diff --git a/harmony-rs/Cargo.lock b/harmony-rs/Cargo.lock
index a0a529d..22e902d 100644
--- a/harmony-rs/Cargo.lock
+++ b/harmony-rs/Cargo.lock
@@ -59,14 +59,16 @@ dependencies = [
 ]
 
 [[package]]
-name = "affilium"
-version = "0.1.0"
+name = "ahash"
+version = "0.8.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011"
 dependencies = [
- "cidr",
- "env_logger",
- "harmony",
- "log",
- "tokio",
+ "cfg-if",
+ "const-random",
+ "once_cell",
+ "version_check",
+ "zerocopy",
 ]
 
 [[package]]
@@ -78,6 +80,21 @@ dependencies = [
  "memchr",
 ]
 
+[[package]]
+name = "android-tzdata"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0"
+
+[[package]]
+name = "android_system_properties"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "anstream"
 version = "0.6.15"
@@ -135,7 +152,7 @@ checksum = "a27b8a3a6e1a44fa4c8baf1f653e4172e81486d4941f2237e20dc2d0cf4ddff1"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -199,6 +216,9 @@ name = "bitflags"
 version = "2.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"
+dependencies = [
+ "serde",
+]
 
 [[package]]
 name = "bitvec"
@@ -254,9 +274,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 
 [[package]]
 name = "bytes"
-version = "1.7.1"
+version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50"
+checksum = "9ac0150caa2ae65ca5bd83f25c7de183dea78d4d366469f148435e2acfbad0da"
 
 [[package]]
 name = "cbc"
@@ -293,6 +313,20 @@ dependencies = [
  "cpufeatures",
 ]
 
+[[package]]
+name = "chrono"
+version = "0.4.38"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401"
+dependencies = [
+ "android-tzdata",
+ "iana-time-zone",
+ "js-sys",
+ "num-traits",
+ "wasm-bindgen",
+ "windows-targets 0.52.6",
+]
+
 [[package]]
 name = "cidr"
 version = "0.2.3"
@@ -321,6 +355,26 @@ version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
 
+[[package]]
+name = "const-random"
+version = "0.1.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87e00182fe74b066627d63b85fd550ac2998d4b0bd86bfed477a0ae4c7c71359"
+dependencies = [
+ "const-random-macro",
+]
+
+[[package]]
+name = "const-random-macro"
+version = "0.1.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9d839f2a20b0aee515dc581a6172f2321f96cab76c1a38a4c584a194955390e"
+dependencies = [
+ "getrandom",
+ "once_cell",
+ "tiny-keccak",
+]
+
 [[package]]
 name = "core-foundation"
 version = "0.9.4"
@@ -355,6 +409,12 @@ dependencies = [
  "cfg-if",
 ]
 
+[[package]]
+name = "crunchy"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7"
+
 [[package]]
 name = "crypto-bigint"
 version = "0.5.5"
@@ -411,7 +471,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -439,7 +499,7 @@ checksum = "2cdc8d50f426189eef89dac62fabfa0abb27d5cc008f25bf4156a0203325becc"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -451,6 +511,12 @@ dependencies = [
  "cipher",
 ]
 
+[[package]]
+name = "diff"
+version = "0.1.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "56254986775e3233ffa9c4d7d3faaf6d36a2c09d30b20687e9f88bc8bafc16c8"
+
 [[package]]
 name = "digest"
 version = "0.10.7"
@@ -603,6 +669,18 @@ dependencies = [
  "miniz_oxide 0.8.0",
 ]
 
+[[package]]
+name = "flurry"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cf5efcf77a4da27927d3ab0509dec5b0954bb3bc59da5a1de9e52642ebd4cdf9"
+dependencies = [
+ "ahash",
+ "num_cpus",
+ "parking_lot",
+ "seize",
+]
+
 [[package]]
 name = "fnv"
 version = "1.0.7"
@@ -706,7 +784,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -817,6 +895,7 @@ dependencies = [
  "env_logger",
  "libredfish",
  "log",
+ "opnsense-config",
  "reqwest",
  "russh",
  "rust-ipmi",
@@ -832,6 +911,12 @@ version = "0.14.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
 
+[[package]]
+name = "heck"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
+
 [[package]]
 name = "hermit-abi"
 version = "0.3.9"
@@ -948,6 +1033,29 @@ dependencies = [
  "tokio-native-tls",
 ]
 
+[[package]]
+name = "iana-time-zone"
+version = "0.1.61"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "235e081f3925a06703c2d0117ea8b91f042756fd6e7a6e5d901e8ca1a996b220"
+dependencies = [
+ "android_system_properties",
+ "core-foundation-sys",
+ "iana-time-zone-haiku",
+ "js-sys",
+ "wasm-bindgen",
+ "windows-core",
+]
+
+[[package]]
+name = "iana-time-zone-haiku"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "idna"
 version = "0.5.0"
@@ -1045,6 +1153,16 @@ version = "0.4.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
 
+[[package]]
+name = "lock_api"
+version = "0.4.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17"
+dependencies = [
+ "autocfg",
+ "scopeguard",
+]
+
 [[package]]
 name = "log"
 version = "0.4.22"
@@ -1174,6 +1292,16 @@ dependencies = [
  "libm",
 ]
 
+[[package]]
+name = "num_cpus"
+version = "1.16.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
+dependencies = [
+ "hermit-abi",
+ "libc",
+]
+
 [[package]]
 name = "object"
 version = "0.36.4"
@@ -1218,7 +1346,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -1239,6 +1367,41 @@ dependencies = [
  "vcpkg",
 ]
 
+[[package]]
+name = "opnsense-config"
+version = "0.1.0"
+dependencies = [
+ "async-trait",
+ "chrono",
+ "env_logger",
+ "log",
+ "opnsense-config-xml",
+ "pretty_assertions",
+ "russh",
+ "russh-keys",
+ "russh-sftp",
+ "serde",
+ "serde_json",
+ "thiserror",
+ "tokio",
+]
+
+[[package]]
+name = "opnsense-config-xml"
+version = "0.1.0"
+dependencies = [
+ "async-trait",
+ "env_logger",
+ "log",
+ "pretty_assertions",
+ "serde",
+ "thiserror",
+ "tokio",
+ "xml-rs",
+ "yaserde",
+ "yaserde_derive",
+]
+
 [[package]]
 name = "p256"
 version = "0.13.2"
@@ -1277,6 +1440,29 @@ dependencies = [
  "sha2",
 ]
 
+[[package]]
+name = "parking_lot"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27"
+dependencies = [
+ "lock_api",
+ "parking_lot_core",
+]
+
+[[package]]
+name = "parking_lot_core"
+version = "0.9.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "redox_syscall",
+ "smallvec",
+ "windows-targets 0.52.6",
+]
+
 [[package]]
 name = "password-hash"
 version = "0.4.2"
@@ -1413,6 +1599,16 @@ dependencies = [
  "zerocopy",
 ]
 
+[[package]]
+name = "pretty_assertions"
+version = "1.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3ae130e2f271fbc2ac3a40fb1d07180839cdbbe443c7a27e1e3c13c5cac0116d"
+dependencies = [
+ "diff",
+ "yansi",
+]
+
 [[package]]
 name = "primeorder"
 version = "0.13.6"
@@ -1476,6 +1672,15 @@ dependencies = [
  "getrandom",
 ]
 
+[[package]]
+name = "redox_syscall"
+version = "0.5.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9b6dfecf2c74bce2466cabf93f6664d6998a69eb21e39f4207930065b27b771f"
+dependencies = [
+ "bitflags 2.6.0",
+]
+
 [[package]]
 name = "regex"
 version = "1.10.6"
@@ -1680,6 +1885,24 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "russh-sftp"
+version = "2.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2a72c8afe2041c17435eecd85d0b7291841486fd3d1c4082e0b212e5437ca42"
+dependencies = [
+ "async-trait",
+ "bitflags 2.6.0",
+ "bytes",
+ "chrono",
+ "flurry",
+ "log",
+ "serde",
+ "thiserror",
+ "tokio",
+ "tokio-util",
+]
+
 [[package]]
 name = "rust-ipmi"
 version = "0.1.1"
@@ -1756,6 +1979,12 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "scopeguard"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
+
 [[package]]
 name = "scrypt"
 version = "0.11.0"
@@ -1804,6 +2033,12 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "seize"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "689224d06523904ebcc9b482c6a3f4f7fb396096645c4cd10c0d2ff7371a34d3"
+
 [[package]]
 name = "semver"
 version = "1.0.23"
@@ -1827,14 +2062,14 @@ checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
 name = "serde_json"
-version = "1.0.128"
+version = "1.0.133"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8"
+checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377"
 dependencies = [
  "itoa",
  "memchr",
@@ -1999,6 +2234,17 @@ version = "2.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
 
+[[package]]
+name = "syn"
+version = "1.0.109"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
 [[package]]
 name = "syn"
 version = "2.0.77"
@@ -2073,7 +2319,16 @@ checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
+]
+
+[[package]]
+name = "tiny-keccak"
+version = "2.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2c9d3793400a45f954c52e73d068316d76b6f4e36977e3fcebb13a2721e80237"
+dependencies = [
+ "crunchy",
 ]
 
 [[package]]
@@ -2116,7 +2371,7 @@ checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -2287,7 +2542,7 @@ dependencies = [
  "once_cell",
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
  "wasm-bindgen-shared",
 ]
 
@@ -2321,7 +2576,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -2364,6 +2619,15 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
+[[package]]
+name = "windows-core"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9"
+dependencies = [
+ "windows-targets 0.52.6",
+]
+
 [[package]]
 name = "windows-sys"
 version = "0.48.0"
@@ -2531,6 +2795,38 @@ dependencies = [
  "tap",
 ]
 
+[[package]]
+name = "xml-rs"
+version = "0.8.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "af4e2e2f7cba5a093896c1e150fbfe177d1883e7448200efb81d40b9d339ef26"
+
+[[package]]
+name = "yansi"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cfe53a6657fd280eaa890a3bc59152892ffa3e30101319d168b781ed6529b049"
+
+[[package]]
+name = "yaserde"
+version = "0.11.1"
+dependencies = [
+ "log",
+ "xml-rs",
+]
+
+[[package]]
+name = "yaserde_derive"
+version = "0.11.1"
+dependencies = [
+ "heck",
+ "log",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+ "xml-rs",
+]
+
 [[package]]
 name = "zerocopy"
 version = "0.7.35"
@@ -2549,7 +2845,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
diff --git a/harmony-rs/Cargo.toml b/harmony-rs/Cargo.toml
index 9e5cc19..20aba71 100644
--- a/harmony-rs/Cargo.toml
+++ b/harmony-rs/Cargo.toml
@@ -3,6 +3,7 @@ resolver = "2"
 members = [
   "private_repos/*",
   "harmony",
+  "opnsense-config", "opnsense-config-xml",
 ]
 
 [workspace.package]
@@ -17,3 +18,8 @@ derive-new = "0.7.0"
 async-trait = "0.1.82"
 tokio = { version = "1.40.0", features = ["io-std"] }
 cidr = "0.2.3"
+russh = "0.45.0"
+russh-keys = "0.45.0"
+
+#[workspace.target.x86_64-unknown-linux-gnu]
+#rustflags = ["-C", "link-arg=-fuse-ld=mold"]
diff --git a/harmony-rs/harmony/Cargo.toml b/harmony-rs/harmony/Cargo.toml
index 17b07da..8029cf1 100644
--- a/harmony-rs/harmony/Cargo.toml
+++ b/harmony-rs/harmony/Cargo.toml
@@ -17,3 +17,4 @@ log = { workspace = true }
 env_logger = { workspace = true }
 async-trait = { workspace = true }
 cidr = { workspace = true }
+opnsense-config = { path = "../opnsense-config" }
diff --git a/harmony-rs/harmony/src/domain/hardware/mod.rs b/harmony-rs/harmony/src/domain/hardware/mod.rs
index 985e16e..8ec4f81 100644
--- a/harmony-rs/harmony/src/domain/hardware/mod.rs
+++ b/harmony-rs/harmony/src/domain/hardware/mod.rs
@@ -7,6 +7,7 @@ use crate::topology::MacAddress;
 pub type HostGroup = Vec<PhysicalHost>;
 pub type SwitchGroup = Vec<Switch>;
 pub type FirewallGroup = Vec<PhysicalHost>;
+
 #[derive(Debug, Clone)]
 pub struct PhysicalHost {
     pub category: HostCategory,
diff --git a/harmony-rs/harmony/src/domain/inventory/mod.rs b/harmony-rs/harmony/src/domain/inventory/mod.rs
index af4a00c..930ee02 100644
--- a/harmony-rs/harmony/src/domain/inventory/mod.rs
+++ b/harmony-rs/harmony/src/domain/inventory/mod.rs
@@ -23,6 +23,9 @@ use super::{
 pub struct Inventory {
     pub location: Location,
     pub switch: SwitchGroup,
+    // Firewall is really just a host but with somewhat specialized hardware
+    // I'm not entirely sure it belongs to its own category but it helps make things easier and
+    // clearer for now so let's try it this way.
     pub firewall: FirewallGroup,
     pub worker_host: HostGroup,
     pub storage_host: HostGroup,
@@ -34,9 +37,11 @@ impl Inventory {
     pub fn empty_inventory() -> Self {
         Self {
             location: Location::test_building(),
-            host: HostGroup::new(),
             switch: SwitchGroup::new(),
             firewall: FirewallGroup::new(),
+            worker_host: HostGroup::new(),
+            storage_host: HostGroup::new(),
+            control_plane_host: HostGroup::new(),
         }
     }
 }
diff --git a/harmony-rs/harmony/src/domain/topology/load_balancer.rs b/harmony-rs/harmony/src/domain/topology/load_balancer.rs
index cf79ac3..9f5226a 100644
--- a/harmony-rs/harmony/src/domain/topology/load_balancer.rs
+++ b/harmony-rs/harmony/src/domain/topology/load_balancer.rs
@@ -1,10 +1,11 @@
+use crate::executors::ExecutorError;
 use super::{IpAddress, LogicalHost};
 
 pub trait LoadBalancer: Send + Sync {
-    fn add_backend(&mut self, backend: Backend) -> Result<(), LoadBalancerError>;
-    fn remove_backend(&mut self, backend_id: &str) -> Result<(), LoadBalancerError>;
-    fn add_frontend(&mut self, frontend: Frontend) -> Result<(), LoadBalancerError>;
-    fn remove_frontend(&mut self, frontend_id: &str) -> Result<(), LoadBalancerError>;
+    fn add_backend(&mut self, backend: Backend) -> Result<(), ExecutorError>;
+    fn remove_backend(&mut self, backend_id: &str) -> Result<(), ExecutorError>;
+    fn add_frontend(&mut self, frontend: Frontend) -> Result<(), ExecutorError>;
+    fn remove_frontend(&mut self, frontend_id: &str) -> Result<(), ExecutorError>;
     fn list_backends(&self) -> Vec<Backend>;
     fn list_frontends(&self) -> Vec<Frontend>;
     fn get_ip(&self) -> IpAddress;
@@ -17,8 +18,6 @@ impl std::fmt::Debug for dyn LoadBalancer {
     }
 }
 
-pub struct LoadBalancerError;
-
 #[derive(Clone, Debug)]
 pub struct Backend {
     pub id: String,
diff --git a/harmony-rs/harmony/src/domain/topology/mod.rs b/harmony-rs/harmony/src/domain/topology/mod.rs
index bd4a172..bfb9c96 100644
--- a/harmony-rs/harmony/src/domain/topology/mod.rs
+++ b/harmony-rs/harmony/src/domain/topology/mod.rs
@@ -22,6 +22,7 @@ pub struct HAClusterTopology {
 }
 
 pub type IpAddress = IpAddr;
+
 /// Represents a logical member of a cluster that provides one or more services.
 ///
 /// A LogicalHost can represent various roles within the infrastructure, such as:
diff --git a/harmony-rs/harmony/src/domain/topology/network.rs b/harmony-rs/harmony/src/domain/topology/network.rs
index 00189e4..be55f37 100644
--- a/harmony-rs/harmony/src/domain/topology/network.rs
+++ b/harmony-rs/harmony/src/domain/topology/network.rs
@@ -1,21 +1,30 @@
+use std::net::Ipv4Addr;
+
+use async_trait::async_trait;
+
+use crate::executors::ExecutorError;
+
 use super::{IpAddress, LogicalHost};
 
 #[derive(Debug)]
 pub struct DHCPStaticEntry {
     pub name: String,
     pub mac: MacAddress,
-    pub ip: IpAddress,
+    pub ip: Ipv4Addr,
 }
 
 impl std::fmt::Display for DHCPStaticEntry {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.write_fmt(format_args!("DHCPStaticEntry : name {}, mac {}, ip {}", self.name, self.mac, self.ip))
+        f.write_fmt(format_args!(
+            "DHCPStaticEntry : name {}, mac {}, ip {}",
+            self.name, self.mac, self.ip
+        ))
     }
 }
 
 pub trait Firewall: Send + Sync {
-    fn add_rule(&mut self, rule: FirewallRule) -> Result<(), FirewallError>;
-    fn remove_rule(&mut self, rule_id: &str) -> Result<(), FirewallError>;
+    fn add_rule(&mut self, rule: FirewallRule) -> Result<(), ExecutorError>;
+    fn remove_rule(&mut self, rule_id: &str) -> Result<(), ExecutorError>;
     fn list_rules(&self) -> Vec<FirewallRule>;
     fn get_ip(&self) -> IpAddress;
     fn get_host(&self) -> LogicalHost;
@@ -31,10 +40,11 @@ pub struct NetworkDomain {
     pub name: String,
 }
 
+#[async_trait]
 pub trait DhcpServer: Send + Sync {
-    fn add_static_mapping(&self, entry: &DHCPStaticEntry) -> Result<(), DhcpError>;
-    fn remove_static_mapping(&self, mac: &MacAddress) -> Result<(), DhcpError>;
-    fn list_static_mappings(&self) -> Vec<(MacAddress, IpAddress)>;
+    async fn add_static_mapping(&self, entry: &DHCPStaticEntry) -> Result<(), ExecutorError>;
+    async fn remove_static_mapping(&self, mac: &MacAddress) -> Result<(), ExecutorError>;
+    async fn list_static_mappings(&self) -> Vec<(MacAddress, IpAddress)>;
     fn get_ip(&self) -> IpAddress;
     fn get_host(&self) -> LogicalHost;
 }
@@ -51,8 +61,12 @@ pub trait DnsServer: Send + Sync {
         name: &str,
         record_type: DnsRecordType,
         value: &str,
-    ) -> Result<(), DnsError>;
-    fn remove_record(&mut self, name: &str, record_type: DnsRecordType) -> Result<(), DnsError>;
+    ) -> Result<(), ExecutorError>;
+    fn remove_record(
+        &mut self,
+        name: &str,
+        record_type: DnsRecordType,
+    ) -> Result<(), ExecutorError>;
     fn list_records(&self) -> Vec<DnsRecord>;
     fn get_ip(&self) -> IpAddress;
     fn get_host(&self) -> LogicalHost;
@@ -89,12 +103,25 @@ pub enum Action {
 #[derive(Clone, Debug, PartialEq, Eq, Hash)]
 pub struct MacAddress(pub [u8; 6]);
 
+// TODO create a small macro to provide a nice API to initiate a MacAddress
+// MacAddress::from!("00:90:7f:df:2c:23"),
+
 impl MacAddress {
+    #[cfg(test)]
     pub fn dummy() -> Self {
         Self([0, 0, 0, 0, 0, 0])
     }
 }
 
+impl From<&MacAddress> for String {
+    fn from(value: &MacAddress) -> Self {
+        format!(
+            "{}:{}:{}:{}:{}:{}",
+            value.0[0], value.0[1], value.0[2], value.0[3], value.0[4], value.0[5]
+        )
+    }
+}
+
 impl std::fmt::Display for MacAddress {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         f.write_fmt(format_args!(
@@ -119,8 +146,3 @@ pub struct DnsRecord {
     pub record_type: DnsRecordType,
     pub value: String,
 }
-
-// Error types
-pub struct FirewallError;
-pub struct DhcpError;
-pub struct DnsError;
diff --git a/harmony-rs/harmony/src/infra/opnsense/mod.rs b/harmony-rs/harmony/src/infra/opnsense/mod.rs
index 92f1826..66b00e6 100644
--- a/harmony-rs/harmony/src/infra/opnsense/mod.rs
+++ b/harmony-rs/harmony/src/infra/opnsense/mod.rs
@@ -1,29 +1,52 @@
 mod management;
+use std::sync::{Arc, Mutex, RwLock, RwLockWriteGuard};
+
+use async_trait::async_trait;
+use log::debug;
 pub use management::*;
 
-use crate::topology::{
-    Backend, DHCPStaticEntry, DhcpServer, DnsServer, Firewall, FirewallError, FirewallRule,
-    Frontend, IpAddress, LoadBalancer, LoadBalancerError, LogicalHost,
+use crate::{
+    executors::ExecutorError,
+    topology::{
+        Backend, DHCPStaticEntry, DhcpServer, DnsServer, Firewall, FirewallRule, Frontend,
+        IpAddress, LoadBalancer, LogicalHost,
+    },
 };
-use derive_new::new;
 
-#[derive(new, Clone)]
+#[derive(Clone)]
 pub struct OPNSenseFirewall {
+    opnsense_config: Arc<RwLock<opnsense_config::Config>>,
     host: LogicalHost,
+    cluster_nic_name: String,
 }
 
 impl OPNSenseFirewall {
     pub fn get_ip(&self) -> IpAddress {
         self.host.ip
     }
+
+    pub async fn new(
+        host: LogicalHost,
+        cluster_nic_name: &str,
+        username: &str,
+        password: &str,
+    ) -> Self {
+        Self {
+            opnsense_config: Arc::new(RwLock::new(
+                opnsense_config::Config::from_credentials(host.ip, username, password).await,
+            )),
+            host,
+            cluster_nic_name: cluster_nic_name.into(),
+        }
+    }
 }
 
 impl Firewall for OPNSenseFirewall {
-    fn add_rule(&mut self, _rule: FirewallRule) -> Result<(), FirewallError> {
+    fn add_rule(&mut self, _rule: FirewallRule) -> Result<(), ExecutorError> {
         todo!()
     }
 
-    fn remove_rule(&mut self, _rule_id: &str) -> Result<(), FirewallError> {
+    fn remove_rule(&mut self, _rule_id: &str) -> Result<(), ExecutorError> {
         todo!()
     }
 
@@ -40,19 +63,19 @@ impl Firewall for OPNSenseFirewall {
 }
 
 impl LoadBalancer for OPNSenseFirewall {
-    fn add_backend(&mut self, _backend: Backend) -> Result<(), LoadBalancerError> {
+    fn add_backend(&mut self, _backend: Backend) -> Result<(), ExecutorError> {
         todo!()
     }
 
-    fn remove_backend(&mut self, _backend_id: &str) -> Result<(), LoadBalancerError> {
+    fn remove_backend(&mut self, _backend_id: &str) -> Result<(), ExecutorError> {
         todo!()
     }
 
-    fn add_frontend(&mut self, _frontend: Frontend) -> Result<(), LoadBalancerError> {
+    fn add_frontend(&mut self, _frontend: Frontend) -> Result<(), ExecutorError> {
         todo!()
     }
 
-    fn remove_frontend(&mut self, _frontend_id: &str) -> Result<(), LoadBalancerError> {
+    fn remove_frontend(&mut self, _frontend_id: &str) -> Result<(), ExecutorError> {
         todo!()
     }
 
@@ -72,22 +95,30 @@ impl LoadBalancer for OPNSenseFirewall {
     }
 }
 
+#[async_trait]
 impl DhcpServer for OPNSenseFirewall {
-    fn add_static_mapping(
-        &self,
-        entry: &DHCPStaticEntry,
-    ) -> Result<(), crate::topology::DhcpError> {
-        todo!("Register {:?}", entry)
+    async fn add_static_mapping(&self, entry: &DHCPStaticEntry) -> Result<(), ExecutorError> {
+        let mac: String = String::from(&entry.mac);
+
+        {
+            let mut writable_opnsense = self.opnsense_config.write().unwrap();
+            writable_opnsense
+                .dhcp()
+                .add_static_mapping(&mac, entry.ip, &entry.name).unwrap();
+        }
+
+        debug!("Registered {:?}", entry);
+        Ok(())
     }
 
-    fn remove_static_mapping(
+    async fn remove_static_mapping(
         &self,
         _mac: &crate::topology::MacAddress,
-    ) -> Result<(), crate::topology::DhcpError> {
+    ) -> Result<(), ExecutorError> {
         todo!()
     }
 
-    fn list_static_mappings(&self) -> Vec<(crate::topology::MacAddress, IpAddress)> {
+    async fn list_static_mappings(&self) -> Vec<(crate::topology::MacAddress, IpAddress)> {
         todo!()
     }
 
@@ -98,13 +129,14 @@ impl DhcpServer for OPNSenseFirewall {
         self.host.clone()
     }
 }
+
 impl DnsServer for OPNSenseFirewall {
     fn add_record(
         &mut self,
         _name: &str,
         _record_type: crate::topology::DnsRecordType,
         _value: &str,
-    ) -> Result<(), crate::topology::DnsError> {
+    ) -> Result<(), ExecutorError> {
         todo!()
     }
 
@@ -112,7 +144,7 @@ impl DnsServer for OPNSenseFirewall {
         &mut self,
         _name: &str,
         _record_type: crate::topology::DnsRecordType,
-    ) -> Result<(), crate::topology::DnsError> {
+    ) -> Result<(), ExecutorError> {
         todo!()
     }
 
diff --git a/harmony-rs/harmony/src/modules/dhcp.rs b/harmony-rs/harmony/src/modules/dhcp.rs
index ec100ea..37e49cb 100644
--- a/harmony-rs/harmony/src/modules/dhcp.rs
+++ b/harmony-rs/harmony/src/modules/dhcp.rs
@@ -1,3 +1,5 @@
+use std::{net::Ipv4Addr, sync::Arc};
+
 use async_trait::async_trait;
 use derive_new::new;
 use log::info;
@@ -7,7 +9,6 @@ use crate::{
         data::{Id, Version},
         interpret::InterpretStatus,
     },
-    infra::executors::russh::RusshClient,
     interpret::{Interpret, InterpretError, InterpretName, Outcome},
     inventory::Inventory,
     topology::{DHCPStaticEntry, HAClusterTopology, HostBinding},
@@ -114,28 +115,35 @@ impl Interpret for DhcpInterpret {
         topology: &HAClusterTopology,
     ) -> Result<Outcome, InterpretError> {
         info!("Executing {} on inventory {inventory:?}", self.get_name());
-        let ssh_client = RusshClient {};
 
-        let entries: Vec<DHCPStaticEntry> = self
+        let dhcp_entries: Vec<DHCPStaticEntry> = self
             .score
             .host_binding
             .iter()
-            .map(|binding| DHCPStaticEntry {
-                name: binding.logical_host.name.clone(),
-                mac: binding.physical_host.cluster_mac(),
-                ip: binding.logical_host.ip,
+            .map(|binding| {
+                let ip = match binding.logical_host.ip {
+                    std::net::IpAddr::V4(ipv4) => ipv4,
+                    std::net::IpAddr::V6(_) => unimplemented!("DHCPStaticEntry only supports ipv4 at the moment"),
+                };
+
+                DHCPStaticEntry {
+                    name: binding.logical_host.name.clone(),
+                    mac: binding.physical_host.cluster_mac(),
+                    ip,
+                }
             })
             .collect();
-        info!("DHCPStaticEntry : {:?}", entries);
+        info!("DHCPStaticEntry : {:?}", dhcp_entries);
 
-        let dhcp = topology.dhcp_server.clone();
+        let dhcp = Arc::new(Box::new(topology.dhcp_server.clone()));
         info!("DHCP server : {:?}", dhcp);
-        entries.iter().for_each(|entry| {
-            match dhcp.add_static_mapping(&entry) {
+        for entry in dhcp_entries.into_iter() {
+            match dhcp.add_static_mapping(&entry).await {
                 Ok(_) => info!("Successfully registered DHCPStaticEntry {}", entry),
                 Err(_) => todo!(),
             }
-        });
+        }
+
         todo!("Configure DHCPServer");
 
