Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal in 2.0 Release not working?

    Scheduled Pinned Locked Moved Captive Portal
    47 Posts 10 Posters 22.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan
      last edited by

      Well, I lost you while reading "… that box have only 4mb and ...".
      Are you aware that pfSense can only run with 128 Mbytes of RAM, or more ?

      When you are using APs on a Captive Portal interface, best thing to do is:
      Captive Portal IP: x.x.x.1
      AP1: x.x.x.1
      AP2: x.x.x.2
      .... etc
      APy: x.x.x.y
      DHCP server range on Cative Portal Interface: x.x.x.y+1 - x.x.x.254
      (or: give AP's an IP that's outside the Captive Portal DHCP IP mask)
      This means that AP's should not have an IP that clients can obtain. Clients that starts to toy with a fixed IP, the same as an AP will gain a "MAC conflict" on the network.

      The AP's should be put in bridged mode, which means that pfSense's Captive Portal SEES the MAC of the clients.

      This setup still has possibilities for forging: hi-jacking the IP and MAC of an authenticated client will gain access for you.
      It will also create network conflicts ...

      Note that my AP's do NOT allow any x.x.x.a to x.x.x.b communication, except where the destination MAC is the MAC of the Captive Portal interface card. This is done with some 'ebtables firewall rules' in each AP.
      All this means that without hard-core hacking (Wifi sniffing, etc) you can NOT fall throughout the Captive Portal access. It is programmed to block all, and lists exceptions for those who are authenticated.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • H
        hadi57
        last edited by

        4 mb is my bandwidth, but i have others with 10, 16 and 20mb bandwidth, waiting for fiber optic to be available any where i have a box, ram on all boxes is 4 gig, using 64 amd version of pfsense, all of them have 64 intell 2 or 4 cpus, they are all doing fine with no issues.

        1 Reply Last reply Reply Quote 0
        • D
          dhatz
          last edited by

          Ideally use different VLANs to segregate traffic:

          One VLAN to manage the the APs
          Another VLAN to carry client traffic.

          1 Reply Last reply Reply Quote 0
          • L
            luke240778
            last edited by

            @cmb:

            @luke240778:

            Hey sorry, not really understanding this..  my AP's i don't have in the Captive Portal MAC passthrough list…  they are ust basically super bridges.

            They may be configured as such but that doesn't mean they're acting as such. There have been multiple reports on here of people's bridged wireless gear rewriting the source MAC on all traffic to the MAC of the AP, even though the firewall gets their DHCP requests coming from their real MAC. Checking Diag>ARP will show whether or not that's happening, what's shown there is the source MAC that's actually coming through.

            Umm. still beyond my understanding here. But looking at the ARP Table as you mentioned, it all looks right to me.. i see all correct CPE MAC's and only see the AP mac for the correct IP that is the AP.. Am i following?

            1 Reply Last reply Reply Quote 0
            • L
              luke240778
              last edited by

              @hadi57:

              hi

              i have same probolem, to solve this just dont use the pass through mac, let them go through the captive portal.

              there is even more serious problem, if they put the gatway IP in their proxy which i discovered by luck, there is no way to stop them from using your internet for free, even if you change squid port, it can be easly discovred with nmap.

              hadi57

              But that is what i am saying all along is my problem. I have been putting all MAC's in the Passthrough list for clients, as at install they were getting the Captive Portal login, so i added them to the Passthrough MAC.. but lately, all new installs are just bypassing CP completely and straight onto the web.. they are not yet in the MAC passthrough list, and they bypass the CP somehow

              1 Reply Last reply Reply Quote 0
              • L
                luke240778
                last edited by

                @Gertjan:

                Well, I lost you while reading "… that box have only 4mb and ...".
                Are you aware that pfSense can only run with 128 Mbytes of RAM, or more ?

                When you are using APs on a Captive Portal interface, best thing to do is:
                Captive Portal IP: x.x.x.1
                AP1: x.x.x.1
                AP2: x.x.x.2
                .... etc
                APy: x.x.x.y
                DHCP server range on Cative Portal Interface: x.x.x.y+1 - x.x.x.254
                (or: give AP's an IP that's outside the Captive Portal DHCP IP mask)
                This means that AP's should not have an IP that clients can obtain. Clients that starts to toy with a fixed IP, the same as an AP will gain a "MAC conflict" on the network.

                Sorry you are saying to have the AP1 the same IP as the  CP IP? (x.x.x.1)

                1 Reply Last reply Reply Quote 0
                • H
                  hbc
                  last edited by

                  Is there a known bug?

                  I use vouchers which should expire, but authenticated users aren't disconnected or redirected again to login page after expiration time. They can keep on surfing and are listed in "Status: Captive portal: Vouchers –> active users", but the voucher is deleted in 'active vouchers'. I can even manually disconnect them in 'active users' page but no effect. I have to disable and enable CP to end sessions.

                  Any hint what went wrong? I don't use pass-through-mac, but it is behaving like this feature.

                  1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan
                    last edited by

                    @hbc:

                    Is there a known bug?

                    What pfSense version ?
                    @hbc:

                    Any hint what went wrong? I don't use pass-through-mac, but it is behaving like this feature.

                    When the issue arrives, use these commands:
                    ipfw list
                    ipfw table all list

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    1 Reply Last reply Reply Quote 0
                    • H
                      hbc
                      last edited by

                      What pfSense version ?

                      It is 2.0-RELEASE (amd64)

                      When the issue arrives, use these commands:
                      ipfw list
                      ipfw table all list

                      This does just show, not fix anything. Right?

                      My test vouchers are only 5 minutes valid. Is this too short? Curiously yesterday when just one AP was configured with guest ssid, it worked.

                      Well, I'll check the tables when issue occures next time.

                      1 Reply Last reply Reply Quote 0
                      • L
                        luke240778
                        last edited by

                        @luke240778:

                        @Gertjan:

                        Well, I lost you while reading "… that box have only 4mb and ...".
                        Are you aware that pfSense can only run with 128 Mbytes of RAM, or more ?

                        When you are using APs on a Captive Portal interface, best thing to do is:
                        Captive Portal IP: x.x.x.1
                        AP1: x.x.x.1
                        AP2: x.x.x.2
                        .... etc
                        APy: x.x.x.y
                        DHCP server range on Cative Portal Interface: x.x.x.y+1 - x.x.x.254
                        (or: give AP's an IP that's outside the Captive Portal DHCP IP mask)
                        This means that AP's should not have an IP that clients can obtain. Clients that starts to toy with a fixed IP, the same as an AP will gain a "MAC conflict" on the network.

                        Sorry you are saying to have the AP1 the same IP as the  CP IP? (x.x.x.1)

                        Gertjan can you clarify please?

                        1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan
                          last edited by

                          @luke240778:

                          Sorry you are saying to have the AP1 the same IP as the  CP IP? (x.x.x.1)

                          Captive Portal IP: x.x.x.1
                          AP1: x.x.x.2
                          AP2: x.x.x.3
                          etc.

                          Sorry, my fault.
                          AP1 can't have the same IP as the Captive portal IP interface …..

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          1 Reply Last reply Reply Quote 0
                          • L
                            luke240778
                            last edited by

                            @Gertjan:

                            @luke240778:

                            Sorry you are saying to have the AP1 the same IP as the  CP IP? (x.x.x.1)

                            Captive Portal IP: x.x.x.1
                            AP1: x.x.x.2
                            AP2: x.x.x.3
                            etc.

                            Sorry, my fault.
                            AP1 can't have the same IP as the Captive portal IP interface …..

                            Ok yes, thats basically what i have..

                            CP IP: 192.168.10.1
                            AP1:  192.168.10.50
                            AP2:  192.168.10.51

                            1 Reply Last reply Reply Quote 0
                            • L
                              luke240778
                              last edited by

                              Ok, so there is definately some bug in Captive Portal on 2.0. I am wondering if its best i start a new thread regarding this? And see if we ca all get it solved?

                              I have basically 2 exact same NIC's, LAN and OPT1. Both setup exactly the same, just differente IP's obviously.

                              Captive Portal enabled on both interfaces,on the LAN and connection goes straight passed the CP login screen, tried various AP's to make sure it wasnt one of them not working.  The exact same setup on the OPT1 interface works perfectly.

                              I have tried by only activating CP on 1 at a time but get the same results.  This must be a bug…

                              1 Reply Last reply Reply Quote 0
                              • E
                                eri--
                                last edited by

                                Can you post your config here with private information cleared to verify it?

                                1 Reply Last reply Reply Quote 0
                                • L
                                  luke240778
                                  last edited by

                                  Sure i can. To be clear, are you asking for like screenshots of both interfaces settings?  or is here an actual  config file i can somehow get?

                                  1 Reply Last reply Reply Quote 0
                                  • E
                                    eri--
                                    last edited by

                                    config.xml file it is located under /conf/config.xml.

                                    You can retrieve it from the web interface Diagnostics->Edit File.

                                    1 Reply Last reply Reply Quote 0
                                    • L
                                      luke240778
                                      last edited by

                                      Ok, ill get that. Post the whole file? it is rather large..  give me a little time to blank out some passwords and i'll post it.

                                      1 Reply Last reply Reply Quote 0
                                      • GertjanG
                                        Gertjan
                                        last edited by

                                        Hi there ….
                                        never ever post big files like the config.xml in a forum.
                                        Use a site like this one: http://paste2.org/ and drop the link to your file in your post.

                                        No "help me" PM's please. Use the forum, the community will thank you.
                                        Edit : and where are the logs ??

                                        1 Reply Last reply Reply Quote 0
                                        • L
                                          luke240778
                                          last edited by

                                          @ermal:

                                          config.xml file it is located under /conf/config.xml.

                                          You can retrieve it from the web interface Diagnostics->Edit File.

