3dzU3K3M2WEtlSjNUYitkSXQxbmxEczdWbzliTnZnClFXSWtqMjdDV0M2L0JpVmgyei9vQWhZNS9NNVNOQ1FZUW9BL0o4OHFkZVNTTVo2eDNvOEM2c0c5VmhiNUtLemQKbmRMSFByZ0JSYTgvelM5TmMydjQxWFlwenFtMUYwUm5KNDlUTDhnVHJzVU9yN3BjTEtrWkM0dS93Q2h5WFhPMwpFR3BuYXFSelZ2NzZQNXJFNXRPSXNOcUlkcSs3anVmQ3Z5MkIwaDM0bWJ4T0t5ZE0xdnQvcGN5NS9kRnc1WjdOCktndkdMeWZHM1IvdDVLdjNvQ3hkdmt6R1pzSUswR1FxbDh2MTczYkc2YVEyWm9ZM0xJMlZGQUtrbDY4Q0F3RUEKQVFLQ0FmOUFGeHZBZFB0WXpPRldoR3d4Z1g4dWZCYmRGQzVMVEhRYlA5eXUxTFBLT3BZU080YVUzWUdHa0FzOQpoQUwyYktmWWxOU3hEdHB1djgzMFVFYVZTRUtGMnZjOVVlWDdWVHErMGhQVU9qcnJqR1VheVU3Skx6ZWVGYlZECmZrMFZrMlBsS0dsM1FDNUN4UTB4dFl5R3F2ZGd3U2M4OFJQdXNYWkVmY0RzZWU3OVhNcTgvM2VBTDJyYXhZd1MKK2lKU0d2UUlMaXA5VnQ4QWs1c1laSVlJcVdTamJCVUloNkd1UG9SMjVERW9hT3pib2p0eXAyQVhmVTh2a3ZnRgplYWJJckNRUTVsVXNjM1VjM3dWdThLbm5MOC83eXBkTmRmck1LdVVPc1BzVEZuRzJOR1U4TUt3enJXQk02US9NCnd4Nmc3VjVLK1BRL3FwS251MTh6TmVNdXVKamloZUhDOEozMUxMVDBkRld5UU9vK25SNmdhQ29iWWJOcU5CYW0KMU1yYWVKUUNiTi9PZE9FOC9RTEFHN3ZUclBmOXBycjUzZjFDdTdhOVJycnNCaXMwbDducStRYjhMc3hjRm9EMApZV25MY29rVFZGWU5SNXBQL2dLUkFxdGM1L3ZMVk5lZksxcDJMQkIwTi8vV2lSWnNvelJlWWgvVW8wWGdZMklCCjJqbUozV1RzY0JtS2grUm9yeVl3QWd0M01lQnFvbUZCN0VBOXp5MkFvNzkvZkhEbEk2Z2hIYlVIanZPT1lTcUcKKzYrZE9MS0pHYUJkUlc1dEFnTGpCUk9zakFRTGJIcmVsNDJURDBBODRsNnBQODBuVTRvd1NtSE9jRnlpMjFTNwp1YTJFL1lhaU51cU9aa1h5SjBOd01KcG4wNGtXVEdQYkZUT2FEalhmcEU4K3B0RkZBb0lCQVFEK2sraTRtRUdZCnl4d0FxcGY2VWtPWjltTFhETnNjUUJaU1AvQ1I4V1NSdC9Sdmp6Qk15bFMwdGRGMDVjMUc4ZnVDcXJyZTZPV1UKelNiZDRnT0xuNnVrU2M3RFVBVzdSaUNiczE3L3JBMjVJZWZ5dFlKVkVlS09RbWlnWHBBQkR0RERmaFVlbFRUVwpMVS9aUTdoQjB5azZic25BSU04MDNoSmc5RHJZejN1bDRJUHh4VmozSnlzaWcvTU45bEV5Z1FnN0F6bHhRamdqCkh6cnMyMTRuN3NIVVhOK1h2Zmx5RFhZN0FldkNYbWhpKzExajN2R3VyMUdGWEYzQ2tnMFludUlaUi9hU3RFL1MKYjdBdkVlc1VOOGdWSGlHdEViaFFTVXk4L1hKVllhS21SWlJwUEhVbzE0SHJvckNYRWgvSnpEcXVVb1ZQYzNvZwo2Q2gxZUppdDNIZWRBb0lCQVFDNFdMcWhKSTZSRGJreGF0TlA1QldKZTY3MS8zOHFGMU9hcTdVZjJkQXRpOXo0CjVqV2gxSnBZTjZJd2pNaFRpckpIQ05UOXBPUm5vTzlRcys1c1h6RTdKeExNNitKaGFRbWJyQ3VTSWpOMVVRd0EKT0k4bnI3UnZ3OVFKZkkvMDV0UC8xMnJBVnJhaDFFbEFtMGZhT21FaVAvdjk2MlFJNEkwaFpKVGtFNnRoa3JtYwpkVldDRDY3QU80VUR1R3ZZUkQvVko2YUVablNPNDJIUGkvRmVSUzFMV3MwckdaRTBlUmM0TG5ldWFZR3NLM3UyCnRVb3d1UjR3UmNBU3M3ZHl2QStucUtYUkp2ZWMzeWxGcjJNajRPRDlqc29tY2pwM3llWVZFaGtjVWxuYXFSdzgKalRRM0ExdkFXdjJjV2Z2SkgvRlRQd2pnd1BjYURBQTU2VkgzcEppN0FvSUJBSDB6Y3VXdUE3eklUeXBJdTl1aApMNXY5bjVpUnV3VEd3L09KZkovWjd4TDNQR0ROTS96Z0dRNlN5TU5MN1V2eDREYmdEbTFvYnRoaW1MWFEzTnVECkdHQUE2STRId2ZuYlFGZ3l2QXJUckNBYmU3NVM1QmxBWllKL1NJTnVYallXK2piYXdEbzlPVElJTU5meVJTRWkKWDRsY1NSNlRSRFNFN3RiOTVoOFEwNGU5eGtaV1B5MjE5ckhQNE81QjhLYjg3SFpSWEtQRjVHUHBqUXBGektXbwo5MnlnakZwTlZPdHhrVzd0dit2a2tFUDF5WFUvaE83YlRDVmhTcjlSSXQyejdoQnU0dVk5aFhCQis0ejZxL2xTCmdiVlpEMGpWaVNiN0ZhRndxQlV6b2xGUnNPNmNqQ1ljN3NsYlJxdlZmd3E0eFRkTVlFRzEwaDl5N2Nyd0YyNlMKR2NVQ2dnRUFCYWpUc2ZiSldiS3VLTkk2d28waURDSjc4Smx6Y2Z0ZFdiWkR6VUtHblo5Wm5WcVQ4dS92L1IxWQpJVjF4R1A5OUVhazN3TUc3TVdORGRaclFpd3N4Rzd2TFcvY3g4QU9sZzkzNVNIYzhWVEd6eUozejV5Z0J4aHlnCitkbVZJZE9rVm9wcWdKVW83amJ5T01XTG95dC9wK21HOXZpdkRZYTNUbnNrQnd5RGltOVN1M2J1dFJ0K0pmQ3QKMkx0a3RETUVNcXNROWFlZmxITnVvVXlPa0hKWFBhVC8vMzY5Y25yMU40aFZyRWtZN2d3M3RCaEV1dEkwRnc5TgpJa1hhTCsrT0czdVYrNkhTb0VKSnBoWUlXU1dpUXFhTGxqcVRpUEh0MmwrLzNacTVuM2pwb1FKRXhCdWFTWUdCCm43Y3pmNjAzWDNMajl1SjFzNXNDdHNSdSs4ZFYyUUtDQVFCSUpYM3ZvL2JvcmxvSVN4V3hBZGlucU85amVYQSsKSDhyOW5ldWNGYmZIUHl3aEJNRnMwVk5ld0hZNmI2QzRFN1hkVDU5OWRoZWg3VVZVRVcxUy9UL3NKcThjb3Q0OApXWWNlUTgyQVMzZTRtNTF0Q3MvWDFXMWl3WURFRjZPVVV5Z0l1RFRDaXpSdlQ4YTdPMGttTHdHTVVZdi9YRStkClRQQ01SSVp2T3F6SEY4SFlReDRENTAyZTBCMUsxWVlFS0ZGVGxSMVdla1ZNQnUzUS9FTkYrdHBDS2lLczZYdjIKR2F0ME93ei96OHZvYzJRZW5hREJjelNNOXpVQ1NGN0M3bWNSRWRBSFVWZW9IZ1hUYmJNWFJZVkE0MWxhRVgzawpWY3JWTjdycGs2MUNuNExuSXhTYms1ckRkamtaUHlLWkpyZDJ5WVNkR0FFZk5NSzExekJwM1J6UQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=</key>
+          <statusCode>200</statusCode>
+          <statusLastUpdate>1739149871</statusLastUpdate>
+        </account>
+      </accounts>
+      <certificates>
+        <certificate uuid="b044a890-123d-4979-8798-d6db99d2fff5">
+          <id>67a95302cb4297.16727540</id>
+          <enabled>1</enabled>
+          <name>rno1.rail-city.net</name>
+          <description>Firewall Certificate</description>
+          <altNames>rno1.rail-city.net</altNames>
+          <account>5f44d980-1238-4f71-b092-29340ef2a5be</account>
+          <validationMethod>8200f583-9c30-40ab-ac16-8bc3afdcf99b</validationMethod>
+          <keyLength>key_ec384</keyLength>
+          <ocsp>0</ocsp>
+          <restartActions>9fabe4b7-2d20-437d-94f3-c10d74eabcf1</restartActions>
+          <autoRenewal>1</autoRenewal>
+          <renewInterval>60</renewInterval>
+          <aliasmode>none</aliasmode>
+          <domainalias/>
+          <challengealias/>
+          <certRefId>67a9532677f13</certRefId>
+          <lastUpdate>1739150118</lastUpdate>
+          <statusCode>400</statusCode>
+          <statusLastUpdate>1747378803</statusLastUpdate>
+        </certificate>
+      </certificates>
+      <validations>
+        <validation uuid="8200f583-9c30-40ab-ac16-8bc3afdcf99b">
+          <id>67a952c254adc9.13558747</id>
+          <enabled>1</enabled>
+          <name>PowerDNS</name>
+          <description>PowerDNS</description>
+          <method>dns01</method>
+          <http_service>opnsense</http_service>
+          <http_opn_autodiscovery>1</http_opn_autodiscovery>
+          <http_opn_interface/>
+          <http_opn_ipaddresses/>
+          <http_haproxyInject>1</http_haproxyInject>
+          <http_haproxyFrontends/>
+          <tlsalpn_service>acme</tlsalpn_service>
+          <tlsalpn_acme_autodiscovery>1</tlsalpn_acme_autodiscovery>
+          <tlsalpn_acme_interface/>
+          <tlsalpn_acme_ipaddresses/>
+          <dns_service>dns_pdns</dns_service>
+          <dns_sleep>0</dns_sleep>
+          <dns_active24_token/>
+          <dns_ad_key/>
+          <dns_ali_key/>
+          <dns_ali_secret/>
+          <dns_autodns_user/>
+          <dns_autodns_password/>
+          <dns_autodns_context/>
+          <dns_aws_id/>
+          <dns_aws_secret/>
+          <dns_azuredns_subscriptionid/>
+          <dns_azuredns_tenantid/>
+          <dns_azuredns_appid/>
+          <dns_azuredns_clientsecret/>
+          <dns_bunny_api_key/>
+          <dns_cf_email/>
+          <dns_cf_key/>
+          <dns_cf_token/>
+          <dns_cf_account_id/>
+          <dns_cf_zone_id/>
+          <dns_cloudns_auth_id/>
+          <dns_cloudns_sub_auth_id/>
+          <dns_cloudns_auth_password/>
+          <dns_cx_key/>
+          <dns_cx_secret/>
+          <dns_cyon_user/>
+          <dns_cyon_password/>
+          <dns_da_key/>
+          <dns_da_insecure>1</dns_da_insecure>
+          <dns_ddnss_token/>
+          <dns_dgon_key/>
+          <dns_dnsexit_auth_user/>
+          <dns_dnsexit_auth_pass/>
+          <dns_dnsexit_api/>
+          <dns_dnshome_password/>
+          <dns_dnshome_subdomain/>
+          <dns_dnsimple_token/>
+          <dns_dnsservices_user/>
+          <dns_dnsservices_password/>
+          <dns_doapi_token/>
+          <dns_do_pid/>
+          <dns_do_password/>
+          <dns_domeneshop_token/>
+          <dns_domeneshop_secret/>
+          <dns_dp_id/>
+          <dns_dp_key/>
+          <dns_dh_key/>
+          <dns_duckdns_token/>
+          <dns_dyn_customer/>
+          <dns_dyn_user/>
+          <dns_dyn_password/>
+          <dns_dynu_clientid/>
+          <dns_dynu_secret/>
+          <dns_freedns_user/>
+          <dns_freedns_password/>
+          <dns_fornex_api_key/>
+          <dns_gandi_livedns_key/>
+          <dns_gandi_livedns_token/>
+          <dns_gcloud_key/>
+          <dns_googledomains_access_token/>
+          <dns_googledomains_zone/>
+          <dns_gd_key/>
+          <dns_gd_secret/>
+          <dns_hostingde_server/>
+          <dns_hostingde_apiKey/>
+          <dns_he_user/>
+          <dns_he_password/>
+          <dns_infoblox_credentials/>
+          <dns_infoblox_server/>
+          <dns_inwx_user/>
+          <dns_inws_password/>
+          <dns_inwx_password/>
+          <dns_inwx_shared_secret/>
+          <dns_ionos_prefix/>
+          <dns_ionos_secret/>
+          <dns_ipv64_token/>
+          <dns_ispconfig_user/>
+          <dns_ispconfig_password/>
+          <dns_ispconfig_api/>
+          <dns_ispconfig_insecure>1</dns_ispconfig_insecure>
+          <dns_jd_id/>
+          <dns_jd_region/>
+          <dns_jd_secret/>
+          <dns_joker_username/>
+          <dns_joker_password/>
+          <dns_kinghost_username/>
+          <dns_kinghost_password/>
+          <dns_knot_server/>
+          <dns_knot_key/>
+          <dns_lexicon_provider>cloudflare</dns_lexicon_provider>
+          <dns_lexicon_user/>
+          <dns_lexicon_token/>
+          <dns_limacity_apikey/>
+          <dns_linode_key/>
+          <dns_linode_v4_key/>
+          <dns_loopia_api>https://api.loopia.se/RPCSERV</dns_loopia_api>
+          <dns_loopia_user/>
+          <dns_loopia_password/>
+          <dns_lua_email/>
+          <dns_lua_key/>
+          <dns_miab_user/>
+          <dns_miab_password/>
+          <dns_miab_server/>
+          <dns_me_key/>
+          <dns_me_secret/>
+          <dns_mydnsjp_masterid/>
+          <dns_mydnsjp_password/>
+          <dns_mythic_beasts_key/>
+          <dns_mythic_beasts_secret/>
+          <dns_namecheap_user/>
+          <dns_namecheap_api/>
+          <dns_namecheap_sourceip/>
+          <dns_namecom_user/>
+          <dns_namecom_token/>
+          <dns_namesilo_key/>
+          <dns_nederhost_key/>
+          <dns_netcup_cid/>