         Ok(Outcome::new(
diff --git a/harmony-rs/opnsense-config-xml/Cargo.toml b/harmony-rs/opnsense-config-xml/Cargo.toml
new file mode 100644
index 0000000..3b28dcb
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/Cargo.toml
@@ -0,0 +1,25 @@
+[package]
+name = "opnsense-config-xml"
+edition = "2021"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+
+[dependencies]
+serde = { version = "1.0.123", features = [ "derive" ] }
+log = { workspace = true }
+env_logger = { workspace = true }
+#yaserde = { git = "https://git.nationtech.io/NationTech/yaserde" }
+#yaserde_derive = { git = "https://git.nationtech.io/NationTech/yaserde" }
+yaserde = { path = "../../../../github/yaserde/yaserde" }
+yaserde_derive = { path = "../../../../github/yaserde/yaserde_derive" }
+xml-rs = "0.8"
+thiserror = "1.0"
+async-trait = { workspace = true }
+tokio = { workspace = true }
+
+[dev-dependencies]
+pretty_assertions = "1.4.1"
+
+[target.x86_64-unknown-linux-gnu]
+rustflags = ["-C", "link-arg=-fuse-ld=mold"]
diff --git a/harmony-rs/opnsense-config-xml/interfaces_expand.rs b/harmony-rs/opnsense-config-xml/interfaces_expand.rs
new file mode 100644
index 0000000..3ca4b76
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/interfaces_expand.rs
@@ -0,0 +1,2134 @@
+mod interfaces {
+    use yaserde::{
+        NamedList, YaDeserialize as YaDeserializeTrait, YaSerialize as YaSerializeTrait,
+    };
+    use yaserde_derive::{YaDeserialize, YaSerialize};
+    use yaserde::MaybeString;
+    pub struct Interface {
+        #[yaserde(rename = "if")]
+        pub physical_interface_name: String,
+        pub descr: String,
+        pub enable: MaybeString,
+        #[yaserde(rename = "spoofmac")]
+        pub spoof_mac: Option<MaybeString>,
+        pub internal_dynamic: Option<MaybeString>,
+        pub ipaddr: Option<MaybeString>,
+        #[yaserde(rename = "blockpriv")]
+        pub block_priv: Option<MaybeString>,
+        #[yaserde(rename = "blockbogons")]
+        pub block_bogons: Option<MaybeString>,
+        pub lock: Option<MaybeString>,
+        #[yaserde(rename = "type")]
+        pub r#type: Option<MaybeString>,
+        #[yaserde(rename = "virtual")]
+        pub r#virtual: Option<MaybeString>,
+        pub subnet: Option<MaybeString>,
+        pub networks: Option<MaybeString>,
+        pub subnetv6: Option<MaybeString>,
+        pub ipaddrv6: Option<MaybeString>,
+        #[yaserde(rename = "track6-interface")]
+        pub track6_interface: Option<MaybeString>,
+        #[yaserde(rename = "track6-prefix-id")]
+        pub track6_prefix_id: Option<MaybeString>,
+    }
+    #[automatically_derived]
+    impl ::core::default::Default for Interface {
+        #[inline]
+        fn default() -> Interface {
+            Interface {
+                physical_interface_name: ::core::default::Default::default(),
+                descr: ::core::default::Default::default(),
+                enable: ::core::default::Default::default(),
+                spoof_mac: ::core::default::Default::default(),
+                internal_dynamic: ::core::default::Default::default(),
+                ipaddr: ::core::default::Default::default(),
+                block_priv: ::core::default::Default::default(),
+                block_bogons: ::core::default::Default::default(),
+                lock: ::core::default::Default::default(),
+                r#type: ::core::default::Default::default(),
+                r#virtual: ::core::default::Default::default(),
+                subnet: ::core::default::Default::default(),
+                networks: ::core::default::Default::default(),
+                subnetv6: ::core::default::Default::default(),
+                ipaddrv6: ::core::default::Default::default(),
+                track6_interface: ::core::default::Default::default(),
+                track6_prefix_id: ::core::default::Default::default(),
+            }
+        }
+    }
+    #[automatically_derived]
+    impl ::core::marker::StructuralPartialEq for Interface {}
+    #[automatically_derived]
+    impl ::core::cmp::PartialEq for Interface {
+        #[inline]
+        fn eq(&self, other: &Interface) -> bool {
+            self.physical_interface_name == other.physical_interface_name
+                && self.descr == other.descr && self.enable == other.enable
+                && self.spoof_mac == other.spoof_mac
+                && self.internal_dynamic == other.internal_dynamic
+                && self.ipaddr == other.ipaddr && self.block_priv == other.block_priv
+                && self.block_bogons == other.block_bogons && self.lock == other.lock
+                && self.r#type == other.r#type && self.r#virtual == other.r#virtual
+                && self.subnet == other.subnet && self.networks == other.networks
+                && self.subnetv6 == other.subnetv6 && self.ipaddrv6 == other.ipaddrv6
+                && self.track6_interface == other.track6_interface
+                && self.track6_prefix_id == other.track6_prefix_id
+        }
+    }
+    #[automatically_derived]
+    impl ::core::fmt::Debug for Interface {
+        #[inline]
+        fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result {
+            let names: &'static _ = &[
+                "physical_interface_name",
+                "descr",
+                "enable",
+                "spoof_mac",
+                "internal_dynamic",
+                "ipaddr",
+                "block_priv",
+                "block_bogons",
+                "lock",
+                "type",
+                "virtual",
+                "subnet",
+                "networks",
+                "subnetv6",
+                "ipaddrv6",
+                "track6_interface",
+                "track6_prefix_id",
+            ];
+            let values: &[&dyn ::core::fmt::Debug] = &[
+                &self.physical_interface_name,
+                &self.descr,
+                &self.enable,
+                &self.spoof_mac,
+                &self.internal_dynamic,
+                &self.ipaddr,
+                &self.block_priv,
+                &self.block_bogons,
+                &self.lock,
+                &self.r#type,
+                &self.r#virtual,
+                &self.subnet,
+                &self.networks,
+                &self.subnetv6,
+                &self.ipaddrv6,
+                &self.track6_interface,
+                &&self.track6_prefix_id,
+            ];
+            ::core::fmt::Formatter::debug_struct_fields_finish(
+                f,
+                "Interface",
+                names,
+                values,
+            )
+        }
+    }
+    #[allow(non_upper_case_globals, unused_attributes, unused_qualifications)]
+    const _IMPL_YA_DESERIALIZE_FOR_Interface: () = {
+        use ::std::str::FromStr as _;
+        use ::yaserde::Visitor as _;
+        impl ::yaserde::YaDeserialize for Interface {
+            #[allow(unused_variables)]
+            fn deserialize<R: ::std::io::Read>(
+                reader: &mut ::yaserde::de::Deserializer<R>,
+            ) -> ::std::result::Result<Self, ::std::string::String> {
+                let (named_element, struct_namespace) = if let ::yaserde::__xml::reader::XmlEvent::StartElement {
+                    name,
+                    ..
+                } = reader.peek()?.to_owned()
+                {
+                    (name.local_name.to_owned(), name.namespace.clone())
+                } else {
+                    (
+                        ::std::string::String::from("Interface"),
+                        ::std::option::Option::None,
+                    )
+                };
+                let start_depth = reader.depth();
+                {
+                    let lvl = ::log::Level::Debug;
+                    if lvl <= ::log::STATIC_MAX_LEVEL && lvl <= ::log::max_level() {
+                        ::log::__private_api::log(
+                            format_args!(
+                                "Struct {0} @ {1}: start to parse {2:?}",
+                                "Interface",
+                                start_depth,
+                                named_element,
+                            ),
+                            lvl,
+                            &(
+                                "yaserde_derive",
+                                "opnsense_config_xml::data::interfaces",
+                                ::log::__private_api::loc(),
+                            ),
+                            (),
+                        );
+                    }
+                };
+                if reader.depth() == 0 {
+                    if let Some(namespace) = struct_namespace {
+                        match namespace.as_str() {
+                            bad_namespace => {
+                                let msg = ::alloc::__export::must_use({
+                                    let res = ::alloc::fmt::format(
+                                        format_args!(
+                                            "bad namespace for {0}, found {1}",
+                                            named_element,
+                                            bad_namespace,
+                                        ),
+                                    );
+                                    res
+                                });
+                                return Err(msg);
+                            }
+                        }
+                    }
+                }
+                #[allow(unused_mut)]
+                let mut __physical_interface_name_value: Option<::std::string::String> = None;
+                #[allow(unused_mut)]
+                let mut __descr_value: Option<::std::string::String> = None;
+                #[allow(unused_mut)]
+                let mut __enable_value: Option<MaybeString> = None;
+                #[allow(unused_mut)]
+                let mut __spoof_mac_value = None;
+                #[allow(unused_mut)]
+                let mut __internal_dynamic_value = None;
+                #[allow(unused_mut)]
+                let mut __ipaddr_value = None;
+                #[allow(unused_mut)]
+                let mut __block_priv_value = None;
+                #[allow(unused_mut)]
+                let mut __block_bogons_value = None;
+                #[allow(unused_mut)]
+                let mut __lock_value = None;
+                #[allow(unused_mut)]
+                let mut __type_value = None;
+                #[allow(unused_mut)]
+                let mut __virtual_value = None;
+                #[allow(unused_mut)]
+                let mut __subnet_value = None;
+                #[allow(unused_mut)]
+                let mut __networks_value = None;
+                #[allow(unused_mut)]
+                let mut __subnetv6_value = None;
+                #[allow(unused_mut)]
+                let mut __ipaddrv6_value = None;
+                #[allow(unused_mut)]
+                let mut __track6_interface_value = None;
+                #[allow(unused_mut)]
+                let mut __track6_prefix_id_value = None;
+                #[allow(non_snake_case, non_camel_case_types)]
+                struct __Visitor_If_;
+                impl<'de> ::yaserde::Visitor<'de> for __Visitor_If_ {
+                    type Value = ::std::string::String;
+                    fn visit_str(
+                        self,
+                        v: &str,
+                    ) -> ::std::result::Result<Self::Value, ::std::string::String> {
+                        ::std::string::String::from_str(v).map_err(|e| e.to_string())
+                    }
+                }
+                #[allow(non_snake_case, non_camel_case_types)]
+                struct __Visitor_Descr_;
+                impl<'de> ::yaserde::Visitor<'de> for __Visitor_Descr_ {
+                    type Value = ::std::string::String;
+                    fn visit_str(
+                        self,
+                        v: &str,
+                    ) -> ::std::result::Result<Self::Value, ::std::string::String> {
+                        ::std::string::String::from_str(v).map_err(|e| e.to_string())
+                    }
+                }
+                let mut depth = 0;
+                loop {
+                    let event = reader.peek()?.to_owned();
+                    {
+                        let lvl = ::log::Level::Trace;
+                        if lvl <= ::log::STATIC_MAX_LEVEL && lvl <= ::log::max_level() {
+                            ::log::__private_api::log(
+                                format_args!(
+                                    "Struct {0} @ {1}: matching {2:?}",
+                                    "Interface",
+                                    start_depth,
+                                    event,
+                                ),
+                                lvl,
+                                &(
+                                    "yaserde_derive",
+                                    "opnsense_config_xml::data::interfaces",
+                                    ::log::__private_api::loc(),
+                                ),
+                                (),
+                            );
+                        }
+                    };
+                    match event {
+                        ::yaserde::__xml::reader::XmlEvent::StartElement {
+                            ref name,
+                            ref attributes,
+                            ..
+                        } => {
+                            let namespace = name.namespace.clone().unwrap_or_default();
+                            if depth == 0 && name.local_name == "Interface"
+                                && namespace.as_str() == ""
+                            {
+                                let event = reader.next_event()?;
+                            } else {
+                                match (namespace.as_str(), name.local_name.as_str()) {
+                                    ("", "if") => {
+                                        let visitor = __Visitor_If_ {};
+                                        if let Some(namespace) = name.namespace.as_ref() {
+                                            match namespace.as_str() {
+                                                bad_namespace => {
+                                                    let msg = ::alloc::__export::must_use({
+                                                        let res = ::alloc::fmt::format(
+                                                            format_args!(
+                                                                "bad namespace for {0}, found {1}",
+                                                                name.local_name.as_str(),
+                                                                bad_namespace,
+                                                            ),
+                                                        );
+                                                        res
+                                                    });
+                                                    return Err(msg);
+                                                }
+                                            }
+                                        }
+                                        let result = reader
+                                            .read_inner_value::<
+                                                ::std::string::String,
+                                                _,
+                                            >(|reader| {
+                                                if let ::std::result::Result::Ok(
+                                                    ::yaserde::__xml::reader::XmlEvent::Characters(s),
+                                                ) = reader.peek()
+                                                {
+                                                    let val = visitor.visit_str(&s);
+                                                    let _event = reader.next_event()?;
+                                                    val
+                                                } else {
+                                                    ::std::result::Result::Err(
+                                                        ::alloc::__export::must_use({
+                                                            let res = ::alloc::fmt::format(
+                                                                format_args!("unable to parse content for {0}", "if"),
+                                                            );
+                                                            res
+                                                        }),
+                                                    )
+                                                }
+                                            });
+                                        if let ::std::result::Result::Ok(value) = result {
+                                            __physical_interface_name_value = ::std::option::Option::Some(
+                                                value,
+                                            );
+                                        }
+                                    }
+                                    ("", "descr") => {
+                                        let visitor = __Visitor_Descr_ {};
+                                        if let Some(namespace) = name.namespace.as_ref() {
+                                            match namespace.as_str() {
+                                                bad_namespace => {
+                                                    let msg = ::alloc::__export::must_use({
+                                                        let res = ::alloc::fmt::format(
+                                                            format_args!(
+                                                                "bad namespace for {0}, found {1}",
+                                                                name.local_name.as_str(),
+                                                                bad_namespace,
+                                                            ),
+                                                        );
+                                                        res
+                                                    });
+                                                    return Err(msg);
+                                                }
+                                            }
+                                        }
+                                        let result = reader
+                                            .read_inner_value::<
+                                                ::std::string::String,
+                                                _,
+                                            >(|reader| {
+                                                if let ::std::result::Result::Ok(
+                                                    ::yaserde::__xml::reader::XmlEvent::Characters(s),
+                                                ) = reader.peek()
+                                                {
+                                                    let val = visitor.visit_str(&s);
+                                                    let _event = reader.next_event()?;
+                                                    val
+                                                } else {
+                                                    ::std::result::Result::Err(
+                                                        ::alloc::__export::must_use({
+                                                            let res = ::alloc::fmt::format(
+                                                                format_args!("unable to parse content for {0}", "descr"),
+                                                            );
+                                                            res
+                                                        }),
+                                                    )
+                                                }
+                                            });
+                                        if let ::std::result::Result::Ok(value) = result {
+                                            __descr_value = ::std::option::Option::Some(value);
+                                        }
+                                    }
+                                    ("", "enable") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __enable_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "spoofmac") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __spoof_mac_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "internal_dynamic") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __internal_dynamic_value = ::std::option::Option::Some(
+                                                value,
+                                            );
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "ipaddr") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __ipaddr_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "blockpriv") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __block_priv_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "blockbogons") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __block_bogons_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "lock") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __lock_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "type") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __type_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "virtual") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __virtual_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "subnet") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __subnet_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "networks") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __networks_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "subnetv6") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __subnetv6_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "ipaddrv6") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __ipaddrv6_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "track6-interface") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __track6_interface_value = ::std::option::Option::Some(
+                                                value,
+                                            );
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "track6-prefix-id") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __track6_prefix_id_value = ::std::option::Option::Some(
+                                                value,
+                                            );
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    _ => {
+                                        {
+                                            let lvl = ::log::Level::Trace;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Got StartElement {0:?}", name.local_name),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        let event = reader.next_event()?;
+                                        {
+                                            let lvl = ::log::Level::Trace;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Next event {0:?}", event),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if depth > 0 {
+                                            return Err(
+                                                ::alloc::__export::must_use({
+                                                    let res = ::alloc::fmt::format(
+                                                        format_args!(
+                                                            "Found unauthorized element {0}",
+                                                            name.local_name,
+                                                        ),
+                                                    );
+                                                    res
+                                                }),
+                                            );
+                                            reader.skip_element(|event| {})?;
+                                        }
+                                    }
+                                }
+                            }
+                            if depth == 0 {}
+                            depth += 1;
+                        }
+                        ::yaserde::__xml::reader::XmlEvent::EndElement { ref name } => {
+                            {
+                                let lvl = ::log::Level::Warn;
+                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                    && lvl <= ::log::max_level()
+                                {
+                                    ::log::__private_api::log(
+                                        format_args!("endElement {0}", named_element),
+                                        lvl,
+                                        &(
+                                            "opnsense_config_xml::data::interfaces",
+                                            "opnsense_config_xml::data::interfaces",
+                                            ::log::__private_api::loc(),
+                                        ),
+                                        (),
+                                    );
+                                }
+                            };
+                            if name.local_name == named_element
+                                && reader.depth() == start_depth + 1
+                            {
+                                break;
+                            }
+                            let event = reader.next_event()?;
+                            depth -= 1;
+                        }
+                        ::yaserde::__xml::reader::XmlEvent::EndDocument => {
+                            if false {
+                                break;
+                            }
+                        }
+                        ::yaserde::__xml::reader::XmlEvent::Characters(
+                            ref text_content,
+                        ) => {
+                            let event = reader.next_event()?;
+                        }
+                        event => {
+                            return ::std::result::Result::Err(
+                                ::alloc::__export::must_use({
+                                    let res = ::alloc::fmt::format(
+                                        format_args!("unknown event {0:?}", event),
+                                    );
+                                    res
+                                }),
+                            );
+                        }
+                    }
+                }
+                {
+                    let lvl = ::log::Level::Debug;
+                    if lvl <= ::log::STATIC_MAX_LEVEL && lvl <= ::log::max_level() {
+                        ::log::__private_api::log(
+                            format_args!(
+                                "Struct {0} @ {1}: success",
+                                "Interface",
+                                start_depth,
+                            ),
+                            lvl,
+                            &(
+                                "yaserde_derive",
+                                "opnsense_config_xml::data::interfaces",
+                                ::log::__private_api::loc(),
+                            ),
+                            (),
+                        );
+                    }
+                };
+                ::std::result::Result::Ok(Interface {
+                    physical_interface_name: __physical_interface_name_value
+                        .ok_or_else(|| {
+                            "physical_interface_name is a required field of Interface"
+                                .to_string()
+                        })?,
+                    descr: __descr_value
+                        .ok_or_else(|| {
+                            "descr is a required field of Interface".to_string()
+                        })?,
+                    enable: __enable_value
+                        .ok_or_else(|| {
+                            "enable is a required field of Interface".to_string()
+                        })?,
+                    spoof_mac: __spoof_mac_value,
+                    internal_dynamic: __internal_dynamic_value,
+                    ipaddr: __ipaddr_value,
+                    block_priv: __block_priv_value,
+                    block_bogons: __block_bogons_value,
+                    lock: __lock_value,
+                    r#type: __type_value,
+                    r#virtual: __virtual_value,
+                    subnet: __subnet_value,
+                    networks: __networks_value,
+                    subnetv6: __subnetv6_value,
+                    ipaddrv6: __ipaddrv6_value,
+                    track6_interface: __track6_interface_value,
+                    track6_prefix_id: __track6_prefix_id_value,
+                })
+            }
+        }
+    };
+    #[allow(non_upper_case_globals, unused_attributes, unused_qualifications)]
+    const _IMPL_YA_SERIALIZE_FOR_Interface: () = {
+        use ::std::str::FromStr as _;
+        impl ::yaserde::YaSerialize for Interface {
+            #[allow(unused_variables)]
+            fn serialize<W: ::std::io::Write>(
+                &self,
+                writer: &mut ::yaserde::ser::Serializer<W>,
+            ) -> ::std::result::Result<(), ::std::string::String> {
+                let skip = writer.skip_start_end();
+                if !false && !skip {
+                    let mut child_attributes = ::alloc::vec::Vec::new();
+                    let mut child_attributes_namespace = ::yaserde::__xml::namespace::Namespace::empty();
+                    let yaserde_label = writer
+                        .get_start_event_name()
+                        .unwrap_or_else(|| "Interface".to_string());
+                    let struct_start_event = ::yaserde::__xml::writer::XmlEvent::start_element(
+                        yaserde_label.as_ref(),
+                    );
+                    let event: ::yaserde::__xml::writer::events::XmlEvent = struct_start_event
+                        .into();
+                    if let ::yaserde::__xml::writer::events::XmlEvent::StartElement {
+                        name,
+                        attributes,
+                        namespace,
+                    } = event {
+                        let mut attributes: ::std::vec::Vec<
+                            ::yaserde::__xml::attribute::OwnedAttribute,
+                        > = attributes
+                            .into_owned()
+                            .to_vec()
+                            .iter()
+                            .map(|k| k.to_owned())
+                            .collect();
+                        attributes.extend(child_attributes);
+                        let all_attributes = attributes
+                            .iter()
+                            .map(|ca| ca.borrow())
+                            .collect();
+                        let mut all_namespaces = namespace.into_owned();
+                        all_namespaces.extend(&child_attributes_namespace);
+                        writer
+                            .write(::yaserde::__xml::writer::events::XmlEvent::StartElement {
+                                name,
+                                attributes: ::std::borrow::Cow::Owned(all_attributes),
+                                namespace: ::std::borrow::Cow::Owned(all_namespaces),
+                            })