                                          <pfsense><version>8.0</version>
                                          <lastchange><theme>pfsense_ng</theme>
                                          <sysctl><tunable>debug.pfftpproxy</tunable>
                                          <value>default</value>
                                          <tunable>vfs.read_max</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.ip.portrange.first</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.tcp.blackhole</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.udp.blackhole</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.ip.random_id</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.tcp.drop_synfin</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.ip.redirect</tunable>
                                          <value>default</value>
                                          <tunable>net.inet6.ip6.redirect</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.tcp.syncookies</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.tcp.recvspace</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.tcp.sendspace</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.ip.fastforwarding</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.tcp.delayed_ack</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.udp.maxdgram</tunable>
                                          <value>default</value>
                                          <tunable>net.link.bridge.pfil_onlyip</tunable>
                                          <value>default</value>
                                          <tunable>net.link.bridge.pfil_member</tunable>
                                          <value>default</value>
                                          <tunable>net.link.bridge.pfil_bridge</tunable>
                                          <value>default</value>
                                          <tunable>net.link.tap.user_open</tunable>
                                          <value>default</value>
                                          <tunable>kern.rndtest.verbose</tunable>
                                          <value>default</value>
                                          <tunable>kern.randompid</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.ip.intr_queue_maxlen</tunable>
                                          <value>default</value>
                                          <tunable>hw.syscons.kbd_reboot</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.tcp.inflight.enable</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.tcp.log_debug</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.icmp.icmplim</tunable>
                                          <value>default</value>
                                          <tunable>net.inet.tcp.tso</tunable>
                                          <value>default</value>
                                          <tunable>kern.ipc.maxsockbuf</tunable>
                                          <value>default</value></sysctl>
                                          <system><optimization>normal</optimization>
                                          <hostname>pfsense</hostname>
                                          <domain>mutioffice</domain>
                                          <group><name>all</name>

                                          <scope>system</scope>
                                          <gid>1998</gid></group>
                                          <group><name>admins</name>

                                          <scope>system</scope>
                                          <gid>1999</gid>
                                          <member>0</member>
                                          <member>2000</member>
                                          <member>2001</member>
                                          <member>2003</member>
                                          <member>2004</member>
                                          <member>2007</member>
                                          <member>2008</member>
                                          <priv>page-all</priv></group>
                                          <user><name>admin</name>

                                          <scope>system</scope>
                                          <groupname>admins</groupname>
                                          <password>$1$LoOd9345$88tSTwaytksu9o7jz51d30</password>
                                          <uid>0</uid>
                                          <priv>user-shell-access</priv>
                                          <md5-hash>a0b23f9bfa92affe54dea1a90b860d40</md5-hash>
                                          <nt-hash>0ecc291c27cb6407c3c6327b15247834</nt-hash>
                                          <expires><authorizedkeys></authorizedkeys></expires></user>
                                          <user><scope>user</scope>
                                          <password>$1$PAqlpUYS$5z6rHft6.5xGDIRMVSkFQ.</password>
                                          <md5-hash>a0b23f9bfa92affe54dea1a90b860d40</md5-hash>
                                          <nt-hash>0ecc291c27cb6407c3c6327b15247834</nt-hash>
                                          <name>luke</name>

                                          <expires><authorizedkeys><ipsecpsk><uid>2000</uid></ipsecpsk></authorizedkeys></expires></user>
                                          <user><scope>user</scope>
                                          <password>$1$bQ/H7qK.$vzYDw1d6qt3wC6ckqEQRG/</password>
                                          <md5-hash>ff9659f82bceb4f155c1c93a881c38e6</md5-hash>
                                          <nt-hash>ef1c76c17032f2e08098c351aa8fdef1</nt-hash>
                                          <name>remote1</name>

                                          <expires><authorizedkeys><ipsecpsk><cert>4e600a650b09c</cert>
                                          <uid>2003</uid></ipsecpsk></authorizedkeys></expires></user>
                                          <user><scope>user</scope>
                                          <password>$1$1FEShJz2$4A/hVSBDabv678BFF0yN.1</password>
                                          <md5-hash>a3ad9aed5800487fc398a0589657de05</md5-hash>
                                          <nt-hash>3500f7fc22164ea217c218e9eee5b8b8</nt-hash>
                                          <name>remote2</name>

                                          <expires><authorizedkeys><ipsecpsk><cert>4e600dfee2e10</cert>
                                          <uid>2004</uid></ipsecpsk></authorizedkeys></expires></user>
                                          <user><scope>user</scope>
                                          <password>$1$j4qPdvJ5$4y25x1Nxz4lCpUW9Y7RHr0</password>
                                          <md5-hash>a3ad9aed5800487fc398a0589657de05</md5-hash>
                                          <nt-hash>3500f7fc22164ea217c218e9eee5b8b8</nt-hash>
                                          <name>rick</name>

                                          <expires><authorizedkeys><ipsecpsk><uid>2001</uid>
                                          <disabled></disabled></ipsecpsk></authorizedkeys></expires></user>
                                          <user><scope>user</scope>
                                          <password>$1$mZ.32gSi$/YYEhax/Y/ZlUGVEknLCk.</password>
                                          <md5-hash>c5aa3124b1adad080927ce4d144c6b33</md5-hash>
                                          <nt-hash>acb184c1bef0fe854a4603961f93caa1</nt-hash>
                                          <name>ronaldo</name>

                                          <expires><authorizedkeys><ipsecpsk><uid>2005</uid>
                                          <priv>page-services-captiveportal-macaddresses</priv>
                                          <priv>page-status-dhcpleases</priv>
                                          <priv>page-services-captiveportal-editmacaddresses</priv></ipsecpsk></authorizedkeys></expires></user>
                                          <user><scope>user</scope>
                                          <password>$1$ky65RSKF$G3FL2Y9rpfbHzRECPiMxm1</password>
                                          <md5-hash>04a2142bc5570690034340274dfb303c</md5-hash>
                                          <nt-hash>2d49bd0f8e9271d82d967a9f77a974e8</nt-hash>
                                          <name>remote3</name>

                                          <expires><authorizedkeys><ipsecpsk><cert>4ed3e90f9e7f2</cert>
                                          <uid>2007</uid></ipsecpsk></authorizedkeys></expires></user>
                                          <user><scope>user</scope>
                                          <password>$1$wip8bl7.$W8CcPEyXwLV8lsT8N3jkt0</password>
                                          <md5-hash>4bd1afa1492afceb94d4bd2d891a30f7</md5-hash>
                                          <nt-hash>69da70577ab7fa8abbf9e8e6916a98bc</nt-hash>
                                          <name>remote4</name>

                                          <expires><authorizedkeys><ipsecpsk><cert>4ed69d8fa68ec</cert>
                                          <uid>2008</uid></ipsecpsk></authorizedkeys></expires></user>
                                          <nextuid>2009</nextuid>
                                          <nextgid>2001</nextgid>
                                          <timezone>America/Sao_Paulo</timezone>
                                          <time-update-interval><timeservers>0.pfsense.pool.ntp.org</timeservers>
                                          <webgui><protocol>https</protocol>
                                          <ssl-certref>4dd97c8932c01</ssl-certref>
                                          <port><max_procs>10</max_procs></port></webgui>
                                          <disablenatreflection>yes</disablenatreflection>
                                          <disablesegmentationoffloading><disablelargereceiveoffloading><gitsync><repositoryurl><branch></branch></repositoryurl></gitsync>
                                          <dns1gwint>wan</dns1gwint>
                                          <dns2gwint>wan</dns2gwint>
                                          <dns3gwint>none</dns3gwint>
                                          <dns4gwint>none</dns4gwint>
                                          <ssh><port>45000</port></ssh>
                                          <firmware><allowinvalidsig><alturl><enable><firmwareurl>http://updates.pfsense.org/_updaters/amd64</firmwareurl></enable></alturl></allowinvalidsig></firmware>
                                          <enablesshd>enabled</enablesshd>
                                          <dnsserver>200.255.255.66</dnsserver>
                                          <dnsserver>200.255.255.73</dnsserver></disablelargereceiveoffloading></disablesegmentationoffloading></time-update-interval></system>
                                          <interfaces><wan><enable><if>re0</if>
                                          <blockbogons><spoofmac><alias-address><alias-subnet>32</alias-subnet>
                                          <ipaddr>189.53.100.10</ipaddr>
                                          <subnet>30</subnet>
                                          <gateway>WANGW</gateway></alias-address></spoofmac></blockbogons></enable></wan>
                                          <lan><enable><if>re1</if>

                                          <spoofmac><ipaddr>192.168.10.1</ipaddr>
                                          <subnet>24</subnet></spoofmac></enable></lan>
                                          <opt1><if>re2</if>
                                          <enable><spoofmac><ipaddr>192.168.99.1</ipaddr>
                                          <subnet>19</subnet></spoofmac></enable></opt1></interfaces>
                                          <staticroutes><dhcpd><lan><enable><range><from>192.168.10.80</from>
                                          <to>192.168.10.254</to></range>
                                          <defaultleasetime><maxleasetime><netmask><failover_peerip><gateway>192.168.10.1</gateway>
                                          <domain><domainsearchlist><ddnsdomain><tftp><ldap><next-server><filename><rootpath></rootpath></filename></next-server></ldap></tftp></ddnsdomain></domainsearchlist></domain></failover_peerip></netmask></maxleasetime></defaultleasetime></enable></lan>
                                          <opt1><range><from>192.168.100.1</from>
                                          <to>192.168.127.254</to></range>
                                          <defaultleasetime><maxleasetime><netmask><failover_peerip><gateway>192.168.99.1</gateway>
                                          <domain><domainsearchlist><enable><ddnsdomain><tftp><ldap><next-server><filename><rootpath></rootpath></filename></next-server></ldap></tftp></ddnsdomain></enable></domainsearchlist></domain></failover_peerip></netmask></maxleasetime></defaultleasetime></opt1></dhcpd>
                                          <pptpd><mode>server</mode>
                                          <redir>192.168.100.1</redir>
                                          <localip>192.168.10.3</localip>
                                          <remoteip>192.168.10.4</remoteip>
                                          <radius><server><ip><port><acctport></acctport></port></ip></server>
                                          <server2><ip><port><acctport></acctport></port></ip></server2>
                                          <nasip><acct_update></acct_update></nasip></radius>
                                          <wins><n_pptp_units>16</n_pptp_units>
                                          <user><name>luke</name>
                                          <ip><password>00000000</password></ip></user>
                                          <user><name>rick</name>
                                          <ip><password>00000000</password></ip></user></wins></pptpd>
                                          <dnsmasq><enable></enable></dnsmasq>
                                          <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd>
                                          <diag><ipv6nat><ipaddr></ipaddr></ipv6nat></diag>
                                          <bridge><syslog><nat><ipsecpassthru><enable></enable></ipsecpassthru>
                                          <advancedoutbound><rule><source>
                                          <any><destination><network>wanip</network>
                                          <port>45001</port></destination>
                                          <protocol>tcp</protocol>
                                          <target>192.168.10.50</target>
                                          <local-port>22</local-port>
                                          <interface>wan</interface>

                                          <associated-rule-id>nat_4e8fb21bd574a2.57802789</associated-rule-id></any></rule>
                                          <rule><source>
                                          <any><destination><network>wanip</network>
                                          <port>3389</port></destination>
                                          <protocol>tcp</protocol>
                                          <target>192.168.5.28</target>
                                          <local-port>3389</local-port>
                                          <interface>wan</interface>

                                          <associated-rule-id>nat_4e8fb32150abb1.50808379</associated-rule-id></any></rule>
                                          <rule><source>
                                          <any><destination><network>wanip</network>
                                          <port>3799</port></destination>
                                          <protocol>udp</protocol>
                                          <target>192.168.10.240</target>
                                          <local-port>3799</local-port>
                                          <interface>wan</interface>

                                          <associated-rule-id>nat_4e945fa91c6e78.64504045</associated-rule-id></any></rule>
                                          <rule><source>
                                          <any><destination><network>wanip</network>
                                          <port>2222</port></destination>
                                          <protocol>tcp</protocol>
                                          <target>192.168.10.240</target>
                                          <local-port>2222</local-port>
                                          <interface>wan</interface>

                                          <associated-rule-id>nat_4e945fe39d4338.45612714</associated-rule-id></any></rule>
                                          <rule><source>
                                          <any><destination><network>wanip</network>
                                          <port>23</port></destination>
                                          <protocol>tcp</protocol>
                                          <target>192.168.10.240</target>
                                          <local-port>2323</local-port>
                                          <interface>wan</interface>

                                          <associated-rule-id>nat_4e94602b44dae2.39725168</associated-rule-id></any></rule>
                                          <rule><source>
                                          <any><destination><network>wanip</network>
                                          <port>8585</port></destination>
                                          <protocol>tcp</protocol>
                                          <target>192.168.10.240</target>
                                          <local-port>8585</local-port>
                                          <interface>wan</interface>