+          <dns_netcup_key/>
+          <dns_netcup_pw/>
+          <dns_njalla_token/>
+          <dns_nsone_key/>
+          <dns_nsupdate_server/>
+          <dns_nsupdate_zone/>
+          <dns_nsupdate_key/>
+          <dns_oci_cli_user/>
+          <dns_oci_cli_tenancy/>
+          <dns_oci_cli_region/>
+          <dns_oci_cli_key/>
+          <dns_online_key/>
+          <dns_opnsense_host>localhost</dns_opnsense_host>
+          <dns_opnsense_port>443</dns_opnsense_port>
+          <dns_opnsense_key/>
+          <dns_opnsense_token/>
+          <dns_opnsense_insecure>0</dns_opnsense_insecure>
+          <dns_ovh_app_key/>
+          <dns_ovh_app_secret/>
+          <dns_ovh_consumer_key/>
+          <dns_ovh_endpoint/>
+          <dns_pleskxml_user/>
+          <dns_pleskxml_pass/>
+          <dns_pleskxml_uri/>
+          <dns_pdns_url>http://192.168.10.30L8081</dns_pdns_url>
+          <dns_pdns_serverid>localhost</dns_pdns_serverid>
+          <dns_pdns_token>61beccca-d8ea-4e90-817e-8d00e39ca10c</dns_pdns_token>
+          <dns_porkbun_key/>
+          <dns_porkbun_secret/>
+          <dns_sl_key/>
+          <dns_selfhost_user/>
+          <dns_selfhost_password/>
+          <dns_selfhost_map/>
+          <dns_servercow_username/>
+          <dns_servercow_password/>
+          <dns_simply_api_key/>
+          <dns_simply_account_name/>
+          <dns_transip_username/>
+          <dns_transip_key/>
+          <dns_udr_user/>
+          <dns_udr_password/>
+          <dns_uno_key/>
+          <dns_uno_user/>
+          <dns_vscale_key/>
+          <dns_vultr_key/>
+          <dns_yandex_token/>
+          <dns_zilore_key/>
+          <dns_zm_key/>
+          <dns_gdnsdk_user/>
+          <dns_gdnsdk_password/>
+          <dns_acmedns_user/>
+          <dns_acmedns_password/>
+          <dns_acmedns_subdomain/>
+          <dns_acmedns_updateurl/>
+          <dns_acmedns_baseurl/>
+          <dns_acmeproxy_endpoint/>
+          <dns_acmeproxy_username/>
+          <dns_acmeproxy_password/>
+          <dns_variomedia_key/>
+          <dns_schlundtech_user/>
+          <dns_schlundtech_password/>
+          <dns_easydns_apitoken/>
+          <dns_easydns_apikey/>
+          <dns_euserv_user/>
+          <dns_euserv_password/>
+          <dns_leaseweb_key/>
+          <dns_cn_user/>
+          <dns_cn_password/>
+          <dns_arvan_token/>
+          <dns_artfiles_username/>
+          <dns_artfiles_password/>
+          <dns_hetzner_token/>
+          <dns_hexonet_login/>
+          <dns_hexonet_password/>
+          <dns_1984hosting_user/>
+          <dns_1984hosting_password/>
+          <dns_kas_login/>
+          <dns_kas_authdata/>
+          <dns_kas_authtype>plain</dns_kas_authtype>
+          <dns_desec_token/>
+          <dns_desec_name/>
+          <dns_infomaniak_token/>
+          <dns_zone_username/>
+          <dns_zone_key/>
+          <dns_dynv6_token/>
+          <dns_cpanel_user/>
+          <dns_cpanel_token/>
+          <dns_cpanel_hostname/>
+          <dns_regru_username/>
+          <dns_regru_password/>
+          <dns_nic_username/>
+          <dns_nic_password/>
+          <dns_nic_client/>
+          <dns_nic_secret/>
+          <dns_world4you_username/>
+          <dns_world4you_password/>
+          <dns_aurora_key/>
+          <dns_aurora_secret/>
+          <dns_conoha_user/>
+          <dns_conoha_password/>
+          <dns_conoha_tenantid/>
+          <dns_conoha_idapi>https://identity.xxxx.conoha.io/v2.0</dns_conoha_idapi>
+          <dns_constellix_key/>
+          <dns_constellix_secret/>
+          <dns_exoscale_key/>
+          <dns_exoscale_secret/>
+          <dns_internetbs_key/>
+          <dns_internetbs_password/>
+          <dns_pointhq_key/>
+          <dns_pointhq_email/>
+          <dns_rackspace_user/>
+          <dns_rackspace_key/>
+          <dns_rage4_token/>
+          <dns_rage4_user/>
+          <dns_scaleway_token/>
+        </validation>
+      </validations>
+      <actions>
+        <action uuid="9fabe4b7-2d20-437d-94f3-c10d74eabcf1">
+          <id>67a9517633ce87.60895539</id>
+          <enabled>1</enabled>
+          <name>Restart UI</name>
+          <description>Restart Main GUI</description>
+          <type>configd_restart_gui</type>
+          <sftp_host/>
+          <sftp_host_key/>
+          <sftp_port>22</sftp_port>
+          <sftp_user/>
+          <sftp_identity_type/>
+          <sftp_remote_path/>
+          <sftp_chgrp/>
+          <sftp_chmod/>
+          <sftp_chmod_key/>
+          <sftp_filename_cert/>
+          <sftp_filename_key/>
+          <sftp_filename_ca/>
+          <sftp_filename_fullchain/>
+          <remote_ssh_host/>
+          <remote_ssh_host_key/>
+          <remote_ssh_port>22</remote_ssh_port>
+          <remote_ssh_user/>
+          <remote_ssh_identity_type/>
+          <remote_ssh_command/>
+          <configd/>
+          <configd_generic_command/>
+          <acme_synology_dsm_hostname/>
+          <acme_synology_dsm_port>5000</acme_synology_dsm_port>
+          <acme_synology_dsm_scheme>http</acme_synology_dsm_scheme>
+          <acme_synology_dsm_username/>
+          <acme_synology_dsm_password/>
+          <acme_synology_dsm_create>1</acme_synology_dsm_create>
+          <acme_synology_dsm_deviceid/>
+          <acme_synology_dsm_devicename/>
+          <acme_synology_dsm_otpcode/>
+          <acme_fritzbox_url/>
+          <acme_fritzbox_username/>
+          <acme_fritzbox_password/>
+          <acme_panos_username/>
+          <acme_panos_password/>
+          <acme_panos_host/>
+          <acme_proxmoxve_user>root</acme_proxmoxve_user>
+          <acme_proxmoxve_server/>
+          <acme_proxmoxve_port>8006</acme_proxmoxve_port>
+          <acme_proxmoxve_nodename/>
+          <acme_proxmoxve_realm>pam</acme_proxmoxve_realm>
+          <acme_proxmoxve_tokenid>acme</acme_proxmoxve_tokenid>
+          <acme_proxmoxve_tokenkey/>
+          <acme_truenas_apikey/>
+          <acme_truenas_hostname>localhost</acme_truenas_hostname>
+          <acme_truenas_scheme>http</acme_truenas_scheme>
+          <acme_unifi_keystore>/usr/local/share/java/unifi/data/keystore</acme_unifi_keystore>
+          <acme_vault_url/>
+          <acme_vault_prefix>acme</acme_vault_prefix>
+          <acme_vault_token/>
+          <acme_vault_kvv2>1</acme_vault_kvv2>
+        </action>
+        <action uuid="3fff943a-9750-497c-b0c9-e2b2faae6140">
+          <id>67ab79845c74d1.92930317</id>
+          <enabled>1</enabled>
+          <name>Truenas</name>
+          <description>Truenas Certificate</description>
+          <type>acme_truenas</type>
+          <sftp_host/>
+          <sftp_host_key/>
+          <sftp_port>22</sftp_port>
+          <sftp_user/>
+          <sftp_identity_type/>
+          <sftp_remote_path/>
+          <sftp_chgrp/>
+          <sftp_chmod/>
+          <sftp_chmod_key/>
+          <sftp_filename_cert/>
+          <sftp_filename_key/>
+          <sftp_filename_ca/>
+          <sftp_filename_fullchain/>
+          <remote_ssh_host/>
+          <remote_ssh_host_key/>
+          <remote_ssh_port>22</remote_ssh_port>
+          <remote_ssh_user/>
+          <remote_ssh_identity_type/>
+          <remote_ssh_command/>
+          <configd/>
+          <configd_generic_command/>
+          <acme_synology_dsm_hostname/>
+          <acme_synology_dsm_port>5000</acme_synology_dsm_port>
+          <acme_synology_dsm_scheme>http</acme_synology_dsm_scheme>
+          <acme_synology_dsm_username/>
+          <acme_synology_dsm_password/>
+          <acme_synology_dsm_create>1</acme_synology_dsm_create>
+          <acme_synology_dsm_deviceid/>
+          <acme_synology_dsm_devicename/>
+          <acme_synology_dsm_otpcode/>
+          <acme_fritzbox_url/>
+          <acme_fritzbox_username/>
+          <acme_fritzbox_password/>
+          <acme_panos_username/>
+          <acme_panos_password/>
+          <acme_panos_host/>
+          <acme_proxmoxve_user>root</acme_proxmoxve_user>
+          <acme_proxmoxve_server/>
+          <acme_proxmoxve_port>8006</acme_proxmoxve_port>
+          <acme_proxmoxve_nodename/>
+          <acme_proxmoxve_realm>pam</acme_proxmoxve_realm>
+          <acme_proxmoxve_tokenid>acme</acme_proxmoxve_tokenid>
+          <acme_proxmoxve_tokenkey/>
+          <acme_truenas_apikey>4-iDLtqiAJ9FCcRiAUcP8rQEUZN3C7HMbhn3GNXHvRfyWdtL33j2s5CHNlpdP7Zedg</acme_truenas_apikey>
+          <acme_truenas_hostname>filesvr.coldsprings.dev</acme_truenas_hostname>
+          <acme_truenas_scheme>https</acme_truenas_scheme>
+          <acme_unifi_keystore>/usr/local/share/java/unifi/data/keystore</acme_unifi_keystore>
+          <acme_vault_url/>
+          <acme_vault_prefix>acme</acme_vault_prefix>
+          <acme_vault_token/>
+          <acme_vault_kvv2>1</acme_vault_kvv2>
+        </action>
+        <action uuid="3b37df96-d397-462f-a356-dbb1548d25b0">
+          <id>67c9c18f4b8be4.95405282</id>
+          <enabled>1</enabled>
+          <name>Restart HAProxy</name>
+          <description>Restart HA Proxy Service</description>
+          <type>configd_restart_haproxy</type>
+          <sftp_host/>
+          <sftp_host_key/>
+          <sftp_port>22</sftp_port>
+          <sftp_user/>
+          <sftp_identity_type/>
+          <sftp_remote_path/>
+          <sftp_chgrp/>
+          <sftp_chmod/>
+          <sftp_chmod_key/>
+          <sftp_filename_cert/>
+          <sftp_filename_key/>
+          <sftp_filename_ca/>