+                            .map_err(|e| e.to_string())?;
+                    } else {
+                        ::core::panicking::panic(
+                            "internal error: entered unreachable code",
+                        )
+                    }
+                }
+                if !false {
+                    let start_event = ::yaserde::__xml::writer::XmlEvent::start_element(
+                        "if",
+                    );
+                    writer.write(start_event).map_err(|e| e.to_string())?;
+                    let yaserde_value = ::alloc::__export::must_use({
+                        let res = ::alloc::fmt::format(
+                            format_args!("{0}", self.physical_interface_name),
+                        );
+                        res
+                    });
+                    let data_event = ::yaserde::__xml::writer::XmlEvent::characters(
+                        &yaserde_value,
+                    );
+                    writer.write(data_event).map_err(|e| e.to_string())?;
+                    let end_event = ::yaserde::__xml::writer::XmlEvent::end_element();
+                    writer.write(end_event).map_err(|e| e.to_string())?;
+                }
+                if !false {
+                    let start_event = ::yaserde::__xml::writer::XmlEvent::start_element(
+                        "descr",
+                    );
+                    writer.write(start_event).map_err(|e| e.to_string())?;
+                    let yaserde_value = ::alloc::__export::must_use({
+                        let res = ::alloc::fmt::format(format_args!("{0}", self.descr));
+                        res
+                    });
+                    let data_event = ::yaserde::__xml::writer::XmlEvent::characters(
+                        &yaserde_value,
+                    );
+                    writer.write(data_event).map_err(|e| e.to_string())?;
+                    let end_event = ::yaserde::__xml::writer::XmlEvent::end_element();
+                    writer.write(end_event).map_err(|e| e.to_string())?;
+                }
+                if !false {
+                    writer
+                        .set_start_event_name(
+                            ::std::option::Option::Some("enable".to_string()),
+                        );
+                    writer.set_skip_start_end(false);
+                    ::yaserde::YaSerialize::serialize(&self.enable, writer)?;
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.spoof_mac {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("spoofmac".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.internal_dynamic
+                    {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("internal_dynamic".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.ipaddr {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("ipaddr".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.block_priv {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("blockpriv".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.block_bogons {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("blockbogons".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.lock {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("lock".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.r#type {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("type".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.r#virtual {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("virtual".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.subnet {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("subnet".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.networks {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("networks".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.subnetv6 {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("subnetv6".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.ipaddrv6 {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("ipaddrv6".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.track6_interface
+                    {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("track6-interface".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.track6_prefix_id
+                    {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("track6-prefix-id".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false && !skip {
+                    let struct_end_event = ::yaserde::__xml::writer::XmlEvent::end_element();
+                    writer.write(struct_end_event).map_err(|e| e.to_string())?;
+                }
+                ::std::result::Result::Ok(())
+            }
+            fn serialize_attributes(
+                &self,
+                mut source_attributes: ::std::vec::Vec<
+                    ::yaserde::__xml::attribute::OwnedAttribute,
+                >,
+                mut source_namespace: ::yaserde::__xml::namespace::Namespace,
+            ) -> ::std::result::Result<
+                (
+                    ::std::vec::Vec<::yaserde::__xml::attribute::OwnedAttribute>,
+                    ::yaserde::__xml::namespace::Namespace,
+                ),
+                ::std::string::String,
+            > {
+                let mut child_attributes = ::std::vec::Vec::<
+                    ::yaserde::__xml::attribute::OwnedAttribute,
+                >::new();
+                let mut child_attributes_namespace = ::yaserde::__xml::namespace::Namespace::empty();
+                let struct_start_event = ::yaserde::__xml::writer::XmlEvent::start_element(
+                    "temporary_element_to_generate_attributes",
+                );
+                let event: ::yaserde::__xml::writer::events::XmlEvent = struct_start_event
+                    .into();
+                if let ::yaserde::__xml::writer::events::XmlEvent::StartElement {
+                    attributes,
+                    namespace,
+                    ..
+                } = event {
+                    source_namespace.extend(&namespace.into_owned());
+                    source_namespace.extend(&child_attributes_namespace);
+                    let a: ::std::vec::Vec<
+                        ::yaserde::__xml::attribute::OwnedAttribute,
+                    > = attributes
+                        .into_owned()
+                        .to_vec()
+                        .iter()
+                        .map(|k| k.to_owned())
+                        .collect();
+                    source_attributes.extend(a);
+                    source_attributes.extend(child_attributes);
+                    ::std::result::Result::Ok((source_attributes, source_namespace))
+                } else {
+                    ::core::panicking::panic("internal error: entered unreachable code");
+                }
+            }
+        }
+    };
+    pub trait MyDeserialize: YaDeserializeTrait {}
+    pub trait MySerialize: YaSerializeTrait {}
+}
diff --git a/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs b/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
new file mode 100644
index 0000000..9c06716
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
@@ -0,0 +1,113 @@
+use yaserde_derive::{YaDeserialize, YaSerialize};
+
+use yaserde::MaybeString;
+
+use super::opnsense::{NumberOption, Range, StaticMap};
+
+// #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+// #[yaserde(rename = "dhcpd")]
+// pub struct Dhcpd {
+//     #[yaserde(rename = "lan")]
+//     pub lan: DhcpInterface,
+// }
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct DhcpInterface {
+    pub enable: Option<MaybeString>,
+    pub gateway: Option<MaybeString>,
+    pub domain: Option<MaybeString>,
+    #[yaserde(rename = "ddnsdomainalgorithm")]
+    pub ddns_domain_algorithm: Option<MaybeString>,
+    #[yaserde(rename = "numberoptions")]
+    pub number_options: Vec<NumberOption>,
+    #[yaserde(rename = "range")]
+    pub range: Range,
+    pub winsserver: Option<MaybeString>,
+    pub dnsserver: Option<MaybeString>,
+    pub ntpserver: Option<MaybeString>,
+    #[yaserde(rename = "staticmap")]
+    pub staticmaps: Vec<StaticMap>,
+    pub pool: Option<MaybeString>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct DhcpRange {
+    #[yaserde(rename = "from")]
+    pub from: String,
+    #[yaserde(rename = "to")]
+    pub to: String,
+}
+
+#[cfg(test)]
+mod test {
+    use crate::xml_utils::to_xml_str;
+
+    use pretty_assertions::assert_eq;
+
+    #[test]
+    fn dhcpd_should_deserialize_serialize_identical() {
+        let dhcpd: Dhcpd =
+            yaserde::de::from_str(SERIALIZED_DHCPD).expect("Deserialize Dhcpd failed");
+
+        assert_eq!(
+            to_xml_str(&dhcpd).expect("Serialize Dhcpd failed"),
+            SERIALIZED_DHCPD
+        );
+    }
+
+    const SERIALIZED_DHCPD: &str = "<?xml version=\"1.0\"?>
+<dhcpd>
+  <lan>
+    <enable>1</enable>
+    <gateway>192.168.20.1</gateway>
+    <domain>somedomain.yourlocal.mcd</domain>
+    <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+    <numberoptions>
+      <item/>
+    </numberoptions>
+    <range>
+      <from>192.168.20.50</from>
+      <to>192.168.20.200</to>
+    </range>
+    <winsserver/>
+    <dnsserver>192.168.20.1</dnsserver>
+    <ntpserver/>
+    <staticmap>
+      <mac>55:55:55:55:55:1c</mac>
+      <ipaddr>192.168.20.160</ipaddr>
+      <hostname>somehost983</hostname>
+      <descr>someservire8</descr>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </staticmap>
+    <staticmap>
+      <mac>55:55:55:55:55:1c</mac>
+      <ipaddr>192.168.20.155</ipaddr>
+      <hostname>somehost893</hostname>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </staticmap>
+    <staticmap>
+      <mac>55:55:55:55:55:1c</mac>
+      <ipaddr>192.168.20.165</ipaddr>
+      <hostname>somehost893</hostname>
+      <descr/>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </staticmap>
+    <staticmap>
+      <mac>55:55:55:55:55:1c</mac>
+      <ipaddr>192.168.20.50</ipaddr>
+      <hostname>hostswitch2</hostname>
+      <descr>switch-2 (bottom)</descr>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </staticmap>
+    <pool/>
+  </lan>
+</dhcpd>\n";
+}
diff --git a/harmony-rs/opnsense-config-xml/src/data/interfaces.rs b/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
new file mode 100644
index 0000000..e980c73
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
@@ -0,0 +1,193 @@
+use yaserde_derive::{YaDeserialize, YaSerialize};
+
+use yaserde::MaybeString;
+
+#[derive(Default, PartialEq, Debug, YaDeserialize, YaSerialize)]
+pub struct Interface {
+    pub internal_dynamic: Option<MaybeString>,
+    #[yaserde(rename = "if")]
+    pub physical_interface_name: String,
+    pub descr: Option<MaybeString>,
+    pub enable: MaybeString,
+    pub lock: Option<MaybeString>,
+    #[yaserde(rename = "spoofmac")]
+    pub spoof_mac: Option<MaybeString>,
+    pub ipaddr: Option<MaybeString>,
+    pub dhcphostname: Option<MaybeString>,
+    #[yaserde(rename = "alias-address")]
+    pub alias_address: Option<MaybeString>,
+    #[yaserde(rename = "alias-subnet")]
+    pub alias_subnet: Option<MaybeString>,
+    #[yaserde(rename = "blockpriv")]
+    pub block_priv: Option<MaybeString>,
+    #[yaserde(rename = "blockbogons")]
+    pub block_bogons: Option<MaybeString>,
+    #[yaserde(rename = "type")]
+    pub r#type: Option<MaybeString>,
+    #[yaserde(rename = "virtual")]
+    pub r#virtual: Option<MaybeString>,
+    pub subnet: Option<MaybeString>,
+    pub ipaddrv6: Option<MaybeString>,
+    pub networks: Option<MaybeString>,
+    pub subnetv6: Option<MaybeString>,
+    pub media: Option<MaybeString>,
+    pub mediaopt: Option<MaybeString>,
+    #[yaserde(rename = "track6-interface")]
+    pub track6_interface: Option<MaybeString>,
+    #[yaserde(rename = "track6-prefix-id")]
+    pub track6_prefix_id: Option<MaybeString>,
+    #[yaserde(rename = "dhcprejectfrom")]
+    pub dhcprejectfrom: Option<MaybeString>,
+    pub adv_dhcp_pt_timeout: Option<MaybeString>,
+    pub adv_dhcp_pt_retry: Option<MaybeString>,
+    pub adv_dhcp_pt_select_timeout: Option<MaybeString>,
+    pub adv_dhcp_pt_reboot: Option<MaybeString>,
+    pub adv_dhcp_pt_backoff_cutoff: Option<MaybeString>,
+    pub adv_dhcp_pt_initial_interval: Option<MaybeString>,
+    pub adv_dhcp_pt_values: Option<MaybeString>,
+    pub adv_dhcp_send_options: Option<MaybeString>,
+    pub adv_dhcp_request_options: Option<MaybeString>,
+    pub adv_dhcp_required_options: Option<MaybeString>,
+    pub adv_dhcp_option_modifiers: Option<MaybeString>,
+    pub adv_dhcp_config_advanced: Option<MaybeString>,
+    pub adv_dhcp_config_file_override: Option<MaybeString>,
+    pub adv_dhcp_config_file_override_path: Option<MaybeString>,
+}
+
+#[cfg(test)]
+mod test {
+    use crate::xml_utils::to_xml_str;
+
+    use super::*;
+    use pretty_assertions::assert_eq;
+    use yaserde::NamedList;
+
+    #[derive(Default, PartialEq, Debug, YaDeserialize, YaSerialize)]
+    pub struct InterfacesParent {
+        foo: String,
+        interfaces: NamedList<Interface>,
+        bar: String,
+    }
+
+    #[test]
+    fn should_deserialize_interfaces() {
+        let interfaces =
+            yaserde::de::from_str::<NamedList<Interface>>(FULL_INTERFACES_XML).unwrap();
+        assert_eq!(interfaces.elements.len(), 6)
+    }
+
+    #[test]
+    fn should_serialize_interfaces() {
+        let named_list = NamedList {
+            elements: vec![
+                (String::from("paul"), Interface::default()),
+                (String::from("anotherpaul"), Interface::default()),
+                (String::from("thirdone"), Interface::default()),
+                (String::from("andgofor4"), Interface::default()),
+            ],
+        };
+
+        let parent = InterfacesParent {
+            foo: String::from("foo"),
+            interfaces: named_list,
+            bar: String::from("foo"),
+        };
+
+        assert_eq!(
+            &to_xml_str(&parent).unwrap(),
+            r#"<?xml version="1.0"?>
+<InterfacesParent>
+  <foo>foo</foo>
+  <interfaces>
+    <paul>
+      <if></if>
+      <descr></descr>
+      <enable/>
+    </paul>
+    <anotherpaul>
+      <if></if>
+      <descr></descr>
+      <enable/>
+    </anotherpaul>
+    <thirdone>
+      <if></if>
+      <descr></descr>
+      <enable/>
+    </thirdone>
+    <andgofor4>
+      <if></if>
+      <descr></descr>
+      <enable/>
+    </andgofor4>
+  </interfaces>
+  <bar>foo</bar>
+</InterfacesParent>
+"#
+        )
+    }
+
+    const FULL_INTERFACES_XML: &str = "<interfaces>
+    <lan>
+      <if>em1</if>
+      <descr>LAN</descr>
+      <enable>1</enable>
+      <spoofmac/>
+      <media/>
+      <mediaopt/>
+      <ipaddr>192.168.20.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <track6-interface/>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <wan>
+      <if>pppoe0</if>
+      <descr>WAN</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <blockpriv>1</blockpriv>
+      <blockbogons>1</blockbogons>
+      <ipaddr>pppoe</ipaddr>
+    </wan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <if>lo0</if>
+      <ipaddr>127.0.0.1</ipaddr>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnet>8</subnet>
+      <subnetv6>128</subnetv6>
+      <type>none</type>
+      <virtual>1</virtual>
+    </lo0>
+    <opt1>
+      <if>em5</if>
+      <descr>backup_sync</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <ipaddr>10.10.5.1</ipaddr>
+      <subnet>24</subnet>
+    </opt1>
+    <wireguard>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>WireGuard (Group)</descr>
+      <if>wireguard</if>
+      <virtual>1</virtual>
+      <enable>1</enable>
+      <type>group</type>
+      <networks/>
+    </wireguard>
+    <openvpn>
+      <internal_dynamic>1</internal_dynamic>
+      <enable>1</enable>
+      <if>openvpn</if>
+      <descr>OpenVPN</descr>
+      <type>group</type>
+      <virtual>1</virtual>
+      <networks/>
+    </openvpn>
+  </interfaces>";
+}
diff --git a/harmony-rs/opnsense-config-xml/src/data/mod.rs b/harmony-rs/opnsense-config-xml/src/data/mod.rs
new file mode 100644
index 0000000..5d2a4da
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/src/data/mod.rs
@@ -0,0 +1,6 @@
+mod opnsense;
+mod interfaces;
+mod dhcpd;
+pub use opnsense::*;
+pub use interfaces::*;
+pub use dhcpd::*;
diff --git a/harmony-rs/opnsense-config-xml/src/data/opnsense.rs b/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
new file mode 100644
index 0000000..48ff582
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
@@ -0,0 +1,2052 @@
+use crate::{data::dhcpd::DhcpInterface, xml_utils::to_xml_str};
+use log::error;
+use yaserde::{MaybeString, NamedList, RawXml};
+use yaserde_derive::{YaDeserialize, YaSerialize};
+
+use super::Interface;
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[yaserde(rename = "opnsense")]
+pub struct OPNsense {
+    pub theme: String,
+    pub sysctl: Sysctl,
+    pub system: RawXml,
+    // pub interfaces: RawXml,
+    pub interfaces: NamedList<Interface>,
+    pub dhcpd: NamedList<DhcpInterface>,
+    pub snmpd: Snmpd,
+    pub syslog: Syslog,
+    pub nat: Nat,
+    pub filter: Filters,
+    pub load_balancer: Option<LoadBalancer>,
+    pub rrd: Option<RawXml>,
+    pub ntpd: Ntpd,
+    pub widgets: Widgets,
+    pub revision: Revision,
+    #[yaserde(rename = "OPNsense")]
+    pub opnsense: OPNsenseXmlSection,
+    pub staticroutes: StaticRoutes,
+    pub ca: MaybeString,
+    pub gateways: Option<Gateways>,
+    pub cert: Vec<Cert>,
+    pub dhcpdv6: DhcpDv6,
+    pub virtualip: VirtualIp,
+    pub openvpn: OpenVpn,
+    pub ppps: Ppps,
+    pub dyndnses: Option<Dyndnses>,
+    pub vlans: Vlans,
+    pub bridges: Bridges,
+    pub gifs: Gifs,
+    pub gres: Gres,
+    pub laggs: Laggs,
+    pub wireless: Wireless,
+    pub hasync: Hasync,
+    pub ifgroups: Ifgroups,
+}
+
+impl From<String> for OPNsense {
+    fn from(content: String) -> Self {
+        yaserde::de::from_str(&content)
+            .map_err(|e| println!("{}", e.to_string()))
+            .expect("OPNSense received invalid string, should be full XML")
+    }
+}
+
+impl OPNsense {
+    pub fn to_xml(&self) -> String {
+        to_xml_str(self)
+            .map_err(|e| error!("{}", e.to_string()))
+            .expect("OPNSense could not serialize to XML")
+    }
+}
+
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct LoadBalancer {
+    pub monitor_type: Vec<MonitorType>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct MonitorType {
+    pub name: String,
+    #[yaserde(rename = "type")]
+    pub r#type: String,
+    pub descr: String,
+    pub options: Option<Options>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Ntpd {
+    pub prefer: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Widgets {
+    pub sequence: String,
+    pub column_count: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Revision {
+    pub username: String,
+    pub time: f64,
+    pub description: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Options {
+    pub path: Option<MaybeString>,
+    pub host: Option<MaybeString>,
+    pub code: Option<MaybeString>,
+    pub send: Option<MaybeString>,
+    pub expect: Option<MaybeString>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Filters {
+    #[yaserde(rename = "rule")]
+    pub rules: Vec<Rule>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Rule {
+    #[yaserde(attribute)]
+    pub uuid: Option<String>,
+    #[yaserde(rename = "associated-rule-id")]
+    pub associated_rule_id: Option<MaybeString>,
+    #[yaserde(rename = "type")]
+    pub r#type: Option<MaybeString>,
+    pub interface: String,
+    pub ipprotocol: String,
+    pub statetype: Option<MaybeString>,
+    pub descr: Option<MaybeString>,
+    pub direction: Option<MaybeString>,
+    pub category: Option<MaybeString>,
+    pub quick: Option<MaybeString>,
+    pub protocol: Option<MaybeString>,
+    pub source: Source,
+    pub icmptype: Option<MaybeString>,
+    pub destination: Destination,
+    pub updated: Option<Updated>,
+    pub created: Option<Created>,
+    pub disabled: Option<MaybeString>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Source {
+    pub any: Option<u8>,
+    pub network: Option<MaybeString>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Destination {
+    pub network: Option<MaybeString>,
+    pub address: Option<MaybeString>,
+    pub port: Option<MaybeString>,
+    pub any: Option<MaybeString>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Username {
+    pub user: String,
+    pub host: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Sysctl {
+    pub item: Vec<SysctlItem>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct SysctlItem {
+    pub descr: String,
+    pub tunable: String,
+    pub value: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct System {
+    #[yaserde(rename = "use_mfs_tmp")]
+    pub use_mfs_tmp: MaybeString,
+    #[yaserde(rename = "use_mfs_var")]
+    pub use_mfs_var: MaybeString,
+    pub serialspeed: u32,
+    pub primaryconsole: String,
+    pub secondaryconsole: String,
+    pub optimization: String,
+    pub hostname: String,
+    pub domain: String,
+    pub group: Vec<Group>,
+    pub user: Vec<User>,
+    pub nextuid: u32,
+    pub nextgid: u32,
+    pub timezone: String,
+    pub timeservers: String,
+    pub webgui: WebGui,
+    pub usevirtualterminal: u8,
+    pub disableconsolemenu: u8,
+    pub disablevlanhwfilter: u8,
+    pub disablechecksumoffloading: u8,
+    pub disablesegmentationoffloading: u8,
+    pub disablelargereceiveoffloading: u8,
+    pub ipv6allow: u8,
+    pub powerd_ac_mode: String,
+    pub powerd_battery_mode: String,
+    pub powerd_normal_mode: String,
+    pub bogons: Bogons,
+    pub crypto_hardware: String,
+    pub pf_share_forward: u8,
+    pub lb_use_sticky: u8,
+    pub kill_states: u8,
+    pub ssh: Ssh,
+    pub firmware: Firmware,
+    pub sudo_allow_wheel: u8,
+    pub sudo_allow_group: String,
+    pub enablenatreflectionhelper: String,
+    pub rulesetoptimization: String,
+    pub maximumstates: MaybeString,
+    pub maximumfrags: MaybeString,
+    pub aliasesresolveinterval: MaybeString,
+    pub maximumtableentries: MaybeString,
+    pub language: String,
+    pub dnsserver: MaybeString,
+    #[yaserde(rename = "dns1gw")]
+    pub dns1gw: String,
+    #[yaserde(rename = "dns2gw")]
+    pub dns2gw: String,
+    #[yaserde(rename = "dns3gw")]
+    pub dns3gw: String,
+    #[yaserde(rename = "dns4gw")]
+    pub dns4gw: String,
+    #[yaserde(rename = "dns5gw")]
+    pub dns5gw: String,
+    #[yaserde(rename = "dns6gw")]
+    pub dns6gw: String,
+    #[yaserde(rename = "dns7gw")]
+    pub dns7gw: String,
+    #[yaserde(rename = "dns8gw")]
+    pub dns8gw: String,
+    pub dnsallowoverride: u8,
+    pub dnsallowoverride_exclude: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Ssh {
+    pub group: String,
+    pub noauto: u8,
+    pub interfaces: MaybeString,
+    pub kex: MaybeString,
+    pub ciphers: MaybeString,
+    pub macs: MaybeString,
+    pub keys: MaybeString,
+    pub enabled: String,
+    pub passwordauth: u8,
+    pub keysig: MaybeString,
+    pub permitrootlogin: u8,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Firmware {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub mirror: MaybeString,
+    pub flavour: MaybeString,
+    pub plugins: String,
+    #[yaserde(rename = "type")]
+    pub firmware_type: MaybeString,
+    pub subscription: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Bogons {
+    pub interval: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Group {
+    pub name: String,
+    pub description: String,
+    pub scope: String,
+    pub gid: u32,
+    pub member: Vec<u32>,
+    #[yaserde(rename = "priv")]
+    pub priv_: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct User {
+    pub name: String,
+    pub descr: MaybeString,
+    pub scope: String,
+    pub groupname: MaybeString,
+    pub password: String,
+    pub uid: u32,
+    pub expires: MaybeString,
+    pub authorizedkeys: MaybeString,
+    pub ipsecpsk: MaybeString,
+    pub otp_seed: MaybeString,
+    pub shell: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WebGui {
+    pub protocol: String,
+    #[yaserde(rename = "ssl-certref")]
+    pub ssl_certref: String,
+    pub port: MaybeString,
+    #[yaserde(rename = "ssl-ciphers")]
+    pub ssl_ciphers: MaybeString,
+    pub interfaces: MaybeString,
+
+    pub compression: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct NumberOption {
+    item: MaybeString,
+}
+
+#[derive(Default, Clone, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Range {
+    pub from: String,
+    pub to: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct StaticMap {
+    pub mac: String,
+    pub ipaddr: String,
+    pub hostname: String,
+    pub descr: Option<MaybeString>,
+    pub winsserver: MaybeString,
+    pub dnsserver: MaybeString,
+    pub ntpserver: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Snmpd {
+    pub syslocation: MaybeString,
+    pub syscontact: MaybeString,
+    pub rocommunity: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Syslog {
+    pub reverse: Option<MaybeString>,
+    pub preservelogs: Option<MaybeString>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Nat {
+    #[yaserde(rename = "outbound")]
+    pub outbound: Outbound,
+    #[yaserde(rename = "rule")]
+    pub rules: Vec<NatRule>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Outbound {
+    pub mode: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct NatRule {
+    pub protocol: String,
+    pub interface: String,
+    pub category: MaybeString,
+    pub ipprotocol: String,
+    pub descr: MaybeString,
+    pub tag: MaybeString,
+    pub tagged: Option<MaybeString>,
+    pub poolopts: PoolOpts,
+    #[yaserde(rename = "associated-rule-id")]
+    pub associated_rule_id: Option<MaybeString>,
+    pub disabled: Option<u8>,
+    pub target: String,
+    #[yaserde(rename = "local-port")]
+    pub local_port: i32,
+    pub source: Source,
+    pub destination: Destination,
+    pub updated: Updated,
+    pub created: Created,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct PoolOpts {
+    // No specific fields for this element, can be added as needed
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Updated {
+    pub username: String,
+    pub time: f64,
+    pub description: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Created {
+    pub username: String,
+    pub time: f64,
+    pub description: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Filter {
+    #[yaserde(attribute)]
+    version: String,
+    rules: Option<MaybeString>,
+    snatrules: Option<MaybeString>,
+    npt: Option<MaybeString>,
+    onetoone: Option<MaybeString>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[yaserde(rename = "OPNsense")]
+pub struct OPNsenseXmlSection {
+    pub captiveportal: Option<CaptivePortal>,
+    pub cron: Option<Cron>,
+    #[yaserde(rename = "Netflow")]
+    pub netflow: Option<Netflow>,
+    #[yaserde(rename = "Firewall")]
+    pub firewall: Option<Firewall>,
+    #[yaserde(rename = "IDS")]
+    pub ids: Option<IDS>,
+    #[yaserde(rename = "IPsec")]
+    pub ipsec: Option<IPsec>,
+    #[yaserde(rename = "Interfaces")]
+    pub interfaces: Option<ConfigInterfaces>,
+    #[yaserde(rename = "Kea")]
+    pub kea: Option<RawXml>,
+    pub monit: Option<Monit>,
+    #[yaserde(rename = "OpenVPNExport")]
+    pub openvpn_export: Option<OpenVPNExport>,
+    pub proxy: Option<Proxy>,
+    #[yaserde(rename = "Syslog")]
+    pub syslog: Option<ConfigSyslog>,
+    #[yaserde(rename = "TrafficShaper")]
+    pub traffic_shaper: Option<RawXml>,
+    pub unboundplus: Option<RawXml>,
+    #[yaserde(rename = "DHCRelay")]
+    pub dhcrelay: Option<RawXml>,
+    pub wireguard: Option<Wireguard>,
+    #[yaserde(rename = "Swanctl")]
+    pub swanctl: Swanctl,
+    #[yaserde(rename = "DynDNS")]
+    pub dyndns: Option<DynDNS>,
+    #[yaserde(rename = "OpenVPN")]
+    pub openvpn: ConfigOpenVPN,
+    #[yaserde(rename = "Gateways")]
+    pub gateways: RawXml,
+    #[yaserde(rename = "HAProxy")]
+    pub haproxy: Option<HAProxy>,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+#[yaserde(rename = "IDS")]
+pub struct IDS {
+    #[yaserde(attribute)]
+    version: String,
+    rules: MaybeString,
+    policies: MaybeString,
+    #[yaserde(rename = "userDefinedRules")]
+    user_defined_rules: MaybeString,
+    files: MaybeString,
+    #[yaserde(rename = "fileTags")]
+    file_tags: MaybeString,
+    general: IDSGeneral,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct IDSGeneral {
+    enabled: Option<u8>,
+    ips: Option<u8>,
+    promisc: Option<u8>,
+    interfaces: String,
+    homenet: String,
+    #[yaserde(rename = "defaultPacketSize")]
+    default_packet_size: MaybeString,
+    #[yaserde(rename = "UpdateCron")]
+    update_cron: MaybeString,
+    #[yaserde(rename = "AlertLogrotate")]
+    alert_logrotate: String,
+    #[yaserde(rename = "AlertSaveLogs")]
+    alert_save_logs: u8,
+    #[yaserde(rename = "MPMAlgo")]
+    mpm_algo: MaybeString,
+    detect: Detect,
+    syslog: Option<u8>,
+    syslog_eve: Option<u8>,
+    #[yaserde(rename = "LogPayload")]
+    log_payload: Option<u8>,
+    verbosity: MaybeString,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct Detect {
+    #[yaserde(rename = "Profile")]
+    profile: MaybeString,
+    toclient_groups: MaybeString,
+    toserver_groups: MaybeString,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct IPsec {
+    #[yaserde(attribute)]
+    version: String,
+    general: GeneralIpsec,
+    #[yaserde(rename = "keyPairs")]
+    key_pairs: MaybeString,
+    #[yaserde(rename = "preSharedKeys")]
+    pre_shared_keys: MaybeString,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct GeneralIpsec {
+    enabled: MaybeString,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+#[yaserde(rename = "Interfaces")]
+pub struct ConfigInterfaces {
+    vxlans: Vxlan,
+    loopbacks: Loopback,
+    neighbors: Option<Neighbors>,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct Neighbors {
+    #[yaserde(attribute)]
+    version: String,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct Vxlan {
+    #[yaserde(attribute)]
+    version: String,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct Loopback {
+    #[yaserde(attribute)]
+    version: String,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+#[yaserde(rename = "monit")]
+pub struct Monit {
+    #[yaserde(attribute)]
+    version: String,
+    general: GeneralMonit,
+    alert: Option<Alert>,
+    service: Vec<Service>,
+    test: Vec<Test>,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct GeneralMonit {
+    enabled: u8,
+    interval: u32,
+    startdelay: u32,
+    mailserver: String,
+    port: u16,
+    username: MaybeString,
+    password: MaybeString,
+    ssl: u8,
+    sslversion: String,
+    sslverify: u8,
+    logfile: MaybeString,
+    statefile: MaybeString,
+    #[yaserde(rename = "eventqueuePath")]
+    event_queue_path: MaybeString,
+    #[yaserde(rename = "eventqueueSlots")]
+    event_queue_slots: MaybeString,
+    #[yaserde(rename = "httpdEnabled")]
+    httpd_enabled: u8,
+    #[yaserde(rename = "httpdUsername")]
+    httpd_username: String,
+    #[yaserde(rename = "httpdPassword")]
+    httpd_password: MaybeString,
+    #[yaserde(rename = "httpdPort")]
+    httpd_port: u16,
+    #[yaserde(rename = "httpdAllow")]
+    httpd_allow: MaybeString,
+    #[yaserde(rename = "mmonitUrl")]
+    mmonit_url: MaybeString,
+    #[yaserde(rename = "mmonitTimeout")]
+    mmonit_timeout: u32,
+    #[yaserde(rename = "mmonitRegisterCredentials")]
+    mmonit_register_credentials: u8,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct Alert {
+    #[yaserde(attribute)]
+    uuid: String,
+    enabled: u8,