                                          <associated-rule-id>nat_4e94604945f842.01632163</associated-rule-id></any></rule>
                                          <rule><source>
                                          <any><destination><network>wanip</network>
                                          <port>45002</port></destination>
                                          <protocol>tcp</protocol>
                                          <target>192.168.5.25</target>
                                          <local-port>22</local-port>
                                          <interface>wan</interface>
                                          <descr><associated-rule-id>nat_4e9d70593d5c79.87421452</associated-rule-id></descr></any></rule></advancedoutbound></nat>
                                          <filter><rule><direction>in</direction>
                                          <source>
                                          <any><destination><network>wanip</network>
                                          <port>1194</port></destination>
                                          <interface>wan</interface>
                                          <protocol>udp</protocol>
                                          <type>pass</type>
                                          <enabled>on</enabled></any></rule>
                                          <rule><id><type>pass</type>
                                          <interface>lan</interface>
                                          <tag><tagged><max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
                                          <os><source>
                                          <network>lan</network>

                                          <destination><any></any></destination>

                                          <dnpipe>2</dnpipe>
                                          <pdnpipe>1</pdnpipe></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></tagged></tag></id></rule>
                                          <rule><source>
                                          <any><destination><any></any></destination>
                                          <interface>openvpn</interface>
                                          <type>pass</type>
                                          <enabled>on</enabled></any></rule>
                                          <rule><id><type>pass</type>
                                          <interface>opt1</interface>
                                          <tag><tagged><max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
                                          <os><source>
                                          <network>opt1</network>

                                          <destination><any></any></destination></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></tagged></tag></id></rule>
                                          <rule><id><type>pass</type>
                                          <interface>pptp</interface>
                                          <tag><tagged><max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>
                                          <os><source>
                                          <any><destination><any></any></destination></any></os></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></tagged></tag></id></rule>
                                          <rule><source>
                                          <any><interface>wan</interface>
                                          <protocol>tcp</protocol>
                                          <destination><address>192.168.10.50</address>

                                          <port>22</port></destination>

                                          <associated-rule-id>nat_4e8fb21bd574a2.57802789</associated-rule-id></any></rule>
                                          <rule><source>
                                          <any><interface>wan</interface>
                                          <protocol>tcp</protocol>
                                          <destination><address>192.168.5.28</address>

                                          <port>3389</port></destination>

                                          <associated-rule-id>nat_4e8fb32150abb1.50808379</associated-rule-id></any></rule>
                                          <rule><source>
                                          <any><interface>wan</interface>
                                          <protocol>udp</protocol>
                                          <destination><address>192.168.10.240</address>

                                          <port>3799</port></destination>

                                          <associated-rule-id>nat_4e945fa91c6e78.64504045</associated-rule-id></any></rule>
                                          <rule><source>
                                          <any><interface>wan</interface>
                                          <protocol>tcp</protocol>
                                          <destination><address>192.168.10.240</address>

                                          <port>2222</port></destination>

                                          <associated-rule-id>nat_4e945fe39d4338.45612714</associated-rule-id></any></rule>
                                          <rule><source>
                                          <any><interface>wan</interface>
                                          <protocol>tcp</protocol>
                                          <destination><address>192.168.10.240</address>

                                          <port>2323</port></destination>

                                          <associated-rule-id>nat_4e94602b44dae2.39725168</associated-rule-id></any></rule>
                                          <rule><source>
                                          <any><interface>wan</interface>
                                          <protocol>tcp</protocol>
                                          <destination><address>192.168.10.240</address>

                                          <port>8585</port></destination>

                                          <associated-rule-id>nat_4e94604945f842.01632163</associated-rule-id></any></rule>
                                          <rule><source>
                                          <any><interface>wan</interface>
                                          <protocol>tcp</protocol>
                                          <destination><address>192.168.5.25</address>

                                          <port>22</port></destination>

                                          <associated-rule-id>nat_4e9d70593d5c79.87421452</associated-rule-id></any></rule></filter>
                                          <shaper><ipsec><preferoldsa><enable></enable></preferoldsa></ipsec>
                                          <aliases><proxyarp><cron><minute>0</minute>
                                          <hour></hour>
                                          <mday>
                                          </mday>
                                          <month></month>
                                          <wday>
                                          </wday>
                                          <who>root</who>
                                          <command></command>/usr/bin/nice -n20 newsyslog
                                          <minute>1,31</minute>
                                          <hour>0-5</hour>
                                          <mday></mday>
                                          <month>
                                          </month>
                                          <wday></wday>
                                          <who>root</who>
                                          <command></command>/usr/bin/nice -n20 adjkerntz -a
                                          <minute>1</minute>
                                          <hour>3</hour>
                                          <mday>1</mday>
                                          <month>
                                          </month>
                                          <wday></wday>
                                          <who>root</who>
                                          <command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh
                                          <minute>
                                          /60</minute>
                                          <hour></hour>
                                          <mday>
                                          </mday>
                                          <month></month>
                                          <wday>
                                          </wday>
                                          <who>root</who>
                                          <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
                                          <minute>1</minute>
                                          <hour>1</hour>
                                          <mday></mday>
                                          <month>
                                          </month>
                                          <wday></wday>
                                          <who>root</who>
                                          <command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update
                                          <minute>
                                          /60</minute>
                                          <hour></hour>
                                          <mday>
                                          </mday>
                                          <month></month>
                                          <wday>
                                          </wday>
                                          <who>root</who>
                                          <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
                                          <minute>30</minute>
                                          <hour>12</hour>
                                          <mday></mday>
                                          <month>
                                          </month>
                                          <wday></wday>
                                          <who>root</who>
                                          <command></command>/usr/bin/nice -n20 /etc/rc.update_urltables
                                          <task_name>squid_rotate_logs</task_name>
                                          <minute>0</minute>
                                          <hour>0</hour>
                                          <mday>
                                          </mday>
                                          <month></month>
                                          <wday>
                                          </wday>
                                          <who>root</who>
                                          <command></command>/usr/local/sbin/squid -k rotate
                                          <minute>/1</minute>
                                          <hour>
                                          </hour>
                                          <mday></mday>
                                          <month>
                                          </month>
                                          <wday></wday>
                                          <who>root</who>
                                          <command></command>/usr/local/pkg/vnstat2.sh
                                          <minute>0</minute>
                                          <hour>7</hour>
                                          <mday>
                                          </mday>
                                          <month></month>
                                          <wday>
                                          </wday>
                                          <who>root</who>
                                          <command></command>/usr/local/bin/mail_reports_generate.php 0 &
                                          <task_name>lightsquid_parser_today</task_name>
                                          <minute>0</minute>
                                          <hour>/2</hour>
                                          <mday>
                                          </mday>
                                          <month></month>
                                          <wday>
                                          </wday>
                                          <who>root</who>
                                          <command></command>/usr/bin/perl /usr/local/www/lightsquid/lightparser.pl today
                                          <task_name>lightsquid_parser_yesterday</task_name>
                                          <minute>15</minute>
                                          <hour>0</hour>
                                          <mday></mday>
                                          <month>
                                          </month>
                                          <wday>*</wday>
                                          <who>root</who>
                                          <command></command>/usr/bin/perl /usr/local/www/lightsquid/lightparser.pl yesterday</cron>
                                          <wol><rrd><enable></enable></rrd>
                                          <load_balancer><monitor_type><name>ICMP</name>
                                          <type>icmp</type></monitor_type>
                                          <monitor_type><name>TCP</name>
                                          <type>tcp</type></monitor_type>
                                          <monitor_type><name>HTTP</name>
                                          <type>http</type>

                                          <options><path>/</path>
                                          <host>200</host></options></monitor_type>
                                          <monitor_type><name>HTTPS</name>
                                          <type>https</type>

                                          <options><path>/</path>
                                          <host>200</host></options></monitor_type>
                                          <monitor_type><name>SMTP</name>
                                          <type>send</type>

                                          <options><send>EHLO nosuchhost</send>
                                          <expect>250-</expect></options></monitor_type></load_balancer>
                                          <widgets><sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence></widgets>
                                          <revision><time>1322840976</time>

                                          <username>admin@192.168.100.1</username></revision>
                                          <openvpn><openvpn-server><vpnid>1</vpnid>
                                          <mode>server_tls_user</mode>
                                          <authmode>Local Database</authmode>
                                          <protocol>UDP</protocol>
                                          <dev_mode>tun</dev_mode>
                                          <ipaddr><interface>wan</interface>
                                          <local_port>1194</local_port>

                                          <custom_options>push "route 192.168.10.0 255.255.255.0";</custom_options>
                                          <tls>Iw0KIyAyMDQ4IGJpdCBPcGVuVlBOIHN0YXRpYyBrZXkNCiMNCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0NCjY5YTE0ZWE3MGE2OGIzNjk5ZTE1MjQ2MWI2YzM2MDQ5DQpmNTM1ZmU1NDJkYWE2YjdkYzA3MTIzY2MyNDc3M2Q5Zg0KM2U0ZDA3MGRkZWYwYWYzZGNiNWU3N2IyZDZlZGM0MjYNCmIyNzk0ZGI2ZTNjOWQ1NzgwOTVjMjUyOTNjZDhmNWMzDQoyNDFlNjFkM2FjZjdhZDM3NmNiOTZlZWM1NmE2NGRmNg0KOGVlNmVjZDYzYzBkYjNiMTIxMzRhNDY1YWEyMzA3YWENCjI1MzMxMjI2ZjdlNDhiNTI4Njg4Mzc1NzBjMmJiYmRkDQo3Y2Q2NGY3YThiZDkwY2VmYjhmYzU1MTc0ZDJlY2E2Yg0KY2Y0ODg2NzI2ZGU1OTY0NDNjODg5MDY3MjdjZjI1OTENCmQyZjQ5OWUzMzYyMDNjYThiNjY0MjkxOTlkZDYyY2IxDQpiMGQ4ODNmOTM0MmU5YWU0OGFjNjRiZjhkMTkwMmE0ZA0KZmM1NTE3NWY4ZmNmNjYyMWE3MzQxZDljYWY0ZTE2YzINCjY5MDk2YjgyZTRhMDBiYTYwMDY2ZDI3YjgzMDg3ZTc1DQpmYmYwNTc1MWNlM2MxYmY5Y2NjMDlmZDE1OWQ1OWRmNg0KNzQxODkzMTc2NmRhZTY2MjEzMWJmMGE0MzVlMTAxNjQNCmRmZTI5NGYxMjY2MmQzM2JlMTk4ZmMzM2NjNDQzZjdlDQotLS0tLUVORCBPcGVuVlBOIFN0YXRpYyBrZXkgVjEtLS0tLQ0K</tls>
                                          <caref>4e6009cfa970f</caref>
                                          <crlref><certref>4e600c37a8243</certref>
                                          <dh_length>1024</dh_length>
                                          <strictusercn><crypto>BF-CBC</crypto>
                                          <engine>none</engine>
                                          <tunnel_network>10.0.8.0/24</tunnel_network>
                                          <remote_network><gwredir><local_network>192.168.5.0/24</local_network>
                                          <maxclients>6</maxclients>
                                          <compression>yes</compression>
                                          <passtos><client2client><dynamic_ip>yes</dynamic_ip>
                                          <pool_enable>yes</pool_enable>
                                          <netbios_enable><netbios_ntype>0</netbios_ntype></netbios_enable></client2client></passtos></gwredir></remote_network></strictusercn></crlref></ipaddr></openvpn-server></openvpn>
                                          <l7shaper><container></container></l7shaper>
                                          <dnshaper><queue><name>Download</name>
                                          <number><qlimit><plr><description><bandwidth>20</bandwidth>
                                          <bandwidthtype>Mb</bandwidthtype>
                                          <enabled>on</enabled>
                                          <buckets><mask>dstaddress</mask>
                                          <delay>0</delay></buckets></description></plr></qlimit></number></queue>
                                          <queue><name>Upload</name>
                                          <number><qlimit><plr><description><bandwidth>20</bandwidth>
                                          <bandwidthtype>Mb</bandwidthtype>
                                          <enabled>on</enabled>
                                          <buckets><mask>srcaddress</mask>
                                          <delay>0</delay></buckets></description></plr></qlimit></number></queue></dnshaper>
                                          <cert><refid>4dd97c8932c01</refid>