+          <sftp_filename_fullchain/>
+          <remote_ssh_host/>
+          <remote_ssh_host_key/>
+          <remote_ssh_port>22</remote_ssh_port>
+          <remote_ssh_user/>
+          <remote_ssh_identity_type/>
+          <remote_ssh_command/>
+          <configd/>
+          <configd_generic_command/>
+          <acme_synology_dsm_hostname/>
+          <acme_synology_dsm_port>5000</acme_synology_dsm_port>
+          <acme_synology_dsm_scheme>http</acme_synology_dsm_scheme>
+          <acme_synology_dsm_username/>
+          <acme_synology_dsm_password/>
+          <acme_synology_dsm_create>1</acme_synology_dsm_create>
+          <acme_synology_dsm_deviceid/>
+          <acme_synology_dsm_devicename/>
+          <acme_synology_dsm_otpcode/>
+          <acme_fritzbox_url/>
+          <acme_fritzbox_username/>
+          <acme_fritzbox_password/>
+          <acme_panos_username/>
+          <acme_panos_password/>
+          <acme_panos_host/>
+          <acme_proxmoxve_user>root</acme_proxmoxve_user>
+          <acme_proxmoxve_server/>
+          <acme_proxmoxve_port>8006</acme_proxmoxve_port>
+          <acme_proxmoxve_nodename/>
+          <acme_proxmoxve_realm>pam</acme_proxmoxve_realm>
+          <acme_proxmoxve_tokenid>acme</acme_proxmoxve_tokenid>
+          <acme_proxmoxve_tokenkey/>
+          <acme_truenas_apikey/>
+          <acme_truenas_hostname>localhost</acme_truenas_hostname>
+          <acme_truenas_scheme>http</acme_truenas_scheme>
+          <acme_unifi_keystore>/usr/local/share/java/unifi/data/keystore</acme_unifi_keystore>
+          <acme_vault_url/>
+          <acme_vault_prefix>acme</acme_vault_prefix>
+          <acme_vault_token/>
+          <acme_vault_kvv2>1</acme_vault_kvv2>
+        </action>
+      </actions>
+    </AcmeClient>
+    <HAProxy version="4.1.0">
+      <general>
+        <enabled>1</enabled>
+        <gracefulStop>0</gracefulStop>
+        <hardStopAfter>60s</hardStopAfter>
+        <closeSpreadTime/>
+        <seamlessReload>0</seamlessReload>
+        <storeOcsp>0</storeOcsp>
+        <showIntro>1</showIntro>
+        <peers>
+          <enabled>0</enabled>
+          <name1/>
+          <listen1/>
+          <port1>1024</port1>
+          <name2/>
+          <listen2/>
+          <port2>1024</port2>
+        </peers>
+        <tuning>
+          <root>0</root>
+          <maxConnections>10000</maxConnections>
+          <nbthread>2</nbthread>
+          <resolversPrefer>ipv4</resolversPrefer>
+          <sslServerVerify>ignore</sslServerVerify>
+          <maxDHSize>4096</maxDHSize>
+          <bufferSize>16384</bufferSize>
+          <spreadChecks>2</spreadChecks>
+          <bogusProxyEnabled>0</bogusProxyEnabled>
+          <luaMaxMem>0</luaMaxMem>
+          <customOptions/>
+          <ocspUpdateEnabled>1</ocspUpdateEnabled>
+          <ocspUpdateMinDelay>300</ocspUpdateMinDelay>
+          <ocspUpdateMaxDelay>3600</ocspUpdateMaxDelay>
+          <ssl_defaultsEnabled>0</ssl_defaultsEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <h2_initialWindowSize/>
+          <h2_initialWindowSizeOutgoing/>
+          <h2_initialWindowSizeIncoming/>
+          <h2_maxConcurrentStreams/>
+          <h2_maxConcurrentStreamsOutgoing/>
+          <h2_maxConcurrentStreamsIncoming/>
+        </tuning>
+        <defaults>
+          <maxConnections>5000</maxConnections>
+          <maxConnectionsServers/>
+          <timeoutClient>30s</timeoutClient>
+          <timeoutConnect>30s</timeoutConnect>
+          <timeoutCheck/>
+          <timeoutServer>30s</timeoutServer>
+          <retries>3</retries>
+          <redispatch>x-1</redispatch>
+          <init_addr>last,libc</init_addr>
+          <customOptions/>
+        </defaults>
+        <logging>
+          <host>127.0.0.1</host>
+          <facility>local0</facility>
+          <level>info</level>
+          <length/>
+        </logging>
+        <stats>
+          <enabled>0</enabled>
+          <port>8822</port>
+          <remoteEnabled>0</remoteEnabled>
+          <remoteBind/>
+          <authEnabled>0</authEnabled>
+          <users/>
+          <allowedUsers/>
+          <allowedGroups/>
+          <customOptions/>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_bind>*:8404</prometheus_bind>
+          <prometheus_path>/metrics</prometheus_path>
+        </stats>
+        <cache>
+          <enabled>0</enabled>
+          <totalMaxSize>4</totalMaxSize>
+          <maxAge>60</maxAge>
+          <maxObjectSize/>
+          <processVary>0</processVary>
+          <maxSecondaryEntries>10</maxSecondaryEntries>
+        </cache>
+      </general>
+      <frontends>
+        <frontend uuid="ffe2992f-93b8-4825-960c-ddb28726b757">
+          <id>67c9c7cfae0537.22699204</id>
+          <enabled>1</enabled>
+          <name>mqtt_dash</name>
+          <description>MQTT Dashboard</description>
+          <bind>:::10883</bind>
+          <bindOptions>v4v6</bindOptions>
+          <mode>tcp</mode>
+          <defaultBackend>b56fd730-8f4a-4933-99f7-5ece70443734</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>1</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>1</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+        <frontend uuid="d173b4c4-12e4-4dfb-926d-6262f7d5e135">
+          <id>67c9cd163cb977.31510049</id>
+          <enabled>1</enabled>
+          <name>0_SNI_frontend</name>
+          <description/>
+          <bind>0.0.0.0:80,0.0.0.0:443,:::80,:::443</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>bf4d621e-f303-4b1e-b660-71f07898730c</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>1</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+        <frontend uuid="94c6faa7-e268-4d7b-9a11-07a25c5e37cc">
+          <id>67c9cdea2935c6.74211283</id>
+          <enabled>1</enabled>
+          <name>1_HTTP_Frontend</name>
+          <description>Listening on 127.4.4.3:80</description>
+          <bind>127.4.4.3:80</bind>
+          <bindOptions>accept-proxy</bindOptions>
+          <mode>http</mode>
+          <defaultBackend/>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>1</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>1</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>1</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+        <frontend uuid="75a19ace-4196-47e8-9d6f-9985f3166bc0">
+          <id>67c9cea5a4e142.46234307</id>
+          <enabled>1</enabled>
+          <name>2_HTTPS_Frontend</name>
+          <description>Listening on 127.4.4.3:443</description>
+          <bind>127.4.4.3:443</bind>
+          <bindOptions/>
+          <mode>ssl</mode>
+          <defaultBackend/>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>1</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+      </frontends>
+      <backends>
+        <backend uuid="bf4d621e-f303-4b1e-b660-71f07898730c">
+          <id>67c9c596bad770.68727244</id>
+          <enabled>1</enabled>
+          <name>SSL_Backend</name>
+          <description/>
+          <mode>tcp</mode>
+          <algorithm>source</algorithm>
+          <random_draws>2</random_draws>
+          <proxyProtocol>v2</proxyProtocol>
+          <linkedServers>65308d3f-beec-408d-a75e-e8a86c02cc6a</linkedServers>
+          <linkedFcgi/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <source/>
+          <healthCheckEnabled>1</healthCheckEnabled>
+          <healthCheck/>
+          <healthCheckLogStatus>0</healthCheckLogStatus>
+          <checkInterval/>
+          <checkDownInterval/>
+          <healthCheckFall/>
+          <healthCheckRise/>
+          <linkedMailer/>
+          <http2Enabled>1</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <ba_advertised_protocols>h2,http11</ba_advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <forwardedHeader>0</forwardedHeader>
+          <forwardedHeaderParameters/>
+          <persistence>sticktable</persistence>
+          <persistence_cookiemode>piggyback</persistence_cookiemode>
+          <persistence_cookiename>SRVCOOKIE</persistence_cookiename>
+          <persistence_stripquotes>1</persistence_stripquotes>
+          <stickiness_pattern>sourceipv4</stickiness_pattern>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_cookiename/>
+          <stickiness_cookielength/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_timeoutConnect/>
+          <tuning_timeoutCheck/>
+          <tuning_timeoutServer/>
+          <tuning_retries/>
+          <customOptions/>
+          <tuning_defaultserver/>
+          <tuning_noport>0</tuning_noport>
+          <tuning_httpreuse>safe</tuning_httpreuse>
+          <tuning_caching>0</tuning_caching>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </backend>
+        <backend uuid="b56fd730-8f4a-4933-99f7-5ece70443734">
+          <id>67c9c943394440.48769844</id>
+          <enabled>1</enabled>
+          <name>mqtt_dash</name>
+          <description>MQTT Dashboard</description>
+          <mode>tcp</mode>
+          <algorithm>roundrobin</algorithm>
+          <random_draws>2</random_draws>
+          <proxyProtocol>v2</proxyProtocol>
+          <linkedServers>cb1b28f0-517c-4d04-99f5-c9f49efc627d,64bb4436-e2dd-4b89-93de-140ac4f35a99</linkedServers>
+          <linkedFcgi/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <source/>
+          <healthCheckEnabled>1</healthCheckEnabled>
+          <healthCheck/>
+          <healthCheckLogStatus>0</healthCheckLogStatus>
+          <checkInterval/>
+          <checkDownInterval/>