+    recipient: String,
+    noton: u8,
+    events: MaybeString,
+    format: MaybeString,
+    reminder: MaybeString,
+    description: MaybeString,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct Service {
+    #[yaserde(attribute)]
+    uuid: String,
+    enabled: u8,
+    name: String,
+    description: MaybeString,
+    #[yaserde(rename = "type")]
+    r#type: String,
+    pidfile: MaybeString,
+    #[yaserde(rename = "match")]
+    r#match: MaybeString,
+    path: MaybeString,
+    timeout: u32,
+    starttimeout: u32,
+    address: MaybeString,
+    interface: MaybeString,
+    start: MaybeString,
+    stop: MaybeString,
+    tests: String,
+    depends: MaybeString,
+    polltime: MaybeString,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct Test {
+    #[yaserde(attribute)]
+    uuid: String,
+    name: String,
+    #[yaserde(rename = "type")]
+    r#type: String,
+    condition: String,
+    action: String,
+    path: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct CaptivePortal {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "zones")]
+    pub zones: Option<Zones>,
+    #[yaserde(rename = "templates")]
+    pub templates: Option<Templates>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Cron {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "jobs")]
+    pub jobs: Option<Jobs>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Netflow {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "capture")]
+    pub capture: Option<Capture>,
+    #[yaserde(rename = "collect")]
+    pub collect: Option<Collect>,
+    #[yaserde(rename = "activeTimeout")]
+    pub active_timeout: Option<u64>,
+    #[yaserde(rename = "inactiveTimeout")]
+    pub inactive_timeout: Option<u64>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Capture {
+    #[yaserde(rename = "interfaces")]
+    pub interfaces: MaybeString,
+    #[yaserde(rename = "egress_only")]
+    pub egress_only: MaybeString,
+    #[yaserde(rename = "version")]
+    pub version: MaybeString,
+    #[yaserde(rename = "targets")]
+    pub targets: Option<Targets>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Collect {
+    #[yaserde(rename = "enable")]
+    pub enable: Option<u8>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Zones {
+    // Define fields for Zones, e.g.:
+    #[yaserde(rename = "zone")]
+    pub zones: Vec<Zone>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Zone {
+    #[yaserde(attribute)]
+    pub uuid: MaybeString,
+    #[yaserde(rename = "name")]
+    pub name: MaybeString,
+    // Add other fields as needed
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Templates {
+    // Define fields for Templates, e.g.:
+    #[yaserde(rename = "template")]
+    pub templates: Vec<Template>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Template {
+    #[yaserde(attribute)]
+    pub uuid: MaybeString,
+    #[yaserde(rename = "name")]
+    pub name: MaybeString,
+    // Add other fields as needed
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Jobs {
+    // Define fields for Jobs, e.g.:
+    #[yaserde(rename = "job")]
+    pub jobs: Vec<Job>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Job {
+    #[yaserde(attribute)]
+    pub uuid: MaybeString,
+    #[yaserde(rename = "name")]
+    pub name: MaybeString,
+    // Add other fields as needed
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Targets {
+    // Define fields for Targets, e.g.:
+    #[yaserde(rename = "target")]
+    pub targets: Vec<Target>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Target {
+    #[yaserde(attribute)]
+    pub uuid: MaybeString,
+    #[yaserde(rename = "name")]
+    pub name: MaybeString,
+    // Add other fields as needed
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Firewall {
+    #[yaserde(rename = "Lvtemplate")]
+    pub lv_template: Option<LvTemplate>,
+    #[yaserde(rename = "Category")]
+    pub category: Option<Category>,
+    #[yaserde(rename = "Filter")]
+    pub filter: Option<Filter>,
+    #[yaserde(rename = "Alias")]
+    pub alias: Option<Alias>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct LvTemplate {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "templates")]
+    pub templates: Option<Templates>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Category {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "categories")]
+    pub categories: Option<Categories>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Categories {
+    #[yaserde(rename = "category")]
+    pub categories: Vec<CategoryItem>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct CategoryItem {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    #[yaserde(rename = "name")]
+    pub name: MaybeString,
+    #[yaserde(rename = "auto")]
+    pub auto: Option<u8>,
+    #[yaserde(rename = "color")]
+    pub color: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Alias {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "geoip")]
+    pub geoip: Option<GeoIP>,
+    #[yaserde(rename = "aliases")]
+    pub aliases: Option<Aliases>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct GeoIP {
+    #[yaserde(rename = "url")]
+    pub url: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Aliases {
+    #[yaserde(rename = "alias")]
+    pub aliases: Vec<AliasItem>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct AliasItem {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub enabled: String,
+    pub name: String,
+    #[yaserde(rename = "type")]
+    pub r#type: String,
+    pub proto: MaybeString,
+    pub interface: MaybeString,
+    pub counters: String,
+    pub updatefreq: MaybeString,
+    pub content: String,
+    pub categories: MaybeString,
+    pub description: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct OpenVPNExport {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub servers: Option<Servers>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Servers {}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[yaserde(rename = "proxy")]
+pub struct Proxy {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub general: ConfigGeneral,
+    pub forward: Forward,
+    pub pac: Option<Pac>,
+    #[yaserde(rename = "error_pages")]
+    pub error_pages: ErrorPages,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct ConfigGeneral {
+    pub enabled: i32,
+    #[yaserde(rename = "error_pages")]
+    pub error_pages: String,
+    pub icpPort: MaybeString,
+    pub logging: Logging,
+    pub alternateDNSservers: MaybeString,
+    pub dnsV4First: i32,
+    pub forwardedForHandling: String,
+    pub uriWhitespaceHandling: String,
+    pub enablePinger: i32,
+    pub useViaHeader: i32,
+    pub suppressVersion: i32,
+    pub connecttimeout: MaybeString,
+    #[yaserde(rename = "VisibleEmail")]
+    pub visible_email: String,
+    #[yaserde(rename = "VisibleHostname")]
+    pub visible_hostname: MaybeString,
+    pub cache: Cache,
+    pub traffic: Traffic,
+    pub parentproxy: ParentProxy,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Logging {
+    pub enable: Enable,
+    pub ignoreLogACL: MaybeString,
+    pub target: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Enable {
+    pub accessLog: i32,
+    pub storeLog: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Cache {
+    pub local: LocalCache,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct LocalCache {
+    pub enabled: i32,
+    pub directory: String,
+    pub cache_mem: i32,
+    pub maximum_object_size: MaybeString,
+    pub maximum_object_size_in_memory: MaybeString,
+    pub memory_cache_mode: String,
+    pub size: i32,
+    pub l1: i32,
+    pub l2: i32,
+    pub cache_linux_packages: i32,
+    pub cache_windows_updates: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Traffic {
+    pub enabled: i32,
+    #[yaserde(rename = "maxDownloadSize")]
+    pub max_download_size: i32,
+    #[yaserde(rename = "maxUploadSize")]
+    pub max_upload_size: i32,
+    #[yaserde(rename = "OverallBandwidthTrotteling")]
+    pub overall_bandwidth_trotteling: i32,
+    #[yaserde(rename = "perHostTrotteling")]
+    pub per_host_trotteling: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct ParentProxy {
+    pub enabled: i32,
+    pub host: MaybeString,
+    pub enableauth: i32,
+    pub user: MaybeString,
+    pub password: MaybeString,
+    pub port: MaybeString,
+    pub localdomains: MaybeString,
+    pub localips: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Forward {
+    pub interfaces: String,
+    pub port: i32,
+    pub sslbumpport: i32,
+    pub sslbump: i32,
+    pub sslurlonly: i32,
+    pub sslcertificate: MaybeString,
+    pub sslnobumpsites: MaybeString,
+    pub ssl_crtd_storage_max_size: i32,
+    pub sslcrtd_children: i32,
+    pub snmp_enable: i32,
+    pub snmp_port: i32,
+    pub snmp_password: String,
+    #[yaserde(rename = "ftpInterfaces")]
+    pub ftp_interfaces: MaybeString,
+    #[yaserde(rename = "ftpPort")]
+    pub ftp_port: i32,
+    #[yaserde(rename = "ftpTransparentMode")]
+    pub ftp_transparent_mode: i32,
+    #[yaserde(rename = "addACLforInterfaceSubnets")]
+    pub add_acl_for_interface_subnets: i32,
+    #[yaserde(rename = "transparentMode")]
+    pub transparent_mode: i32,
+    pub acl: Acl,
+    pub icap: Icap,
+    pub authentication: Authentication,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Acl {
+    #[yaserde(rename = "allowedSubnets")]
+    pub allowed_subnets: MaybeString,
+    pub unrestricted: MaybeString,
+    #[yaserde(rename = "bannedHosts")]
+    pub banned_hosts: MaybeString,
+    #[yaserde(rename = "whiteList")]
+    pub white_list: MaybeString,
+    #[yaserde(rename = "blackList")]
+    pub black_list: MaybeString,
+    pub browser: MaybeString,
+    #[yaserde(rename = "mimeType")]
+    pub mime_type: MaybeString,
+    #[yaserde(rename = "googleapps")]
+    pub google_apps: MaybeString,
+    pub youtube: MaybeString,
+    #[yaserde(rename = "safePorts")]
+    pub safe_ports: String,
+    #[yaserde(rename = "sslPorts")]
+    pub ssl_ports: String,
+    #[yaserde(rename = "remoteACLs")]
+    pub remote_acls: RemoteAcls,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct RemoteAcls {
+    pub blacklists: MaybeString,
+    #[yaserde(rename = "UpdateCron")]
+    pub update_cron: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Icap {
+    pub enable: i32,
+    #[yaserde(rename = "RequestURL")]
+    pub request_url: String,
+    #[yaserde(rename = "ResponseURL")]
+    pub response_url: String,
+    #[yaserde(rename = "SendClientIP")]
+    pub send_client_ip: i32,
+    #[yaserde(rename = "SendUsername")]
+    pub send_username: i32,
+    #[yaserde(rename = "EncodeUsername")]
+    pub encode_username: i32,
+    #[yaserde(rename = "UsernameHeader")]
+    pub username_header: String,
+    #[yaserde(rename = "EnablePreview")]
+    pub enable_preview: i32,
+    #[yaserde(rename = "PreviewSize")]
+    pub preview_size: i32,
+    #[yaserde(rename = "OptionsTTL")]
+    pub options_ttl: i32,
+    pub exclude: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Authentication {
+    pub method: MaybeString,
+    #[yaserde(rename = "authEnforceGroup")]
+    pub auth_enforce_group: MaybeString,
+    pub realm: String,
+    pub credentialsttl: i32, // This field is already in snake_case
+    pub children: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Pac {}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct ErrorPages {
+    pub template: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct ConfigSyslog {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub general: SyslogGeneral,
+    pub destinations: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct SyslogGeneral {
+    pub enabled: i32,
+    pub loglocal: Option<MaybeString>,
+    pub maxpreserve: Option<MaybeString>,
+    pub maxfilesize: Option<MaybeString>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct UnboundPlus {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub general: UnboundGeneral,
+    pub advanced: Advanced,
+    pub acls: Acls,
+    pub dnsbl: Dnsbl,
+    pub forwarding: Forwarding,
+    pub dots: MaybeString,
+    pub hosts: Hosts,
+    pub aliases: MaybeString,
+    pub domains: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct UnboundGeneral {
+    pub enabled: i32,
+    pub port: i32,
+    pub stats: MaybeString,
+    pub active_interface: MaybeString,
+    pub dnssec: MaybeString,
+    pub dns64: MaybeString,
+    pub dns64prefix: MaybeString,
+    pub noarecords: MaybeString,
+    pub regdhcp: i32,
+    pub regdhcpdomain: MaybeString,
+    pub regdhcpstatic: i32,
+    pub noreglladdr6: MaybeString,
+    pub noregrecords: MaybeString,
+    pub txtsupport: MaybeString,
+    pub cacheflush: MaybeString,
+    pub local_zone_type: String,
+    pub outgoing_interface: MaybeString,
+    pub enable_wpad: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Advanced {
+    pub hideidentity: i32,
+    pub hideversion: i32,
+    pub prefetch: i32,
+    pub prefetchkey: i32,
+    pub dnssecstripped: i32,
+    pub serveexpired: i32,
+    pub serveexpiredreplyttl: MaybeString,
+    pub serveexpiredttl: MaybeString,
+    pub serveexpiredttlreset: i32,
+    pub serveexpiredclienttimeout: MaybeString,
+    pub qnameminstrict: i32,
+    pub extendedstatistics: i32,
+    pub logqueries: i32,
+    pub logreplies: i32,
+    pub logtagqueryreply: i32,
+    pub logservfail: MaybeString,
+    pub loglocalactions: MaybeString,
+    pub logverbosity: i32,
+    pub valloglevel: i32,
+    pub privatedomain: MaybeString,
+    pub privateaddress: MaybeString,
+    pub insecuredomain: MaybeString,
+    pub msgcachesize: MaybeString,
+    pub rrsetcachesize: MaybeString,
+    pub outgoingnumtcp: MaybeString,
+    pub incomingnumtcp: MaybeString,
+    pub numqueriesperthread: MaybeString,
+    pub outgoingrange: MaybeString,
+    pub jostletimeout: MaybeString,
+    pub cachemaxttl: MaybeString,
+    pub cachemaxnegativettl: MaybeString,
+    pub cacheminttl: MaybeString,
+    pub infrahostttl: MaybeString,
+    pub infrakeepprobing: MaybeString,
+    pub infracachenumhosts: MaybeString,
+    pub unwantedreplythreshold: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Acls {
+    #[yaserde(rename = "default_action")]
+    pub default_action: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Dnsbl {
+    pub enabled: i32,
+    pub safesearch: MaybeString,
+    #[yaserde(rename = "type")]
+    pub r#type: MaybeString,
+    pub lists: MaybeString,
+    pub whitelists: MaybeString,
+    pub blocklists: MaybeString,
+    pub wildcards: MaybeString,
+    pub address: MaybeString,
+    pub nxdomain: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Forwarding {
+    pub enabled: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Hosts {
+    #[yaserde(rename = "host")]
+    pub hosts: Vec<Host>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Host {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub enabled: i32,
+    pub hostname: String,
+    pub domain: String,
+    pub rr: String,
+    pub mxprio: MaybeString,
+    pub mx: MaybeString,
+    pub server: String,
+    pub description: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Wireguard {
+    pub general: WireguardGeneral,
+    pub server: WireguardServer,
+    pub client: WireguardClient,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardGeneral {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub enabled: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardServer {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub servers: WireguardServerList,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardServerList {
+    pub server: Vec<WireguardServerItem>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardServerItem {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub enabled: i32,
+    pub name: String,
+    pub instance: i32,
+    pub pubkey: String,
+    pub privkey: String,
+    pub port: i32,
+    pub mtu: MaybeString,
+    pub dns: MaybeString,
+    pub tunneladdress: String,
+    pub disableroutes: i32,
+    pub gateway: MaybeString,
+    pub carp_depend_on: MaybeString,
+    pub peers: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardClient {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub clients: WireguardClientList,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardClientList {
+    pub client: Vec<WireguardClientItem>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardClientItem {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub enabled: i32,
+    pub name: String,
+    pub pubkey: String,
+    pub psk: MaybeString,
+    pub tunneladdress: String,
+    pub serveraddress: MaybeString,
+    pub serverport: MaybeString,
+    pub keepalive: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Swanctl {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "Connections")]
+    pub connections: MaybeString,
+    pub locals: MaybeString,
+    pub remotes: MaybeString,
+    pub children: MaybeString,
+    #[yaserde(rename = "Pools")]
+    pub pools: MaybeString,
+    #[yaserde(rename = "VTIs")]
+    pub vtis: MaybeString,
+    #[yaserde(rename = "SPDs")]
+    pub spds: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[yaserde(rename = "DynDNS")]
+pub struct DynDNS {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub general: DynDNSGeneral,
+    pub accounts: Accounts,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct DynDNSGeneral {
+    pub enabled: i32,
+    pub verbose: i32,
+    pub allowipv6: i32,
+    pub daemon_delay: i32,
+    pub backend: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Accounts {
+    #[yaserde(rename = "account")]
+    pub account: Account,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Account {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub enabled: i32,
+    pub service: String,
+    pub protocol: MaybeString,
+    pub server: MaybeString,
+    pub username: String,
+    pub password: String,
+    #[yaserde(rename = "resourceId")]
+    pub resource_id: MaybeString,
+    pub hostnames: String,
+    pub wildcard: i32,
+    pub zone: MaybeString,
+    pub checkip: String,
+    #[yaserde(rename = "checkip_timeout")]
+    pub checkip_timeout: i32,
+    #[yaserde(rename = "force_ssl")]
+    pub force_ssl: i32,
+    pub ttl: i32,
+    pub interface: String,
+    pub description: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct ConfigOpenVPN {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "Overwrites")]
+    pub Overwrites: MaybeString,
+    #[yaserde(rename = "Instances")]
+    pub Instances: MaybeString,
+    #[yaserde(rename = "StaticKeys")]
+    pub StaticKeys: MaybeString,
+}
+
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[yaserde(rename = "HAProxy")]
+pub struct HAProxy {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub general: HaProxyGeneral,
+    pub frontends: HAProxyFrontends,
+    pub backends: HAProxyBackends,
+    pub servers: HAProxyServers,
+    pub healthchecks: HAProxyHealthChecks,
+    pub acls: MaybeString,
+    pub actions: MaybeString,
+    pub luas: MaybeString,
+    pub fcgis: MaybeString,
+    pub errorfiles: MaybeString,
+    pub mapfiles: MaybeString,
+    pub groups: MaybeString,
+    pub users: MaybeString,
+    pub cpus: MaybeString,
+    pub resolvers: MaybeString,
+    pub mailers: MaybeString,
+    pub maintenance: Maintenance,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Maintenance {
+    #[yaserde(rename = "cronjobs")]
+    pub cronjobs: CronJobs,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct CronJobs {
+    #[yaserde(rename = "syncCerts")]
+    pub sync_certs: u32,
+    #[yaserde(rename = "syncCertsCron")]
+    pub sync_certs_cron: MaybeString,
+    #[yaserde(rename = "updateOcsp")]
+    pub update_ocsp: u32,
+    #[yaserde(rename = "updateOcspCron")]
+    pub update_ocsp_cron: MaybeString,
+    #[yaserde(rename = "reloadService")]
+    pub reload_service: u32,
+    #[yaserde(rename = "reloadServiceCron")]
+    pub reload_service_cron: MaybeString,
+    #[yaserde(rename = "restartService")]
+    pub restart_service: u32,
+    #[yaserde(rename = "restartServiceCron")]
+    pub restart_service_cron: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HaProxyGeneral {
+    pub enabled: i32,
+    #[yaserde(rename = "gracefulStop")]
+    pub graceful_stop: i32,
+    #[yaserde(rename = "hardStopAfter")]
+    pub hard_stop_after: String,
+    #[yaserde(rename = "closeSpreadTime")]
+    pub close_spread_time: MaybeString,
+    #[yaserde(rename = "seamlessReload")]
+    pub seamless_reload: i32,
+    #[yaserde(rename = "storeOcsp")]
+    pub store_ocsp: i32,
+    #[yaserde(rename = "showIntro")]
+    pub show_intro: i32,
+    pub peers: Peers,
+    pub tuning: Tuning,
+    pub defaults: HaProxyDefaults,
+    pub logging: HaProxyLogging,
+    pub stats: Stats,
+    pub cache: HaProxyCache,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Peers {
+    pub enabled: i32,
+    pub name1: MaybeString,
+    pub listen1: MaybeString,
+    pub port1: i32,
+    pub name2: MaybeString,
+    pub listen2: MaybeString,
+    pub port2: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Tuning {
+    pub root: i32,
+    #[yaserde(rename = "maxConnections")]
+    pub max_connections: MaybeString,
+    pub nbthread: i32,
+    #[yaserde(rename = "sslServerVerify")]
+    pub ssl_server_verify: String,
+    #[yaserde(rename = "maxDHSize")]
+    pub max_dh_size: i32,
+    #[yaserde(rename = "bufferSize")]
+    pub buffer_size: i32,
+    #[yaserde(rename = "spreadChecks")]
+    pub spread_checks: i32,
+    #[yaserde(rename = "bogusProxyEnabled")]
+    pub bogus_proxy_enabled: i32,
+    #[yaserde(rename = "luaMaxMem")]
+    pub lua_max_mem: i32,
+    #[yaserde(rename = "customOptions")]
+    pub custom_options: MaybeString,
+    #[yaserde(rename = "ssl_defaultsEnabled")]
+    pub ssl_defaults_enabled: i32,
+    #[yaserde(rename = "ssl_bindOptions")]
+    pub ssl_bind_options: String,
+    #[yaserde(rename = "ssl_minVersion")]
+    pub ssl_min_version: String,
+    #[yaserde(rename = "ssl_maxVersion")]
+    pub ssl_max_version: MaybeString,
+    #[yaserde(rename = "ssl_cipherList")]
+    pub ssl_cipher_list: String,
+    #[yaserde(rename = "ssl_cipherSuites")]
+    pub ssl_cipher_suites: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HaProxyDefaults {
+    #[yaserde(rename = "maxConnections")]
+    pub max_connections: MaybeString,
+    #[yaserde(rename = "maxConnectionsServers")]
+    pub max_connections_servers: MaybeString,
+    #[yaserde(rename = "timeoutClient")]
+    pub timeout_client: String,
+    #[yaserde(rename = "timeoutConnect")]
+    pub timeout_connect: String,
+    #[yaserde(rename = "timeoutCheck")]
+    pub timeout_check: MaybeString,
+    #[yaserde(rename = "timeoutServer")]
+    pub timeout_server: String,
+    pub retries: i32,
+    pub redispatch: String,
+    pub init_addr: String,
+    #[yaserde(rename = "customOptions")]
+    pub custom_options: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HaProxyLogging {
+    pub host: String,
+    pub facility: String,
+    pub level: String,
+    pub length: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Stats {
+    pub enabled: i32,
+    pub port: i32,
+    #[yaserde(rename = "remoteEnabled")]
+    pub remote_enabled: i32,
+    #[yaserde(rename = "remoteBind")]
+    pub remote_bind: MaybeString,
+    #[yaserde(rename = "authEnabled")]
+    pub auth_enabled: i32,
+    #[yaserde(rename = "users")]
+    pub users: MaybeString,
+    #[yaserde(rename = "allowedUsers")]
+    pub allowed_users: MaybeString,
+    #[yaserde(rename = "allowedGroups")]
+    pub allowed_groups: MaybeString,
+    #[yaserde(rename = "customOptions")]
+    pub custom_options: MaybeString,
+    pub prometheus_enabled: i32,
+    pub prometheus_bind: String,
+    pub prometheus_path: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HaProxyCache {
+    pub enabled: i32,
+    #[yaserde(rename = "totalMaxSize")]
+    pub total_max_size: i32,
+    #[yaserde(rename = "maxAge")]
+    pub max_age: i32,
+    #[yaserde(rename = "maxObjectSize")]
+    pub max_object_size: MaybeString,
+    #[yaserde(rename = "processVary")]
+    pub process_vary: i32,
+    #[yaserde(rename = "maxSecondaryEntries")]
+    pub max_secondary_entries: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HAProxyFrontends {
+    pub frontend: Vec<Frontend>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Frontend {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub id: String,
+    pub enabled: i32,
+    pub name: String,
+    pub description: String,
+    pub bind: String,
+    #[yaserde(rename = "bindOptions")]
+    pub bind_options: MaybeString,
+    pub mode: String,
+    #[yaserde(rename = "defaultBackend")]
+    pub default_backend: String,
+    pub ssl_enabled: i32,
+    pub ssl_certificates: MaybeString,
+    pub ssl_default_certificate: MaybeString,
+    #[yaserde(rename = "ssl_customOptions")]
+    pub ssl_custom_options: MaybeString,
+    #[yaserde(rename = "ssl_advancedEnabled")]
+    pub ssl_advanced_enabled: i32,
+    #[yaserde(rename = "ssl_bindOptions")]
+    pub ssl_bind_options: String,
+    #[yaserde(rename = "ssl_minVersion")]
+    pub ssl_min_version: String,
+    #[yaserde(rename = "ssl_maxVersion")]
+    pub ssl_max_version: MaybeString,
+    #[yaserde(rename = "ssl_cipherList")]
+    pub ssl_cipher_list: String,
+    #[yaserde(rename = "ssl_cipherSuites")]
+    pub ssl_cipher_suites: String,
+    #[yaserde(rename = "ssl_hstsEnabled")]
+    pub ssl_hsts_enabled: i32,
+    #[yaserde(rename = "ssl_hstsIncludeSubDomains")]
+    pub ssl_hsts_include_sub_domains: i32,
+    #[yaserde(rename = "ssl_hstsPreload")]
+    pub ssl_hsts_preload: i32,
+    #[yaserde(rename = "ssl_hstsMaxAge")]
+    pub ssl_hsts_max_age: i32,
+    #[yaserde(rename = "ssl_clientAuthEnabled")]
+    pub ssl_client_auth_enabled: i32,
+    #[yaserde(rename = "ssl_clientAuthVerify")]
+    pub ssl_client_auth_verify: String,
+    #[yaserde(rename = "ssl_clientAuthCAs")]
+    pub ssl_client_auth_cas: MaybeString,
+    #[yaserde(rename = "ssl_clientAuthCRLs")]
+    pub ssl_client_auth_cr_ls: MaybeString,
+    #[yaserde(rename = "basicAuthEnabled")]
+    pub basic_auth_enabled: i32,
+    #[yaserde(rename = "basicAuthUsers")]
+    pub basic_auth_users: MaybeString,
+    #[yaserde(rename = "basicAuthGroups")]
+    pub basic_auth_groups: MaybeString,
+    #[yaserde(rename = "tuning_maxConnections")]
+    pub tuning_max_connections: MaybeString,
+    #[yaserde(rename = "tuning_timeoutClient")]
+    pub tuning_timeout_client: MaybeString,
+    #[yaserde(rename = "tuning_timeoutHttpReq")]
+    pub tuning_timeout_http_req: MaybeString,
+    #[yaserde(rename = "tuning_timeoutHttpKeepAlive")]
+    pub tuning_timeout_http_keep_alive: MaybeString,
+    #[yaserde(rename = "linkedCpuAffinityRules")]
+    pub linked_cpu_affinity_rules: MaybeString,
+    pub tuning_shards: MaybeString,
+    #[yaserde(rename = "logging_dontLogNull")]
+    pub logging_dont_log_null: i32,
+    #[yaserde(rename = "logging_dontLogNormal")]
+    pub logging_dont_log_normal: i32,
+    #[yaserde(rename = "logging_logSeparateErrors")]
+    pub logging_log_separate_errors: i32,
+    #[yaserde(rename = "logging_detailedLog")]
+    pub logging_detailed_log: i32,
+    #[yaserde(rename = "logging_socketStats")]
+    pub logging_socket_stats: i32,
+    pub stickiness_pattern: MaybeString,
+    #[yaserde(rename = "stickiness_dataTypes")]
+    pub stickiness_data_types: MaybeString,
+    pub stickiness_expire: String,
+    pub stickiness_size: String,
+    pub stickiness_counter: i32,
+    pub stickiness_counter_key: String,
+    pub stickiness_length: MaybeString,
+    #[yaserde(rename = "stickiness_connRatePeriod")]
+    pub stickiness_conn_rate_period: String,
+    #[yaserde(rename = "stickiness_sessRatePeriod")]
+    pub stickiness_sess_rate_period: String,
+    #[yaserde(rename = "stickiness_httpReqRatePeriod")]
+    pub stickiness_http_req_rate_period: String,
+    #[yaserde(rename = "stickiness_httpErrRatePeriod")]
+    pub stickiness_http_err_rate_period: String,
+    #[yaserde(rename = "stickiness_bytesInRatePeriod")]
+    pub stickiness_bytes_in_rate_period: String,
+    #[yaserde(rename = "stickiness_bytesOutRatePeriod")]
+    pub stickiness_bytes_out_rate_period: String,
+    #[yaserde(rename = "http2Enabled")]
+    pub http2_enabled: i32,
+    #[yaserde(rename = "http2Enabled_nontls")]
+    pub http2_enabled_nontls: i32,
+    pub advertised_protocols: String,
+    #[yaserde(rename = "forwardFor")]
+    pub forward_for: i32,
+    pub prometheus_enabled: i32,
+    pub prometheus_path: String,
+    #[yaserde(rename = "connectionBehaviour")]
+    pub connection_behaviour: String,
+    #[yaserde(rename = "customOptions")]
+    pub custom_options: MaybeString,
+    #[yaserde(rename = "linkedActions")]
+    pub linked_actions: MaybeString,
+    #[yaserde(rename = "linkedErrorfiles")]
+    pub linked_error_files: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HAProxyBackends {
+    #[yaserde(rename = "backend")]
+    pub backends: Vec<Backend>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Backend {
+    #[yaserde(attribute, rename = "uuid")]
+    pub uuid: String,
+    #[yaserde(rename = "id")]
+    pub id: String,
+    #[yaserde(rename = "enabled")]
+    pub enabled: u8,
+    #[yaserde(rename = "name")]
+    pub name: String,
+    #[yaserde(rename = "description")]
+    pub description: MaybeString,
+    #[yaserde(rename = "mode")]
+    pub mode: String,
+    #[yaserde(rename = "algorithm")]
+    pub algorithm: String,
+    #[yaserde(rename = "random_draws")]
+    pub random_draws: Option<u32>,
+    #[yaserde(rename = "proxyProtocol")]
+    pub proxy_protocol: MaybeString,
+    #[yaserde(rename = "linkedServers")]
+    pub linked_servers: MaybeString,
+    #[yaserde(rename = "linkedFcgi")]
+    pub linked_fcgi: MaybeString,
+    #[yaserde(rename = "linkedResolver")]
+    pub linked_resolver: MaybeString,
+    #[yaserde(rename = "resolverOpts")]
+    pub resolver_opts: MaybeString,
+    #[yaserde(rename = "resolvePrefer")]
+    pub resolve_prefer: MaybeString,
+    #[yaserde(rename = "source")]
+    pub source: MaybeString,
+    #[yaserde(rename = "healthCheckEnabled")]
+    pub health_check_enabled: u8,
+    #[yaserde(rename = "healthCheck")]
+    pub health_check: MaybeString,
+    #[yaserde(rename = "healthCheckLogStatus")]
+    pub health_check_log_status: u8,
+    #[yaserde(rename = "checkInterval")]
+    pub check_interval: MaybeString,
+    #[yaserde(rename = "checkDownInterval")]
+    pub check_down_interval: MaybeString,
+    #[yaserde(rename = "healthCheckFall")]
+    pub health_check_fall: MaybeString,
+    #[yaserde(rename = "healthCheckRise")]
+    pub health_check_rise: MaybeString,
+    #[yaserde(rename = "linkedMailer")]
+    pub linked_mailer: MaybeString,
+    #[yaserde(rename = "http2Enabled")]
+    pub http2_enabled: u8,
+    #[yaserde(rename = "http2Enabled_nontls")]
+    pub http2_enabled_nontls: u8,
+    #[yaserde(rename = "ba_advertised_protocols")]
+    pub ba_advertised_protocols: String,
+    #[yaserde(rename = "persistence")]
+    pub persistence: String,
+    #[yaserde(rename = "persistence_cookiemode")]
+    pub persistence_cookiemode: String,
+    #[yaserde(rename = "persistence_cookiename")]
+    pub persistence_cookiename: MaybeString,
+    #[yaserde(rename = "persistence_stripquotes")]
+    pub persistence_stripquotes: u8,
+    #[yaserde(rename = "stickiness_pattern")]
+    pub stickiness_pattern: String,
+    #[yaserde(rename = "stickiness_dataTypes")]
+    pub stickiness_data_types: MaybeString,
+    #[yaserde(rename = "stickiness_expire")]
+    pub stickiness_expire: String,
+    #[yaserde(rename = "stickiness_size")]
+    pub stickiness_size: String,
+    #[yaserde(rename = "stickiness_cookiename")]
+    pub stickiness_cookiename: MaybeString,