                                          <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVLRENDQTVHZ0F3SUJBZ0lKQU9mVUVhUzJ0ZHJLTUEwR0NTcUdTSWIzRFFFQkJRVUFNSUcvTVFzd0NRWUQKVlFRR0V3SlZVekVTTUJBR0ExVUVDQk1KVTI5dFpYZG9aWEpsTVJFd0R3WURWUVFIRXdoVGIyMWxZMmwwZVRFVQpNQklHQTFVRUNoTUxRMjl0Y0dGdWVVNWhiV1V4THpBdEJnTlZCQXNUSms5eVoyRnVhWHBoZEdsdmJtRnNJRlZ1CmFYUWdUbUZ0WlNBb1pXY3NJSE5sWTNScGIyNHBNU1F3SWdZRFZRUURFeHREYjIxdGIyNGdUbUZ0WlNBb1pXY3MKSUZsUFZWSWdibUZ0WlNreEhEQWFCZ2txaGtpRzl3MEJDUUVXRFVWdFlXbHNJRUZrWkhKbGMzTXdIaGNOTVRFdwpOVEl5TWpFeE16UTFXaGNOTVRZeE1URXhNakV4TXpRMVdqQ0J2ekVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WCkJBZ1RDVk52YldWM2FHVnlaVEVSTUE4R0ExVUVCeE1JVTI5dFpXTnBkSGt4RkRBU0JnTlZCQW9UQzBOdmJYQmgKYm5sT1lXMWxNUzh3TFFZRFZRUUxFeVpQY21kaGJtbDZZWFJwYjI1aGJDQlZibWwwSUU1aGJXVWdLR1ZuTENCegpaV04wYVc5dUtURWtNQ0lHQTFVRUF4TWJRMjl0Ylc5dUlFNWhiV1VnS0dWbkxDQlpUMVZTSUc1aGJXVXBNUnd3CkdnWUpLb1pJaHZjTkFRa0JGZzFGYldGcGJDQkJaR1J5WlhOek1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R04KQURDQmlRS0JnUURPU0ZSNmdKWEs0bG81dVFJVWxaOG5MbjhON0F1T0lJU0lJUWlRaTJhbm9ZL1dKLy9wR3ZDbgo2NEl6bkFaOHBOVnZKODB2aG5XODdOQU1hNnV4ZUxvdnhhR2NFVlBIZW1CY3JhVXpISExTRGIzNmNyTkVqcUFjClpMOW9Mb0k3OVgwNW9KQmtPSzJyLytocWxDWFRVM1p3STZpK2Q1LzlMQis3cFF1cE8wbHdLUUlEQVFBQm80SUIKS0RDQ0FTUXdIUVlEVlIwT0JCWUVGRFdQVlVlcXU3V1BFeDR5NzlaMmEwREFNU0hoTUlIMEJnTlZIU01FZ2V3dwpnZW1BRkRXUFZVZXF1N1dQRXg0eTc5WjJhMERBTVNIaG9ZSEZwSUhDTUlHL01Rc3dDUVlEVlFRR0V3SlZVekVTCk1CQUdBMVVFQ0JNSlUyOXRaWGRvWlhKbE1SRXdEd1lEVlFRSEV3aFRiMjFsWTJsMGVURVVNQklHQTFVRUNoTUwKUTI5dGNHRnVlVTVoYldVeEx6QXRCZ05WQkFzVEprOXlaMkZ1YVhwaGRHbHZibUZzSUZWdWFYUWdUbUZ0WlNBbwpaV2NzSUhObFkzUnBiMjRwTVNRd0lnWURWUVFERXh0RGIyMXRiMjRnVG1GdFpTQW9aV2NzSUZsUFZWSWdibUZ0ClpTa3hIREFhQmdrcWhraUc5dzBCQ1FFV0RVVnRZV2xzSUVGa1pISmxjM09DQ1FEbjFCR2t0clhheWpBTUJnTlYKSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUc4UXJwVEpIbXl0TmgwMXhHZXpiSkZXSjhLVgpRUWZOdUVScXZTWm5iN2VLM2tEMFZwMHM0NzN3S3R4M2h1M1NkakVJYjkxdTZhWmUwOWlNSWg1MkNYYmRYeFZNCkM3R2YrOUVFaldoV3B5b0h3ZmZ4QlpTUThMcVlLeG0yUUJYRnIzRU5HV2ljOHV2bVVWSldHb2xzQjdhZXZpSEIKZnVwRVkvQ1Z4a3puWm1lagotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
                                          <prv>R2VuZXJhdGluZyBSU0EgcHJpdmF0ZSBrZXksIDEwMjQgYml0IGxvbmcgbW9kdWx1cwouLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4rKysrKysKLi4uLi4rKysrKysKZSBpcyA2NTUzNyAoMHgxMDAwMSkKLS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlDWGdJQkFBS0JnUURPU0ZSNmdKWEs0bG81dVFJVWxaOG5MbjhON0F1T0lJU0lJUWlRaTJhbm9ZL1dKLy9wCkd2Q242NEl6bkFaOHBOVnZKODB2aG5XODdOQU1hNnV4ZUxvdnhhR2NFVlBIZW1CY3JhVXpISExTRGIzNmNyTkUKanFBY1pMOW9Mb0k3OVgwNW9KQmtPSzJyLytocWxDWFRVM1p3STZpK2Q1LzlMQis3cFF1cE8wbHdLUUlEQVFBQgpBb0dCQUp5dnJCdHcyRmJISUNtQU1laFl6ZzhBN2xrdzFvWWFoUkN4cHNQRVh6RXRNd2hFVWNwS1FFb01SVlhXClNjY2JuVk5WTkRISlBGMUlzNjc3aWVxLy9RczNLZUFTRWlEaUVNWWY2cTJQQnNJSXJDKzNEb3FxVHFBYUU0bUwKRnRhMzJnZU9IY01EOVltRTBGbVRhZXlsNHd6NkthbXpaczVqQjlSMmk4UTRHOUJCQWtFQTYyb0lYb0F0R044WApOWlB5YXdjVVN5bWV0dDU4TFZSZHUxUFg1OUE4R2NOVHg3RDdmeDV6ZnpxZ015Z0FtRyt0SUxWQzEweWE0dXFQCjdzT2FzQVhYRlFKQkFPQlNLSEcxcUdOdUdVSnFWZ1FTVU5lWFZzejVzcXgrdWdlaWpPNGpKZ1g1WWFrS0c0NVcKaFZKSVl0NkpNQ1JwSXNMUnVqZUVNRVVGUG5zT3kzd2FlY1VDUUFUcTVSdmNQNVRxYkJpeGEzbnkzdWluQ09xMwpBUThOV1J2bHAzZnZNS0kxSTFYamk0MWZQSGhtNkJ2SmRTRzZDM3JJYm9vQ3pxVjQwdUxnOFNWR0tmVUNRUURMCk9RTlZDTnNWd1UvM0FIa08xVDBTSkJSS1BNa25SdVBvT05adWc3OVYyRGttdUhhQWZGZnFWSlBsd2Vtd2d1TXcKRm1zYkVwSGNaY1RXSFhBeDdaWjFBa0VBcnp6L0l2QUk5RUNoM0ZVV0x1NCtMbXV3dENhZGRkNkdrbGp1cGpZNwo2ZWwxNzA2WktYaTBYSUZqQ2llZFVwNUlvU2k5RFBUTnNjcjRNSkJqMGs5Q3Z3PT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K</prv></cert>
                                          <cert><refid>4e600a650b09c</refid>