+          <healthCheckFall/>
+          <healthCheckRise/>
+          <linkedMailer/>
+          <http2Enabled>1</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <ba_advertised_protocols>h2,http11</ba_advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <forwardedHeader>0</forwardedHeader>
+          <forwardedHeaderParameters/>
+          <persistence/>
+          <persistence_cookiemode>piggyback</persistence_cookiemode>
+          <persistence_cookiename>SRVCOOKIE</persistence_cookiename>
+          <persistence_stripquotes>1</persistence_stripquotes>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_cookiename/>
+          <stickiness_cookielength/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_timeoutConnect/>
+          <tuning_timeoutCheck/>
+          <tuning_timeoutServer/>
+          <tuning_retries/>
+          <customOptions/>
+          <tuning_defaultserver/>
+          <tuning_noport>0</tuning_noport>
+          <tuning_httpreuse>safe</tuning_httpreuse>
+          <tuning_caching>0</tuning_caching>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </backend>
+      </backends>
+      <servers>
+        <server uuid="65308d3f-beec-408d-a75e-e8a86c02cc6a">
+          <id>67c9c457c79ad0.65486417</id>
+          <enabled>1</enabled>
+          <name>SSL_Server</name>
+          <description>HAProxy SSL Server</description>
+          <address>127.4.4.3</address>
+          <port/>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>1</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="e72088f1-a322-42bc-bc14-b911d4772033">
+          <id>67c9c4c3beb918.76884432</id>
+          <enabled>1</enabled>
+          <name>Plex</name>
+          <description>Plex Media Server</description>
+          <address>192.168.10.62</address>
+          <port>32400</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>1</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="cb1b28f0-517c-4d04-99f5-c9f49efc627d">
+          <id>67c9c8fbb7bed8.88824111</id>
+          <enabled>1</enabled>
+          <name>emqx1</name>
+          <description>Emqx MQTT Server 1</description>
+          <address>emqx1.coldsprings.dev</address>
+          <port/>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="64bb4436-e2dd-4b89-93de-140ac4f35a99">
+          <id>67c9c90ee8d4a5.84419299</id>
+          <enabled>1</enabled>
+          <name>emqx2</name>
+          <description>Emqx MQTT Server 2</description>
+          <address>emqx1.coldsprings.dev</address>
+          <port/>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+      </servers>
+      <healthchecks/>
+      <acls>
+        <acl uuid="32e47da6-cd80-4475-ae74-4cf0987e0063">
+          <id>67c9c5e274c9e8.61708609</id>
+          <name>NoSSL_Condition</name>
+          <description>Traffic is not SSL encrypted</description>
+          <expression>ssl_fc</expression>
+          <negate>1</negate>
+          <caseSensitive>0</caseSensitive>
+          <hdr_beg/>
+          <hdr_end/>
+          <hdr/>
+          <hdr_reg/>
+          <hdr_sub/>
+          <path_beg/>
+          <path_end/>
+          <path/>
+          <path_reg/>
+          <path_dir/>
+          <path_sub/>
+          <cust_hdr_beg_name/>
+          <cust_hdr_beg/>
+          <cust_hdr_end_name/>
+          <cust_hdr_end/>
+          <cust_hdr_name/>
+          <cust_hdr/>
+          <cust_hdr_reg_name/>
+          <cust_hdr_reg/>
+          <cust_hdr_sub_name/>
+          <cust_hdr_sub/>
+          <url_param/>
+          <url_param_value/>
+          <ssl_c_verify_code/>
+          <ssl_c_ca_commonname/>
+          <ssl_hello_type>x1</ssl_hello_type>
+          <src/>
+          <src_bytes_in_rate_comparison>gt</src_bytes_in_rate_comparison>
+          <src_bytes_in_rate/>
+          <src_bytes_out_rate_comparison>gt</src_bytes_out_rate_comparison>
+          <src_bytes_out_rate/>
+          <src_conn_cnt_comparison>gt</src_conn_cnt_comparison>
+          <src_conn_cnt/>
+          <src_conn_cur_comparison>gt</src_conn_cur_comparison>
+          <src_conn_cur/>
+          <src_conn_rate_comparison>gt</src_conn_rate_comparison>
+          <src_conn_rate/>
+          <src_http_err_cnt_comparison>gt</src_http_err_cnt_comparison>
+          <src_http_err_cnt/>
+          <src_http_err_rate_comparison>gt</src_http_err_rate_comparison>
+          <src_http_err_rate/>
+          <src_http_req_cnt_comparison>gt</src_http_req_cnt_comparison>
+          <src_http_req_cnt/>
+          <src_http_req_rate_comparison>gt</src_http_req_rate_comparison>
+          <src_http_req_rate/>
+          <src_kbytes_in_comparison>gt</src_kbytes_in_comparison>
+          <src_kbytes_in/>
+          <src_kbytes_out_comparison>gt</src_kbytes_out_comparison>
+          <src_kbytes_out/>
+          <src_port_comparison>gt</src_port_comparison>
+          <src_port/>
+          <src_sess_cnt_comparison>gt</src_sess_cnt_comparison>
+          <src_sess_cnt/>
+          <src_sess_rate_comparison>gt</src_sess_rate_comparison>
+          <src_sess_rate/>
+          <nbsrv/>
+          <nbsrv_backend/>
+          <ssl_fc_sni/>
+          <ssl_sni/>
+          <ssl_sni_sub/>
+          <ssl_sni_beg/>
+          <ssl_sni_end/>
+          <ssl_sni_reg/>
+          <custom_acl/>
+          <value/>
+          <urlparam/>
+          <queryBackend/>
+          <allowedUsers/>
+          <allowedGroups/>
+        </acl>
+      </acls>
+      <actions>
+        <action uuid="5ef90aa4-eff1-41ec-ba9e-57808e6e5495">
+          <name>HTTPtoHTTPS</name>
+          <description>Upgrade HTTP to HTTPS </description>
+          <testType>if</testType>
+          <linkedAcls>32e47da6-cd80-4475-ae74-4cf0987e0063</linkedAcls>
+          <operator>and</operator>
+          <type>use_backend</type>
+          <use_backend>bf4d621e-f303-4b1e-b660-71f07898730c</use_backend>
+          <use_server/>
+          <fcgi_pass_header/>
+          <fcgi_set_param/>
+          <http_request_auth/>
+          <http_request_redirect/>
+          <http_request_lua/>
+          <http_request_use_service/>
+          <http_request_add_header_name/>
+          <http_request_add_header_content/>
+          <http_request_set_header_name/>
+          <http_request_set_header_content/>
+          <http_request_del_header_name/>
+          <http_request_replace_header_name/>
+          <http_request_replace_header_regex/>
+          <http_request_replace_value_name/>
+          <http_request_replace_value_regex/>
+          <http_request_set_path/>
+          <http_request_set_var_scope>txn</http_request_set_var_scope>
+          <http_request_set_var_name/>
+          <http_request_set_var_expr/>
+          <http_response_lua/>
+          <http_response_add_header_name/>
+          <http_response_add_header_content/>
+          <http_response_set_header_name/>
+          <http_response_set_header_content/>
+          <http_response_del_header_name/>
+          <http_response_replace_header_name/>
+          <http_response_replace_header_regex/>
+          <http_response_replace_value_name/>
+          <http_response_replace_value_regex/>
+          <http_response_set_status_code/>
+          <http_response_set_status_reason/>
+          <http_response_set_var_scope>txn</http_response_set_var_scope>
+          <http_response_set_var_name/>
+          <http_response_set_var_expr/>
+          <monitor_fail_uri/>
+          <tcp_request_content_lua/>
+          <tcp_request_content_use_service/>
+          <tcp_request_inspect_delay/>
+          <tcp_response_content_lua/>
+          <tcp_response_inspect_delay/>
+          <custom/>
+          <useBackend/>
+          <useServer/>
+          <actionName/>
+          <actionFind/>
+          <actionValue/>
+          <map_use_backend_file/>
+          <map_use_backend_default/>
+        </action>
+      </actions>
+      <luas/>
+      <fcgis/>
+      <errorfiles/>
+      <mapfiles>
+        <mapfile uuid="4b808eff-312f-4522-bf1e-73ad5bb68f28">
+          <id>67c9c659adf036.29665209</id>
+          <name>Public_Subdomain_Mapfile</name>
+          <description>Public subdomains to Backend Mapping</description>
+          <content># public access subdomains
+plex  PLEX_backend</content>
+        </mapfile>
+      </mapfiles>
+      <groups/>
+      <users/>
+      <cpus/>
+      <resolvers/>
+      <mailers/>
+      <maintenance>
+        <cronjobs>
+          <syncCerts>0</syncCerts>
+          <syncCertsCron/>
+          <updateOcsp>0</updateOcsp>
+          <updateOcspCron/>
+          <reloadService>0</reloadService>
+          <reloadServiceCron/>
+          <restartService>0</restartService>
+          <restartServiceCron/>
+        </cronjobs>
+      </maintenance>
+    </HAProxy>
+    <NodeExporter version="0.2.0">
+      <enabled>0</enabled>
+      <listenaddress>0.0.0.0</listenaddress>
+      <listenport>9100</listenport>
+      <cpu>1</cpu>
+      <exec>1</exec>
+      <filesystem>1</filesystem>
+      <loadavg>1</loadavg>
+      <meminfo>1</meminfo>
+      <netdev>1</netdev>
+      <time>1</time>
+      <devstat>1</devstat>
+      <interrupts>0</interrupts>
+      <ntp>1</ntp>
+      <zfs>1</zfs>
+    </NodeExporter>
+    <quagga>
+      <static version="1.0.0">
+        <enabled>0</enabled>
+        <routes/>
+      </static>
+      <ospf6 version="1.1.0">
+        <enabled>0</enabled>
+        <carp_demote>0</carp_demote>
+        <routerid/>
+        <originate>0</originate>
+        <originatealways>0</originatealways>