+    #[yaserde(rename = "stickiness_cookielength")]
+    pub stickiness_cookielength: MaybeString,
+    #[yaserde(rename = "stickiness_connRatePeriod")]
+    pub stickiness_conn_rate_period: String,
+    #[yaserde(rename = "stickiness_sessRatePeriod")]
+    pub stickiness_sess_rate_period: String,
+    #[yaserde(rename = "stickiness_httpReqRatePeriod")]
+    pub stickiness_http_req_rate_period: String,
+    #[yaserde(rename = "stickiness_httpErrRatePeriod")]
+    pub stickiness_http_err_rate_period: String,
+    #[yaserde(rename = "stickiness_bytesInRatePeriod")]
+    pub stickiness_bytes_in_rate_period: String,
+    #[yaserde(rename = "stickiness_bytesOutRatePeriod")]
+    pub stickiness_bytes_out_rate_period: String,
+    #[yaserde(rename = "basicAuthEnabled")]
+    pub basic_auth_enabled: u8,
+    #[yaserde(rename = "basicAuthUsers")]
+    pub basic_auth_users: MaybeString,
+    #[yaserde(rename = "basicAuthGroups")]
+    pub basic_auth_groups: MaybeString,
+    #[yaserde(rename = "tuning_timeoutConnect")]
+    pub tuning_timeout_connect: MaybeString,
+    #[yaserde(rename = "tuning_timeoutCheck")]
+    pub tuning_timeout_check: MaybeString,
+    #[yaserde(rename = "tuning_timeoutServer")]
+    pub tuning_timeout_server: MaybeString,
+    #[yaserde(rename = "tuning_retries")]
+    pub tuning_retries: MaybeString,
+    #[yaserde(rename = "customOptions")]
+    pub custom_options: MaybeString,
+    #[yaserde(rename = "tuning_defaultserver")]
+    pub tuning_defaultserver: MaybeString,
+    #[yaserde(rename = "tuning_noport")]
+    pub tuning_noport: u8,
+    #[yaserde(rename = "tuning_httpreuse")]
+    pub tuning_httpreuse: MaybeString,
+    #[yaserde(rename = "tuning_caching")]
+    pub tuning_caching: u8,
+    #[yaserde(rename = "linkedActions")]
+    pub linked_actions: MaybeString,
+    #[yaserde(rename = "linkedErrorfiles")]
+    pub linked_errorfiles: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HAProxyServers {
+    #[yaserde(rename = "server")]
+    pub servers: Vec<HAProxyServer>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HAProxyServer {
+    #[yaserde(attribute, rename = "uuid")]
+    pub uuid: String,
+    pub id: String,
+    pub enabled: u8,
+    pub name: String,
+    pub description: MaybeString,
+    pub address: String,
+    pub port: u16,
+    pub checkport: MaybeString,
+    pub mode: String,
+    pub multiplexer_protocol: String,
+    #[yaserde(rename = "type")]
+    pub server_type: String,
+    #[yaserde(rename = "serviceName")]
+    pub service_name: MaybeString,
+    pub number: MaybeString,
+    #[yaserde(rename = "linkedResolver")]
+    pub linked_resolver: MaybeString,
+    #[yaserde(rename = "resolverOpts")]
+    pub resolver_opts: MaybeString,
+    #[yaserde(rename = "resolvePrefer")]
+    pub resolve_prefer: MaybeString,
+    pub ssl: u8,
+    #[yaserde(rename = "sslSNI")]
+    pub ssl_sni: MaybeString,
+    #[yaserde(rename = "sslVerify")]
+    pub ssl_verify: u8,
+    #[yaserde(rename = "sslCA")]
+    pub ssl_ca: MaybeString,
+    #[yaserde(rename = "sslCRL")]
+    pub ssl_crl: MaybeString,
+    #[yaserde(rename = "sslClientCertificate")]
+    pub ssl_client_certificate: MaybeString,
+    #[yaserde(rename = "maxConnections")]
+    pub max_connections: MaybeString,
+    pub weight: u32,
+    #[yaserde(rename = "checkInterval")]
+    pub check_interval: MaybeString,
+    #[yaserde(rename = "checkDownInterval")]
+    pub check_down_interval: MaybeString,
+    pub source: MaybeString,
+    pub advanced: MaybeString,
+    #[yaserde(rename = "unix_socket")]
+    pub unix_socket: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HAProxyHealthChecks {
+    #[yaserde(rename = "healthcheck")]
+    pub healthchecks: Vec<HAProxyHealthCheck>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HAProxyHealthCheck {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub name: String,
+    pub description: MaybeString,
+    #[yaserde(rename = "type")]
+    pub health_check_type: String,
+    pub interval: String,
+    pub ssl: String,
+    #[yaserde(rename = "sslSNI")]
+    pub ssl_sni: MaybeString,
+    pub force_ssl: u8,
+    pub checkport: MaybeString,
+    pub http_method: String,
+    pub http_uri: String,
+    pub http_version: MaybeString,
+    #[yaserde(rename = "http_host")]
+    pub http_host: MaybeString,
+    #[yaserde(rename = "http_expressionEnabled")]
+    pub http_expression_enabled: Option<u8>,
+    pub http_expression: MaybeString,
+    pub http_negate: MaybeString,
+    pub http_value: MaybeString,
+    pub tcp_enabled: MaybeString,
+    #[yaserde(rename = "tcp_sendValue")]
+    pub tcp_send_value: MaybeString,
+    #[yaserde(rename = "tcp_matchType")]
+    pub tcp_match_type: MaybeString,
+    pub tcp_negate: MaybeString,
+    #[yaserde(rename = "tcp_matchValue")]
+    pub tcp_match_value: MaybeString,
+    pub agent_port: MaybeString,
+    pub mysql_user: MaybeString,
+    pub mysql_post41: MaybeString,
+    pub pgsql_user: MaybeString,
+    pub smtp_domain: MaybeString,
+    pub esmtp_domain: MaybeString,
+    #[yaserde(rename = "agentPort")]
+    pub agent_port_uppercase: MaybeString,
+    #[yaserde(rename = "dbUser")]
+    pub db_user: MaybeString,
+    #[yaserde(rename = "smtpDomain")]
+    pub smtp_domain_uppercase: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct StaticRoutes {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "route")]
+    pub route: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Ca {}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Gateways {
+    #[yaserde(rename = "gateway_item")]
+    pub gateway_item: RawXml
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Cert {
+    #[yaserde(attribute)]
+    pub uuid: Option<String>,
+    pub refid: String,
+    pub descr: String,
+    pub crt: String,
+    pub caref: Option<MaybeString>,
+    pub csr: Option<MaybeString>,
+    pub prv: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct DhcpDv6 {} // Empty struct for <dhcpdv6/>
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct VirtualIp {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "vip")]
+    pub vip: Vip,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Vip {
+    #[yaserde(attribute)]
+    pub uuid: Option<String>,
+    pub interface: Option<MaybeString>,
+    pub mode: Option<MaybeString>,
+    pub subnet: Option<MaybeString>,
+    pub subnet_bits: Option<MaybeString>,
+    pub gateway: Option<MaybeString>,
+    pub noexpand: Option<MaybeString>,
+    pub nobind: Option<MaybeString>,
+    pub password: Option<MaybeString>,
+    pub vhid: Option<MaybeString>,
+    pub advbase: Option<MaybeString>,
+    pub advskew: Option<MaybeString>,
+    pub descr: Option<MaybeString>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct OpenVpn {
+    #[yaserde(rename = "openvpn-server")]
+    pub openvpn_server: Option<MaybeString>,
+    #[yaserde(rename = "openvpn-client")]
+    pub openvpn_client: Option<MaybeString>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Ppps {
+    pub ppp: Ppp,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Ppp {
+    pub ptpid: Option<MaybeString>,
+    #[yaserde(rename = "type")]
+    pub r#type: Option<MaybeString>,
+    #[yaserde(rename = "if")]
+    pub r#if: Option<MaybeString>,
+    pub ports: Option<MaybeString>,
+    pub username: Option<MaybeString>,
+    pub password: Option<MaybeString>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Dyndnses {
+    pub dyndns: Dyndns,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Dyndns {
+    #[yaserde(rename = "type")]
+    pub r#type: String,
+    pub username: MaybeString,
+    pub password: String,
+    pub host: String,
+    pub mx: MaybeString,
+    pub interface: String,
+    pub zoneid: MaybeString,
+    pub resourceid: MaybeString,
+    pub ttl: MaybeString,
+    pub updateurl: MaybeString,
+    pub resultmatch: MaybeString,
+    pub requestif: String,
+    pub descr: MaybeString,
+    pub id: u32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Vlans {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub vlan: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Bridges {
+    pub bridged: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Gifs {
+    #[yaserde(attribute)]
+    pub version: Option<String>,
+    pub gif: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Gres {
+    #[yaserde(attribute)]
+    pub version: Option<String>,
+    pub gre: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Laggs {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub lagg: Option<MaybeString>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Wireless {
+    pub clone: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Hasync {
+    #[yaserde(attribute)]
+    pub version: Option<String>,
+    pub synchronizealiases: Option<MaybeString>,
+    pub synchronizeauthservers: Option<MaybeString>,
+    pub synchronizecerts: Option<MaybeString>,
+    pub synchronizedhcpd: Option<MaybeString>,
+    pub synchronizenat: Option<MaybeString>,
+    pub synchronizerules: Option<MaybeString>,
+    pub synchronizeschedules: Option<MaybeString>,
+    pub synchronizestaticroutes: Option<MaybeString>,
+    pub synchronizeusers: Option<MaybeString>,
+    pub synchronizevirtualip: Option<MaybeString>,
+    pub synchronizewidgets: Option<MaybeString>,
+    pub synchronizedhcrelay: Option<MaybeString>,
+    pub synchronizedhcpdv6: Option<MaybeString>,
+    pub synchronizedhcrelay6: Option<MaybeString>,
+    pub synchronizentpd: Option<MaybeString>,
+    pub synchronizesyslog: Option<MaybeString>,
+    pub synchronizecron: Option<MaybeString>,
+    pub synchronizesysctl: Option<MaybeString>,
+    pub synchronizewebgui: Option<MaybeString>,
+    pub synchronizednsforwarder: Option<MaybeString>,
+    pub synchronizeshaper: Option<MaybeString>,
+    pub synchronizecaptiveportal: Option<MaybeString>,
+    pub synchronizeipsec: Option<MaybeString>,
+    pub synchronizemonit: Option<MaybeString>,
+    pub synchronizessh: Option<MaybeString>,
+    pub synchronizeopenvpn: Option<MaybeString>,
+    pub synchronizeifgroups: Option<MaybeString>,
+    pub synchronizecategories: Option<MaybeString>,
+    pub synchronizelvtemplate: Option<MaybeString>,
+    pub synchronizesquid: Option<MaybeString>,
+    pub synchronizesuricata: Option<MaybeString>,
+    pub synchronizednsresolver: Option<MaybeString>,
+    pub pfsyncinterface: Option<MaybeString>,
+    pub synchronizetoip: Option<MaybeString>,
+    pub username: Option<MaybeString>,
+    pub password: Option<MaybeString>,
+    pub pfsyncenabled: Option<MaybeString>,
+    pub disablepreempt: Option<MaybeString>,
+    pub disconnectppps: Option<MaybeString>,
+    pub pfsyncpeerip: Option<MaybeString>,
+    pub pfsyncversion: Option<MaybeString>,
+    pub syncitems: Option<MaybeString>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Ifgroups {
+    #[yaserde(attribute)]
+    pub version: String,
+}
diff --git a/harmony-rs/opnsense-config-xml/src/lib.rs b/harmony-rs/opnsense-config-xml/src/lib.rs
new file mode 100644
index 0000000..f210ae5
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/src/lib.rs
@@ -0,0 +1,4 @@
+mod xml_utils;
+mod data;
+pub use data::*;
+pub use yaserde::MaybeString;
diff --git a/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs b/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs
new file mode 100644
index 0000000..bdd2fcd
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs
@@ -0,0 +1,20 @@
+use yaserde::YaSerialize;
+
+pub fn to_xml_str<T: YaSerialize>(model: &T) -> Result<String, String> {
+    let yaserde_cfg = yaserde::ser::Config {
+        perform_indent: true,
+        write_document_declaration: false,
+        pad_self_closing: false,
+        ..Default::default()
+    };
+    let serialized = yaserde::ser::to_string_with_config::<T>(model, &yaserde_cfg)?;
+
+    // Opnsense does not specify encoding in the document declaration
+    //
+    // yaserde / xml-rs does not allow disabling the encoding attribute in the
+    // document declaration
+    //
+    // So here we just manually prefix the xml document with the exact document declaration
+    // that opnsense uses
+    Ok(format!("<?xml version=\"1.0\"?>\n{serialized}\n"))
+}
diff --git a/harmony-rs/opnsense-config/Cargo.toml b/harmony-rs/opnsense-config/Cargo.toml
new file mode 100644
index 0000000..b75f146
--- /dev/null
+++ b/harmony-rs/opnsense-config/Cargo.toml
@@ -0,0 +1,23 @@
+[package]
+name = "opnsense-config"
+edition = "2021"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+
+[dependencies]
+serde = { version = "1.0.123", features = [ "derive" ] }
+log = { workspace = true }
+env_logger = { workspace = true }
+russh = { workspace = true }
+russh-keys = { workspace = true }
+thiserror = "1.0"
+async-trait = { workspace = true }
+tokio = { workspace = true }
+opnsense-config-xml = { path = "../opnsense-config-xml" }
+chrono = "0.4.38"
+russh-sftp = "2.0.6"
+serde_json = "1.0.133"
+
+[dev-dependencies]
+pretty_assertions = "1.4.1"
diff --git a/harmony-rs/opnsense-config/adr/001-yaserde.md b/harmony-rs/opnsense-config/adr/001-yaserde.md
new file mode 100644
index 0000000..69e61df
--- /dev/null
+++ b/harmony-rs/opnsense-config/adr/001-yaserde.md
@@ -0,0 +1,38 @@
+# Architecture Decision Record: Using yaserde for OPNsense Config Parsing
+
+- Status : Proposed
+- Author : Jean-Gabriel Gill-Couture
+
+## Context
+
+We need to parse and manipulate the OPNsense config.xml file in our Rust crate. We considered several XML parsing libraries, including quick-xml, xml-dom, minidom and yaserde. Each library has its own strengths and trade-offs in terms of performance, ease of use, and robustness.
+
+## Decision
+
+We have decided to use yaserde for parsing and manipulating the OPNsense config.xml file.
+
+## Rationale
+
+1. Type Safety: yaserde allows us to define a complete Rust representation of the config.xml structure. This provides strong type safety and makes it easier to catch errors at compile-time rather than runtime.
+
+2. Robustness: By mapping the entire config structure to Rust types, we ensure that our code interacts with the config in a well-defined manner. This reduces the risk of runtime errors due to unexpected XML structures.
+
+3. Ease of Use: Working with native Rust types is more intuitive and less error-prone than manipulating XML directly. This can lead to more maintainable and readable code.
+
+4. Memory Usage: While yaserde may use more memory than streaming parsers like quick-xml, the OPNsense config files are typically not large enough for this to be a significant concern. We prioritize robustness and ease of use over minimal memory usage in this context.
+
+5. Serialization/Deserialization: yaserde provides both deserialization (XML to Rust structs) and serialization (Rust structs to XML) out of the box, which simplifies our implementation.
+
+## Consequences
+
+Positive:
+- Increased type safety and robustness in handling the config.xml structure.
+- More intuitive API for developers working with the config.
+- Easier to extend and maintain the code that interacts with different parts of the config.
+
+Negative:
+- It will be harder to maintain when there are breaking changes in the config.xml format. Any structural changes in the XML will require corresponding updates to our Rust struct definitions.
+- Slightly higher memory usage compared to streaming parsers.
+- Initial development time may be longer due to the need to define the entire config structure upfront.
+
+We accept the trade-off of potentially more difficult maintenance in the face of breaking config.xml changes, as we believe the benefits of increased robustness and type safety outweigh this drawback. When OPNsense releases updates that change the config.xml structure, we will need to update our Rust struct definitions accordingly.
diff --git a/harmony-rs/opnsense-config/src/config/config.rs b/harmony-rs/opnsense-config/src/config/config.rs
new file mode 100644
index 0000000..b38fa29
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/config.rs
@@ -0,0 +1,147 @@
+use std::{net::Ipv4Addr, sync::Arc, time::Duration};
+
+use crate::{config::{SshConfigManager, SshCredentials, SshOPNSenseShell}, error::Error, modules::dhcp::DhcpConfig};
+use log::trace;
+use opnsense_config_xml::OPNsense;
+use russh::client;
+
+use super::{ConfigManager, OPNsenseShell};
+
+#[derive(Debug)]
+pub struct Config {
+    opnsense: OPNsense,
+    repository: Arc<dyn ConfigManager>,
+    shell: Arc<dyn OPNsenseShell>,
+}
+
+impl Config {
+    pub async fn new(
+        repository: Arc<dyn ConfigManager>,
+        shell: Arc<dyn OPNsenseShell>,
+    ) -> Result<Self, Error> {
+        let xml = repository.load_as_str().await?;
+        trace!("xml {}", xml);
+
+        let opnsense = OPNsense::from(xml);
+
+        Ok(Self {
+            opnsense,
+            repository,
+            shell,
+        })
+    }
+
+    pub fn dhcp(&mut self) -> DhcpConfig {
+        DhcpConfig::new(&mut self.opnsense, self.shell.clone())
+    }
+
+    pub async fn apply(&self) -> Result<(), Error> {
+        self.repository
+            .apply_new_config(&self.opnsense.to_xml())
+            .await
+    }
+
+    pub async fn from_credentials(ipaddr: std::net::IpAddr, username: &str, password: &str) -> Self {
+        let config = Arc::new(client::Config {
+            inactivity_timeout: Some(Duration::from_secs(5)),
+            ..<_>::default()
+        });
+
+        let credentials = SshCredentials::Password {
+            username: String::from(username),
+            password: String::from(password),
+        };
+
+        let shell = Arc::new(SshOPNSenseShell::new(
+            (ipaddr, 22),
+            credentials,
+            config,
+        ));
+        let manager = Arc::new(SshConfigManager::new(shell.clone()));
+
+        Config::new(manager, shell).await.unwrap()
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use crate::config::{DummyOPNSenseShell, LocalFileConfigManager};
+    use crate::modules::dhcp::DhcpConfig;
+    use std::fs;
+    use std::net::Ipv4Addr;
+
+    use super::*;
+    use pretty_assertions::assert_eq;
+    use std::path::PathBuf;
+
+    #[tokio::test]
+    async fn test_load_config_from_local_file() {
+        for path in vec![
+            "src/tests/data/config-vm-test.xml",
+            "src/tests/data/config-full-1.xml",
+            "src/tests/data/config-structure.xml",
+        ] {
+            let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
+            test_file_path.push(path);
+
+            let config_file_path = test_file_path.to_str().unwrap().to_string();
+            println!("File path {config_file_path}");
+            let repository = Arc::new(LocalFileConfigManager::new(config_file_path));
+            let shell = Arc::new(DummyOPNSenseShell {});
+            let config_file_str = repository.load_as_str().await.unwrap();
+            let config = Config::new(repository, shell)
+                .await
+                .expect("Failed to load config");
+
+            println!("Config {:?}", config);
+
+            let serialized = config.opnsense.to_xml();
+
+            fs::write("/tmp/serialized.xml", &serialized).unwrap();
+
+            // Since the order of all fields is not always the same in opnsense config files
+            // I think it is good enough to have exactly the same amount of the same lines
+            let config_file_str_sorted = vec![config_file_str.lines().collect::<Vec<_>>()].sort();
+            let serialized_sorted = vec![config_file_str.lines().collect::<Vec<_>>()].sort();
+            assert_eq!(config_file_str_sorted, serialized_sorted);
+        }
+    }
+
+    #[tokio::test]
+    async fn test_add_dhcpd_static_entry() {
+        let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
+        test_file_path.push("src/tests/data/config-structure.xml");
+
+        let config_file_path = test_file_path.to_str().unwrap().to_string();
+        println!("File path {config_file_path}");
+        let repository = Arc::new(LocalFileConfigManager::new(config_file_path));
+        let shell = Arc::new(DummyOPNSenseShell {});
+        let mut config = Config::new(repository, shell.clone())
+            .await
+            .expect("Failed to load config");
+
+        println!("Config {:?}", config);
+
+        let mut dhcp_config = DhcpConfig::new(&mut config.opnsense, shell);
+        dhcp_config
+            .add_static_mapping(
+                "00:00:00:00:00:00",
+                Ipv4Addr::new(192, 168, 20, 100),
+                "hostname",
+            )
+            .expect("Should add static mapping");
+
+        let serialized = config.opnsense.to_xml();
+
+        fs::write("/tmp/serialized.xml", &serialized).unwrap();
+
+        let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
+        test_file_path.push("src/tests/data/config-structure-with-dhcp-staticmap-entry.xml");
+
+        let config_file_path = test_file_path.to_str().unwrap().to_string();
+        println!("File path {config_file_path}");
+        let repository = Box::new(LocalFileConfigManager::new(config_file_path));
+        let expected_config_file_str = repository.load_as_str().await.unwrap();
+        assert_eq!(expected_config_file_str, serialized);
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/config/manager/local_file.rs b/harmony-rs/opnsense-config/src/config/manager/local_file.rs
new file mode 100644
index 0000000..7e773c8
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/manager/local_file.rs
@@ -0,0 +1,26 @@
+use crate::config::manager::ConfigManager;
+use crate::error::Error;
+use async_trait::async_trait;
+use std::fs;
+
+#[derive(Debug)]
+pub struct LocalFileConfigManager {
+    file_path: String,
+}
+
+impl LocalFileConfigManager {
+    pub fn new(file_path: String) -> Self {
+        Self { file_path }
+    }
+}
+
+#[async_trait]
+impl ConfigManager for LocalFileConfigManager {
+    async fn load_as_str(&self) -> Result<String, Error> {
+        Ok(fs::read_to_string(&self.file_path)?)
+    }
+
+    async fn apply_new_config(&self, content: &str) -> Result<(), Error> {
+        Ok(fs::write(&self.file_path, content)?)
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/config/manager/mod.rs b/harmony-rs/opnsense-config/src/config/manager/mod.rs
new file mode 100644
index 0000000..42f95ca
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/manager/mod.rs
@@ -0,0 +1,13 @@
+mod ssh;
+mod local_file;
+use async_trait::async_trait;
+pub use ssh::*;
+pub use local_file::*;
+
+use crate::Error;
+
+#[async_trait]
+pub trait ConfigManager: std::fmt::Debug + Send + Sync {
+    async fn load_as_str(&self) -> Result<String, Error>;
+    async fn apply_new_config(&self, content: &str) -> Result<(), Error>;
+}
diff --git a/harmony-rs/opnsense-config/src/config/manager/ssh.rs b/harmony-rs/opnsense-config/src/config/manager/ssh.rs
new file mode 100644
index 0000000..a32298b
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/manager/ssh.rs
@@ -0,0 +1,62 @@
+use crate::config::{manager::ConfigManager, OPNsenseShell};
+use crate::error::Error;
+use async_trait::async_trait;
+use log::info;
+use russh_keys::key::KeyPair;
+use std::sync::Arc;
+
+#[derive(Debug)]
+pub enum SshCredentials {
+    SshKey { username: String, key: Arc<KeyPair> },
+    Password { username: String, password: String },
+}
+
+#[derive(Debug)]
+pub struct SshConfigManager {
+    opnsense_shell: Arc<dyn OPNsenseShell>,
+}
+
+impl SshConfigManager {
+    pub fn new(opnsense_shell: Arc<dyn OPNsenseShell>) -> Self {
+        Self { opnsense_shell }
+    }
+}
+
+impl SshConfigManager {
+    async fn backup_config_remote(&self) -> Result<String, Error> {
+        let backup_filename = format!("config_{}.xml", chrono::Local::now().format("%Y%m%d%H%M%S"));
+
+        self.opnsense_shell.exec(&format!("cp /conf/config.xml /tmp/{}", backup_filename))
+            .await
+    }
+
+    async fn move_to_live_config(&self, new_config_path: &str) -> Result<String, Error> {
+        info!("Overwriting OPNSense /conf/config.xml with {new_config_path}");
+        self.opnsense_shell.exec(&format!("mv {new_config_path} /conf/config.xml"))
+            .await
+    }
+
+    async fn reload_all_services(&self) -> Result<String, Error> {
+        info!("Reloading all opnsense services");
+        self.opnsense_shell.exec(&format!("configctl service reload all"))
+            .await
+    }
+}
+
+#[async_trait]
+impl ConfigManager for SshConfigManager {
+    async fn load_as_str(&self) -> Result<String, Error> {
+        self.opnsense_shell.exec("cat /conf/config.xml").await
+    }
+
+    async fn apply_new_config(&self, content: &str) -> Result<(), Error> {
+        let temp_filename = self
+            .opnsense_shell
+            .write_content_to_temp_file(content)
+            .await?;
+        self.backup_config_remote().await?;
+        self.move_to_live_config(&temp_filename).await?;
+        self.reload_all_services().await?;
+        Ok(())
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/config/mod.rs b/harmony-rs/opnsense-config/src/config/mod.rs
new file mode 100644
index 0000000..e84bee9
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/mod.rs
@@ -0,0 +1,6 @@
+mod config;
+mod manager;
+mod shell;
+pub use manager::*;
+pub use config::*;
+pub use shell::*;
diff --git a/harmony-rs/opnsense-config/src/config/shell/mod.rs b/harmony-rs/opnsense-config/src/config/shell/mod.rs
new file mode 100644
index 0000000..3a644a6
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/shell/mod.rs
@@ -0,0 +1,27 @@
+mod ssh;
+pub use ssh::*;
+
+use async_trait::async_trait;
+
+use crate::Error;
+
+#[async_trait]
+pub trait OPNsenseShell: std::fmt::Debug + Send + Sync {
+    async fn exec(&self, command: &str) -> Result<String, Error>;
+    async fn write_content_to_temp_file(&self, content: &str) -> Result<String, Error>;
+}
+
+#[cfg(test)]
+#[derive(Debug)]
+pub struct DummyOPNSenseShell;
+
+#[cfg(test)]
+#[async_trait]
+impl OPNsenseShell for DummyOPNSenseShell {
+    async fn exec(&self, _command: &str) -> Result<String, Error> {
+        unimplemented!("This is a dummy implementation");
+    }
+    async fn write_content_to_temp_file(&self, _content: &str) -> Result<String, Error> {
+        unimplemented!("This is a dummy implementation");
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/config/shell/ssh.rs b/harmony-rs/opnsense-config/src/config/shell/ssh.rs
new file mode 100644
index 0000000..453231c
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/shell/ssh.rs
@@ -0,0 +1,137 @@
+use std::{
+    net::IpAddr,
+    sync::Arc,
+    time::{SystemTime, UNIX_EPOCH},
+};
+
+use async_trait::async_trait;
+use log::debug;
+use russh::{
+    client::{Config, Handler, Msg},
+    Channel,
+};
+use russh_keys::key;
+use russh_sftp::client::SftpSession;
+use tokio::io::AsyncWriteExt;
+
+use crate::{config::SshCredentials, Error};
+
+use super::OPNsenseShell;
+
+#[derive(Debug)]
+pub struct SshOPNSenseShell {
+    host: (IpAddr, u16),
+    credentials: SshCredentials,
+    ssh_config: Arc<Config>,
+}
+
+#[async_trait]
+impl OPNsenseShell for SshOPNSenseShell {
+    async fn exec(&self, command: &str) -> Result<String, Error> {
+        self.run_command(command).await
+    }
+
+    async fn write_content_to_temp_file(&self, content: &str) -> Result<String, Error> {
+        let temp_filename = format!(
+            "/tmp/opnsense-config-tmp-config_{}",
+            SystemTime::now()
+                .duration_since(UNIX_EPOCH)
+                .unwrap()
+                .as_millis()
+        );
+        let channel = self.get_ssh_channel().await?;
+        channel
+            .request_subsystem(true, "sftp")
+            .await
+            .expect("Should request sftp subsystem");
+        let sftp = SftpSession::new(channel.into_stream())
+            .await
+            .expect("Should acquire sftp subsystem");
+
+        let mut file = sftp.create(&temp_filename).await.unwrap();
+        file.write_all(content.as_bytes()).await?;
+
+        Ok(temp_filename)
+    }
+}
+
+impl SshOPNSenseShell {
+    pub async fn get_ssh_channel(&self) -> Result<Channel<Msg>, Error> {
+        let mut ssh = russh::client::connect(self.ssh_config.clone(), self.host, Client {}).await?;
+
+        match &self.credentials {
+            SshCredentials::SshKey { username, key } => {
+                ssh.authenticate_publickey(username, key.clone()).await?;
+            }
+            SshCredentials::Password { username, password } => {
+                ssh.authenticate_password(username, password).await?;
+            }
+        }
+
+        Ok(ssh.channel_open_session().await?)
+    }
+
+    async fn run_command(&self, command: &str) -> Result<String, Error> {
+        debug!("Running ssh command {command}");
+        let mut channel = self.get_ssh_channel().await?;
+        channel.exec(true, command).await?;
+        wait_for_completion(&mut channel).await
+    }
+
+    pub fn new(host: (IpAddr, u16), credentials: SshCredentials, ssh_config: Arc<Config>) -> Self {
+        Self {
+            host,
+            credentials,
+            ssh_config,
+        }
+    }
+}
+
+struct Client {}
+
+#[async_trait]
+impl Handler for Client {
+    type Error = Error;
+
+    async fn check_server_key(
+        &mut self,
+        _server_public_key: &key::PublicKey,
+    ) -> Result<bool, Self::Error> {
+        Ok(true)
+    }
+}
+
+async fn wait_for_completion(channel: &mut Channel<Msg>) -> Result<String, Error> {
+    let mut output = Vec::new();
+
+    loop {
+        let Some(msg) = channel.wait().await else {
+            break;
+        };
+
+        match msg {
+            russh::ChannelMsg::ExtendedData { ref data, .. }
+            | russh::ChannelMsg::Data { ref data } => {
+                output.append(&mut data.to_vec());
+            }
+            russh::ChannelMsg::ExitStatus { exit_status } => {
+                if exit_status != 0 {
+                    return Err(Error::Command(format!(
+                        "Command failed with exit status {exit_status}, output {}",
+                        String::from_utf8(output).unwrap_or_default()
+                    )));
+                }
+            }
+            russh::ChannelMsg::Success { .. }
+            | russh::ChannelMsg::WindowAdjusted { .. }
+            | russh::ChannelMsg::Eof { .. } => {}
+            _ => {
+                return Err(Error::Unexpected(format!(
+                    "Russh got unexpected msg {msg:?}"
+                )))
+            }
+        }
+    }
+
+    Ok(String::from_utf8(output).unwrap_or_default())
+}
diff --git a/harmony-rs/opnsense-config/src/error.rs b/harmony-rs/opnsense-config/src/error.rs
new file mode 100644
index 0000000..03d3075
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/error.rs
@@ -0,0 +1,17 @@
+use thiserror::Error;
+
+#[derive(Error, Debug)]
+pub enum Error {
+    #[error("XML error: {0}")]
+    Xml(String),
+    #[error("SSH error: {0}")]
+    Ssh(#[from] russh::Error),
+    #[error("Command failed : {0}")]
+    Command(String),
+    #[error("I/O error: {0}")]
+    Io(#[from] std::io::Error),
+    #[error("Config error: {0}")]
+    Config(String),
+    #[error("Unexpected error: {0}")]
+    Unexpected(String),
+}
diff --git a/harmony-rs/opnsense-config/src/lib.rs b/harmony-rs/opnsense-config/src/lib.rs
new file mode 100644
index 0000000..59a378e
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/lib.rs
@@ -0,0 +1,55 @@
+pub mod config;
+pub mod error;
+pub mod modules;
+
+pub use config::Config;
+pub use error::Error;
+#[cfg(test)]
+mod test {
+    use opnsense_config_xml::StaticMap;
+    use std::net::Ipv4Addr;
+
+    use crate::Config;
+    use pretty_assertions::assert_eq;
+
+    #[tokio::test]
+    async fn test_public_sdk() {
+        let mac = "11:22:33:44:55:66";
+        let ip = Ipv4Addr::new(10, 100, 8, 200);