                                          <caref>4e6009cfa970f</caref>
                                          <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVaakNDQTA2Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRVUZBRENCaFRFTE1Ba0dBMVVFQmhNQ1FsSXgKRGpBTUJnTlZCQWdUQlVKaGFHbGhNUlV3RXdZRFZRUUhFd3hRYjNKMGJ5QlRaV2QxY204eEVqQVFCZ05WQkFvVApDVTExZEdrZ1YybG1hVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVViSFZyWlVCdGRYUnBkMmxtYVM1amIyMHVZbkl4CkZqQVVCZ05WQkFNVERWSnZZV1JYWVhKeWFXOXlRMEV3SGhjTk1URXdPVEF4TWpJME1qUTFXaGNOTWpFd09ESTUKTWpJME1qUTFXakIvTVFzd0NRWURWUVFHRXdKQ1VqRU9NQXdHQTFVRUNCTUZRbUZvYVdFeEZUQVRCZ05WQkFjVApERkJ2Y25SdklGTmxaM1Z5YnpFU01CQUdBMVVFQ2hNSlRYVjBhU0JYYVdacE1TTXdJUVlKS29aSWh2Y05BUWtCCkZoUnNkV3RsUUcxMWRHbDNhV1pwTG1OdmJTNWljakVRTUE0R0ExVUVBeE1IY21WdGIzUmxNVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS2Uzd0FRWE94MmlkU2NHeDkyc2lLV3FSbHVqMVI4bgpVNWxMcGhHY2Q1MWFMdzNNcWdIN0pTRE1yQVIwWDY5djNSUk1PTXNTYkwwWWswbUxlRjRXWng4eU9kS2xEMi9qCkZCSFMrTE56Z2pVWWFjam5Jd1BnMmdRL3NJRGIyOFJNTVhUUFRkbm15T0kxOGNXU0ZHdjNhbVFxb05RM3BUVWoKenhGbE1wcGN1TTllM01XV3dESUxKdWJOeWVlL2NkS2lzRVprUVJtRk1tNnJmNFR0Y1E4d3ZKRHVmNU5GM0w3TQpWZ2h0SjZPNXNzRll5Q2pZTkx0OExPV3M4MXRQcGR5L2lRRHlzcUQ2SWNMSk1wTjNMWXRmcEZPZ2lUN1dTN3VvCkdTeWVsY0w0ZTBTTTJEMHdHR0pIdkI0UHdUVktBb3pHS1J5bWZmYWJGN1lCNXNvL0d2Z2pJaFVDQXdFQUFhT0IKNVRDQjRqQWRCZ05WSFE0RUZnUVVBUlczTlJEM1RMK3RBVWQ3QUNIZFM3Slg4NFl3Z2JJR0ExVWRJd1NCcWpDQgpwNEFVUEdsWmFvWXFoekN6dUZmZkhJTE1TNWh6N3JLaGdZdWtnWWd3Z1lVeEN6QUpCZ05WQkFZVEFrSlNNUTR3CkRBWURWUVFJRXdWQ1lXaHBZVEVWTUJNR0ExVUVCeE1NVUc5eWRHOGdVMlZuZFhKdk1SSXdFQVlEVlFRS0V3bE4KZFhScElGZHBabWt4SXpBaEJna3Foa2lHOXcwQkNRRVdGR3gxYTJWQWJYVjBhWGRwWm1rdVkyOXRMbUp5TVJZdwpGQVlEVlFRREV3MVNiMkZrVjJGeWNtbHZja05CZ2dFQU1Bd0dBMVVkRXdRRk1BTUJBZjh3RFFZSktvWklodmNOCkFRRUZCUUFEZ2dFQkFNV0VyNTFaYXF0cmpKRkFiOEFhM1J1dWRKeSsyenNucTEzdUtWT09LaC9oci9zSGF2SjEKYUlTSDVGczRDMEJ1ZytpanI1MnFiWC9xV3creXhDRHpubGgrbGtoTzlBbG9odU54UlRjWkFjU0pLWHVwekl6Kwo4NG5VQ0VxZ3RvTCttSU1KaUFzNTFTanZmYkduZ0RBV2RsaGh4QlYxTGgzNWRrRmlyV014bWRDMmNOa3NnYW85CnNtYUF6ZzdlMUplUHE1dTMyMkVrZTZVK2JXb3pKOC9PQ1QrU3NzdWg5OGZZTTM3bldkM3VERW93YVpjSGVmelMKbEV5TDlvU3NMcTBkZmpyYUFLTkJpWnRxM1Z2VzNYak9NRjJKcU1yZTJNWDdmOUVZQ3JpOWVjNFVoVGUzbTA4cQozTDI4MnRJMlh3MFBzWW9RbDJYTE9mV0NJbkVxYVdFTEhiMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=</crt>
                                          <prv>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBcDdmQUJCYzdIYUoxSndiSDNheUlwYXBHVzZQVkh5ZFRtVXVtRVp4M25Wb3ZEY3lxCkFmc2xJTXlzQkhSZnIyL2RGRXc0eXhKc3ZSaVRTWXQ0WGhabkh6STUwcVVQYitNVUVkTDRzM09DTlJocHlPY2oKQStEYUJEK3dnTnZieEV3eGRNOU4yZWJJNGpYeHhaSVVhL2RxWkNxZzFEZWxOU1BQRVdVeW1seTR6MTdjeFpiQQpNZ3NtNXMzSjU3OXgwcUt3Um1SQkdZVXlicXQvaE8xeER6QzhrTzUvazBYY3ZzeFdDRzBubzdteXdWaklLTmcwCnUzd3M1YXp6VzArbDNMK0pBUEt5b1BvaHdza3lrM2N0aTEra1U2Q0pQdFpMdTZnWkxKNlZ3dmg3Ukl6WVBUQVkKWWtlOEhnL0JOVW9Dak1ZcEhLWjk5cHNYdGdIbXlqOGErQ01pRlFJREFRQUJBb0lCQUEwb0Qrc0NPNFB1bTR3TgpMeDZIaTB5Ymw5dFdkY0IwNEV6MUx6alFjbDJvbG1wWnRMaGxFQnVMa3E3aXhpTEgvcXE1OC9hU0ltK08vdmJVCjl3TkNkS0p3MlRKWittVUhoaXFEeHppa2hnRk9RZllkazVTWlRlRHBjaG9acFJxMzgyVTdZZHNIREprYUxEWVkKYUh1enMrZlpwRFloaTFjbzBQU0hZTG5WTGpZdUZWU2xTMFExYkJuY3ZKczBVVEVTYW44WUdZMVRQOHR5M1hnQQpudVZEa2xGaVdxaXVRS1NERzkzei9GQVZVR0NHeGxiUEExRlFSMlE4cXJFNUxaN1I3TEJRaUNpYThwc1NuSlc1CnhGOGoyUi83QWdUUGdCSjBpOUoyeUkza3hTUEUwb3ZBSUFoejU1bVUxQVlHbW9sNjYvbFFsb1cxMWluNkd4enIKbU9zUzB6MENnWUVBMUVza3lqRWZGb2FQdzZBMm11ckw5RFlGamNNc2tUUEk3dkNaaUpTV3RTd2s1Q3MrbVcwNQphNUJZVWF1TWVsQTN6cnN1ZE5aeHpCSG1HV25xOUt4UDJJVXRVR0dCTEY0b1R1VEZLNERWcGtQcThOdlByYVpJCmh4LzRBckNKQlFtbVJETlJXeGJ1Zi9yZWxVNWo1VTBGSlNaRlJISlVFQy9UYitxZWpWcXIyWmNDZ1lFQXlqOUIKdHBhc2FObE55VlVWTWFuMlU1M28yZ0huQ2lvcnEwYktrNVU0R2ZnL3hTN3F3NEV3NWlJOXA3U3NFOEFZNmdNdQpwZTlSalJIclFXeUxjT2NvMnIrSU5nWEJBS1ZhSll1ZklXckloZEFwMFkrM2NyYXVTS1pqekNkdTNOVVIvQWlLCnZxanEvQWF3QlY0SFprdVZIM0FhT1ZvN1lpbG1DQzBmc0phT256TUNnWUVBdVpLV0xraVNMRmFrQlJWZnBqdm8KM1NqNzRkZmlkV3NYRWdjdnJyeDBvUnBkaFRab0dpWG9NNmFTRFpJdjBodWRMUkZpb3E5eCtqa0xNdHZyanNXeApaa3ZFT0tlREN3MmpucE5MNTZOUEgyL3ZSMnhlTmlWTThSRjQ4cUR1cFlDeDNwd2RXY3JKNFFXaTNGRVI4YmRKCjhCZHNKVkRyT3RzVHNKa2V6K0dhcHpFQ2dZRUFyaFArWXNPVHlIZHA3YVl2Sk4wdTZVL2NzWEM3eFZNQTNWNkUKVkwwMldad0VmNXRmZEVHSnJqdkFwODNwNHVJUVQ3UEhmZ25jUHJreXJkQll3U2dtVVFwVW1uTWZhWWZwYkxHZAptV3pKQmV4allqMzZYMkYvNTRaWUZjdkhMNHF4L1NYNURoeGtqZUxQdFA3M0RZUjI2V1ZiSFF4ZVdxSlpjU1l0CnhaZ0JVR01DZ1lFQWdBaTVYNWo5eVJENXdOcmc5MXV4ZlgwclFBUkNnTnhrVDhteTg2bkZLZXJJYnlzMGhUZ0wKZmlUd01NdXBkNGRScmdBLzd3dEtTNlNXM3pJUllrbTFmRW9SdHhEcmVxK0R3TXMya0Y1NDlBMEpGR2REYlJMZQo4NUUxcitiOFRuUEFWWlF0akllNG9FSkpkZUdzaVVjNFI4elJLN2JkRXZKdlI5UzdtZkJUWlNFPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=</prv></cert>
                                          <cert><refid>4e600c37a8243</refid>