+        <originatemetric/>
+        <networks/>
+        <interfaces/>
+        <prefixlists/>
+        <routemaps/>
+        <redistributions>
+          <redistribution uuid="1dfff28b-591c-4787-8d77-9ddd78ae7432">
+            <enabled>1</enabled>
+            <description>Migrated route redistribution (bgp)</description>
+            <redistribute>connected</redistribute>
+            <linkedRoutemap/>
+          </redistribution>
+        </redistributions>
+      </ospf6>
+      <bfd version="1.0.1">
+        <enabled>0</enabled>
+        <neighbors>
+          <neighbor uuid="9f32ca12-25cb-4a39-9223-4aea4a145e71">
+            <enabled>1</enabled>
+            <description>Metallb</description>
+            <address>192.168.10.240</address>
+            <multihop>0</multihop>
+          </neighbor>
+        </neighbors>
+      </bfd>
+      <ospf version="1.1.0">
+        <enabled>0</enabled>
+        <carp_demote>0</carp_demote>
+        <routerid/>
+        <costreference/>
+        <logadjacencychanges>0</logadjacencychanges>
+        <originate>0</originate>
+        <originatealways>0</originatealways>
+        <originatemetric/>
+        <passiveinterfaces/>
+        <networks/>
+        <interfaces/>
+        <prefixlists/>
+        <routemaps/>
+        <redistributions>
+          <redistribution uuid="383c4e5d-1b92-4add-8b59-2a330ce67070">
+            <enabled>1</enabled>
+            <description>Migrated route redistribution (bgp)</description>
+            <redistribute>connected</redistribute>
+            <linkedRoutemap/>
+          </redistribution>
+        </redistributions>
+      </ospf>
+      <bgp version="1.1.0">
+        <enabled>0</enabled>
+        <asnumber>64512</asnumber>
+        <distance/>
+        <routerid/>
+        <graceful>0</graceful>
+        <networkimportcheck>1</networkimportcheck>
+        <logneighborchanges>1</logneighborchanges>
+        <networks>192.168.10.0/24</networks>
+        <neighbors>
+          <neighbor uuid="39e3f98d-4d5e-49db-9508-99f259c06750">
+            <enabled>1</enabled>
+            <description>MetalLB</description>
+            <address>192.168.10.230</address>
+            <remote_as_mode/>
+            <remoteas>64513</remoteas>
+            <password/>
+            <weight/>
+            <localip/>
+            <updatesource>opt3</updatesource>
+            <linklocalinterface/>
+            <nexthopself>1</nexthopself>
+            <nexthopselfall>0</nexthopselfall>
+            <multihop>0</multihop>
+            <multiprotocol>0</multiprotocol>
+            <rrclient>0</rrclient>
+            <soft_reconfiguration_inbound>0</soft_reconfiguration_inbound>
+            <bfd>1</bfd>
+            <keepalive/>
+            <holddown/>
+            <connecttimer/>
+            <defaultoriginate>0</defaultoriginate>
+            <asoverride>0</asoverride>
+            <allowas_in/>
+            <disable_connected_check>0</disable_connected_check>
+            <attributeunchanged/>
+            <linkedPrefixlistIn/>
+            <linkedPrefixlistOut/>
+            <linkedRoutemapIn/>
+            <linkedRoutemapOut/>
+            <peergroup/>
+          </neighbor>
+          <neighbor uuid="d0cac187-a863-4e1e-9592-aa0ff9ed0583">
+            <enabled>1</enabled>
+            <description>k8s-Control-01</description>
+            <address>192.168.10.241</address>
+            <remote_as_mode/>
+            <remoteas>64513</remoteas>
+            <password/>
+            <weight/>
+            <localip/>
+            <updatesource>opt3</updatesource>
+            <linklocalinterface/>
+            <nexthopself>1</nexthopself>
+            <nexthopselfall>0</nexthopselfall>
+            <multihop>0</multihop>
+            <multiprotocol>0</multiprotocol>
+            <rrclient>0</rrclient>
+            <soft_reconfiguration_inbound>0</soft_reconfiguration_inbound>
+            <bfd>1</bfd>
+            <keepalive/>
+            <holddown/>
+            <connecttimer/>
+            <defaultoriginate>0</defaultoriginate>
+            <asoverride>0</asoverride>
+            <allowas_in/>
+            <disable_connected_check>0</disable_connected_check>
+            <attributeunchanged/>
+            <linkedPrefixlistIn/>
+            <linkedPrefixlistOut/>
+            <linkedRoutemapIn/>
+            <linkedRoutemapOut/>
+            <peergroup/>
+          </neighbor>
+          <neighbor uuid="d667cf42-cfa9-443a-86ce-d2716e012c1a">
+            <enabled>1</enabled>
+            <description>k8s-Control-02</description>
+            <address>192.168.10.242</address>
+            <remote_as_mode/>
+            <remoteas>64513</remoteas>
+            <password/>
+            <weight/>
+            <localip/>
+            <updatesource>opt3</updatesource>
+            <linklocalinterface/>
+            <nexthopself>1</nexthopself>
+            <nexthopselfall>0</nexthopselfall>
+            <multihop>0</multihop>
+            <multiprotocol>0</multiprotocol>
+            <rrclient>0</rrclient>
+            <soft_reconfiguration_inbound>0</soft_reconfiguration_inbound>
+            <bfd>1</bfd>
+            <keepalive/>
+            <holddown/>
+            <connecttimer/>
+            <defaultoriginate>0</defaultoriginate>
+            <asoverride>0</asoverride>
+            <allowas_in/>
+            <disable_connected_check>0</disable_connected_check>
+            <attributeunchanged/>
+            <linkedPrefixlistIn/>
+            <linkedPrefixlistOut/>
+            <linkedRoutemapIn/>
+            <linkedRoutemapOut/>
+            <peergroup/>
+          </neighbor>
+          <neighbor uuid="baa972a0-be6c-4eca-981f-aac190f887d8">
+            <enabled>1</enabled>
+            <description>k8s-Control-03</description>
+            <address>192.168.10.243</address>
+            <remote_as_mode/>
+            <remoteas>64513</remoteas>
+            <password/>
+            <weight/>
+            <localip/>
+            <updatesource>opt3</updatesource>
+            <linklocalinterface/>
+            <nexthopself>1</nexthopself>
+            <nexthopselfall>0</nexthopselfall>
+            <multihop>0</multihop>
+            <multiprotocol>0</multiprotocol>
+            <rrclient>0</rrclient>
+            <soft_reconfiguration_inbound>0</soft_reconfiguration_inbound>
+            <bfd>1</bfd>
+            <keepalive/>
+            <holddown/>
+            <connecttimer/>
+            <defaultoriginate>0</defaultoriginate>
+            <asoverride>0</asoverride>
+            <allowas_in/>
+            <disable_connected_check>0</disable_connected_check>
+            <attributeunchanged/>
+            <linkedPrefixlistIn/>
+            <linkedPrefixlistOut/>
+            <linkedRoutemapIn/>
+            <linkedRoutemapOut/>
+            <peergroup/>
+          </neighbor>
+          <neighbor uuid="6d9c465a-3146-48b6-955b-a834c703353b">
+            <enabled>1</enabled>
+            <description>k8s-Worker-01</description>
+            <address>192.168.10.244</address>
+            <remote_as_mode/>
+            <remoteas>64513</remoteas>
+            <password/>
+            <weight/>
+            <localip/>
+            <updatesource>opt3</updatesource>
+            <linklocalinterface/>
+            <nexthopself>1</nexthopself>
+            <nexthopselfall>0</nexthopselfall>
+            <multihop>0</multihop>
+            <multiprotocol>0</multiprotocol>
+            <rrclient>0</rrclient>
+            <soft_reconfiguration_inbound>0</soft_reconfiguration_inbound>
+            <bfd>1</bfd>
+            <keepalive/>
+            <holddown/>
+            <connecttimer/>
+            <defaultoriginate>0</defaultoriginate>
+            <asoverride>0</asoverride>
+            <allowas_in/>
+            <disable_connected_check>0</disable_connected_check>
+            <attributeunchanged/>
+            <linkedPrefixlistIn/>
+            <linkedPrefixlistOut/>
+            <linkedRoutemapIn/>
+            <linkedRoutemapOut/>
+            <peergroup/>
+          </neighbor>
+          <neighbor uuid="ad61d5ef-b831-4d98-82aa-7b7ad64d50e0">
+            <enabled>1</enabled>
+            <description>k8s-Worker-02</description>
+            <address>192.168.10.245</address>
+            <remote_as_mode/>
+            <remoteas>64513</remoteas>
+            <password/>
+            <weight/>
+            <localip/>
+            <updatesource>opt3</updatesource>
+            <linklocalinterface/>
+            <nexthopself>1</nexthopself>
+            <nexthopselfall>0</nexthopselfall>
+            <multihop>0</multihop>
+            <multiprotocol>0</multiprotocol>
+            <rrclient>0</rrclient>
+            <soft_reconfiguration_inbound>0</soft_reconfiguration_inbound>
+            <bfd>1</bfd>
+            <keepalive/>
+            <holddown/>
+            <connecttimer/>
+            <defaultoriginate>0</defaultoriginate>
+            <asoverride>0</asoverride>
+            <allowas_in/>
+            <disable_connected_check>0</disable_connected_check>
+            <attributeunchanged/>
+            <linkedPrefixlistIn/>
+            <linkedPrefixlistOut/>
+            <linkedRoutemapIn/>
+            <linkedRoutemapOut/>
+            <peergroup/>
+          </neighbor>
+          <neighbor uuid="5020f6f4-44f5-4dfc-927d-593aa4405911">
+            <enabled>1</enabled>
+            <description>k8s-Worker-03</description>
+            <address>192.168.10.246</address>