+        let hostname = "test_hostname";
+
+        remove_static_mapping(mac).await;
+
+        // Make sure static mapping does not exist anymore
+        let static_mapping_removed = get_static_mappings().await;
+        assert!(!static_mapping_removed.iter().any(|e| e.mac == mac));
+
+        add_static_mapping(mac, ip, hostname).await;
+
+        // Make sure static mapping has been added successfully
+        let static_mapping_added = get_static_mappings().await;
+        assert_eq!(static_mapping_added.len(), static_mapping_removed.len() + 1);
+        assert!(static_mapping_added.iter().any(|e| e.mac == mac));
+    }
+
+    async fn initialize_config() -> Config {
+        Config::from_credentials(Ipv4Addr::new(192, 168, 5, 229), "root", "opnsense").await
+    }
+
+    async fn get_static_mappings() -> Vec<StaticMap> {
+        let mut config = initialize_config().await;
+        config.dhcp().get_static_mappings().await.unwrap()
+    }
+
+    async fn add_static_mapping(mac: &str, ip: Ipv4Addr, hostname: &str) {
+        let mut config = initialize_config().await;
+        config.dhcp().add_static_mapping(mac, ip, hostname).unwrap();
+        config.apply().await.unwrap();
+    }
+
+    async fn remove_static_mapping(mac: &str) {
+        let mut config = initialize_config().await;
+        config.dhcp().remove_static_mapping(mac);
+        config.apply().await.unwrap();
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/modules/dhcp.rs b/harmony-rs/opnsense-config/src/modules/dhcp.rs
new file mode 100644
index 0000000..a337cac
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/modules/dhcp.rs
@@ -0,0 +1,211 @@
+use opnsense_config_xml::MaybeString;
+use opnsense_config_xml::Range;
+use opnsense_config_xml::StaticMap;
+use std::cmp::Ordering;
+use std::net::Ipv4Addr;
+use std::sync::Arc;
+
+use opnsense_config_xml::OPNsense;
+
+use crate::config::OPNsenseShell;
+use crate::Error;
+
+pub struct DhcpConfig<'a> {
+    opnsense: &'a mut OPNsense,
+    opnsense_shell: Arc<dyn OPNsenseShell>,
+}
+
+#[derive(Debug)]
+pub enum DhcpError {
+    InvalidMacAddress(String),
+    InvalidIpAddress(String),
+    IpAddressAlreadyMapped(String),
+    MacAddressAlreadyMapped(String),
+    IpAddressOutOfRange(String),
+}
+
+impl std::fmt::Display for DhcpError {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            DhcpError::InvalidMacAddress(mac) => write!(f, "Invalid MAC address format: {}", mac),
+            DhcpError::InvalidIpAddress(ip) => write!(f, "Invalid IP address format: {}", ip),
+            DhcpError::IpAddressAlreadyMapped(ip) => {
+                write!(f, "IP address {} is already mapped", ip)
+            }
+            DhcpError::MacAddressAlreadyMapped(mac) => {
+                write!(f, "MAC address {} is already mapped", mac)
+            }
+            DhcpError::IpAddressOutOfRange(ip) => {
+                write!(f, "IP address {} is out of interface range", ip)
+            }
+        }
+    }
+}
+
+impl std::error::Error for DhcpError {}
+
+impl<'a> DhcpConfig<'a> {
+    pub fn new(opnsense: &'a mut OPNsense, opnsense_shell: Arc<dyn OPNsenseShell>) -> Self {
+        Self {
+            opnsense,
+            opnsense_shell,
+        }
+    }
+
+    pub fn remove_static_mapping(&mut self, mac: &str) {
+        let lan_dhcpd = self.get_lan_dhcpd();
+        lan_dhcpd.staticmaps.retain(|static_entry| static_entry.mac != mac);
+    }
+
+    fn get_lan_dhcpd(&mut self) -> &mut opnsense_config_xml::DhcpInterface {
+        &mut self
+            .opnsense
+            .dhcpd
+            .elements
+            .iter_mut()
+            .find(|(name, _config)| return name == "lan")
+            .expect("Interface lan should have dhcpd activated")
+            .1
+    }
+
+    pub fn add_static_mapping(
+        &mut self,
+        mac: &str,
+        ipaddr: Ipv4Addr,
+        hostname: &str,
+    ) -> Result<(), DhcpError> {
+        let mac = mac.to_string();
+        let hostname = hostname.to_string();
+        let lan_dhcpd = self.get_lan_dhcpd();
+        let range = &lan_dhcpd.range;
+        let existing_mappings: &mut Vec<StaticMap> = &mut lan_dhcpd.staticmaps;
+
+        if !Self::is_valid_mac(&mac) {
+            return Err(DhcpError::InvalidMacAddress(mac));
+        }
+
+        if !Self::is_ip_in_range(&ipaddr, range) {
+            return Err(DhcpError::IpAddressOutOfRange(ipaddr.to_string()));
+        }
+
+        if existing_mappings.iter().any(|m| {
+            m.ipaddr
+                .parse::<Ipv4Addr>()
+                .expect("Mapping contains invalid ipv4")
+                == ipaddr
+        }) {
+            return Err(DhcpError::IpAddressAlreadyMapped(ipaddr.to_string()));
+        }
+
+        if existing_mappings.iter().any(|m| m.mac == mac) {
+            return Err(DhcpError::MacAddressAlreadyMapped(mac));
+        }
+
+        let static_map = StaticMap {
+            mac,
+            ipaddr: ipaddr.to_string(),
+            hostname,
+            descr: Default::default(),
+            winsserver: Default::default(),
+            dnsserver: Default::default(),
+            ntpserver: Default::default(),
+        };
+
+        existing_mappings.push(static_map);
+        Ok(())
+    }
+
+    fn is_valid_mac(mac: &str) -> bool {
+        let parts: Vec<&str> = mac.split(':').collect();
+        if parts.len() != 6 {
+            return false;
+        }
+
+        parts
+            .iter()
+            .all(|part| part.len() == 2 && part.chars().all(|c| c.is_ascii_hexdigit()))
+    }
+
+    fn is_ip_in_range(ip: &Ipv4Addr, range: &Range) -> bool {
+        let range_start = range
+            .from
+            .parse::<Ipv4Addr>()
+            .expect("Invalid DHCP range start");
+        let range_end = range.to.parse::<Ipv4Addr>().expect("Invalid DHCP range to");
+
+        let start_compare = range_start.cmp(ip);
+        let end_compare = range_end.cmp(ip);
+
+        if (Ordering::Less == start_compare || Ordering::Equal == start_compare)
+            && (Ordering::Greater == end_compare || Ordering::Equal == end_compare)
+        {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    pub async fn get_static_mappings(&self) -> Result<Vec<StaticMap>, Error> {
+        let list_static_output = self
+            .opnsense_shell
+            .exec("configctl dhcpd list static")
+            .await?;
+
+        let value: serde_json::Value = serde_json::from_str(&list_static_output).expect(&format!(
+            "Got invalid json from configctl {list_static_output}"
+        ));
+        let static_maps = value["dhcpd"]
+            .as_array()
+            .ok_or(Error::Command(format!(
+                "Invalid DHCP data from configctl command, got {list_static_output}"
+            )))?
+            .iter()
+            .map(|entry| StaticMap {
+                mac: entry["mac"].as_str().unwrap_or_default().to_string(),
+                ipaddr: entry["ipaddr"].as_str().unwrap_or_default().to_string(),
+                hostname: entry["hostname"].as_str().unwrap_or_default().to_string(),
+                descr: entry["descr"].as_str().map(MaybeString::from),
+                winsserver: MaybeString::default(),
+                dnsserver: MaybeString::default(),
+                ntpserver: MaybeString::default(),
+            })
+            .collect();
+
+        Ok(static_maps)
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use pretty_assertions::assert_eq;
+    use std::net::Ipv4Addr;
+
+    #[test]
+    fn test_ip_in_range() {
+        let range = Range {
+            from: "192.168.1.100".to_string(),
+            to: "192.168.1.200".to_string(),
+        };
+
+        // Test IP within range
+        let ip = "192.168.1.150".parse::<Ipv4Addr>().unwrap();
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, &range), true);
+
+        // Test IP at start of range
+        let ip = "192.168.1.100".parse::<Ipv4Addr>().unwrap();
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, &range), true);
+
+        // Test IP at end of range
+        let ip = "192.168.1.200".parse::<Ipv4Addr>().unwrap();
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, &range), true);
+
+        // Test IP before range
+        let ip = "192.168.1.99".parse::<Ipv4Addr>().unwrap();
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, &range), false);
+
+        // Test IP after range
+        let ip = "192.168.1.201".parse::<Ipv4Addr>().unwrap();
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, &range), false);
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/modules/mod.rs b/harmony-rs/opnsense-config/src/modules/mod.rs
new file mode 100644
index 0000000..5833493
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/modules/mod.rs
@@ -0,0 +1 @@
+pub mod dhcp;
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml b/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml
new file mode 100644
index 0000000..33eff7a
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml
@@ -0,0 +1,2769 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense</theme>
+  <sysctl>
+    <item>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+      <tunable>vfs.read_max</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop packets to closed TCP ports without returning a RST</descr>
+      <tunable>net.inet.tcp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
+      <tunable>net.inet.udp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize the ID field in IP packets</descr>
+      <tunable>net.inet.ip.random_id</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.</descr>
+      <tunable>net.inet.ip.sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.</descr>
+      <tunable>net.inet.ip.accept_sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>This option turns off the logging of redirect packets because there is no limit and this could fill
+        up your logs consuming your whole hard drive.</descr>
+      <tunable>net.inet.icmp.log_redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
+      <tunable>net.inet.tcp.drop_synfin</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable sending IPv6 redirects</descr>
+      <tunable>net.inet6.ip6.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
+      <tunable>net.inet6.ip6.use_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Prefer privacy addresses and use them over the normal addresses</descr>
+      <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
+      <tunable>net.inet.tcp.syncookies</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
+      <tunable>net.inet.tcp.recvspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
+      <tunable>net.inet.tcp.sendspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
+      <tunable>net.inet.tcp.delayed_ack</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.inet.udp.maxdgram</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
+      <tunable>net.link.bridge.pfil_onlyip</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
+      <tunable>net.link.bridge.pfil_local_phys</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
+      <tunable>net.link.bridge.pfil_member</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to enable filtering on the bridge interface</descr>
+      <tunable>net.link.bridge.pfil_bridge</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Allow unprivileged access to tap(4) device nodes</descr>
+      <tunable>net.link.tap.user_open</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
+      <tunable>kern.randompid</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum size of the IP input queue</descr>
+      <tunable>net.inet.ip.intr_queue_maxlen</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
+      <tunable>hw.syscons.kbd_reboot</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hint at default settings for serial console in case the autodetect is not working</descr>
+      <tunable>hw.uart.console</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable TCP extended debugging</descr>
+      <tunable>net.inet.tcp.log_debug</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set ICMP Limits</descr>
+      <tunable>net.inet.icmp.icmplim</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>TCP Offload Engine</descr>
+      <tunable>net.inet.tcp.tso</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>UDP Checksums</descr>
+      <tunable>net.inet.udp.checksum</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum socket buffer size</descr>
+      <tunable>kern.ipc.maxsockbuf</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
+      <tunable>vm.pmap.pti</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
+      <tunable>hw.ibrs_disable</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other groups</descr>
+      <tunable>security.bsd.see_other_gids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other users</descr>
+      <tunable>security.bsd.see_other_uids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+        and for the sender directly reachable, route and next hop is known.</descr>
+      <tunable>net.inet.ip.redirect</tunable>
+      <value>0</value>
+    </item>
+    <item>
+      <descr>Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
+        to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
+        packets without returning a response.</descr>
+      <tunable>net.inet.icmp.drop_redirect</tunable>
+      <value>1</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.local.dgram.maxdgram</tunable>
+      <value>default</value>
+    </item>
+  </sysctl>
+  <system>
+    <use_mfs_tmp/>
+    <use_mfs_var/>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>serial</primaryconsole>
+    <secondaryconsole>video</secondaryconsole>
+    <optimization>normal</optimization>
+    <hostname>OPN1</hostname>
+    <domain>somedomain.yourlocal.mcd</domain>
+    <group>
+      <name>admins</name>
+      <description>System Administrators</description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <member>2000</member>
+      <priv>page-all</priv>
+    </group>
+    <user>
+      <name>root</name>
+      <descr>System Administrator</descr>
+      <scope>system</scope>
+      <groupname>admins</groupname>
+      <password>$2y$10$5555555555o8dj21980j1doiOIJDIOASJOID!jidjeue19812y</password>
+      <uid>0</uid>
+      <expires/>
+      <authorizedkeys/>
+      <ipsecpsk/>
+      <otp_seed/>
+    </user>
+    <user>
+      <password>$2y$11$55555555556D8198uOASIDJaiojdjd1oijdijosaoijdaoidOIASJDoijdoiadOASdoiK</password>
+      <scope>user</scope>
+      <name>someuser</name>
+      <descr/>
+      <expires/>
+      <authorizedkeys/>
+      <ipsecpsk/>
+      <otp_seed/>
+      <shell>/bin/sh</shell>
+      <uid>2000</uid>
+    </user>
+    <nextuid>2001</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>6155aba4c9375</ssl-certref>
+      <port/>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression/>
+    </webgui>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <crypto_hardware>aesni</crypto_hardware>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <kill_states>1</kill_states>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces/>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <enabled>enabled</enabled>
+      <passwordauth>1</passwordauth>
+      <keysig/>
+      <permitrootlogin>1</permitrootlogin>
+    </ssh>
+    <firmware version="1.0.1">
+      <mirror/>
+      <flavour/>
+      <plugins>os-ddclient,os-dyndns,os-haproxy,os-wireguard</plugins>
+      <type/>
+      <subscription/>
+    </firmware>
+    <sudo_allow_wheel>1</sudo_allow_wheel>
+    <sudo_allow_group>admins</sudo_allow_group>
+    <enablenatreflectionhelper>yes</enablenatreflectionhelper>
+    <rulesetoptimization>basic</rulesetoptimization>
+    <maximumstates/>
+    <maximumfrags/>
+    <aliasesresolveinterval/>
+    <maximumtableentries/>
+    <language>en_US</language>
+    <dnsserver/>
+    <dns1gw>none</dns1gw>
+    <dns2gw>none</dns2gw>
+    <dns3gw>none</dns3gw>
+    <dns4gw>none</dns4gw>
+    <dns5gw>none</dns5gw>
+    <dns6gw>none</dns6gw>
+    <dns7gw>none</dns7gw>
+    <dns8gw>none</dns8gw>
+    <dnsallowoverride>1</dnsallowoverride>
+    <dnsallowoverride_exclude/>
+  </system>
+  <interfaces>
+    <wan>
+      <if>pppoe0</if>
+      <descr>WAN</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <ipaddr>pppoe</ipaddr>
+      <blockpriv>1</blockpriv>
+      <blockbogons>1</blockbogons>
+    </wan>
+    <lan>
+      <if>em1</if>
+      <descr>LAN</descr>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>192.168.20.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <track6-interface/>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <if>lo0</if>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <ipaddr>127.0.0.1</ipaddr>
+      <type>none</type>
+      <virtual>1</virtual>
+      <subnet>8</subnet>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnetv6>128</subnetv6>
+    </lo0>
+    <opt1>
+      <if>em5</if>
+      <descr>backup_sync</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <ipaddr>10.10.5.1</ipaddr>
+      <subnet>24</subnet>
+    </opt1>
+    <wireguard>
+      <internal_dynamic>1</internal_dynamic>
+      <if>wireguard</if>
+      <descr>WireGuard (Group)</descr>
+      <enable>1</enable>
+      <type>group</type>
+      <virtual>1</virtual>
+      <networks/>
+    </wireguard>
+    <openvpn>
+      <internal_dynamic>1</internal_dynamic>
+      <if>openvpn</if>
+      <descr>OpenVPN</descr>
+      <enable>1</enable>
+      <type>group</type>
+      <virtual>1</virtual>
+      <networks/>
+    </openvpn>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable>1</enable>
+      <gateway>192.168.20.1</gateway>
+      <domain>somedomain.yourlocal.mcd</domain>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+      <range>
+        <from>192.168.20.50</from>
+        <to>192.168.20.200</to>
+      </range>
+      <winsserver/>
+      <dnsserver>192.168.20.1</dnsserver>
+      <ntpserver/>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.160</ipaddr>
+        <hostname>somehost983</hostname>
+        <descr>someservire8</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.155</ipaddr>
+        <hostname>somehost893</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.52</ipaddr>
+        <hostname>somehost545</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.51</ipaddr>
+        <hostname>sw1</hostname>
+        <descr>someswitch2</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.50</ipaddr>
+        <hostname>hostswitch2</hostname>
+        <descr>switch-2 (bottom)</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <pool/>
+    </lan>
+  </dhcpd>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <syslog>
+    <reverse/>
+    <preservelogs>3</preservelogs>
+  </syslog>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_618812d37b8193.31302503</associated-rule-id>
+      <target>host_3</target>
+      <local-port>22</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>55555</port>
+      </destination>
+      <updated>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.506</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.506</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_64fa19f4acba11.80049900</associated-rule-id>
+      <target>192.168.20.150</target>
+      <local-port>7860</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>7860</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.10</username>
+        <time>1694179239.7533</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694112244.7076</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_64fb1fbba71e29.76190279</associated-rule-id>
+      <target>192.168.20.150</target>
+      <local-port>7861</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>7861</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.10</username>
+        <time>1694179259.6846</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694179259.6846</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_64fb1fcea6d8b7.62653343</associated-rule-id>
+      <target>192.168.20.150</target>
+      <local-port>7862</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>7862</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.10</username>
+        <time>1694179278.6835</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694179278.6835</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_64fb1fdb48ff18.28912920</associated-rule-id>
+      <target>192.168.20.150</target>
+      <local-port>7863</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>7863</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.10</username>
+        <time>1694179291.299</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694179291.299</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_65aed5a66c4f65.25454286</associated-rule-id>
+      <target>192.168.20.140</target>
+      <local-port>8081</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>10100</port>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1705956774.4437</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1705956774.4437</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_65aed67d497580.58958916</associated-rule-id>
+      <target>192.168.20.160</target>
+      <local-port>8080</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>10101</port>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1709643235.0793</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1705956989.301</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_65aed6961c4ea7.81903986</associated-rule-id>
+      <target>192.168.20.160</target>
+      <local-port>4000</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>10110</port>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1709643245.355</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1705957014.116</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_65f4a5b928c9a7.52477383</associated-rule-id>
+      <target>192.168.20.115</target>
+      <local-port>5000</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>10111</port>
+      </destination>
+      <updated>
+        <username>root@192.168.20.147</username>
+        <time>1710941303.9911</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1710532025.1672</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Redirecting to someservice1 on somehost9</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_662bb59baf7573.98640354</associated-rule-id>
+      <target>192.168.20.115</target>
+      <local-port>11434</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>11000</port>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1714140571.7188</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1714140571.7188</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>port forwarding for virtual ip for someservice2 servers</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>pass</associated-rule-id>
+      <target>someservice2_vip</target>
+      <local-port>55555</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>55555</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.12</username>
+        <time>1728676366.2167</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728656046.0442</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>port forwarding for virtual ip for someservice2 servers</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_670979b3279551.73601303</associated-rule-id>
+      <disabled>1</disabled>
+      <target>192.168.20.1</target>
+      <local-port>55555</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>55555</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.12</username>
+        <time>1728676373.4668</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728674227.1622</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>port forwarding for reconfig of someservice2 somehost3</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_6709763b6a6748.85579760</associated-rule-id>
+      <disabled>1</disabled>
+      <target>192.168.20.132</target>
+      <local-port>55555</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>5533</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.12</username>
+        <time>1728676388.8268</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728673339.4359</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Redirecting to someservice81 on somehost9</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_663c3458b7b5e4.19986620</associated-rule-id>
+      <target>192.168.20.115</target>
+      <local-port>27017</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>27057</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.8</username>
+        <time>1715221701.8228</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.8</username>
+        <time>1715221592.7526</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Redirecting to someservice858 on somehost545</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_663d85b2e3b364.53108170</associated-rule-id>
+      <target>192.168.20.163</target>
+      <local-port>8888</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>8888</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.10</username>
+        <time>1715308572.9782</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1715307954.9327</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Redirecting to someservice858 on somehost545</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_667cd97504d870.57128970</associated-rule-id>
+      <target>192.168.20.163</target>
+      <local-port>8889</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>9888</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.8</username>
+        <time>1719458165.0199</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.8</username>
+        <time>1719458165.0199</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Redirecting to someservice858 on somehost9</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_666c8932142ed6.34062700</associated-rule-id>
+      <target>192.168.20.115</target>
+      <local-port>8888</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>8889</port>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1718389042.0828</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1718389042.0828</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_651ffc35e573d9.09092618</associated-rule-id>
+      <target>192.168.20.140</target>
+      <local-port>22</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>30140</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+  </nat>
+  <filter>
+    <rule uuid="36bf9a49-7705-40d4-9ea8-815a215ce007">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>allow public connections to vpn</descr>
+      <direction>in</direction>
+      <category>wireguard</category>
+      <quick>1</quick>
+      <protocol>udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>51820</port>
+      </destination>
+      <updated>
+        <username>root@192.168.1.118</username>
+        <time>1636306863.2747</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636305029.8036</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="0568810c-a24e-40c5-bcd9-f20a9badb9d5">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>icmp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <icmptype>echoreq</icmptype>
+      <destination>
+        <network>wanip</network>
+      </destination>
+      <updated>
+        <username>root@192.168.1.136</username>
+        <time>1636465204.4671</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636305759.776</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="492b7596-d929-46cb-a6b9-c9cc34a0ca74">
+      <associated-rule-id>nat_618812d37b8193.31302503</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>x3690_3</address>
+        <port>22</port>
+      </destination>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.5059</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="eeba39a9-d0f6-4b1e-a785-7278b0b241ab">
+      <associated-rule-id>nat_64fa19f4acba11.80049900</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.150</address>
+        <port>7860</port>
+      </destination>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694112244.7075</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="c19adc1c-fec2-4183-93ed-5e46efca1adf">
+      <associated-rule-id>nat_64fb1fbba71e29.76190279</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.150</address>
+        <port>7861</port>
+      </destination>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694179259.6845</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="c0831633-8c3b-408e-82d0-3e3f61d0ee3d">
+      <associated-rule-id>nat_64fb1fcea6d8b7.62653343</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.150</address>
+        <port>7862</port>
+      </destination>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694179278.6835</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="3f600791-1fa6-4cb4-877d-45fe2ea175a9">
+      <associated-rule-id>nat_64fb1fdb48ff18.28912920</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.150</address>
+        <port>7863</port>
+      </destination>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694179291.299</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="7dd160f0-663e-465b-be94-a069df112a95">
+      <associated-rule-id>nat_651ffc35e573d9.09092618</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.140</address>
+        <port>22</port>
+      </destination>
+      <created>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="1e576704-da50-4dd9-a425-77fa5c4e563a">
+      <associated-rule-id>nat_65aed5a66c4f65.25454286</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.140</address>
+        <port>8081</port>
+      </destination>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1705956774.4437</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="aa41dd13-9c5a-4048-8820-f9558cea8ba3">
+      <associated-rule-id>nat_65aed67d497580.58958916</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.160</address>
+        <port>8080</port>
+      </destination>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1705956989.3009</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="dfd53bf0-cea9-4254-8b0a-106f327d72e5">
+      <associated-rule-id>nat_65aed6961c4ea7.81903986</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.160</address>
+        <port>4000</port>
+      </destination>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1705957014.116</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="777bdd94-51b9-4daf-b744-70b9cb3c9f94">
+      <associated-rule-id>nat_65f4a5b928c9a7.52477383</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.115</address>
+        <port>5000</port>
+      </destination>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1710532025.1671</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="98f400f5-1a91-46aa-8d35-f78b34bc7a04">
+      <associated-rule-id>nat_662bb59baf7573.98640354</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Redirecting to someservice1 on somehost9</descr>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.115</address>
+        <port>11434</port>
+      </destination>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1714140571.7187</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="fef5ec47-f5e7-45cc-a9f7-f8eeb6d1160c">
+      <associated-rule-id>nat_663c3458b7b5e4.19986620</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Redirecting to someservice81 on somehost9</descr>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.115</address>
+        <port>27017</port>
+      </destination>
+      <created>
+        <username>root@172.12.0.8</username>
+        <time>1715221592.7525</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="4170cf4e-4116-42e9-a3ec-eff6768bca9d">