                                          <caref>4e6009cfa970f</caref>
                                          <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlRENDQTJDZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRVUZBRENCaFRFTE1Ba0dBMVVFQmhNQ1FsSXgKRGpBTUJnTlZCQWdUQlVKaGFHbGhNUlV3RXdZRFZRUUhFd3hRYjNKMGJ5QlRaV2QxY204eEVqQVFCZ05WQkFvVApDVTExZEdrZ1YybG1hVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVViSFZyWlVCdGRYUnBkMmxtYVM1amIyMHVZbkl4CkZqQVVCZ05WQkFNVERWSnZZV1JYWVhKeWFXOXlRMEV3SGhjTk1URXdPVEF4TWpJMU1ETXhXaGNOTWpFd09ESTUKTWpJMU1ETXhXakNCa0RFTE1Ba0dBMVVFQmhNQ1FsSXhEakFNQmdOVkJBZ1RCVUpoYUdsaE1SVXdFd1lEVlFRSApFd3hRYjNKMGJ5QlRaV2QxY204eEVqQVFCZ05WQkFvVENVMTFkR2tnVjJsbWFURWpNQ0VHQ1NxR1NJYjNEUUVKCkFSWVViSFZyWlVCdGRYUnBkMmxtYVM1amIyMHVZbkl4SVRBZkJnTlZCQU1UR0ZKdllXUWdWMkZ5Y21sdmNpQlQKWlhKMlpYSWdRMlZ5ZERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDBuY2RQWApNRXZ0Zk1GcW5sOE9wWXB4Ty9xV1pDZEhIQmlSYlJjWWVUU1U5QVBmNzJYODd6Y0x3cGJoWTRtSnZsOHExMlU3CmRjUXBZNWc4SnhDclZPdkNHTTROaUFxUzVwUi8yMTBUMXp4VjQ4Rkl3Q0VzbUJ5L2JtVjQwaHh1K0lTOEFmV2UKOVlrSWU4UzRzRUZtcmlUUmdJMy95Z3VDQjh1VTBrcGxqVVp0d0phbGZkY1c4dDc4NVJpUzRpZWhPS1MwazNsZwowaEYxQkprNVlNWE84UWVmOVlsQ05XOGdWMndWWU9BU3gyblJzanFXMjMwMXN6VjdoUUxxejdubTV2ZzRoMFdPCnhCWTZoQTdlSkdlVnVNcTRRNjlPWHZhOUJ4ZmY5cTBSc1ltdXBYK0E3dWRkQ3lvTzNiRDQxeEIxL2pvNlBvLzAKL0V3cVdXZXVpTHQ0eElrQ0F3RUFBYU9CNVRDQjRqQWRCZ05WSFE0RUZnUVVLeVRGbmFlS0xUa1p6eDdDYkRFVApPVE5tWTVZd2diSUdBMVVkSXdTQnFqQ0JwNEFVUEdsWmFvWXFoekN6dUZmZkhJTE1TNWh6N3JLaGdZdWtnWWd3CmdZVXhDekFKQmdOVkJBWVRBa0pTTVE0d0RBWURWUVFJRXdWQ1lXaHBZVEVWTUJNR0ExVUVCeE1NVUc5eWRHOGcKVTJWbmRYSnZNUkl3RUFZRFZRUUtFd2xOZFhScElGZHBabWt4SXpBaEJna3Foa2lHOXcwQkNRRVdGR3gxYTJWQQpiWFYwYVhkcFpta3VZMjl0TG1KeU1SWXdGQVlEVlFRREV3MVNiMkZrVjJGeWNtbHZja05CZ2dFQU1Bd0dBMVVkCkV3UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUZCUUFEZ2dFQkFMVWZYeHEzajB5RXNuOFdXZGp3V0d4cDN6bjIKY1dvUE4wcXU2VVJwVDhZcVB6M0pHVVgzTGJVQ0I5N3BScEltcldsU0cxU3ZxSUZXVzhmZnZGTWtZK0VHMmt3egptTHBHd1h3TjJETklxdzJ4NGM2b3hKWmdjNGZrRFJJM1dSSW9RL1lmK2pVcTk4eC91Wmt5TmFHb3Zkdm9xNGhFCm4rYUQ3NmtNY0pOblIrUksrRlM4TlVVcFBBc1diTmQ4WnhSTTVpbzIxai9NbXF1MllrZDIvSldpcXk0bjhxQUcKVlVxK1ZwL0lDTUl4dWpRVVZyNHJCQUk5cnVjOWdITEJOaEI5SWMybGJCMWovdTlSZ0djYWNhb3Zid0ZlVFRHSgpub3NkL1U0a3RteGk1T3V3RWY0U1lGYjUwVmdZY0E3cU8wT2Vaa3AvZUhBUXdVd3R1RUdoRWpMUnB3MD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=</crt>
                                          <prv>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdlNkeDA5Y3dTKzE4d1dxZVh3NmxpbkU3K3Baa0owY2NHSkZ0RnhoNU5KVDBBOS92ClpmenZOd3ZDbHVGamlZbStYeXJYWlR0MXhDbGptRHduRUt0VTY4SVl6ZzJJQ3BMbWxIL2JYUlBYUEZYandVakEKSVN5WUhMOXVaWGpTSEc3NGhMd0I5WjcxaVFoN3hMaXdRV2F1Sk5HQWpmL0tDNElIeTVUU1NtV05SbTNBbHFWOQoxeGJ5M3Z6bEdKTGlKNkU0cExTVGVXRFNFWFVFbVRsZ3hjN3hCNS8xaVVJMWJ5QlhiQlZnNEJMSGFkR3lPcGJiCmZUV3pOWHVGQXVyUHVlYm0rRGlIUlk3RUZqcUVEdDRrWjVXNHlyaERyMDVlOXIwSEY5LzJyUkd4aWE2bGY0RHUKNTEwTEtnN2RzUGpYRUhYK09qbytqL1Q4VENwWlo2Nkl1M2pFaVFJREFRQUJBb0lCQUJIM2VpOW1CRGRpRW5TSQp2UXhJWnQ3MGpIN3I1QTE3Q3FjbXdSYnRneTNFYkQwbCt5WlQxU0VFWS9KUzdGSjNHL2NNS2JONjUxKy9rcTgyCkgzdk0ybDhlYTU2KzJFb3cwK2dORVBnUlYyTnF3Unh0M1pvSkUxVy90U3U4UXpEaU5ZYmVHTTJNME1PNFk1RTIKL2I3b2t1ZjZZbHlhakVWMWoybjk4OCtQUDlFTmwrc3doTHZsMEJodFRGV3BjVDJEWkhGTjlDcklIa2xvMm5sNAplQzJQRHp4dDZmakFhVVNOcjMxQ1IxQjJpWElkbkpoSUJ0aTBqQ2xSbE8veEZIamQrOGZ3NHdNVC83MWtrSnRoCmlXSm9QMGZJWWR2V2hnMW90RnBENVZaaTVqb3ExSGxqd1VJdTFNeWFSSjVLdWZaM1pESHQxeEdvRTNGaHdHalcKeDRoRHU0VUNnWUVBMzdvRXh1eHFKZTc5em9BWHpHSXMvVHc2TWxPQ0JSWXBtdzc5MzNoeC8wb3h3RmJQNzRUYwoxemh2VC9LcVFtTVI0bURxeWpicXRaRjRuejhxWGpmblRPWno2RnRic0lObmRBOWFHR29pWXJ4QW4rUVhYUW5CCjNLSkcwditsdmVQNXVZczlodmZNZjlEV2hyc0pGTUtUREdVK1lFN0VxRmZsQmE2SnU1V3JrN3NDZ1lFQTJIQ3kKK2hqVjE5TmJpOExPbk9pQjJKa3h1L1l4L2lVU1FRVGVOVU1IOHNvQ0tFR3dGUm9OWVJLaW9SUlJjOW5CdHk0VApQbHVwVmZ0SnZwZTA2VmpGNEtSait1bHE3bGI1elVGWnFEbHMyZkVKUER1M1BQdTJ0QkFzeXV0TjU5ZUJrbXJHClVkckFmd2pScElvaWxCS0hmMmtTWFFWalJ2Q2swNk1pWnA5YXlvc0NnWUVBblpGNHZkVlI2VWVLRC84ZFE4QTkKYVZrYXI4a3F3SVJjWnkzRzFiWVJxN2hJayt0UVphUVFtYS9RamVFZDBzWE5tYitpZlNyeVlWQ0VRTHdQRGU2WApoQXltdzVaY1hGUWY3NWpFWG4rWm1pcDE1V2FTb2Q4Mlh6c1hZSkhXM0llTW9RWVZIbEsxLzZ0SSsva01xMGRpCm80OUd3RE9adytxcmpUWGhJWEdITnZNQ2dZRUF0eHFvbnlIeGp2TzBwOGozYUJEZkFIR2hmSVVzQi9ndXVDaTUKSDlBRVltWjVhcnNmanNxS2RRd0IzMG5FR3NFbXU2UlVEVllZTExBNDArK2QwaWNTeUJmcXFUTmREaU13azI5cwp2UDlQMGhTekhtemFlTkh0Mytrcks4UGpGWGJnbkJDT2xHTCtwTG0rT1hmUEJ2dWgrNnpWSnpMT3FRNGVNeGo0Cm1sN0h2VDhDZ1lFQTBTdWpqUlc4aExsQldoN2hieUxnQlh0SEtVM0JELzUzR3I1alc5M09QT1hDQmxVWXluc0UKZ2Vmc2RCak5yUWJsdDRzNURLclZnZTJNUEp2b3lZZVBiNHdUZTU3VVJybnBzVlBQZEQwMk9WUmxIQ3h0NGd6MgpicGFMSVlGaCtCb2lDclFGbFRJOE91UmhGUjFsMUg4T3NLSllxVVNxczJxdHdnUEE1VmdQWU9JPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=</prv></cert>
                                          <cert><refid>4e600dfee2e10</refid>

                                          <caref>4e6009cfa970f</caref>
                                          <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVaakNDQTA2Z0F3SUJBZ0lCQXpBTkJna3Foa2lHOXcwQkFRVUZBRENCaFRFTE1Ba0dBMVVFQmhNQ1FsSXgKRGpBTUJnTlZCQWdUQlVKaGFHbGhNUlV3RXdZRFZRUUhFd3hRYjNKMGJ5QlRaV2QxY204eEVqQVFCZ05WQkFvVApDVTExZEdrZ1YybG1hVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVViSFZyWlVCdGRYUnBkMmxtYVM1amIyMHVZbkl4CkZqQVVCZ05WQkFNVERWSnZZV1JYWVhKeWFXOXlRMEV3SGhjTk1URXdPVEF4TWpJMU9EQTNXaGNOTWpFd09ESTUKTWpJMU9EQTNXakIvTVFzd0NRWURWUVFHRXdKQ1VqRU9NQXdHQTFVRUNCTUZRbUZvYVdFeEZUQVRCZ05WQkFjVApERkJ2Y25SdklGTmxaM1Z5YnpFU01CQUdBMVVFQ2hNSlRYVjBhU0JYYVdacE1TTXdJUVlKS29aSWh2Y05BUWtCCkZoUnNkV3RsUUcxMWRHbDNhV1pwTG1OdmJTNWljakVRTUE0R0ExVUVBeE1IY21WdGIzUmxNakNDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTCtjaFh1WmhhMjN2MHF4T1cvY3FJMWJSaVJzVU9JMwp3cURiamdYUWVCRXhER0JOZVoyeWNmaWxtMlF1am1IaFgwS0g2MEE0akkrY2NxTzA3Q01jblROU0Y1RGMwZ1BxCk81WXErd0JQdFBGbGhEdWxoeFFyaDB1TlNkR1lZSVFucS8rZnZUUmRJa1lyS3lhME9yWkIvdi82WWhMU3k5ajAKdlUxcWJkSDd0SXN2SWEweWUzYWlmaFE1dTY1ZU1RanFkNHNPWWZocVFsVWYwN3dEeGFDRzJWaHJyd3JnUmt6cQpxbXNKWGorRTVPZWdMVkYvZnhYbDg5MWNmQ3BtMU1vVEE3ejV3SUg4UVhweVRsL2xCdGdicm56SWk2TmJ6TldsCk9oKzQrMW9BeUNyczdiWVcvN3JueSt6VEhLWXg2RkI0M1NuZi9aOXVOS1NrZGMwaUk1R0RxZGNDQXdFQUFhT0IKNVRDQjRqQWRCZ05WSFE0RUZnUVVHVy9CaklQTFFMdmJ3ajA0WWRTcFRVRzZLM293Z2JJR0ExVWRJd1NCcWpDQgpwNEFVUEdsWmFvWXFoekN6dUZmZkhJTE1TNWh6N3JLaGdZdWtnWWd3Z1lVeEN6QUpCZ05WQkFZVEFrSlNNUTR3CkRBWURWUVFJRXdWQ1lXaHBZVEVWTUJNR0ExVUVCeE1NVUc5eWRHOGdVMlZuZFhKdk1SSXdFQVlEVlFRS0V3bE4KZFhScElGZHBabWt4SXpBaEJna3Foa2lHOXcwQkNRRVdGR3gxYTJWQWJYVjBhWGRwWm1rdVkyOXRMbUp5TVJZdwpGQVlEVlFRREV3MVNiMkZrVjJGeWNtbHZja05CZ2dFQU1Bd0dBMVVkRXdRRk1BTUJBZjh3RFFZSktvWklodmNOCkFRRUZCUUFEZ2dFQkFDRzhBUzVMM05DbytnNXpRQjJMdllpZnJnVTVIZnZrVm5SMlJoOWdmR1EwMmlxY0IzMmQKdWdLSUJDUlNUSDljd1RIMXA2RHMwUUhJVmptMUMyZ1Rvdnh0eUxrMFg3ampzNGF2Sm5VbkphY3dvRklZWElIZwpDZ1NKcDdEVUIrU0g0dnU3NklRbkRtbGQwZHQ4Vll1VFBYZmtDbFM4OWR1VjJrdXhSWGJBS3NRTlZPb2c4QlRwCi9QY0VzazE3eXhNdkV1SFJ6Y2ZyN1hudVp3NGQ2aGlVakY5Q0JQQzJrNWt2aGNTemlOKzg4b3EraVdxQ1BnVTQKdEMrbURkOGpDTEplZjlTcElPRzZMQWU4TngzUE1wU0VPckZaWDBZRG0rdHJSQ0pRYmJyODd2NmljdTh0eGJLTgpwMUZmd2JSR3BIQjFwT2pVa1N5bUt1anhyRVVkK2tncDV2bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=</crt>
                                          <prv>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdjV5RmU1bUZyYmUvU3JFNWI5eW9qVnRHSkd4UTRqZkNvTnVPQmRCNEVURU1ZRTE1Cm5iSngrS1diWkM2T1llRmZRb2ZyUURpTWo1eHlvN1RzSXh5ZE0xSVhrTnpTQStvN2xpcjdBRSswOFdXRU82V0gKRkN1SFM0MUowWmhnaENlci81KzlORjBpUmlzckpyUTZ0a0grLy9waUV0TEwyUFM5VFdwdDBmdTBpeThoclRKNwpkcUorRkRtN3JsNHhDT3AzaXc1aCtHcENWUi9UdkFQRm9JYlpXR3V2Q3VCR1RPcXFhd2xlUDRUazU2QXRVWDkvCkZlWHozVng4S21iVXloTUR2UG5BZ2Z4QmVuSk9YK1VHMkJ1dWZNaUxvMXZNMWFVNkg3ajdXZ0RJS3V6dHRoYi8KdXVmTDdOTWNwakhvVUhqZEtkLzluMjQwcEtSMXpTSWprWU9wMXdJREFRQUJBb0lCQUM5aWRzUWxLQ0RZc3U2Mgp1eHlGdGcwWENGYVRqc0VTeHdmZW85V2VRME1GSFNsbm4yNjNKV1kzRmlHRlBlTEl5RFQ4eGRtZzRtblZaNmhDCllxOGdNV1B5cGk5RjNJM3BUQWtMNGZ5bXVYbUZBRmw3eXRiYkdOOC9Ob1VscUtDbDZ1d1JSY29BU2l5T0dtSzgKNlZRUEtBK0hqTjlZejk1OFQ2QW9kTFljQi83dkg3NVZyN2lvazNvVjZobUF6SWdBT3l6bnYwK3dvelFXZkQxNApjVmZyVVVaUG16T3dtTVY5RlJLYkV1TDlWU2RFN0hXNXBwNllZZGMwejI2eFhFZEZrV1k3akorVngxcWdPVzB3CjJDVEIwNTh3Y05iQ3dkWGpCdU1UZE9vNjdWZDM1TXh6dlpoWU9MZUlqekppeG1HUTkvVE9kVERQa1kycWlUTE8KUVU0MVl1a0NnWUVBOWlmNFdsT3Y3dUtRVVBUYmxyaFg5STQ5VkZSRldTdXdydTVYNGRQS3AvSnpLdE5qNmtRQwpmRjVNc1J0amZTb09oVWg5OTJEay9PMlFuRis0WXRiTExUMGdvMk5sOXhLZVR5OTkrcWRtMit4bld0M3RGd01qCnVQeEFkdU5iaXVZcWw0SktVWUFTWmdsMFZSNzE1MGpwSEdDY1JSUUNNdlk1MENiR2NzVVRJdE1DZ1lFQXgwWWwKOVIvWXkyV0RRRzdnbWlUbXJ4SXdlS3BpWDVJQm1JWGluK3VPeXhCd2NkZDdxRDlYVHlXRW9DZjNJa01DWk9qRAo2L0U3aHloTmk5eU1zTFpUNFI0Q3ZNK3lnS3hMQ0MrZno5ZGw4dW5JTVlhMjN3SFU4TXZjMmZ4cjJEL0xxdkRGCkpUT0Y2ZEUzZCtNeWM0cmxsQTUxYmdoR1E5aDJreTNvd24rSkVtMENnWUIwZjl4Sm03dnpXbVVrKzQ0RjJqOCsKYmlkV2h2Ky9RUzlBeTJycVpWdFBleTdJZ1AyVHZSWlVHQ2xCMVEyVUNsaU8rZzBzREQ2eitoZHIrdDJBWWRvTgpFaFlsWGdDL0c1K3pLRzMrT0VZMUpjQ1F2K0hhOTFCcjEyOEhGWG1ZMW5Bbi9yRC91NVo1bGxYcGgxcW9XTmlDCjVySnUreFpEV2tkb1hVR2t4ZUxWb3dLQmdFaVBBMDB3N21pSkt2UndLdm9WaTZXZGt1YXM2NnJ1NkFQWVpEOWsKcnhiRGdwNEJIemFROGNLUTM2ek5RSkJLSS9vSVF5YUxMT2kyeFIyekRjdGVhRVprL2d3ditFZ2Y5Q1lqNlNYdAp3V0prdTQ5RkJSdEllSGZCVTBaUVFoaDRpamxRK0FmbXJkRUliQkVNT2hlV01LZnJaOWpMeklIeHRLTThxUzhBCjd6RTFBb0dBRHhDVVVVM3EzakNzTjdKMGU4dkZ6RlV4UGZnZFJWSlJXZURQZXVhdWRzRVIrODluaG9PNVFqaTgKRGRMbFJyU3ZJZ2FmckRMUVJIM0RuMjFweHhqalBwTDhWTTNNVlM2aVo3L3MrTW5UWHJvYnEvQWlvcEp6UmxyRAozKzdZVGtMdnJPS1RDTXlPNUdVYkZFdERSdG1XYTNuOFNDRFpoVENUZVllZ1NVbDdzMlE9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==</prv></cert>
                                          <cert><refid>4e8f4cca3d8ae</refid>