+            <remote_as_mode/>
+            <remoteas>64513</remoteas>
+            <password/>
+            <weight/>
+            <localip/>
+            <updatesource>opt3</updatesource>
+            <linklocalinterface/>
+            <nexthopself>1</nexthopself>
+            <nexthopselfall>0</nexthopselfall>
+            <multihop>0</multihop>
+            <multiprotocol>0</multiprotocol>
+            <rrclient>0</rrclient>
+            <soft_reconfiguration_inbound>0</soft_reconfiguration_inbound>
+            <bfd>1</bfd>
+            <keepalive/>
+            <holddown/>
+            <connecttimer/>
+            <defaultoriginate>0</defaultoriginate>
+            <asoverride>0</asoverride>
+            <allowas_in/>
+            <disable_connected_check>0</disable_connected_check>
+            <attributeunchanged/>
+            <linkedPrefixlistIn/>
+            <linkedPrefixlistOut/>
+            <linkedRoutemapIn/>
+            <linkedRoutemapOut/>
+            <peergroup/>
+          </neighbor>
+        </neighbors>
+        <aspaths/>
+        <prefixlists/>
+        <communitylists/>
+        <routemaps/>
+        <peergroups/>
+        <redistributions>
+          <redistribution uuid="7ad51b9f-742e-490e-a850-c547ff070cee">
+            <enabled>1</enabled>
+            <description>Migrated route redistribution (bgp)</description>
+            <redistribute>connected</redistribute>
+            <linkedRoutemap/>
+          </redistribution>
+        </redistributions>
+      </bgp>
+      <rip version="1.0.3">
+        <enabled>0</enabled>
+        <version>2</version>
+        <networks/>
+        <passiveinterfaces/>
+        <redistribute/>
+        <defaultmetric/>
+      </rip>
+      <general version="1.0.3">
+        <enabled>1</enabled>
+        <profile>traditional</profile>
+        <enablecarp>0</enablecarp>
+        <enablesyslog>1</enablesyslog>
+        <enablesnmp>0</enablesnmp>
+        <sysloglevel>notifications</sysloglevel>
+        <fwrules>1</fwrules>
+      </general>
+    </quagga>
+    <dnscryptproxy>
+      <server version="1.0.0">
+        <servers/>
+      </server>
+      <dnsbl version="1.0.0">
+        <enabled>1</enabled>
+        <type>ag</type>
+      </dnsbl>
+      <whitelist version="0.1.0">
+        <whitelists/>
+      </whitelist>
+      <forward version="0.1.0">
+        <forwards>
+          <forward uuid="6e0fd2b3-b156-494c-ba1e-f878d14d87cc">
+            <enabled>1</enabled>
+            <domain>coldsprings.dev</domain>
+            <dnsserver>192.168.10.11</dnsserver>
+          </forward>
+        </forwards>
+      </forward>
+      <cloak version="0.1.0">
+        <cloaks/>
+      </cloak>
+      <general version="0.1.2">
+        <enabled>0</enabled>
+        <listen_addresses>0.0.0.0:5353</listen_addresses>
+        <allowprivileged>1</allowprivileged>
+        <max_clients>250</max_clients>
+        <ipv4_servers>1</ipv4_servers>
+        <ipv6_servers>0</ipv6_servers>
+        <dnscrypt_servers>1</dnscrypt_servers>
+        <doh_servers>1</doh_servers>
+        <require_dnssec>0</require_dnssec>
+        <require_nolog>1</require_nolog>
+        <require_nofilter>0</require_nofilter>
+        <force_tcp>0</force_tcp>
+        <proxy/>
+        <timeout>2500</timeout>
+        <keepalive>30</keepalive>
+        <cert_refresh_delay>240</cert_refresh_delay>
+        <dnscrypt_ephemeral_keys>0</dnscrypt_ephemeral_keys>
+        <tls_disable_session_tickets>0</tls_disable_session_tickets>
+        <fallback_resolver>1.1.1.1:53</fallback_resolver>
+        <block_ipv6>0</block_ipv6>
+        <cache>1</cache>
+        <cache_size>512</cache_size>
+        <cache_min_ttl>600</cache_min_ttl>
+        <cache_max_ttl>86400</cache_max_ttl>
+        <cache_neg_min_ttl>60</cache_neg_min_ttl>
+        <cache_neg_max_ttl>600</cache_neg_max_ttl>
+        <serverlist/>
+        <query_logs>1</query_logs>
+        <disabled_serverlist/>
+        <relaylist/>
+      </general>
+    </dnscryptproxy>
+  </OPNsense>
+  <laggs version="1.0.0">
+    <lagg/>
+  </laggs>
+  <vlans version="1.0.0">
+    <vlan uuid="5df414f1-8a63-4572-b475-0b2ba04591c0">
+      <if>vtnet1</if>
+      <tag>10</tag>
+      <pcp>0</pcp>
+      <proto/>
+      <descr>Servers</descr>
+      <vlanif>vlan00</vlanif>
+    </vlan>
+    <vlan uuid="4798668b-0582-41b5-8410-52311e5256c6">
+      <if>vtnet1</if>
+      <tag>3</tag>
+      <pcp>4</pcp>
+      <proto/>
+      <descr>Cameras</descr>
+      <vlanif>vlan01</vlanif>
+    </vlan>
+    <vlan uuid="53fb1662-1fe6-4fa5-9b0d-3f3510e88310">
+      <if>vtnet1</if>
+      <tag>2</tag>
+      <pcp>5</pcp>
+      <proto/>
+      <descr>Phones</descr>
+      <vlanif>vlan02</vlanif>
+    </vlan>
+    <vlan uuid="fe75aea5-4ca6-4c80-972b-054834c5fc04">
+      <if>vtnet1</if>
+      <tag>70</tag>
+      <pcp>0</pcp>
+      <proto/>
+      <descr>Christmas</descr>
+      <vlanif>vlan03</vlanif>
+    </vlan>
+    <vlan uuid="154b5269-e714-41a1-b4e3-16527c1754de">
+      <if>vtnet1</if>
+      <tag>30</tag>
+      <pcp>0</pcp>
+      <proto/>
+      <descr>Guest</descr>
+      <vlanif>vlan04</vlanif>
+    </vlan>
+    <vlan uuid="cd2c3f29-87aa-44ed-a72f-f6c5b39baefa">
+      <if>vtnet1</if>
+      <tag>40</tag>
+      <pcp>0</pcp>
+      <proto/>
+      <descr>IoT</descr>
+      <vlanif>vlan05</vlanif>
+    </vlan>
+    <vlan uuid="64695484-3c74-4810-96e8-8cf09812e63e">
+      <if>vtnet1</if>
+      <tag>146</tag>
+      <pcp>0</pcp>
+      <proto/>
+      <descr>Kubernetes Cluster</descr>
+      <vlanif>vlan06</vlanif>
+    </vlan>
+  </vlans>
+  <virtualip version="1.0.1">
+    <vip uuid="5f77c9d8-c669-4af0-8761-442a4b27f0cd">
+      <interface>wan</interface>
+      <mode>ipalias</mode>
+      <subnet>71.83.99.148</subnet>
+      <subnet_bits>29</subnet_bits>
+      <gateway/>
+      <noexpand>0</noexpand>
+      <nobind>0</nobind>
+      <password/>
+      <vhid/>
+      <advbase>1</advbase>
+      <advskew>0</advskew>
+      <peer/>
+      <peer6/>
+      <nosync>0</nosync>
+      <descr>71-83-99-148-Spectrum</descr>
+    </vip>
+    <vip uuid="1e1cda63-ec83-4b23-bf54-18a0eff888f8">
+      <interface>wan</interface>
+      <mode>ipalias</mode>
+      <subnet>71.83.99.149</subnet>
+      <subnet_bits>29</subnet_bits>
+      <gateway/>
+      <noexpand>0</noexpand>
+      <nobind>0</nobind>
+      <password/>
+      <vhid/>
+      <advbase>1</advbase>
+      <advskew>0</advskew>
+      <peer/>
+      <peer6/>
+      <nosync>0</nosync>
+      <descr>71-83-99-149-Spectrum</descr>
+    </vip>
+    <vip uuid="a0a39581-397a-4494-aff3-2882304c5701">
+      <interface>wan</interface>
+      <mode>ipalias</mode>
+      <subnet>71.83.99.146</subnet>
+      <subnet_bits>29</subnet_bits>
+      <gateway/>
+      <noexpand>0</noexpand>
+      <nobind>0</nobind>
+      <password/>
+      <vhid/>
+      <advbase>1</advbase>
+      <advskew>0</advskew>
+      <peer/>
+      <peer6/>
+      <nosync>0</nosync>
+      <descr>71-83-99-146-Spectrum</descr>
+    </vip>
+    <vip uuid="6f88d31b-e69d-4b03-9ffa-82cb81d28a30">
+      <interface>wan</interface>
+      <mode>ipalias</mode>
+      <subnet>71.83.99.147</subnet>
+      <subnet_bits>29</subnet_bits>
+      <gateway/>
+      <noexpand>0</noexpand>
+      <nobind>0</nobind>
+      <password/>
+      <vhid/>
+      <advbase>1</advbase>
+      <advskew>0</advskew>
+      <peer/>
+      <peer6/>
+      <nosync>0</nosync>
+      <descr>71-83-99-147-Spectrum</descr>
+    </vip>
+    <vip uuid="dc0dd7ff-be96-4c74-a016-0df76518574c">
+      <interface>lo0</interface>
+      <mode>ipalias</mode>
+      <subnet>127.4.4.3</subnet>
+      <subnet_bits>32</subnet_bits>
+      <gateway/>
+      <noexpand>0</noexpand>
+      <nobind>0</nobind>
+      <password/>
+      <vhid/>
+      <advbase>1</advbase>
+      <advskew>0</advskew>
+      <peer/>
+      <peer6/>
+      <nosync>0</nosync>
+      <descr>HAProxy SSL Server</descr>
+    </vip>
+  </virtualip>
+  <gres version="1.0.0">
+    <gre/>
+  </gres>
+  <gifs version="1.0.0">
+    <gif uuid="9f189983-8c6c-45d5-83a0-352af5df05ac">
+      <if>wan</if>
+      <ipaddr/>
+      <gifif>gif0</gifif>
+      <remote-addr>72.52.104.74</remote-addr>
+      <tunnel-local-addr>2001:470:1f04:a::2</tunnel-local-addr>
+      <tunnel-remote-addr>2001:470:1f04:a::1</tunnel-remote-addr>
+      <tunnel-remote-net>64</tunnel-remote-net>
+      <descr>Tunnel Broker</descr>
+      <link1>0</link1>
+      <link2>0</link2>
+    </gif>
+  </gifs>
+  <ifgroups version="1.0.0">
+    <ifgroupentry uuid="93525651-aacc-46f5-8e16-ba2131208c56">
+      <ifname>Trust</ifname>
+      <members>lan,opt3</members>
+      <nogroup>0</nogroup>
+      <sequence>0</sequence>
+      <descr>Zone for Trusted Networks</descr>
+    </ifgroupentry>
+    <ifgroupentry uuid="998a77ca-250d-4dd6-b056-f65848587dda">
+      <ifname>Untrust</ifname>
+      <members>wan,opt4</members>
+      <nogroup>0</nogroup>
+      <sequence>0</sequence>
+      <descr>Zone for Untrusted Networks</descr>
+    </ifgroupentry>
+  </ifgroups>
+  <staticroutes version="1.0.0">
+    <route/>
+  </staticroutes>
+  <openvpn/>
+  <hasync version="1.0.2">
+    <disablepreempt>0</disablepreempt>
+    <disconnectppps>0</disconnectppps>
+    <pfsyncinterface/>
+    <pfsyncpeerip/>
+    <pfsyncversion>1400</pfsyncversion>
+    <synchronizetoip/>
+    <verifypeer>0</verifypeer>
+    <username/>
+    <password/>
+    <syncitems/>
+  </hasync>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <ppps>