+      <associated-rule-id>nat_663d85b2e3b364.53108170</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Redirecting to someservice858 on somehost545</descr>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.163</address>
+        <port>8888</port>
+      </destination>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1715307954.9327</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="79e4325d-93af-4af2-9fa0-263c69545eb0">
+      <associated-rule-id>nat_666c8932142ed6.34062700</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Redirecting to someservice858 on somehost9</descr>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.115</address>
+        <port>8888</port>
+      </destination>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1718389042.0827</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="1b68a264-e475-4cc6-b852-0797154fdf2b">
+      <associated-rule-id>nat_667cd97504d870.57128970</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Redirecting to someservice858 on somehost545</descr>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.163</address>
+        <port>8889</port>
+      </destination>
+      <created>
+        <username>root@172.12.0.8</username>
+        <time>1719458165.0199</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="cdf89008-5ca0-4755-a83b-1d99ce595fd0">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>open virtual ip address for someservice2</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.225</address>
+        <port>55555</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.12</username>
+        <time>1728660191.9737</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728655580.6616</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="96d70c20-b78c-4e18-9823-79b71eba964c">
+      <type>pass</type>
+      <interface>lan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Default allow LAN to any rule</descr>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="61194fb7-8916-4e30-a32b-a90495987c64">
+      <type>pass</type>
+      <interface>lan</interface>
+      <ipprotocol>inet6</ipprotocol>
+      <descr>Default allow LAN IPv6 to any rule</descr>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="f227db73-52d2-44e7-b22f-f6ea9923c8f2">
+      <type>pass</type>
+      <interface>lan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>carp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1657657495.8293</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1657657495.8293</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="c2bb88d0-6684-4388-adba-74eae3428453">
+      <type>pass</type>
+      <interface>wireguard</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1657657288.1753</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.136</username>
+        <time>1636397813.3549</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <associated-rule-id>nat_6709763b6a6748.85579760</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>port forwarding for reconfig of someservice2 somehost3</descr>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.132</address>
+        <port>55555</port>
+      </destination>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728673339.4359</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+      <disabled>1</disabled>
+    </rule>
+    <rule>
+      <associated-rule-id>nat_670979b3279551.73601303</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>port forwarding for virtual ip for someservice2 servers</descr>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.1</address>
+        <port>55555</port>
+      </destination>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728674227.1622</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+      <disabled>1</disabled>
+    </rule>
+  </filter>
+  <load_balancer>
+    <monitor_type>
+      <name>ICMP</name>
+      <type>icmp</type>
+      <descr>ICMP</descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>TCP</name>
+      <type>tcp</type>
+      <descr>Generic TCP</descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>HTTP</name>
+      <type>http</type>
+      <descr>Generic HTTP</descr>
+      <options>
+        <path>/</path>
+        <host/>
+        <code>200</code>
+      </options>
+    </monitor_type>
+    <monitor_type>
+      <name>HTTPS</name>
+      <type>https</type>
+      <descr>Generic HTTPS</descr>
+      <options>
+        <path>/</path>
+        <host/>
+        <code>200</code>
+      </options>
+    </monitor_type>
+    <monitor_type>
+      <name>SMTP</name>
+      <type>send</type>
+      <descr>Generic SMTP</descr>
+      <options>
+        <send/>
+        <expect>220 *</expect>
+      </options>
+    </monitor_type>
+  </load_balancer>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <widgets>
+    <sequence>system_information-container:00000000-col3:show,traffic_graphs-container:00000001-col3:show,thermal_sensors-container:00000002-col3:show,log-container:00000003-col3:show,services_status-container:00000004-col4:show,gateways-container:00000005-col4:show,interface_list-container:00000006-col4:show,carp_status-container:00000007-col4:show,wireguard-container:00000008-col4:show,dyn_dns_status-container:00000009-col4:show,system_log-container:00000010-col4:show</sequence>
+    <column_count>2</column_count>
+  </widgets>
+  <revision>
+    <username>root@172.12.0.12</username>
+    <time>1728676391.9878</time>
+    <description>/firewall_nat.php made changes</description>
+  </revision>
+  <OPNsense>
+    <captiveportal version="1.0.1">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <cron version="1.0.4">
+      <jobs/>
+    </cron>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces/>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Category version="1.0.0">
+        <categories>
+          <category uuid="1d91d52b-7588-40c5-8c2c-05acdfcf8c1e">
+            <name>wireguard</name>
+            <auto>1</auto>
+            <color/>
+          </category>
+        </categories>
+      </Category>
+      <Alias version="1.0.1">
+        <geoip>
+          <url/>
+        </geoip>
+        <aliases>
+          <alias uuid="298089ad-f84a-4dda-9c10-6653a7464294">
+            <enabled>1</enabled>
+            <name>x3690_3</name>
+            <type>host</type>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.1.136</content>
+            <categories/>
+            <description/>
+          </alias>
+          <alias uuid="e80d6d23-a0b0-4432-aff5-b5be0557eb01">
+            <enabled>1</enabled>
+            <name>someservice2_vip</name>
+            <type>host</type>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.20.225</content>
+            <categories/>
+            <description>alias for someservice2 vip</description>
+          </alias>
+        </aliases>
+      </Alias>
+    </Firewall>
+    <IDS version="1.0.9">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files/>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo>ac</MPMAlgo>
+        <detect>
+          <Profile>medium</Profile>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+      </general>
+    </IDS>
+    <IPsec version="1.0.1">
+      <general>
+        <enabled/>
+      </general>
+      <keyPairs/>
+      <preSharedKeys/>
+    </IPsec>
+    <Interfaces>
+      <vxlans version="1.0.1"/>
+      <loopbacks version="1.0.0"/>
+    </Interfaces>
+    <monit version="1.0.12">
+      <general>
+        <enabled>0</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>127.0.0.1</mailserver>
+        <port>25</port>
+        <username/>
+        <password/>
+        <ssl>0</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile>syslog facility log_daemon</logfile>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword>oiujds9889DSIJSDIJSDIjdj</httpdPassword>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="d307f1df-e759-4262-a4cd-7b9673f0ad36">
+        <enabled>0</enabled>
+        <recipient>root@localhost.local</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder>10</reminder>
+        <description/>
+      </alert>
+      <service uuid="9f01617b-08c1-487d-9c8a-fa1340add37e">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>da6083fd-852c-44af-9ae7-8c9de443bbc9,4f18b847-c2ab-4707-9686-bf656e187ab8,62ea6632-3554-43be-bb0b-ceceab685338,f543f50a-4e52-4afd-85ce-95fe6d61dc54</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="fdd1efff-35c7-4e05-8832-1465e3ae1eda">
+        <enabled>1</enabled>
+        <name>RootFs</name>
+        <description/>
+        <type>filesystem</type>
+        <pidfile/>
+        <match/>
+        <path>/</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>58896875-13d3-41ad-bed5-d610e0197d37</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="607065a3-85aa-4835-9614-a30a3b0b8926">
+        <enabled>0</enabled>
+        <name>carp_status_change</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>78d20574-60b0-4e63-b6d2-0248e7570293</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="bb83174b-fa44-4fca-94bf-16378cde993b">
+        <enabled>0</enabled>
+        <name>gateway_alert</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>572a5691-1ea7-4191-be24-d7399845a75b</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="93365006-3a70-4d80-bab8-72fb9214a51b">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="48a4ae66-c879-40fe-a554-0f354ee67770">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="5e0e64a3-1147-4055-a39e-56bd95954474">
+        <name>NetworkSaturation</name>
+        <type>NetworkInterface</type>
+        <condition>saturation is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="da6083fd-852c-44af-9ae7-8c9de443bbc9">
+        <name>MemoryUsage</name>
+        <type>SystemResource</type>
+        <condition>memory usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="4f18b847-c2ab-4707-9686-bf656e187ab8">
+        <name>CPUUsage</name>
+        <type>SystemResource</type>
+        <condition>cpu usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="62ea6632-3554-43be-bb0b-ceceab685338">
+        <name>LoadAvg1</name>
+        <type>SystemResource</type>
+        <condition>loadavg (1min) is greater than 4</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="f543f50a-4e52-4afd-85ce-95fe6d61dc54">
+        <name>LoadAvg5</name>
+        <type>SystemResource</type>
+        <condition>loadavg (5min) is greater than 3</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="d5969239-ebc2-4450-a858-a24febd5f8b9">
+        <name>LoadAvg15</name>
+        <type>SystemResource</type>
+        <condition>loadavg (15min) is greater than 2</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="58896875-13d3-41ad-bed5-d610e0197d37">
+        <name>SpaceUsage</name>
+        <type>SpaceUsage</type>
+        <condition>space usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="78d20574-60b0-4e63-b6d2-0248e7570293">
+        <name>ChangedStatus</name>
+        <type>ProgramStatus</type>
+        <condition>changed status</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="572a5691-1ea7-4191-be24-d7399845a75b">
+        <name>NonZeroStatus</name>
+        <type>ProgramStatus</type>
+        <condition>status != 0</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <proxy version="1.0.6">
+      <general>
+        <enabled>0</enabled>
+        <error_pages>opnsense</error_pages>
+        <icpPort/>
+        <logging>
+          <enable>
+            <accessLog>1</accessLog>
+            <storeLog>1</storeLog>
+          </enable>
+          <ignoreLogACL/>
+          <target/>
+        </logging>
+        <alternateDNSservers/>
+        <dnsV4First>0</dnsV4First>
+        <forwardedForHandling>on</forwardedForHandling>
+        <uriWhitespaceHandling>strip</uriWhitespaceHandling>
+        <enablePinger>1</enablePinger>
+        <useViaHeader>1</useViaHeader>
+        <suppressVersion>0</suppressVersion>
+        <connecttimeout/>
+        <VisibleEmail>admin@localhost.local</VisibleEmail>
+        <VisibleHostname/>
+        <cache>
+          <local>
+            <enabled>0</enabled>
+            <directory>/var/squid/cache</directory>
+            <cache_mem>256</cache_mem>
+            <maximum_object_size/>
+            <maximum_object_size_in_memory/>
+            <memory_cache_mode>always</memory_cache_mode>
+            <size>100</size>
+            <l1>16</l1>
+            <l2>256</l2>
+            <cache_linux_packages>0</cache_linux_packages>
+            <cache_windows_updates>0</cache_windows_updates>
+          </local>
+        </cache>
+        <traffic>
+          <enabled>0</enabled>
+          <maxDownloadSize>2048</maxDownloadSize>
+          <maxUploadSize>1024</maxUploadSize>
+          <OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
+          <perHostTrotteling>256</perHostTrotteling>
+        </traffic>
+        <parentproxy>
+          <enabled>0</enabled>
+          <host/>
+          <enableauth>0</enableauth>
+          <user>username</user>
+          <password>password</password>
+          <port/>
+          <localdomains/>
+          <localips/>
+        </parentproxy>
+      </general>
+      <forward>
+        <interfaces>lan</interfaces>
+        <port>3128</port>
+        <sslbumpport>3129</sslbumpport>
+        <sslbump>0</sslbump>
+        <sslurlonly>0</sslurlonly>
+        <sslcertificate/>
+        <sslnobumpsites/>
+        <ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
+        <sslcrtd_children>5</sslcrtd_children>
+        <snmp_enable>0</snmp_enable>
+        <snmp_port>3401</snmp_port>
+        <snmp_password>public</snmp_password>
+        <ftpInterfaces/>
+        <ftpPort>2121</ftpPort>
+        <ftpTransparentMode>0</ftpTransparentMode>
+        <addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
+        <transparentMode>0</transparentMode>
+        <acl>
+          <allowedSubnets/>
+          <unrestricted/>
+          <bannedHosts/>
+          <whiteList/>
+          <blackList/>
+          <browser/>
+          <mimeType/>
+          <googleapps/>
+          <youtube/>
+          <safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
+          <sslPorts>443:https</sslPorts>
+          <remoteACLs>
+            <blacklists/>
+            <UpdateCron/>
+          </remoteACLs>
+        </acl>
+        <icap>
+          <enable>0</enable>
+          <RequestURL>icap://[::1]:1344/avscan</RequestURL>
+          <ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
+          <SendClientIP>1</SendClientIP>
+          <SendUsername>0</SendUsername>
+          <EncodeUsername>0</EncodeUsername>
+          <UsernameHeader>X-Username</UsernameHeader>
+          <EnablePreview>1</EnablePreview>
+          <PreviewSize>1024</PreviewSize>
+          <OptionsTTL>60</OptionsTTL>
+          <exclude/>
+        </icap>
+        <authentication>
+          <method/>
+          <authEnforceGroup/>
+          <realm>OPNsense proxy authentication</realm>
+          <credentialsttl>2</credentialsttl>
+          <children>5</children>
+        </authentication>
+      </forward>
+      <pac/>
+      <error_pages>
+        <template/>
+      </error_pages>
+    </proxy>
+    <Syslog version="1.0.1">
+      <general>
+        <enabled>1</enabled>
+      </general>
+      <destinations/>
+    </Syslog>
+    <TrafficShaper version="1.0.3">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <unboundplus version="1.0.8">
+      <general>
+        <enabled>1</enabled>
+        <port>53</port>
+        <stats/>
+        <active_interface/>
+        <dnssec/>
+        <dns64/>
+        <dns64prefix/>
+        <noarecords/>
+        <regdhcp>1</regdhcp>
+        <regdhcpdomain/>
+        <regdhcpstatic>1</regdhcpstatic>
+        <noreglladdr6/>
+        <noregrecords/>
+        <txtsupport/>
+        <cacheflush/>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad/>
+      </general>
+      <advanced>
+        <hideidentity>0</hideidentity>
+        <hideversion>0</hideversion>
+        <prefetch>0</prefetch>
+        <prefetchkey>0</prefetchkey>
+        <dnssecstripped>0</dnssecstripped>
+        <serveexpired>0</serveexpired>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset>0</serveexpiredttlreset>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict>0</qnameminstrict>
+        <extendedstatistics>0</extendedstatistics>
+        <logqueries>0</logqueries>
+        <logreplies>0</logreplies>
+        <logtagqueryreply>0</logtagqueryreply>
+        <logservfail/>
+        <loglocalactions/>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl>
+        <enabled>0</enabled>
+        <safesearch/>
+        <type/>
+        <lists/>
+        <whitelists/>
+        <blocklists/>
+        <wildcards/>
+        <address/>
+        <nxdomain>0</nxdomain>
+      </dnsbl>
+      <forwarding>
+        <enabled>0</enabled>
+      </forwarding>
+      <dots/>
+      <hosts>
+        <host uuid="a681fc39-70fa-4cf1-9331-79f5cbf9048f">
+          <enabled>1</enabled>
+          <hostname>api</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+        <host uuid="dd593e95-02bc-476f-8610-fa1ee454e950">
+          <enabled>1</enabled>
+          <hostname>api-int</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+        <host uuid="e1606f96-dd38-471f-a3d7-ad25e41e810d">
+          <enabled>1</enabled>
+          <hostname>*</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+      </hosts>
+      <aliases/>
+      <domains/>
+    </unboundplus>
+    <wireguard>
+      <general version="0.0.1">
+        <enabled>1</enabled>
+      </general>
+      <server version="0.0.4">
+        <servers>
+          <server uuid="3ec7bf83-b3b7-4fba-b4f2-a96dafbfb162">
+            <enabled>1</enabled>
+            <name>publicwg</name>
+            <instance>0</instance>
+            <pubkey>89udsjiuod109jadsSUIDSAUIduhashuiauas/asdkj=</pubkey>
+            <privkey>eH555555555555555+892jdjiodsjiodsoijsdjiodj=</privkey>
+            <port>51820</port>
+            <mtu/>
+            <dns/>
+            <tunneladdress>172.12.0.1/24</tunneladdress>
+            <disableroutes>0</disableroutes>
+            <gateway/>
+            <carp_depend_on/>
+            <peers>03031aec-2e84-462e-9eab-57762dde667a,98e6ca3d-1de9-449b-be80-77022221b509,67c0ace5-e802-4d2b-a536-f8b7a2db6f99,74b60fff-7844-4097-9966-f1c2b1ad29ff,3de82ad5-bc1b-4b91-9598-f906e58ac937,a95e6b5e-24a4-40b5-bb41-b79e784f6f1c,6c9a12c6-c1ca-4c14-866b-975406a30590,c33b308b-7125-4688-9561-989ace8787b5,e43f004a-23bf-4027-8fb0-953fbb40479f</peers>
+          </server>
+        </servers>
+      </server>
+      <client version="0.0.7">
+        <clients>
+          <client uuid="98e6ca3d-1de9-449b-be80-77022221b509">
+            <enabled>1</enabled>
+            <name>some-laptop</name>
+            <pubkey>95555555555555555555555555555FN2aCHemL3RjA8=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.8/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="74b60fff-7844-4097-9966-f1c2b1ad29ff">
+            <enabled>1</enabled>
+            <name>user2</name>
+            <pubkey>pJ555555555555555555xiUxuJof78XXugx1KUrrYg8=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.6/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="67c0ace5-e802-4d2b-a536-f8b7a2db6f99">
+            <enabled>1</enabled>
+            <name>some-phone</name>
+            <pubkey>SLQXdM/555555555555555555MWhR2WSEkaSXh1ZpXU=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.9/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="03031aec-2e84-462e-9eab-57762dde667a">
+            <enabled>1</enabled>
+            <name>some-thinkbook</name>
+            <pubkey>UNmdEn4555555555555555555555OMD+/lW+5o//oBo=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.10/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="3de82ad5-bc1b-4b91-9598-f906e58ac937">
+            <enabled>1</enabled>
+            <name>some-laptop</name>
+            <pubkey>hZr10vTTN555555555555555555555555555555JC0I=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.11/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="a95e6b5e-24a4-40b5-bb41-b79e784f6f1c">
+            <enabled>1</enabled>
+            <name>some3-laptop</name>
+            <pubkey>4z5555555555555555555555555555555wB07/uTUHg=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.12/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="6c9a12c6-c1ca-4c14-866b-975406a30590">
+            <enabled>1</enabled>
+            <name>some5-desktop</name>
+            <pubkey>8x55555555555555555555555555555555557zbKxWg=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.13/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="c33b308b-7125-4688-9561-989ace8787b5">
+            <enabled>1</enabled>
+            <name>some6-workstation</name>
+            <pubkey>jXVbbK55555555555555555555555555555555BGjnw=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.14/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="e43f004a-23bf-4027-8fb0-953fbb40479f">
+            <enabled>1</enabled>
+            <name>some8-desktop</name>
+            <pubkey>Isax3S555555555555555555555555557PiLqv/7iGY=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.15/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+        </clients>
+      </client>
+    </wireguard>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <DynDNS version="1.5.1">
+      <general>
+        <enabled>1</enabled>
+        <verbose>0</verbose>
+        <allowipv6>0</allowipv6>
+        <daemon_delay>300</daemon_delay>
+        <backend>ddclient</backend>
+      </general>
+      <accounts>
+        <account uuid="5be8a905-3cde-4e34-b16c-e53623146c95">
+          <enabled>1</enabled>
+          <service>someddnsprovider</service>
+          <protocol/>
+          <server/>
+          <username>someusername.com</username>
+          <password>55555555555555555555555555555dsi</password>
+          <resourceId/>
+          <hostnames>yourpublic.host.com</hostnames>
+          <wildcard>0</wildcard>
+          <zone/>
+          <checkip>if</checkip>
+          <checkip_timeout>10</checkip_timeout>
+          <force_ssl>1</force_ssl>
+          <ttl>300</ttl>
+          <interface>wan</interface>
+          <description>yourpublic.host.com</description>
+        </account>
+      </accounts>
+    </DynDNS>
+    <OpenVPN version="1.0.0">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <Gateways version="0.0.1"/>
+    <HAProxy version="4.0.0">
+      <general>
+        <enabled>1</enabled>
+        <gracefulStop>0</gracefulStop>
+        <hardStopAfter>60s</hardStopAfter>
+        <closeSpreadTime/>
+        <seamlessReload>0</seamlessReload>
+        <storeOcsp>0</storeOcsp>
+        <showIntro>1</showIntro>
+        <peers>
+          <enabled>0</enabled>
+          <name1/>
+          <listen1/>
+          <port1>1024</port1>
+          <name2/>
+          <listen2/>
+          <port2>1024</port2>
+        </peers>
+        <tuning>
+          <root>0</root>
+          <maxConnections/>
+          <nbthread>1</nbthread>
+          <sslServerVerify>ignore</sslServerVerify>
+          <maxDHSize>2048</maxDHSize>
+          <bufferSize>16384</bufferSize>
+          <spreadChecks>2</spreadChecks>
+          <bogusProxyEnabled>0</bogusProxyEnabled>
+          <luaMaxMem>0</luaMaxMem>
+          <customOptions/>
+          <ssl_defaultsEnabled>0</ssl_defaultsEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+        </tuning>
+        <defaults>
+          <maxConnections/>
+          <maxConnectionsServers/>
+          <timeoutClient>30s</timeoutClient>
+          <timeoutConnect>30s</timeoutConnect>
+          <timeoutCheck/>
+          <timeoutServer>30s</timeoutServer>
+          <retries>3</retries>
+          <redispatch>x-1</redispatch>
+          <init_addr>last,libc</init_addr>
+          <customOptions/>
+        </defaults>
+        <logging>
+          <host>127.0.0.1</host>
+          <facility>local0</facility>
+          <level>info</level>
+          <length/>
+        </logging>
+        <stats>
+          <enabled>0</enabled>
+          <port>8822</port>
+          <remoteEnabled>0</remoteEnabled>
+          <remoteBind/>
+          <authEnabled>0</authEnabled>
+          <users/>
+          <allowedUsers/>
+          <allowedGroups/>
+          <customOptions/>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_bind>*:8404</prometheus_bind>
+          <prometheus_path>/metrics</prometheus_path>
+        </stats>
+        <cache>
+          <enabled>0</enabled>
+          <totalMaxSize>4</totalMaxSize>
+          <maxAge>60</maxAge>
+          <maxObjectSize/>
+          <processVary>0</processVary>
+          <maxSecondaryEntries>10</maxSecondaryEntries>
+        </cache>
+      </general>
+      <frontends>
+        <frontend uuid="379ce7bf-4df6-4b12-8aee-a32cff084d92">
+          <id>6707fe74642f67.52019899</id>
+          <enabled>1</enabled>
+          <name>some-ingress</name>
+          <description>public service redirecting traffic</description>
+          <bind>192.168.20.55:55555</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>f0c76bef-8623-4fa8-a992-61f83d504b87</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+        <frontend uuid="e5cdd687-92a0-46a1-93c0-7b26431fea92">
+          <id>670979396dea69.72299427</id>
+          <enabled>0</enabled>
+          <name>another-ingress</name>
+          <description>public service redirecting traffic with non descriptive description</description>
+          <bind>192.168.20.1:55555</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>f0c76bef-8623-4fa8-a992-61f83d504b87</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+      </frontends>
+      <backends>
+        <backend uuid="f0c76bef-8623-4fa8-a992-61f83d504b87">
+          <id>6707fa71c3cb99.64451664</id>
+          <enabled>1</enabled>
+          <name>some_servers</name>
+          <description/>
+          <mode>tcp</mode>
+          <algorithm>roundrobin</algorithm>
+          <random_draws>2</random_draws>
+          <proxyProtocol/>
+          <linkedServers>c0364e69-459d-48b2-a1d1-808324fea9cb,187d8b79-4376-45fc-9fd7-476074a7a577</linkedServers>
+          <linkedFcgi/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <source/>
+          <healthCheckEnabled>1</healthCheckEnabled>
+          <healthCheck>5110db0c-afa9-4bad-bbbe-5bbeb52262bb</healthCheck>
+          <healthCheckLogStatus>0</healthCheckLogStatus>
+          <checkInterval/>
+          <checkDownInterval/>
+          <healthCheckFall/>
+          <healthCheckRise/>
+          <linkedMailer/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <ba_advertised_protocols>h2,http11</ba_advertised_protocols>
+          <persistence>sticktable</persistence>
+          <persistence_cookiemode>piggyback</persistence_cookiemode>
+          <persistence_cookiename>SRVCOOKIE</persistence_cookiename>
+          <persistence_stripquotes>1</persistence_stripquotes>
+          <stickiness_pattern>sourceipv4</stickiness_pattern>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_cookiename/>
+          <stickiness_cookielength/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_timeoutConnect/>
+          <tuning_timeoutCheck/>
+          <tuning_timeoutServer/>
+          <tuning_retries/>
+          <customOptions/>
+          <tuning_defaultserver/>
+          <tuning_noport>0</tuning_noport>
+          <tuning_httpreuse>safe</tuning_httpreuse>
+          <tuning_caching>0</tuning_caching>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </backend>
+      </backends>
+      <servers>
+        <server uuid="c0364e69-459d-48b2-a1d1-808324fea9cb">
+          <id>6707f9a980b271.59222580</id>
+          <enabled>1</enabled>
+          <name>server1</name>
+          <description>server running on host</description>
+          <address>192.168.20.55</address>
+          <port>55555</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>1</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight>33</weight>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="187d8b79-4376-45fc-9fd7-476074a7a577">
+          <id>6707faa46d5f57.14318783</id>
+          <enabled>1</enabled>
+          <name>server2</name>
+          <description>server running something</description>
+          <address>192.168.20.155</address>
+          <port>55555</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>1</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight>67</weight>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+      </servers>
+      <healthchecks>
+        <healthcheck uuid="5110db0c-afa9-4bad-bbbe-5bbeb52262bb">
+          <name>server-loadbalancer-monitor</name>
+          <description/>
+          <type>tcp</type>
+          <interval>2s</interval>
+          <ssl>nopref</ssl>
+          <sslSNI/>
+          <force_ssl>0</force_ssl>
+          <checkport/>
+          <http_method>options</http_method>
+          <http_uri>/</http_uri>
+          <http_version>http10</http_version>
+          <http_host>localhost</http_host>
+          <http_expressionEnabled>0</http_expressionEnabled>
+          <http_expression/>
+          <http_negate>0</http_negate>
+          <http_value/>
+          <tcp_enabled>0</tcp_enabled>
+          <tcp_sendValue/>
+          <tcp_matchType>string</tcp_matchType>
+          <tcp_negate>0</tcp_negate>
+          <tcp_matchValue/>
+          <agent_port/>
+          <mysql_user/>
+          <mysql_post41>0</mysql_post41>
+          <pgsql_user/>
+          <smtp_domain/>
+          <esmtp_domain/>
+          <agentPort/>
+          <dbUser/>
+          <smtpDomain/>
+        </healthcheck>
+      </healthchecks>
+      <acls/>
+      <actions/>
+      <luas/>
+      <fcgis/>
+      <errorfiles/>
+      <mapfiles/>
+      <groups/>
+      <users/>
+      <cpus/>
+      <resolvers/>
+      <mailers/>
+      <maintenance>
+        <cronjobs>
+          <syncCerts>0</syncCerts>
+          <syncCertsCron/>
+          <updateOcsp>0</updateOcsp>
+          <updateOcspCron/>
+          <reloadService>0</reloadService>
+          <reloadServiceCron/>
+          <restartService>0</restartService>
+          <restartServiceCron/>
+        </cronjobs>
+      </maintenance>
+    </HAProxy>
+  </OPNsense>
+  <staticroutes version="1.0.0">
+    <route/>
+  </staticroutes>
+  <ca/>
+  <gateways>
+    <gateway_item/>
+  </gateways>
+  <cert>
+    <refid>6155aba4c9375</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <crt>LS0tLS1CRUdJ5555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555550tLS0tCg==</crt>
+    <prv>LS5555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555p098uasdiuo1ud98SIKIUDHJASkjhd98qwyduihqwkjd1092uduo9sjdhIUHSDAIUHASDIUhasd98y1iuhd1iuhdaskjhdKJSADHKJSAHd/iuhasiduhSD/asdiuahsdiuhasduih198d89__(*saudyiuh19d98audiuhasdujikhaskdjhKJSADHKJASD///ASudihAUShdiuHASdui198yd9282u1ihd2222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222o=</prv>
+  </cert>
+  <dhcpdv6/>
+  <virtualip version="1.0.0">
+    <vip uuid="756c3b4a-f61a-4406-8776-383bc429a5b3">
+      <interface>wan</interface>
+      <mode>ipalias</mode>
+      <subnet>192.168.20.155</subnet>
+      <subnet_bits>32</subnet_bits>
+      <gateway>10.11.16.17</gateway>
+      <noexpand>0</noexpand>
+      <nobind>0</nobind>
+      <password/>
+      <vhid/>
+      <advbase>1</advbase>
+      <advskew>0</advskew>
+      <descr>virtual ip for service</descr>
+    </vip>
+  </virtualip>
+  <openvpn>
+    <openvpn-server/>
+    <openvpn-client/>
+  </openvpn>
+  <ppps>
+    <ppp>
+      <ptpid>0</ptpid>
+      <type>pppoe</type>
+      <if>pppoe0</if>
+      <ports>em0</ports>
+      <username>someuser@ppoeserver.com</username>
+      <password>5555555555AyNA==</password>
+    </ppp>
+  </ppps>
+  <dyndnses>
+    <dyndns>
+      <type>someddnsprovider</type>
+      <username/>