                                          <caref>4e6009cfa970f</caref>
                                          <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVaVENDQTAyZ0F3SUJBZ0lCQkRBTkJna3Foa2lHOXcwQkFRVUZBRENCaFRFTE1Ba0dBMVVFQmhNQ1FsSXgKRGpBTUJnTlZCQWdUQlVKaGFHbGhNUlV3RXdZRFZRUUhFd3hRYjNKMGJ5QlRaV2QxY204eEVqQVFCZ05WQkFvVApDVTExZEdrZ1YybG1hVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVViSFZyWlVCdGRYUnBkMmxtYVM1amIyMHVZbkl4CkZqQVVCZ05WQkFNVERWSnZZV1JYWVhKeWFXOXlRMEV3SGhjTk1URXhNREEzTVRrd01qTTBXaGNOTWpFeE1EQTAKTVRrd01qTTBXakIrTVFzd0NRWURWUVFHRXdKQ1VqRU9NQXdHQTFVRUNCTUZRbUZvYVdFeEZUQVRCZ05WQkFjVApERkJ2Y25SdklGTmxaM1Z5YnpFU01CQUdBMVVFQ2hNSlRYVjBhU0JYYVdacE1TTXdJUVlKS29aSWh2Y05BUWtCCkZoUnNkV3RsUUcxMWRHbDNhV1pwTG1OdmJTNWljakVQTUEwR0ExVUVBeE1HWVd4aVpYSjBNSUlCSWpBTkJna3EKaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3Q1hOd2pOTHROUnNUeXJ0YjMweGlBSTE2dGtpMFNzOQplRmdhSTg5b09MU1JFMVoyRHNjcUVqSURDS2l2M2htbnc0U0tLK0k0WkgvZThMUW8xK1ZQN2RLRW9LL2NxdGVBCjl6Z2xGYUhtV014aWhTV2xURzlVMEtmbysxWm5zWmJMWXpYQmoycEZUcnd1MUgzWG40a3NpbWszaGp2aDZNQjgKb2doVGJNSDRMV0hnL1NUcDRFRmZacGxvR3M2UkZpSytGZG05NHJQSDluK3hzNGtiOEFsNGNVMG9Lcm95NkZ2Wgo0bm5neFBLc2lGbTRjbXBKWlgzOTJ1Snd4bTRtZFRHR1lyYXRvQllUNXJBR0JUMjFqQlY0UVdXU2N4WUtIZ3dICjZiN2hlaFVEUnRjZVliWkowZE0rZWlLN3pYTUlqZ0FYcTZmSDNsbWkyaURKaGk1QzYvNDdBUUlEQVFBQm80SGwKTUlIaU1CMEdBMVVkRGdRV0JCUllNZ1lmVzBlWGd1eHVwdVJGRkNqWUR2VEQxekNCc2dZRFZSMGpCSUdxTUlHbgpnQlE4YVZscWhpcUhNTE80Vjk4Y2dzeExtSFB1c3FHQmk2U0JpRENCaFRFTE1Ba0dBMVVFQmhNQ1FsSXhEakFNCkJnTlZCQWdUQlVKaGFHbGhNUlV3RXdZRFZRUUhFd3hRYjNKMGJ5QlRaV2QxY204eEVqQVFCZ05WQkFvVENVMTEKZEdrZ1YybG1hVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVViSFZyWlVCdGRYUnBkMmxtYVM1amIyMHVZbkl4RmpBVQpCZ05WQkFNVERWSnZZV1JYWVhKeWFXOXlRMEdDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCCkFRVUZBQU9DQVFFQU5FN011MHNmMUZ6cG5qWjRUMXhTNVRJM3lCWmdJQ2pTRWhZU2pPM29MdmVsN3BZNzI1Z1IKeDF3K2o3Nk8zaER1NkxOb0NFMzRWeGpVUERXNkxCYlR5SnNlbG9TRnVrWktiRnd5SUNhaGxMMVFZc1kwNUwzbQpHcTJvNTZFTm41TWhhSDI4cGRHdkcxUitUcll4R0lUbEZFL2d2Y0R4TGlwbXBrbVNaWHk1cENSK3N6OS9iblhaCnluZ1lPcFZWNDFzNmZVb3NoZnNaT2piT2VQT1R4K1VrQVAvUjVTQ2Q0YzdiR29OMUVtWHV6VWZHU3c5N2lLeG4KUE9MQVVDbnZGQ3B5Q1pHbHBlalZrQVVjWUFKWlUyL1J5eTlBQnVZak5MMjdPZTA2RE1EZHRwbjl1aU96bnovYQpROXRuK2hOTmlQQ3lNY3hKbk53SDFvT3Flb3BGTFNyc3dnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=</crt>
                                          <prv>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd0NYTndqTkx0TlJzVHlydGIzMHhpQUkxNnRraTBTczllRmdhSTg5b09MU1JFMVoyCkRzY3FFaklEQ0tpdjNobW53NFNLSytJNFpIL2U4TFFvMStWUDdkS0VvSy9jcXRlQTl6Z2xGYUhtV014aWhTV2wKVEc5VTBLZm8rMVpuc1piTFl6WEJqMnBGVHJ3dTFIM1huNGtzaW1rM2hqdmg2TUI4b2doVGJNSDRMV0hnL1NUcAo0RUZmWnBsb0dzNlJGaUsrRmRtOTRyUEg5bit4czRrYjhBbDRjVTBvS3JveTZGdlo0bm5neFBLc2lGbTRjbXBKClpYMzkydUp3eG00bWRUR0dZcmF0b0JZVDVyQUdCVDIxakJWNFFXV1NjeFlLSGd3SDZiN2hlaFVEUnRjZVliWkoKMGRNK2VpSzd6WE1JamdBWHE2ZkgzbG1pMmlESmhpNUM2LzQ3QVFJREFRQUJBb0lCQVFDMW84Y0RtendwQUZvMgo2S3kxcFJLcXNQUkpRdVIvK1RGTnozTStnUFhVRFJYTHd3TXRheWNoTmpmWitxVHQvekN4U2x6WHFTMklDNzB6CnJBdWtNL2xBSjY4S3U5U05oOVU1WHREbnh6bWFuZk5RVE1zYkcyK0JKQW5CZHVmbFlGaDZPN256bWhGVW9kNWYKTDJzalBDaG4yNWtLZ3hkRzBKZkJFTC9VWXZUNTZCTVg0N1E0cHhTd0dWaE1IWExxd0FuVTQraGl4N3pSVURyVwpHK3ZBRXdieXltZU1WbkhqelZsNVBkRFhVaXkxQnprV0hsTkk2TzRaSk5MKzdXOG5CUG9CS2g4N1l1MlpqK2hHCnBPRkpjd2haQXp5ZzlFc2owall3R3hvNUVjMnA0UTJYSmgzOXVad3NTKzFpK0tsMXZnQ2U1Q2pxamt3T0greGUKMzR2QnJUYXhBb0dCQVAxM3F2UmQrTzlOb01mUmV4WUZtU3l5eDU0Zlp2NXlWR0x3YUhhMkc2UFdZd01XVWlCQwpOb1VvdWM5LzFXdGp4SVNaT24vUEtHdG9sYmJmcmN4bUNmMzNDalZ2TEYyNWFDOW1wWXZBNEJiejlxL1VQemVwCkNrdHJRMlkwK00yeXkrUUZHZGNxclVvT2hQSzYwcUo2Q0ZPV0Z6VUNlRjNraVlEeTFDR0x6d2I5QW9HQkFNSVIKU2Y0TmdibU0xMUc1UytHc2R2eS95eVArMmltZk9PWFNBemlKdU5mNVBnS0dBeDFuYlVWVG9wQS9KOWRJeGNtOQp3b0d0cDhMQ2F5ZWsrVXJ0OFpWUDk0Njc2eFZrYjBXenhGY3IvckVVL1U5ZXQyOE1rYW5vQWlTdUEycmJDUjVlCm9Qcnk2dExyMm9FNUhRUEkxc3M5MkpMRDJiendhdVhhMmV4WXcxMVZBb0dBVDF5d3dtTEtGdU9QZkFFek1Pbi8KMCtjR2FaUWJnMy80dkNIYUU1RmhoaU1TVFYwbnljSHhvQy9vUGZnZ3NzZENPT0poVnJOZVRJTXFuVi9iNHl2dgo1UHo4elU1SjdlNm5tRy9qVmFiR2cybFB6QzRBdlVUSVhHVHhiWWNZZ0ErRGw1bWhSYVd2TElqdlI3RUhVcWd6CkF6anplejJTd3BOVUduUHR4N01tMTJFQ2dZQjRZQmNBWWNwa21LcjZnekJCUkNQdU5OMUJiNVJOR3ZsRS9KYUkKM0V4dWtxaFhFbDhlUHdnMVoySS9qUjBlV1lKdDE2bXRuRlNoNXN4bW85c0tFanUyZlFxMlczTy9LalFuRFJHdApiSm1ucDdoVUloRXY3YUR3dmZ1T1d1Mjl1eTJWeSthWW9sTHNEK1hTSCtZU2NlSmg0UFBVWFcxUzErSEd2NUJMCkhPZlpuUUtCZ1FEejNDdURuSUh1YjRRWDB5U1MyenJoWkdoRzdRSENtNTIwVzlJVnJqUXNPZnJWU0tRMldMTkkKSFdLSzdicXpQRStjVmJaTkJXNGRKWVMyYTFYODVDOTV0dXorZFVNNldWaVNoWSsyaTlJYThQNTN6cEhKYXp1cAo5T0k1SkI5Ym5GOWovcXBrNUJMYTNzMlFsQzlxdmdHU0FmSWJaQTBtN3RSRGNKOGZ3Y3JJUHc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=</prv></cert>
                                          <cert><refid>4ed3e90f9e7f2</refid>