+    <ppp/>
+  </ppps>
+  <wireless>
+    <clone/>
+  </wireless>
+  <ca uuid="bb4b1968-93d5-415a-8434-7e870f885b5b">
+    <refid>67a9532676509</refid>
+    <descr>E6 (ACME Client)</descr>
+    <crt>Ci0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlFVnpDQ0FqK2dBd0lCQWdJUkFMQlhQcEZ6bHlkdzI3U0h5enBGS3pnd0RRWUpLb1pJaHZjTkFRRUxCUUF3ClR6RUxNQWtHQTFVRUJoTUNWVk14S1RBbkJnTlZCQW9USUVsdWRHVnlibVYwSUZObFkzVnlhWFI1SUZKbGMyVmgKY21Ob0lFZHliM1Z3TVJVd0V3WURWUVFERXd4SlUxSkhJRkp2YjNRZ1dERXdIaGNOTWpRd016RXpNREF3TURBdwpXaGNOTWpjd016RXlNak0xT1RVNVdqQXlNUXN3Q1FZRFZRUUdFd0pWVXpFV01CUUdBMVVFQ2hNTlRHVjBKM01nClJXNWpjbmx3ZERFTE1Ba0dBMVVFQXhNQ1JUWXdkakFRQmdjcWhrak9QUUlCQmdVcmdRUUFJZ05pQUFUWjhaNUcKaC9naGNXQ29KdXVqK3JucTJoMjVFcWZVSnRsUkZMRmhmSFdXdnlJTE9SL1Z2dEVLUnFvdFBFb0poQzYrUUpWVgo2UmxBTjJaMTdUSk9kd1JKK0hCN3d4am56dmR4RVA2c2ROZ0ExTzF0SEhNV014Q2NPckxxYkdMMHZiaWpnZmd3CmdmVXdEZ1lEVlIwUEFRSC9CQVFEQWdHR01CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0QKQVRBU0JnTlZIUk1CQWY4RUNEQUdBUUgvQWdFQU1CMEdBMVVkRGdRV0JCU1RKMGFZQTZsUmFJNlkxc1JDU05zagp2MWlVMGpBZkJnTlZIU01FR0RBV2dCUjV0Rm5tZTdibDVBRnpnQWlJeUJwWTl1bWJiakF5QmdnckJnRUZCUWNCCkFRUW1NQ1F3SWdZSUt3WUJCUVVITUFLR0ZtaDBkSEE2THk5NE1TNXBMbXhsYm1OeUxtOXlaeTh3RXdZRFZSMGcKQkF3d0NqQUlCZ1puZ1F3QkFnRXdKd1lEVlIwZkJDQXdIakFjb0JxZ0dJWVdhSFIwY0RvdkwzZ3hMbU11YkdWdQpZM0l1YjNKbkx6QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFmWXQ3U2lBMXNnV0dDSXB1bms0NnI0QUV4SVJjCk14a0tnVWhObHJydjFCMjFoT2FYTi81bWlFK0xPVGJyY21VL005eXZDNk1WWTczMEdORm9MOEloSjhqOHZyT0wKcE1ZMjJPUDZiYVMxazlZTXJ0RFRsd0pIb0dieTA0VGhUVWVCRGtzUzlSaXVIdmljWnFCZWRRZElGNjVwWnVocAplRGNHQmNMaVlhc1FyL0VPNWd4eHRMeVRtZ3NIU09WU0JjRk9uOWxndjdMRUNQcTlpN21mSDNtcHhnclJLU3hICnBPb1owS1hNY0IraEh1dmxrbEhudHZjSTBtTU1RMG1oWWo2cXRNRlN0a0YxUnBDRzNJUGRJd3BWQ1FxdThHVjcKczh1YmtuUnpzKzNDL0JtMTlSRk9vaVBwRGt3dnlOZnZtUTE0WGt5cXFLSzVvWjh6aEQzMmtGUlFreGE4dVpTdQpoNGFUSW1GeGtudTM5d2FCeElSWEU0akt4bEFtUWM0UWpGWm9xMUttUXFRZzBKLzFKRjhSbEZ2SmFzMVZjakx2CllsdlVCMnQ2bnBPNm9RakIzbCtQTmYwRHBRSDdpVXgzV3o1QWpRQ2k2TDI1Rmp5RTA2cTZCWi9RbG10WWRsLzgKWllhbzRTUnFQRXMvNmNBaUYrUWY1emcyVWthV3REcGhsMUxLTXVUTkxvdHZzWDk5SFA2OVYyZmFOeWVnb2RRMApMeVRBcHIvdlQwMVlQRTQ2dk5zRExnSys0Y0w2VHJ6Qy9hNFdjbUY1U1JKOTM4enJ2L2R1SkhMWFFJa3U1djArCkV3T3k1OUhkbTBQVC9Fci84NGREVjBDU2pkUi8yWHVaTTNrcHlzU0tMZ0QxY0tpREErSVJndU9EQ3hmTzljeVkKSWc0NnY5bUZtQnZ5SDA0PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
+    <prv/>
+    <serial/>
+    <caref/>
+  </ca>
+  <ca uuid="c7c02955-e5f0-4b42-94ad-29a8c18c4249">
+    <refid>67a9feb38e684</refid>
+    <descr>Dynaip Root CA</descr>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhNekNDQlJ1Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBRENCbERFTE1Ba0dBMVVFQmhNQ1ZWTXgKRHpBTkJnTlZCQWdUQms1bGRtRmtZVEVQTUEwR0ExVUVDaE1HUkhsdVlXbHdNUjR3SEFZRFZRUUxFeFZEWlhKMAphV1pwWTJGMFpTQkJkWFJvYjNKcGRIa3hKVEFqQmdOVkJBTVRIRVI1Ym1GcGNDQkRaWEowYVdacFkyRjBaU0JCCmRYUm9iM0pwZEhreEhEQWFCZ2txaGtpRzl3MEJDUUVXRFdOaFFHUjVibUZwY0M1amIyMHdIaGNOTVRVd09USXkKTVRjd05UQXdXaGNOTXpVd09USXlNVGN3TlRBd1dqQ0JsREVMTUFrR0ExVUVCaE1DVlZNeER6QU5CZ05WQkFnVApCazVsZG1Ga1lURVBNQTBHQTFVRUNoTUdSSGx1WVdsd01SNHdIQVlEVlFRTEV4VkRaWEowYVdacFkyRjBaU0JCCmRYUm9iM0pwZEhreEpUQWpCZ05WQkFNVEhFUjVibUZwY0NCRFpYSjBhV1pwWTJGMFpTQkJkWFJvYjNKcGRIa3gKSERBYUJna3Foa2lHOXcwQkNRRVdEV05oUUdSNWJtRnBjQzVqYjIwd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQpBNElDRHdBd2dnSUtBb0lDQVFEUjVOSXpmNjcvMXRMNElJZjlMbUZDcE93ajZkOVpxWi9pQjZKNTJEWUdUZkV0CmQzVjBSL2VYT0FFbWJQRXFvMmZjaUUrZWtoUnJFdllycFNrbzRuTCtDK2IzZFFoU3h5bGxKQmIwbVZqUVVRMngKTTMwS0RpRUJ2MnZHd25WdWxYNUxpZHFqSGswNnJOdVlCV29yaEVZcGdLbGNjN3JNUG50bjFzaEg3LzZvUVFkbwp6ZFM3cGdCeFZrYUpiVEh4UkV3bHg2bjdvWFUwSUFDSzJqZE5kRzZsT2pYRkxQYnlpdkFjT1Y0RkFXalo1QUMrClIxRzZYVTJZS0dLSnlhOUNIMng4R20rNXBtQSswRkYxZUJiNGYvMGNlcUpaZ01PdzlmOTZjU2JsZUt5Y3crV0oKcUQxbGx0Sk15VUhGdVdoL2w3M2VWOVlaazdxT0lsTVlUUUFHRkd6dDVSS3NMK3ZDbXNsWk1ldnBPWU1oREdNTgo1NXUxUGpVRzRGVVpXRVd5QkRjRXIyanMxQ01GOS8xK1NCcFNrTWtsTDFmZWd1QnRDUVNQVittNk9yRWx4Y1lIClc1bUN1WjgyWjdBVkd0TUxqRjBOcFVQRzhUR1FiMnlKcDQ3Y2tUbFoyQzdLVVpBYit4QldiQmRMcFBvNUNleFoKa3hUYXg0Q0lxYTYxWFhjSUllOTdpMmEvOW4xZWM3dEw2aTJUT254LzdyaHQyVTBJdzBELzBBNy9wWG1TUU1iTQovZ3BSY1NocDF6djhSY1RyYStGb2p0MVN6QnQ1dVdUUjNITlNKRHhKKzZTd2ZtTEl2UFBSTkJvS05QdlRiME4zCkNjVlVpbmtMVEtMRmtsbmVGSUV5aVJ1NkxsdjlPM1I4UExVN1U3TlZST2hxNUliNHhuTUFEZyt6YTRiaWhRSUQKQVFBQm80SUJqRENDQVlnd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVTZnZzRlSTVjMUZ2TgpRSXZ5TTBuR29NVHZMUEl3Z2NFR0ExVWRJd1NCdVRDQnRvQVU2Z2c0ZUk1YzFGdk5RSXZ5TTBuR29NVHZMUEtoCmdacWtnWmN3Z1pReEN6QUpCZ05WQkFZVEFsVlRNUTh3RFFZRFZRUUlFd1pPWlhaaFpHRXhEekFOQmdOVkJBb1QKQmtSNWJtRnBjREVlTUJ3R0ExVUVDeE1WUTJWeWRHbG1hV05oZEdVZ1FYVjBhRzl5YVhSNU1TVXdJd1lEVlFRRApFeHhFZVc1aGFYQWdRMlZ5ZEdsbWFXTmhkR1VnUVhWMGFHOXlhWFI1TVJ3d0dnWUpLb1pJaHZjTkFRa0JGZzFqCllVQmtlVzVoYVhBdVkyOXRnZ0VCTUFzR0ExVWREd1FFQXdJQmhqQXhCZ05WSFI4RUtqQW9NQ2FnSktBaWhpQm8KZEhSd09pOHZkM2QzTG1SNWJtRnBjQzVqYjIwdlEwRlNiMjkwTG1OeWJEQXZCZ2xnaGtnQmh2aENBUVFFSWhZZwphSFIwY0RvdkwzZDNkeTVrZVc1aGFYQXVZMjl0TDBOQlVtOXZkQzVqY213d0lRWUpZSVpJQVliNFFnRU5CQlFXCkVrUjVibUZwY0NCRFpYSjBhV1pwWTJGMFpUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFyMXJ5YUlRODFkVWgKcG5YNElPa3FRcld5cENNYVN4c2RlK1pTeUNsSG03aTBPelV1d0tUNzJibDU1R3daTTRvQk9JMlpoemQ0QmVFMgpwMGhLcDB3NGxsNnBuQ0U0WnN3eXdIZ1IwTEU5d0NsWUV6YlZDVDBYU1FBcWpBV1lIamVzTXR6ZjdlMTVOZUxFCjZNeHUrbUdSY0VydTFERmU5SzhvLzJyN3VxYm5ucTk4TWlCcEw3c2xMU2IySG5Vb1R5UjNXWkkrWnplQTM1M0sKd3hROFdueUd2dFpGS2JXOHZVd3VSNk5PM3RKVTNmMUJPYmtZSE5oODRjdXJNMi9TdzVzZFJqWGN1RXI1eEZGUwpBcmlXL2tkWkFwMzIyZG44c1pmd2JnZFdwUm9qd0JMQlQyZU5xeUc4NzVseUI5d3A4V0MxSGdyS0ZYeUQ3bDlaCkJvajRidTNMaEVqZ3FyMER0VGFDN2RrWkkzczFlT3A0bGx2bm4vQnFGdjJlZWZsd2JCbVlUWkVFdCtQZG9YVEwKSW9kUGEyTFBWMkdIeGgyWkJQSXdJTFdKNVY2RjFUTUJtUU0xRHhTTHdsUzBUNjdYYnJxNWNkUkMrZEdIZGFuZQpzOGxBWE1aS2tjaVZtV0RLemlQR0ZrMExaOUtiRXlaWFR5VWZCK2JPOVVaaC95YStJYzJrTksyREFRaVZVMmI3Ck1xbmU0UFZGYmthMHhudW9ERFVOY21HWUVkb2lqbWJvNUpHYUFSVzNseVNVUlduYUs0NE1rRmkwYzNISkRVNzIKVTdvQlZZTStoRHJUWU03UWNyRW9SWW5zNy8xRkE0a2pIRHliUUVvUVBwMzM0dDFKb2ZZTDFiSEhEZ3JBRDF4bQphLzgzKzBweUVkYWl0ajhYd3JDUWFENFk3MG4ybEl3PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t</crt>
+    <prv/>
+    <serial/>
+    <caref/>
+  </ca>
+  <ca uuid="0ac5d719-7019-4f9b-a589-b3714259cd40">
+    <refid>67a9fee03f391</refid>
+    <descr>Dynaip Intermediate CA</descr>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhsRENDQlh5Z0F3SUJBZ0lCQXpBTkJna3Foa2lHOXcwQkFRc0ZBRENCbERFTE1Ba0dBMVVFQmhNQ1ZWTXgKRHpBTkJnTlZCQWdUQms1bGRtRmtZVEVQTUEwR0ExVUVDaE1HUkhsdVlXbHdNUjR3SEFZRFZRUUxFeFZEWlhKMAphV1pwWTJGMFpTQkJkWFJvYjNKcGRIa3hKVEFqQmdOVkJBTVRIRVI1Ym1GcGNDQkRaWEowYVdacFkyRjBaU0JCCmRYUm9iM0pwZEhreEhEQWFCZ2txaGtpRzl3MEJDUUVXRFdOaFFHUjVibUZwY0M1amIyMHdIaGNOTVRVd09USXkKTVRjeE9EQXdXaGNOTWpVd09USXlNVGN4T0RBd1dqQ0JyakVMTUFrR0ExVUVCaE1DVlZNeER6QU5CZ05WQkFnVApCazVsZG1Ga1lURVBNQTBHQTFVRUNoTUdSSGx1WVdsd01Tc3dLUVlEVlFRTEV5SkpiblJsY20xbFpHbGhkR1VnClEyVnlkR2xtYVdOaGRHVWdRWFYwYUc5eWFYUjVNVEl3TUFZRFZRUURFeWxFZVc1aGFYQWdTVzUwWlhKdFpXUnAKWVhSbElFTmxjblJwWm1sallYUmxJRUYxZEdodmNtbDBlVEVjTUJvR0NTcUdTSWIzRFFFSkFSWU5ZMkZBWkhsdQpZV2x3TG1OdmJUQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUs5WjQ3a3pocnZNCmNScWZ5Ti9TNmcrTnRtZndYUUZzNzd0bGNESUpkSkJVeHM1OEU1Q1pFZUo0bmppZ2NOSW9FTUNhU3ArRWdNWUoKT3VndDlrbXdtZ096a0NzaG5NMDdiVGIwYXo1NDVUWnRvZDZlKzRaVWtXbmYycTZyWHJ6bzNVK0MzZmJXSjlFSApiMVl2L3RFUFF6WDMvcXpiMGI0eEtSSjZQRHl1RHhPdU1MWDAxN3N5aXc5YWZQVEVFMjZSY1kwUU1MNkl0YUh3CmVZeWJabVdNT09zVXVSWW9vUFgwWDk1UmVXQVpMcm04aC9aRTdvZGlvb0JyODBzUStCdEd6Y0lnVFJOU0c3dksKd2QwQmcwU1A4Z3ZDKzRrQVEzMEpuaS9xTUQ0SG16RklrMVBEU0IwYnVQWHMrcndXb056b1NaTklhVkFYTTgydgpZcmxQbFZQRGFEM3hxbDJSTitqb2g0b21zK0k5bUdMK1RFaEhOd0lwOHNTNlJBSXFwcGRFYS9EaVJWQ2VtYkk1CkhESDMvbTVJcXord050em5LT3UxbUlyd1RLLzFibDVMS2hCRjlDYzdnOEpmNU9TczAzZUFPZWcrcmM2WVNFb1cKT1d1Q3Fwcm1vbnk1UWFoVGEwWnA2Vi9XcjgzYTRnVE03Rm9KRC9Nb2FDUWlSeDhMeVNuV3ZPUFpUdVhNenUrQQovZ3VxL0JNcWhoK2ZqeWpsRzRSVnpmMHBCdDV3Ny9MQklVTjhBK0ZBTTg3dDBPS0RvSU5SeHp4MHBvTUhUSy9rCm43czgyTUFwcE0xNHQxRDJrYUlQeU5BWVVHQjFRU0YwR3dtckV2c3Flb1JXbFdWUVVGcUZPS2QrRUVJNyswT20KZFhXb3k4ZUQrWEhWUUtsMVBlVzlWSVR3eUw0SnNIT1hBZ01CQUFHamdnSFRNSUlCenpBU0JnTlZIUk1CQWY4RQpDREFHQVFIL0FnRUFNQjBHQTFVZERnUVdCQlNLdDNvNDJvUmVKM0ZOcXJvVHI4M0tmQ0lRL1RDQndRWURWUjBqCkJJRzVNSUcyZ0JUcUNEaDRqbHpVVzgxQWkvSXpTY2FneE84czhxR0JtcVNCbHpDQmxERUxNQWtHQTFVRUJoTUMKVlZNeER6QU5CZ05WQkFnVEJrNWxkbUZrWVRFUE1BMEdBMVVFQ2hNR1JIbHVZV2x3TVI0d0hBWURWUVFMRXhWRApaWEowYVdacFkyRjBaU0JCZFhSb2IzSnBkSGt4SlRBakJnTlZCQU1USEVSNWJtRnBjQ0JEWlhKMGFXWnBZMkYwClpTQkJkWFJvYjNKcGRIa3hIREFhQmdrcWhraUc5dzBCQ1FFV0RXTmhRR1I1Ym1GcGNDNWpiMjJDQVFFd0N3WUQKVlIwUEJBUURBZ0VHTURRR0ExVWRId1F0TUNzd0thQW5vQ1dHSTJoMGRIQTZMeTkzZDNjdVpIbHVZV2x3TG1OdgpiUzlEUVZOcFoyNXBibWN1WTNKc01Ed0dDQ3NHQVFVRkJ3RUJCREF3TGpBc0JnZ3JCZ0VGQlFjd0FvWWdhSFIwCmNEb3ZMM2QzZHk1a2VXNWhhWEF1WTI5dEwyUjVibUZwY0M1amNuUXdNZ1lKWUlaSUFZYjRRZ0VFQkNVV0kyaDAKZEhBNkx5OTNkM2N1WkhsdVlXbHdMbU52YlM5RFFWTnBaMjVwYm1jdVkzSnNNQ0VHQ1dDR1NBR0crRUlCRFFRVQpGaEpFZVc1aGFYQWdRMlZ5ZEdsbWFXTmhkR1V3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUdpR1NQV2NiWSttCndjOUhvcUlMb1oyQm5XTWhkbHMrSzUvYU05UXRxazhlQmVrMDBpdkpDUWlDTFcwZUlmQnRmcGtWemxwWHNFanMKUUVTT2h5VnlmTjlEMzlreTZhem1wSDV2MWxsTTN3a2VlZ3h2VXRHM2FOQTJGaGpFNWhLTHNlRlA5UXRlYTlrTwpZK3o1ZEJGcmM5UXBwZEZ2VXBDNFIrNnJVZmRVN0FscVdJWlNSRWZyNzI1ckR2aG90bHIrYko3NnV1dlNhU2duClpxN1pnN1VxVGR1bHFXaktSOW16eVJGeGxRemRVZmNaSUxxdWZUNVYyeWVYNkpnNTRoZ0xrN1JVVjBwWmV5MGMKREg2eE9WOHp6MVVkY1NCcDlGd3ZkamRuenlLa2FuY2RYdnV1aWljcjVVdWd6RWQ4bTNqaFk4NXEzWUd6NGZDdwpLeG5qSHpva3czUGw1b3oxNzh3eWJXTTMzVWhyUXNYTWcycXRCZnNvaVZ1Y1NWcURLeHlkU3VYV0RHaXBTN1hWCm02cUdPWWg0dUphNUV1ZmduYitxZjlsaHQ4MzIvZE9CUU1sYzQ4R0xGYXBsNURPWFhoTGFQWDV0T1VTbnlUOWQKZ2Y4Ums2bzgrcUpWVUxxMWF1cVdncHUwcTVBRGN4L2pScldZMmNjN1kxNEt0QkxpTkhVcTRHbGlUMFh4RzNTNwpnUERhRk1ndkRwaHd1OHl1c1RYWitXc2FXdkNkSzJqRDE5KzVrd2hpV1I4R1hOL1MzQkk5Z0EyTXdUMFFHSGwvClN1b3UxeTV6SE1iQW05TVpPRlZmZDh0RFJRcWZ1OC9iNlNLZDRPdlFnYzhNMTJRVVY5NGlNRjdrbUFhUG5ReDAKMXFxZGtmSGM4K0JyYTNJWkpGT1FMSmRaVWZHYVhEMFgKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==</crt>