                                          <caref>4e6009cfa970f</caref>
                                          <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVaakNDQTA2Z0F3SUJBZ0lCQlRBTkJna3Foa2lHOXcwQkFRVUZBRENCaFRFTE1Ba0dBMVVFQmhNQ1FsSXgKRGpBTUJnTlZCQWdUQlVKaGFHbGhNUlV3RXdZRFZRUUhFd3hRYjNKMGJ5QlRaV2QxY204eEVqQVFCZ05WQkFvVApDVTExZEdrZ1YybG1hVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVViSFZyWlVCdGRYUnBkMmxtYVM1amIyMHVZbkl4CkZqQVVCZ05WQkFNVERWSnZZV1JYWVhKeWFXOXlRMEV3SGhjTk1URXhNVEk0TWpBd016STNXaGNOTWpFeE1USTEKTWpBd016STNXakIvTVFzd0NRWURWUVFHRXdKQ1VqRU9NQXdHQTFVRUNCTUZRbUZvYVdFeEZUQVRCZ05WQkFjVApERkJ2Y25SdklGTmxaM1Z5YnpFU01CQUdBMVVFQ2hNSlRYVjBhU0JYYVdacE1TTXdJUVlKS29aSWh2Y05BUWtCCkZoUnNkV3RsUUcxMWRHbDNhV1pwTG1OdmJTNWljakVRTUE0R0ExVUVBeE1IY21WdGIzUmxNekNDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTEpTNWE0a2RnOGRxQjNuZEYyZjdZZHdqc3AzUlpqSgp5SFd3RDdSazNyRElhZ2RoOWFPUHdEUDM5cjhNKzFyM1R3VzJQWHp0MmhQVVFUb0UrekZDRzc4UG9HS2JwWktICkkrT1BkMXN2VXFIV3V5SUt1b1NVclliSi9wbi8xcElQMGljMjB6Z1JoSHAxbWRvVm5KK0FaaFBxWk82MTVHVHEKV1FaMWVjbzBTMTh4S2JGOFU3ZGpYWFFlVUVmdWVXc254WUplZEEwWmNQN2dkOUlkek1WQllNOWs0Um9FVDE2bApRcXBCMVJyWGhLYnNsc3VabC9qV00vYVhxaXdQbWk0blppS3loNDIySEV6dmdmQU1WQUdRNGRIWUpJTGNPNUE1CnI1cnVUNEJmcnpvMlM5cXFZY0hEdWRkQjR1V3p1QmxIUFQzZWplS2VDYlZ0OUVJZlVXWDAvREVDQXdFQUFhT0IKNVRDQjRqQWRCZ05WSFE0RUZnUVVtWHNjNE1JMmduN1VQci83RDRKUmxsM0dDWUV3Z2JJR0ExVWRJd1NCcWpDQgpwNEFVUEdsWmFvWXFoekN6dUZmZkhJTE1TNWh6N3JLaGdZdWtnWWd3Z1lVeEN6QUpCZ05WQkFZVEFrSlNNUTR3CkRBWURWUVFJRXdWQ1lXaHBZVEVWTUJNR0ExVUVCeE1NVUc5eWRHOGdVMlZuZFhKdk1SSXdFQVlEVlFRS0V3bE4KZFhScElGZHBabWt4SXpBaEJna3Foa2lHOXcwQkNRRVdGR3gxYTJWQWJYVjBhWGRwWm1rdVkyOXRMbUp5TVJZdwpGQVlEVlFRREV3MVNiMkZrVjJGeWNtbHZja05CZ2dFQU1Bd0dBMVVkRXdRRk1BTUJBZjh3RFFZSktvWklodmNOCkFRRUZCUUFEZ2dFQkFGVk5rVkNjaEMvKy81OE9qdEE4eGlKZVNWQmEwWEJpK2dUMkRBaHBZTVAzbFo2OFdQNHoKV2ZVU3hBbDhvcVp3Y1NHek1QbWFUZzNBRm5qblY4cC9TRHRHMDFDQnF2SjhKSitaZ3VRb1FlbDFRWWlMang1KwpSN0dUZ0UvMVk4RXgxTExTSW1jUC8wRVVkVW50RFVLL0FSRm5mdDRUWTUvVk5SWnZmWmFzK2J6TldPV0p5QTRWCjl0aTFIZ0xWSHdRcDE4STlaRS94L1lYTXZrU05ncjhjcEgzYnN1R2dnNDlmbzdjcXJXV0pxZDByZVBScS9JTTEKUllMaEFQUVI4L0hmUE1xY1p5cWhhT2lvZDVsbmVUZlJsVjVWNklBY2pDcitsbGMrV2ZWZUZoK1JUa0NLd2VUdQpkTUhhV043akMzTk82d1h1RE5qRmNwUXpqKzVQUzNxZHBRRT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=</crt>
                                          <prv>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBc2xMbHJpUjJEeDJvSGVkMFhaL3RoM0NPeW5kRm1NbklkYkFQdEdUZXNNaHFCMkgxCm80L0FNL2Yydnd6N1d2ZFBCYlk5Zk8zYUU5UkJPZ1Q3TVVJYnZ3K2dZcHVsa29jajQ0OTNXeTlTb2RhN0lncTYKaEpTdGhzbittZi9Xa2cvU0p6YlRPQkdFZW5XWjJoV2NuNEJtRStwazdyWGtaT3BaQm5WNXlqUkxYekVwc1h4VAp0Mk5kZEI1UVIrNTVheWZGZ2w1MERSbHcvdUIzMGgzTXhVRmd6MlRoR2dSUFhxVkNxa0hWR3RlRXB1eVd5NW1YCitOWXo5cGVxTEErYUxpZG1JcktIamJZY1RPK0I4QXhVQVpEaDBkZ2tndHc3a0Rtdm11NVBnRit2T2paTDJxcGgKd2NPNTEwSGk1Yk80R1VjOVBkNk40cDRKdFczMFFoOVJaZlQ4TVFJREFRQUJBb0lCQUFmSmt2b3Q0WEg3aTVIeQp2NlF2RGNKeWFlbnhsM3A2cFdSdVVlRkEzbkM5NzlOdXRibDAxNkh0WERzdnAvSnJCbXByY1BmNXN5SldqSnFxCkNRWTNxdHFISml2b1BDelA5Z05FQ3FSU3hyc0drNW1DK200N3gvQXc5Z3RubnNrMkk2bE92WjZmTlRmYjF1SXQKTzIvRHZiRjA5UDl2dGcrcUpFVWg4RFdpWHdCREpKczJPam11Tm0rS2d2VHkyd0g1WUVFWjBWTkNnYXZPSk9tSgpaMW1iNHRxbjV0NlFOcmZkT3grcit2REtUS0xCT2RUQXVFNURJN1k1bUdmUVdaM0sxcVRERHkwMHI3VVpUSzRhClJxcTlrYmhvdHc3M093cml2NnppNjdKT216NXFDUWF5eW4zbTVucE1JOFJyRWpwVUZlbnZCaFk2ZGIzaE9NcWYKbDVYdjg5a0NnWUVBN0dVdEhybTBIWjg4K2drc0tmdTQybCtFTXUzZUp2Y29TZmRYTnBGZ0VUM290cjVtNkhBRQp3dUVjOFNqMkE1dXlLNzFmUDJxUk1DQnQ1NGdqVWFZRzhBc0Y2VWtpbE92ajVTVG9IeHZ3TTB0YU8wUytxM3NRCjNEb0hlZVpNSmFGUkl2dys2dTZscXdGbWhnRm5vT2dNSUlweWxYbjdBaUdwVU9tM2FROU9KT3NDZ1lFQXdSelQKMGJaRUZJK1FFdG1GVDRvN3U5MXZQSTJnR21wOGl1aXppMkRaNzBZYUxFaTc0TzZocWI3WkthVXoyUGRpRkthWgpFT2pYTE5</prv></cert></wol></proxyarp></aliases></shaper></syslog></bridge></staticroutes></lastchange></pfsense>

                                          1 Reply Last reply Reply Quote 0
                                          • D
                                            dhatz
                                            last edited by

                                            Apparently your config file was truncated due to its size.

                                            You'd need to include the info between

                                            <captiveportal>…</captiveportal>

                                            I have basically 2 exact same NIC's, LAN and OPT1. Both setup exactly the same, just differente IP's obviously.

                                            Captive Portal enabled on both interfaces,on the LAN and connection goes straight passed the CP login screen, tried various AP's to make sure it wasnt one of them not working.  The exact same setup on the OPT1 interface works perfectly.

                                            I have tried by only activating CP on 1 at a time but get the same results.  This must be a bug..

                                            Have you considered switching the cables between LAN and OPT1?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.