+    <prv>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBcjFuanVUT0d1OHh4R3AvSTM5THFENDIyWi9CZEFXenZ1MlZ3TWdsMGtGVEd6bndUCmtKa1I0bmllT0tCdzBpZ1F3SnBLbjRTQXhnazY2QzMyU2JDYUE3T1FLeUdjelR0dE52UnJQbmpsTm0yaDNwNzcKaGxTUmFkL2FycXRldk9qZFQ0TGQ5dFluMFFkdlZpLyswUTlETmZmK3JOdlJ2akVwRW5vOFBLNFBFNjR3dGZUWAp1ektMRDFwODlNUVRicEZ4alJBd3ZvaTFvZkI1akp0bVpZdzQ2eFM1RmlpZzlmUmYzbEY1WUJrdXVieUg5a1R1CmgyS2lnR3Z6U3hENEcwYk53aUJORTFJYnU4ckIzUUdEUkkveUM4TDdpUUJEZlFtZUwrb3dQZ2ViTVVpVFU4TkkKSFJ1NDllejZ2QmFnM09oSmswaHBVQmN6emE5aXVVK1ZVOE5vUGZHcVhaRTM2T2lIaWlhejRqMllZdjVNU0VjMwpBaW55eExwRUFpcW1sMFJyOE9KRlVKNlpzamtjTWZmK2JraXJQN0EyM09jbzY3V1lpdkJNci9WdVhrc3FFRVgwCkp6dUR3bC9rNUt6VGQ0QTU2RDZ0enBoSVNoWTVhNEtxbXVhaWZMbEJxRk5yUm1ucFg5YXZ6ZHJpQk16c1dna1AKOHlob0pDSkhId3ZKS2RhODQ5bE81Y3pPNzREK0M2cjhFeXFHSDUrUEtPVWJoRlhOL1NrRzNuRHY4c0VoUTN3RAo0VUF6enUzUTRvT2dnMUhIUEhTbWd3ZE1yK1NmdXp6WXdDbWt6WGkzVVBhUm9nL0kwQmhRWUhWQklYUWJDYXNTCit5cDZoRmFWWlZCUVdvVTRwMzRRUWp2N1E2WjFkYWpMeDRQNWNkVkFxWFU5NWIxVWhQREl2Z213YzVjQ0F3RUEKQVFLQ0FnRUFvZjA1aVhyWFNpQllrRTd5SkF0VlhSNytWbERQcXFSM1p6Z1RpTFlCYitCUmRLbGM3YVRxeDd2RAo5dTRJcTZ5RnBWZ2ovZTlMZ3ljOXV3WFMwMHFKVFVnUnREYXVBMDZWMjBHNjNSQ1VOMDdhVGEyekVPcUpGelRNCmNiWXdvL1cvbFZlQk5DbXN5TWJFak90enpLLzcyQnlNc2lXMFFxNXBrZjlJTElwanRUdWpGa1RsRXJOamtjQjMKVlNyYUJMZnFIWFhLZ2dvTE9Wbk5BQjhEWG1aR29xMFhPeWczWWwvcVBKZ3B0NlFyN1R3RW9uWVZvUTUycm9xTApURnFWeWFVRUtnVHJEeUU0SzZqb3BRRmp3ZS8wbS9iNXBodVBQVENvYVAxQXFkMGUrazFnaE80UGJZeVJ0dWJBCnp3ZGNmaGM4K1FuWStEc25DU212Mng5eEJOdXRMSnVkd1NwTHFheHJLN0Y5T1ZoTmEyeDBFQm5tRk1ZN09KMUgKQTFzMDdoYjN3cWdnUDVLMkxoVS9oMTg5WlEzbXFSQ3FHby9lYlJJTG1oMWRvWTY0cHFEOTg1Sm5LVmg2RXFFdQpodVliTlJRcDh3dTl4WHdzQjhtMktkS0syU2FnTHdrQ0VCMVp1KzNzR0VQbGJrT1FSc2txdTFqbTV6NzNyODY4CkVDRmFEVTVHT2hZWTFVVExYdUp4b1Jnc3FURHg3SHNKaG1oVDEzS3JNWHB2S3BkeHZsVzcybm1ZL3FNK3MzMHQKVWp4bnZRWlYvUnlIYnNnVlhUbEhSRGlDbC9tL20yNWpsRHpPalpjZXExdk5Sck05S09vK2N3NEV4UkFacjdaSQprNkk1Y1FaeDJQL2ZGUnhYWXZyMTlwYjBYN0YvZk9tUGVIVFJwS2J6dndLazlyQkYvd2tDZ2dFQkFPV1k4ZjRECmppS2ZwWFBGSzB0d2pMaHFaK1BjQmRhVmhWM21TaXVaUm5NMC9qUkV6ZzBIY1Fxd0IvL2lVUzA4OUdRSmhuRjMKVXloK3VOSHVteS9ScW9wOWFiZHRsNWEybUZPdUVFZXBKaTFjTVJuMFZxUDMxb3Rqb0hDbzZoRkRCZm04bEJXaQo0SGRIQ1ZsOTd6eXhZcFpuR0ZjNGJNOG5UZkViUU82TmVBd1B4czE5OE55WU1IMUVsWndKNE1MejcxZXN2VElvCmQ4S0kwc0F5cFZIYVpXZ1lhOGRyYjA5U2pXRVNqU0o5NzNHY3FjQmJSeVFXVnhyZ1lrOWNwc0paNXBQeXliL0QKR0F4cWdWV2ZmWFFSWGlpUEJLMG5XdVdjaThabU1wcmp3OWlta3FGS3FDTVJSOGR2Yjg5N0UxSTJKSzZ4dEh6YwppV1hKOG1NRytYSVF0VDBDZ2dFQkFNT0VBSmVScG01MWZsZnhJQ0l6SHBtc3FmdEFYb2RtSWN4R3gvM01tRFNyCjVQZXNmaldXZG5ZcTI2QlpzZUxwT09rK21OdkJNZG1OUFE0VG1TUDJ1QldDdE94Z1J6ck9iWmRSeExudFp3NWMKbFZzSi8xczlZcm9oUnNDVTZwM21MSFJQRXN3MmZleWMzN3dHb0FWT1FJb1BEKzJRRUhDMVgxRTZOeFVLd0pHTwpoeVhrbzNFVmxZd2pqK2Mza2hsaUd3elg0Yk9icFJNWGpJK0lkV1AwZDBHeFp4TnRsSzlIY2VYWFJWZWZEQmEzCmdnbTN5dVRodzgxTEFtRzVhTEo4N0ZLcDY2SDUrY3o5ZFZlNDhydHJKNEduLzEva3B5L3QyWEU4U1FzL2FEVnQKZEFZU0FEQ3piR2lZUVdmL254L3p2WHgrcTBiR1FLZjJ1Z1VjcjRJcm9XTUNnZ0VBVmY4Q2JOVWlFTC9oTmNxZApHOFdOUDZuRFBlcDBXVnBwdUxFQUNQS0JHN2UybXhkR1lrVHVSMFdGeVljWVJxeDFFVjhyOXlYdGhOWnFIVitVCnlzVnFiakxwUE9ZVWlFUGVMRUdmSVdndXY0Q3ZkM3c0VTNRSjdPMms4MjJoTmxQM1VnSWJLVHQzZmRXaW45MTIKbFRJUHJpdnhSd0lBWjFyZWE3ZDhpNTE3WUhFc1VsMmdzTTlrSWhkbFBpdkkvdHhsUWw2V0FzcDdpT2E4b1hhVwp5MkRVNkxkMDd4M0RkRitFU3Q2cTlFZGRQeDJoeTBXbEVOUTVUZnpMZGRSTE5iSjhsZCt6UjFzb2o4WDRxWHh5CmZkM2ZlYXVQNGRkQ3lZdm9JcWkydmFNZ0FPN3JMdlNLbzQvZVpjbk1oRmNoOW9JSEhWTzhPYVJVNWtaTXZtQ24KWDl6NE5RS0NBUUI5SHp3Vnc4TmtDMU1veW9wSytMWUxtTUZMcHIwWUg1ZGZtS2lpVnMzTlgzaHZ2SGNrcWo3egpqcWZ4TFpXMjVwUmlTSW9na0xuclJRVWV2aElTUHZFOTZ1RUlLUEZNeEJERWR6TFQzZ2RHM0o5RW5OaEx0clE0Cjg5VElxRVNoZWsxV3ZjZ0U0cGFoMXg4andJV2wvNWMwQTBHcFFib1R0eTdoMThTcWRiQVpOc0pzMEs1OFQxamUKVDEvbms5dXUzT2I4eUNlTC92NmNna1NWRXJvMWxweS9jTjNMUkNTVUs3L0xYSUhtK2tVTlFMRTZzT0ZxcXNUWQoyN2tSZTB0eWRwbnlxUVhBS2k3Z0xoQnJiRlFDOXlkWVJZQWNDVU9wVzZqOVc1eFBVMnZJVFZ5a0NkOFBTN1FFCkYvUTdydzVScjNYRGQzajdHU01GbXRNZk5HVnBnNnlMQW9JQkFRQ2JGQitaSnFmOWJKQXdNWUdlODNVOTQxZG8KMldDYU5yNVl3SlFNdi81MnQvUklmak90NkY2K1BERDVDK3E0MjFmQnU3ajVCemFmMVlwNWl5Q240RHpRdlJ2TQpOd2huTWNjSjluVW9nTEhlaUJkaEtEL0FKVXlkejhYUnJ6Tk40ZGRhYSsxNkZlU3hUS2FxOWRaU21GbEZtZ1VYCnM4VUxDVGQ5aDNVbHF3eUVqY2UxNTBQOThEK2w5ZG5Ra2crTzFlWm5zcnRFZ1VSTEJBaUpXYXk1bVdmcU04UVgKUVQvM1VSdWo5MWFwV0dSaGYydEpkV3ZyQU1HczNlUlhYbk1RTThLMG5mbStzVi8rMkxBVUVSTUQwakxBR0dSWgpQTERzN3RRTjRGOVJ3ZlkwRmtBSVRjZnp1cVJxL2c1RW1TZ3g0QnR1ZVZNTXg4TWI4eTF3ckQzeXJsbTEKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0=</prv>
+    <serial/>
+    <caref>67a9feb38e684</caref>
+  </ca>
+  <dhcpdv6>
+    <lan>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <range>
+        <from>fdcf:39d9:630d:284b::0</from>
+        <to>fdcf:39d9:630d:284b:ffff:ffff:ffff:ffff</to>
+      </range>
+      <prefixrange>
+        <from/>
+        <to/>
+        <prefixlength>48</prefixlength>
+      </prefixrange>
+      <dnsserver/>
+      <ntpserver/>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+    </lan>
+    <opt6>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <range>
+        <from>fd36:94be:70a6:32a4::0</from>
+        <to>fd36:94be:70a6:32a4:ffff:ffff:ffff:ffff</to>
+      </range>
+      <prefixrange>
+        <from/>
+        <to/>
+        <prefixlength>48</prefixlength>
+      </prefixrange>
+      <dnsserver/>
+      <ntpserver/>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+    </opt6>
+    <opt3>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <range>
+        <from>fd93:1100:2856:1234::1000:0</from>
+        <to>fd93:1100:2856:1234::1fff:ffff</to>
+      </range>
+      <prefixrange>
+        <from/>
+        <to/>
+        <prefixlength>64</prefixlength>
+      </prefixrange>
+      <dnsserver/>
+      <ntpserver/>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+      <ramode>assist</ramode>
+      <rapriority>medium</rapriority>
+      <ramininterval>200</ramininterval>
+      <ramaxinterval>600</ramaxinterval>
+      <radomainsearchlist/>
+      <radnsserver/>
+    </opt3>
+  </dhcpdv6>
+  <cert uuid="d7801d42-1381-4ddc-8771-7d5564f0292e">
+    <refid>67a9532677f13</refid>
+    <descr>rno1.rail-city.net (ACME Client)</descr>
+    <caref>67a9532676509</caref>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURwRENDQXlxZ0F3SUJBZ0lTQlBMRU42ajJHZG5VVU1ML1BBa3g1eGZwTUFvR0NDcUdTTTQ5QkFNRE1ESXgKQ3pBSkJnTlZCQVlUQWxWVE1SWXdGQVlEVlFRS0V3MU1aWFFuY3lCRmJtTnllWEIwTVFzd0NRWURWUVFERXdKRgpOakFlRncweU5UQXlNVEF3TURFMk5EZGFGdzB5TlRBMU1URXdNREUyTkRaYU1CMHhHekFaQmdOVkJBTVRFbkp1CmJ6RXVjbUZwYkMxamFYUjVMbTVsZERCMk1CQUdCeXFHU000OUFnRUdCU3VCQkFBaUEySUFCT2p5dVFXMTFZUG0KQXc1Z0lzZWVpMGw1NFk3Nnl0SlpRZGF1ejc3djl1RW1ZbW9vM0dHZGNVU2owN1l2ZStxTW40YXJ5ZUN6MUFpTApmdkt3aWxISkJuemM1azhkbWU3VjZpeit5YVFNbDZxM1NQOHZueXlJb1NXOVlja1hUd01lUzZPQ0FoWXdnZ0lTCk1BNEdBMVVkRHdFQi93UUVBd0lIZ0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXcKREFZRFZSMFRBUUgvQkFJd0FEQWRCZ05WSFE0RUZnUVVLa3U4aFlWWnY1Z00zNzBIdGNLYnErNEMvU293SHdZRApWUjBqQkJnd0ZvQVVreWRHbUFPcFVXaU9tTmJFUWtqYkk3OVlsTkl3VlFZSUt3WUJCUVVIQVFFRVNUQkhNQ0VHCkNDc0dBUVVGQnpBQmhoVm9kSFJ3T2k4dlpUWXVieTVzWlc1amNpNXZjbWN3SWdZSUt3WUJCUVVITUFLR0ZtaDAKZEhBNkx5OWxOaTVwTG14bGJtTnlMbTl5Wnk4d0hRWURWUjBSQkJZd0ZJSVNjbTV2TVM1eVlXbHNMV05wZEhrdQpibVYwTUJNR0ExVWRJQVFNTUFvd0NBWUdaNEVNQVFJQk1JSUJCZ1lLS3dZQkJBSFdlUUlFQWdTQjl3U0I5QUR5CkFIY0F6UHNQYW9WeENXWCtsWnRUenVteWZDTHBoVndObDQyMnFYNVV3UDVNRGJBQUFBR1U3V3pMRlFBQUJBTUEKU0RCR0FpRUE5bzNwTGFoRlVsMjNkWE5QWGIxTGl1dFp3cHN0MW0zMUlVdk02alc0ejBRQ0lRREQ0ZnAreSt5agpmMlROWi9YZW1OcDFmcXVoSndXWWRCNjg1bU5qRDg5L2pnQjNBT2JTTVdOQWQ0ekJFRUVHMTNHNXpzSFNRUGFXCmhJYjd1b2N5SGYwZU40NVFBQUFCbE8xc3l4a0FBQVFEQUVnd1JnSWhBUGFKYXRXSmFvTVdQVnV5bHd2M3RkTGUKWm42eVcyTDZtbWFuN2p0R3NBRFBBaUVBd1V4QktaSlVvcGhPU0QxMjBHK0drMW95ekZSc0UxUUFyOE96dStPRAp2NUF3Q2dZSUtvWkl6ajBFQXdNRGFBQXdaUUl3VjQxZGNMdFRNRitIWTVMcVpXL2ZjMEdYMTlqV3pjeUc2RUFTCmh1dUs1SW5iM00yck9zN09rU2t6MkZBVVhBZ2lBakVBb0RTclJ2UFFCV1FqNTM4bWF4b216d1V1RXlKU0QyaEsKdEs2eU41QnJzaHZ3ZXlEamVBS082Y2g0aDMwcE1wZDMKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=</crt>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRCYWFXN011MmpOTCtjQndXZnArbXNKMW1QVzNQaVpldHFBYlE1NVdLeklnMU1LR2NETDJiUm4KNjB2SFhkT2FJYXlnQndZRks0RUVBQ0toWkFOaUFBVG84cmtGdGRXRDVnTU9ZQ0xIbm90SmVlR08rc3JTV1VIVwpycysrNy9iaEptSnFLTnhoblhGRW85TzJMM3ZxakorR3E4bmdzOVFJaTM3eXNJcFJ5UVo4M09aUEhabnUxZW9zCi9zbWtESmVxdDBqL0w1OHNpS0VsdldISkYwOERIa3M9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K</prv>
+  </cert>
+  <syslog/>
+  <dnsmasq version="1.0.5">
+    <enable>0</enable>
+    <regdhcp>1</regdhcp>
+    <regdhcpstatic>1</regdhcpstatic>
+    <dhcpfirst>1</dhcpfirst>
+    <strict_order>1</strict_order>
+    <domain_needed>0</domain_needed>
+    <no_private_reverse>1</no_private_reverse>
+    <log_queries>0</log_queries>
+    <no_hosts>0</no_hosts>
+    <strictbind>0</strictbind>
+    <dnssec>1</dnssec>
+    <regdhcpdomain/>
+    <interface>lan</interface>
+    <port/>
+    <dns_forward_max/>
+    <cache_size/>
+    <local_ttl/>
+    <add_mac/>
+    <add_subnet>0</add_subnet>
+    <strip_subnet>0</strip_subnet>
+    <dhcp>
+      <no_interface/>
+      <fqdn>0</fqdn>
+      <domain/>
+      <lease_max/>
+      <authoritative>0</authoritative>
+      <default_fw_rules>1</default_fw_rules>
+      <reply_delay/>
+      <enable_ra>0</enable_ra>
+      <nosync>0</nosync>
+    </dhcp>
+    <no_ident>1</no_ident>
+  </dnsmasq>
+</opnsense>