+      <password>5555555555ee479874398u1298e98u18</password>
+      <host>yourpublic.host.com</host>
+      <mx/>
+      <interface>wan</interface>
+      <zoneid/>
+      <resourceid/>
+      <ttl/>
+      <updateurl/>
+      <resultmatch/>
+      <requestif>wan</requestif>
+      <descr/>
+      <id>0</id>
+    </dyndns>
+  </dyndnses>
+  <vlans version="1.0.0">
+    <vlan/>
+  </vlans>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <gifs>
+    <gif/>
+  </gifs>
+  <gres>
+    <gre/>
+  </gres>
+  <laggs version="1.0.0"/>
+  <wireless>
+    <clone/>
+  </wireless>
+  <hasync>
+    <synchronizealiases>on</synchronizealiases>
+    <synchronizeauthservers>on</synchronizeauthservers>
+    <synchronizecerts>on</synchronizecerts>
+    <synchronizedhcpd>on</synchronizedhcpd>
+    <synchronizenat>on</synchronizenat>
+    <synchronizerules>on</synchronizerules>
+    <synchronizeschedules>on</synchronizeschedules>
+    <synchronizestaticroutes>on</synchronizestaticroutes>
+    <synchronizeusers>on</synchronizeusers>
+    <synchronizevirtualip>on</synchronizevirtualip>
+    <synchronizewidgets>on</synchronizewidgets>
+    <synchronizedhcrelay>on</synchronizedhcrelay>
+    <synchronizedhcpdv6>on</synchronizedhcpdv6>
+    <synchronizedhcrelay6>on</synchronizedhcrelay6>
+    <synchronizentpd>on</synchronizentpd>
+    <synchronizesyslog>on</synchronizesyslog>
+    <synchronizecron>on</synchronizecron>
+    <synchronizesysctl>on</synchronizesysctl>
+    <synchronizewebgui>on</synchronizewebgui>
+    <synchronizednsforwarder>on</synchronizednsforwarder>
+    <synchronizeshaper>on</synchronizeshaper>
+    <synchronizecaptiveportal>on</synchronizecaptiveportal>
+    <synchronizeipsec>on</synchronizeipsec>
+    <synchronizemonit>on</synchronizemonit>
+    <synchronizessh>on</synchronizessh>
+    <synchronizeopenvpn>on</synchronizeopenvpn>
+    <synchronizeifgroups>on</synchronizeifgroups>
+    <synchronizecategories>on</synchronizecategories>
+    <synchronizelvtemplate>on</synchronizelvtemplate>
+    <synchronizesquid>on</synchronizesquid>
+    <synchronizesuricata>on</synchronizesuricata>
+    <synchronizednsresolver>on</synchronizednsresolver>
+    <pfsyncinterface>opt1</pfsyncinterface>
+    <synchronizetoip>10.10.5.2</synchronizetoip>
+    <username>root</username>
+    <password>555555555</password>
+    <pfsyncenabled>on</pfsyncenabled>
+    <disablepreempt>on</disablepreempt>
+    <disconnectppps>on</disconnectppps>
+  </hasync>
+  <ifgroups version="1.0.0"/>
+</opnsense>
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-structure-with-dhcp-staticmap-entry.xml b/harmony-rs/opnsense-config/src/tests/data/config-structure-with-dhcp-staticmap-entry.xml
new file mode 100644
index 0000000..51d1a09
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-structure-with-dhcp-staticmap-entry.xml
@@ -0,0 +1,1431 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense</theme>
+  <sysctl>
+    <item>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+      <tunable>vfs.read_max</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value>default</value>
+    </item>
+  </sysctl>
+  <system>
+    <use_mfs_tmp/>
+    <use_mfs_var/>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>serial</primaryconsole>
+    <secondaryconsole>video</secondaryconsole>
+    <optimization>normal</optimization>
+    <hostname>OPN1</hostname>
+    <domain>somedomain.yourlocal.mcd</domain>
+    <group>
+      <name>admins</name>
+      <description>System Administrators</description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <member>2000</member>
+      <priv>page-all</priv>
+    </group>
+    <user>
+      <name>root</name>
+      <descr>System Administrator</descr>
+      <scope>system</scope>
+      <groupname>admins</groupname>
+      <password>$2y$10$5555555555o8dj21980j1doiOIJDIOASJOID!jidjeue19812y</password>
+      <uid>0</uid>
+      <expires/>
+      <authorizedkeys/>
+      <ipsecpsk/>
+      <otp_seed/>
+    </user>
+    <user>
+      <password>$2y$11$55555555556D8198uOASIDJaiojdjd1oijdijosaoijdaoidOIASJDoijdoiadOASdoiK</password>
+      <scope>user</scope>
+      <name>someuser</name>
+      <descr/>
+      <expires/>
+      <authorizedkeys/>
+      <ipsecpsk/>
+      <otp_seed/>
+      <shell>/bin/sh</shell>
+      <uid>2000</uid>
+    </user>
+    <nextuid>2001</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>6155aba4c9375</ssl-certref>
+      <port/>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression/>
+    </webgui>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <crypto_hardware>aesni</crypto_hardware>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <kill_states>1</kill_states>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces/>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <enabled>enabled</enabled>
+      <passwordauth>1</passwordauth>
+      <keysig/>
+      <permitrootlogin>1</permitrootlogin>
+    </ssh>
+    <firmware version="1.0.1">
+      <mirror/>
+      <flavour/>
+      <plugins>os-ddclient,os-dyndns,os-haproxy,os-wireguard</plugins>
+      <type/>
+      <subscription/>
+    </firmware>
+    <sudo_allow_wheel>1</sudo_allow_wheel>
+    <sudo_allow_group>admins</sudo_allow_group>
+    <enablenatreflectionhelper>yes</enablenatreflectionhelper>
+    <rulesetoptimization>basic</rulesetoptimization>
+    <maximumstates/>
+    <maximumfrags/>
+    <aliasesresolveinterval/>
+    <maximumtableentries/>
+    <language>en_US</language>
+    <dnsserver/>
+    <dns1gw>none</dns1gw>
+    <dns2gw>none</dns2gw>
+    <dns3gw>none</dns3gw>
+    <dns4gw>none</dns4gw>
+    <dns5gw>none</dns5gw>
+    <dns6gw>none</dns6gw>
+    <dns7gw>none</dns7gw>
+    <dns8gw>none</dns8gw>
+    <dnsallowoverride>1</dnsallowoverride>
+    <dnsallowoverride_exclude/>
+  </system>
+  <interfaces>
+    <wan>
+      <if>pppoe0</if>
+      <descr>WAN</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <ipaddr>pppoe</ipaddr>
+      <blockpriv>1</blockpriv>
+      <blockbogons>1</blockbogons>
+    </wan>
+    <lan>
+      <if>em1</if>
+      <descr>LAN</descr>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>192.168.20.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <track6-interface/>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <if>lo0</if>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <ipaddr>127.0.0.1</ipaddr>
+      <type>none</type>
+      <virtual>1</virtual>
+      <subnet>8</subnet>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnetv6>128</subnetv6>
+    </lo0>
+    <opt1>
+      <if>em5</if>
+      <descr>backup_sync</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <ipaddr>10.10.5.1</ipaddr>
+      <subnet>24</subnet>
+    </opt1>
+    <wireguard>
+      <internal_dynamic>1</internal_dynamic>
+      <if>wireguard</if>
+      <descr>WireGuard (Group)</descr>
+      <enable>1</enable>
+      <type>group</type>
+      <virtual>1</virtual>
+      <networks/>
+    </wireguard>
+    <openvpn>
+      <internal_dynamic>1</internal_dynamic>
+      <if>openvpn</if>
+      <descr>OpenVPN</descr>
+      <enable>1</enable>
+      <type>group</type>
+      <virtual>1</virtual>
+      <networks/>
+    </openvpn>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable>1</enable>
+      <gateway>192.168.20.1</gateway>
+      <domain>somedomain.yourlocal.mcd</domain>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+      <range>
+        <from>192.168.20.50</from>
+        <to>192.168.20.200</to>
+      </range>
+      <winsserver/>
+      <dnsserver>192.168.20.1</dnsserver>
+      <ntpserver/>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.160</ipaddr>
+        <hostname>somehost983</hostname>
+        <descr>someservire8</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.155</ipaddr>
+        <hostname>somehost893</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.50</ipaddr>
+        <hostname>hostswitch2</hostname>
+        <descr>switch-2 (bottom)</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>00:00:00:00:00:00</mac>
+        <ipaddr>192.168.20.100</ipaddr>
+        <hostname>hostname</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <pool/>
+    </lan>
+  </dhcpd>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <syslog>
+    <reverse/>
+    <preservelogs>3</preservelogs>
+  </syslog>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_618812d37b8193.31302503</associated-rule-id>
+      <target>host_3</target>
+      <local-port>22</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>55555</port>
+      </destination>
+      <updated>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.506</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.506</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_651ffc35e573d9.09092618</associated-rule-id>
+      <target>192.168.20.140</target>
+      <local-port>22</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>30140</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+  </nat>
+  <filter>
+    <rule uuid="36bf9a49-7705-40d4-9ea8-815a215ce007">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>allow public connections to vpn</descr>
+      <direction>in</direction>
+      <category>wireguard</category>
+      <quick>1</quick>
+      <protocol>udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>51820</port>
+      </destination>
+      <updated>
+        <username>root@192.168.1.118</username>
+        <time>1636306863.2747</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636305029.8036</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <associated-rule-id>nat_670979b3279551.73601303</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>port forwarding for virtual ip for someservice2 servers</descr>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.1</address>
+        <port>55555</port>
+      </destination>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728674227.1622</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+      <disabled>1</disabled>
+    </rule>
+  </filter>
+  <load_balancer>
+    <monitor_type>
+      <name>ICMP</name>
+      <type>icmp</type>
+      <descr>ICMP</descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>TCP</name>
+      <type>tcp</type>
+      <descr>Generic TCP</descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>HTTP</name>
+      <type>http</type>
+      <descr>Generic HTTP</descr>
+      <options>
+        <path>/</path>
+        <host/>
+        <code>200</code>
+      </options>
+    </monitor_type>
+  </load_balancer>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <widgets>
+    <sequence>system_information-container:00000000-col3:show,traffic_graphs-container:00000001-col3:show,thermal_sensors-container:00000002-col3:show,log-container:00000003-col3:show,services_status-container:00000004-col4:show,gateways-container:00000005-col4:show,interface_list-container:00000006-col4:show,carp_status-container:00000007-col4:show,wireguard-container:00000008-col4:show,dyn_dns_status-container:00000009-col4:show,system_log-container:00000010-col4:show</sequence>
+    <column_count>2</column_count>
+  </widgets>
+  <revision>
+    <username>root@172.12.0.12</username>
+    <time>1728676391.9878</time>
+    <description>/firewall_nat.php made changes</description>
+  </revision>
+  <OPNsense>
+    <captiveportal version="1.0.1">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <cron version="1.0.4">
+      <jobs/>
+    </cron>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces/>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Category version="1.0.0">
+        <categories>
+          <category uuid="1d91d52b-7588-40c5-8c2c-05acdfcf8c1e">
+            <name>wireguard</name>
+            <auto>1</auto>
+            <color/>
+          </category>
+        </categories>
+      </Category>
+      <Alias version="1.0.1">
+        <geoip>
+          <url/>
+        </geoip>
+        <aliases>
+          <alias uuid="298089ad-f84a-4dda-9c10-6653a7464294">
+            <enabled>1</enabled>
+            <name>x3690_3</name>
+            <type>host</type>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.1.136</content>
+            <categories/>
+            <description/>
+          </alias>
+          <alias uuid="e80d6d23-a0b0-4432-aff5-b5be0557eb01">
+            <enabled>1</enabled>
+            <name>someservice2_vip</name>
+            <type>host</type>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.20.225</content>
+            <categories/>
+            <description>alias for someservice2 vip</description>
+          </alias>
+        </aliases>
+      </Alias>
+    </Firewall>
+    <IDS version="1.0.9">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files/>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo>ac</MPMAlgo>
+        <detect>
+          <Profile>medium</Profile>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+      </general>
+    </IDS>
+    <IPsec version="1.0.1">
+      <general>
+        <enabled/>
+      </general>
+      <keyPairs/>
+      <preSharedKeys/>
+    </IPsec>
+    <Interfaces>
+      <vxlans version="1.0.1"/>
+      <loopbacks version="1.0.0"/>
+    </Interfaces>
+    <monit version="1.0.12">
+      <general>
+        <enabled>0</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>127.0.0.1</mailserver>
+        <port>25</port>
+        <username/>
+        <password/>
+        <ssl>0</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile>syslog facility log_daemon</logfile>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword>oiujds9889DSIJSDIJSDIjdj</httpdPassword>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="d307f1df-e759-4262-a4cd-7b9673f0ad36">
+        <enabled>0</enabled>
+        <recipient>root@localhost.local</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder>10</reminder>
+        <description/>
+      </alert>
+      <service uuid="9f01617b-08c1-487d-9c8a-fa1340add37e">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>da6083fd-852c-44af-9ae7-8c9de443bbc9,4f18b847-c2ab-4707-9686-bf656e187ab8,62ea6632-3554-43be-bb0b-ceceab685338,f543f50a-4e52-4afd-85ce-95fe6d61dc54</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="93365006-3a70-4d80-bab8-72fb9214a51b">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="48a4ae66-c879-40fe-a554-0f354ee67770">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <proxy version="1.0.6">
+      <general>
+        <enabled>0</enabled>
+        <error_pages>opnsense</error_pages>
+        <icpPort/>
+        <logging>
+          <enable>
+            <accessLog>1</accessLog>
+            <storeLog>1</storeLog>
+          </enable>
+          <ignoreLogACL/>
+          <target/>
+        </logging>
+        <alternateDNSservers/>
+        <dnsV4First>0</dnsV4First>
+        <forwardedForHandling>on</forwardedForHandling>
+        <uriWhitespaceHandling>strip</uriWhitespaceHandling>
+        <enablePinger>1</enablePinger>
+        <useViaHeader>1</useViaHeader>
+        <suppressVersion>0</suppressVersion>
+        <connecttimeout/>
+        <VisibleEmail>admin@localhost.local</VisibleEmail>
+        <VisibleHostname/>
+        <cache>
+          <local>
+            <enabled>0</enabled>
+            <directory>/var/squid/cache</directory>
+            <cache_mem>256</cache_mem>
+            <maximum_object_size/>
+            <maximum_object_size_in_memory/>
+            <memory_cache_mode>always</memory_cache_mode>
+            <size>100</size>
+            <l1>16</l1>
+            <l2>256</l2>
+            <cache_linux_packages>0</cache_linux_packages>
+            <cache_windows_updates>0</cache_windows_updates>
+          </local>
+        </cache>
+        <traffic>
+          <enabled>0</enabled>
+          <maxDownloadSize>2048</maxDownloadSize>
+          <maxUploadSize>1024</maxUploadSize>
+          <OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
+          <perHostTrotteling>256</perHostTrotteling>
+        </traffic>
+        <parentproxy>
+          <enabled>0</enabled>
+          <host/>
+          <enableauth>0</enableauth>
+          <user>username</user>
+          <password>password</password>
+          <port/>
+          <localdomains/>
+          <localips/>
+        </parentproxy>
+      </general>
+      <forward>
+        <interfaces>lan</interfaces>
+        <port>3128</port>
+        <sslbumpport>3129</sslbumpport>
+        <sslbump>0</sslbump>
+        <sslurlonly>0</sslurlonly>
+        <sslcertificate/>
+        <sslnobumpsites/>
+        <ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
+        <sslcrtd_children>5</sslcrtd_children>
+        <snmp_enable>0</snmp_enable>
+        <snmp_port>3401</snmp_port>
+        <snmp_password>public</snmp_password>
+        <ftpInterfaces/>
+        <ftpPort>2121</ftpPort>
+        <ftpTransparentMode>0</ftpTransparentMode>
+        <addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
+        <transparentMode>0</transparentMode>
+        <acl>
+          <allowedSubnets/>
+          <unrestricted/>
+          <bannedHosts/>
+          <whiteList/>
+          <blackList/>
+          <browser/>
+          <mimeType/>
+          <googleapps/>
+          <youtube/>
+          <safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
+          <sslPorts>443:https</sslPorts>
+          <remoteACLs>
+            <blacklists/>
+            <UpdateCron/>
+          </remoteACLs>
+        </acl>
+        <icap>
+          <enable>0</enable>
+          <RequestURL>icap://[::1]:1344/avscan</RequestURL>
+          <ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
+          <SendClientIP>1</SendClientIP>
+          <SendUsername>0</SendUsername>
+          <EncodeUsername>0</EncodeUsername>
+          <UsernameHeader>X-Username</UsernameHeader>
+          <EnablePreview>1</EnablePreview>
+          <PreviewSize>1024</PreviewSize>
+          <OptionsTTL>60</OptionsTTL>
+          <exclude/>
+        </icap>
+        <authentication>
+          <method/>
+          <authEnforceGroup/>
+          <realm>OPNsense proxy authentication</realm>
+          <credentialsttl>2</credentialsttl>
+          <children>5</children>
+        </authentication>
+      </forward>
+      <pac/>
+      <error_pages>
+        <template/>
+      </error_pages>
+    </proxy>
+    <Syslog version="1.0.1">
+      <general>
+        <enabled>1</enabled>
+      </general>
+      <destinations/>
+    </Syslog>
+    <TrafficShaper version="1.0.3">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <unboundplus version="1.0.8">
+      <general>
+        <enabled>1</enabled>
+        <port>53</port>
+        <stats/>
+        <active_interface/>
+        <dnssec/>
+        <dns64/>
+        <dns64prefix/>
+        <noarecords/>
+        <regdhcp>1</regdhcp>
+        <regdhcpdomain/>
+        <regdhcpstatic>1</regdhcpstatic>
+        <noreglladdr6/>
+        <noregrecords/>
+        <txtsupport/>
+        <cacheflush/>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad/>
+      </general>
+      <advanced>
+        <hideidentity>0</hideidentity>
+        <hideversion>0</hideversion>
+        <prefetch>0</prefetch>
+        <prefetchkey>0</prefetchkey>
+        <dnssecstripped>0</dnssecstripped>
+        <serveexpired>0</serveexpired>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset>0</serveexpiredttlreset>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict>0</qnameminstrict>
+        <extendedstatistics>0</extendedstatistics>
+        <logqueries>0</logqueries>
+        <logreplies>0</logreplies>
+        <logtagqueryreply>0</logtagqueryreply>
+        <logservfail/>
+        <loglocalactions/>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl>
+        <enabled>0</enabled>
+        <safesearch/>
+        <type/>
+        <lists/>
+        <whitelists/>
+        <blocklists/>
+        <wildcards/>
+        <address/>
+        <nxdomain>0</nxdomain>
+      </dnsbl>
+      <forwarding>
+        <enabled>0</enabled>
+      </forwarding>
+      <dots/>
+      <hosts>
+        <host uuid="a681fc39-70fa-4cf1-9331-79f5cbf9048f">
+          <enabled>1</enabled>
+          <hostname>api</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+        <host uuid="dd593e95-02bc-476f-8610-fa1ee454e950">
+          <enabled>1</enabled>
+          <hostname>api-int</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+        <host uuid="e1606f96-dd38-471f-a3d7-ad25e41e810d">
+          <enabled>1</enabled>
+          <hostname>*</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+      </hosts>
+      <aliases/>
+      <domains/>
+    </unboundplus>
+    <wireguard>
+      <general version="0.0.1">
+        <enabled>1</enabled>
+      </general>
+      <server version="0.0.4">
+        <servers>
+          <server uuid="3ec7bf83-b3b7-4fba-b4f2-a96dafbfb162">
+            <enabled>1</enabled>
+            <name>publicwg</name>
+            <instance>0</instance>
+            <pubkey>89udsjiuod109jadsSUIDSAUIduhashuiauas/asdkj=</pubkey>
+            <privkey>eH555555555555555+892jdjiodsjiodsoijsdjiodj=</privkey>
+            <port>51820</port>
+            <mtu/>
+            <dns/>
+            <tunneladdress>172.12.0.1/24</tunneladdress>
+            <disableroutes>0</disableroutes>
+            <gateway/>
+            <carp_depend_on/>
+            <peers>03031aec-2e84-462e-9eab-57762dde667a,98e6ca3d-1de9-449b-be80-77022221b509,67c0ace5-e802-4d2b-a536-f8b7a2db6f99,74b60fff-7844-4097-9966-f1c2b1ad29ff,3de82ad5-bc1b-4b91-9598-f906e58ac937,a95e6b5e-24a4-40b5-bb41-b79e784f6f1c,6c9a12c6-c1ca-4c14-866b-975406a30590,c33b308b-7125-4688-9561-989ace8787b5,e43f004a-23bf-4027-8fb0-953fbb40479f</peers>
+          </server>
+        </servers>
+      </server>
+      <client version="0.0.7">
+        <clients>
+          <client uuid="98e6ca3d-1de9-449b-be80-77022221b509">
+            <enabled>1</enabled>
+            <name>some-laptop</name>
+            <pubkey>95555555555555555555555555555FN2aCHemL3RjA8=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.8/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="74b60fff-7844-4097-9966-f1c2b1ad29ff">
+            <enabled>1</enabled>
+            <name>user2</name>
+            <pubkey>pJ555555555555555555xiUxuJof78XXugx1KUrrYg8=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.6/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="67c0ace5-e802-4d2b-a536-f8b7a2db6f99">
+            <enabled>1</enabled>
+            <name>some-phone</name>
+            <pubkey>SLQXdM/555555555555555555MWhR2WSEkaSXh1ZpXU=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.9/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+        </clients>
+      </client>
+    </wireguard>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <DynDNS version="1.5.1">
+      <general>
+        <enabled>1</enabled>
+        <verbose>0</verbose>
+        <allowipv6>0</allowipv6>
+        <daemon_delay>300</daemon_delay>
+        <backend>ddclient</backend>
+      </general>
+      <accounts>
+        <account uuid="5be8a905-3cde-4e34-b16c-e53623146c95">
+          <enabled>1</enabled>
+          <service>someddnsprovider</service>
+          <protocol/>
+          <server/>
+          <username>someusername.com</username>
+          <password>55555555555555555555555555555dsi</password>
+          <resourceId/>
+          <hostnames>yourpublic.host.com</hostnames>
+          <wildcard>0</wildcard>
+          <zone/>
+          <checkip>if</checkip>
+          <checkip_timeout>10</checkip_timeout>
+          <force_ssl>1</force_ssl>
+          <ttl>300</ttl>
+          <interface>wan</interface>
+          <description>yourpublic.host.com</description>
+        </account>
+      </accounts>
+    </DynDNS>
+    <OpenVPN version="1.0.0">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <Gateways version="0.0.1"/>
+    <HAProxy version="4.0.0">
+      <general>
+        <enabled>1</enabled>
+        <gracefulStop>0</gracefulStop>
+        <hardStopAfter>60s</hardStopAfter>
+        <closeSpreadTime/>
+        <seamlessReload>0</seamlessReload>
+        <storeOcsp>0</storeOcsp>
+        <showIntro>1</showIntro>
+        <peers>
+          <enabled>0</enabled>
+          <name1/>
+          <listen1/>
+          <port1>1024</port1>
+          <name2/>
+          <listen2/>
+          <port2>1024</port2>
+        </peers>
+        <tuning>
+          <root>0</root>
+          <maxConnections/>
+          <nbthread>1</nbthread>
+          <sslServerVerify>ignore</sslServerVerify>
+          <maxDHSize>2048</maxDHSize>
+          <bufferSize>16384</bufferSize>
+          <spreadChecks>2</spreadChecks>
+          <bogusProxyEnabled>0</bogusProxyEnabled>
+          <luaMaxMem>0</luaMaxMem>
+          <customOptions/>
+          <ssl_defaultsEnabled>0</ssl_defaultsEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+        </tuning>
+        <defaults>
+          <maxConnections/>
+          <maxConnectionsServers/>
+          <timeoutClient>30s</timeoutClient>
+          <timeoutConnect>30s</timeoutConnect>
+          <timeoutCheck/>
+          <timeoutServer>30s</timeoutServer>
+          <retries>3</retries>
+          <redispatch>x-1</redispatch>
+          <init_addr>last,libc</init_addr>
+          <customOptions/>
+        </defaults>
+        <logging>
+          <host>127.0.0.1</host>
+          <facility>local0</facility>
+          <level>info</level>
+          <length/>
+        </logging>
+        <stats>
+          <enabled>0</enabled>
+          <port>8822</port>
+          <remoteEnabled>0</remoteEnabled>
+          <remoteBind/>
+          <authEnabled>0</authEnabled>
+          <users/>
+          <allowedUsers/>
+          <allowedGroups/>
+          <customOptions/>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_bind>*:8404</prometheus_bind>
+          <prometheus_path>/metrics</prometheus_path>
+        </stats>
+        <cache>
+          <enabled>0</enabled>
+          <totalMaxSize>4</totalMaxSize>
+          <maxAge>60</maxAge>
+          <maxObjectSize/>
+          <processVary>0</processVary>
+          <maxSecondaryEntries>10</maxSecondaryEntries>
+        </cache>
+      </general>
+      <frontends>
+        <frontend uuid="379ce7bf-4df6-4b12-8aee-a32cff084d92">
+          <id>6707fe74642f67.52019899</id>
+          <enabled>1</enabled>
+          <name>some-ingress</name>
+          <description>public service redirecting traffic</description>
+          <bind>192.168.20.55:55555</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>f0c76bef-8623-4fa8-a992-61f83d504b87</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+        <frontend uuid="e5cdd687-92a0-46a1-93c0-7b26431fea92">
+          <id>670979396dea69.72299427</id>
+          <enabled>0</enabled>
+          <name>another-ingress</name>
+          <description>public service redirecting traffic with non descriptive description</description>
+          <bind>192.168.20.1:55555</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>f0c76bef-8623-4fa8-a992-61f83d504b87</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+      </frontends>
+      <backends>
+        <backend uuid="f0c76bef-8623-4fa8-a992-61f83d504b87">
+          <id>6707fa71c3cb99.64451664</id>
+          <enabled>1</enabled>
+          <name>some_servers</name>
+          <description/>
+          <mode>tcp</mode>
+          <algorithm>roundrobin</algorithm>
+          <random_draws>2</random_draws>
+          <proxyProtocol/>
+          <linkedServers>c0364e69-459d-48b2-a1d1-808324fea9cb,187d8b79-4376-45fc-9fd7-476074a7a577</linkedServers>
+          <linkedFcgi/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <source/>
+          <healthCheckEnabled>1</healthCheckEnabled>
+          <healthCheck>5110db0c-afa9-4bad-bbbe-5bbeb52262bb</healthCheck>
+          <healthCheckLogStatus>0</healthCheckLogStatus>
+          <checkInterval/>
+          <checkDownInterval/>
+          <healthCheckFall/>
+          <healthCheckRise/>
+          <linkedMailer/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <ba_advertised_protocols>h2,http11</ba_advertised_protocols>
+          <persistence>sticktable</persistence>
+          <persistence_cookiemode>piggyback</persistence_cookiemode>
+          <persistence_cookiename>SRVCOOKIE</persistence_cookiename>
+          <persistence_stripquotes>1</persistence_stripquotes>
+          <stickiness_pattern>sourceipv4</stickiness_pattern>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_cookiename/>
+          <stickiness_cookielength/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_timeoutConnect/>
+          <tuning_timeoutCheck/>
+          <tuning_timeoutServer/>
+          <tuning_retries/>
+          <customOptions/>
+          <tuning_defaultserver/>
+          <tuning_noport>0</tuning_noport>
+          <tuning_httpreuse>safe</tuning_httpreuse>
+          <tuning_caching>0</tuning_caching>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </backend>
+      </backends>
+      <servers>
+        <server uuid="c0364e69-459d-48b2-a1d1-808324fea9cb">
+          <id>6707f9a980b271.59222580</id>
+          <enabled>1</enabled>
+          <name>server1</name>
+          <description>server running on host</description>
+          <address>192.168.20.55</address>
+          <port>55555</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>1</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight>33</weight>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="187d8b79-4376-45fc-9fd7-476074a7a577">
+          <id>6707faa46d5f57.14318783</id>
+          <enabled>1</enabled>
+          <name>server2</name>
+          <description>server running something</description>
+          <address>192.168.20.155</address>
+          <port>55555</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>1</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight>67</weight>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+      </servers>
+      <healthchecks>
+        <healthcheck uuid="5110db0c-afa9-4bad-bbbe-5bbeb52262bb">
+          <name>server-loadbalancer-monitor</name>
+          <description/>
+          <type>tcp</type>
+          <interval>2s</interval>
+          <ssl>nopref</ssl>
+          <sslSNI/>
+          <force_ssl>0</force_ssl>
+          <checkport/>
+          <http_method>options</http_method>
+          <http_uri>/</http_uri>
+          <http_version>http10</http_version>
+          <http_host>localhost</http_host>
+          <http_expressionEnabled>0</http_expressionEnabled>
+          <http_expression/>
+          <http_negate>0</http_negate>
+          <http_value/>
+          <tcp_enabled>0</tcp_enabled>
+          <tcp_sendValue/>
+          <tcp_matchType>string</tcp_matchType>
+          <tcp_negate>0</tcp_negate>
+          <tcp_matchValue/>
+          <agent_port/>
+          <mysql_user/>
+          <mysql_post41>0</mysql_post41>
+          <pgsql_user/>
+          <smtp_domain/>
+          <esmtp_domain/>
+          <agentPort/>
+          <dbUser/>
+          <smtpDomain/>
+        </healthcheck>
+      </healthchecks>
+      <acls/>
+      <actions/>
+      <luas/>
+      <fcgis/>
+      <errorfiles/>
+      <mapfiles/>
+      <groups/>
+      <users/>
+      <cpus/>
+      <resolvers/>
+      <mailers/>
+      <maintenance>
+        <cronjobs>
+          <syncCerts>0</syncCerts>
+          <syncCertsCron/>
+          <updateOcsp>0</updateOcsp>
+          <updateOcspCron/>
+          <reloadService>0</reloadService>
+          <reloadServiceCron/>
+          <restartService>0</restartService>
+          <restartServiceCron/>
+        </cronjobs>
+      </maintenance>
+    </HAProxy>
+  </OPNsense>
+  <staticroutes version="1.0.0">
+    <route/>
+  </staticroutes>
+  <ca/>
+  <gateways>
+    <gateway_item/>
+  </gateways>
+  <cert>
+    <refid>6155aba4c9375</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <crt>LtCg==</crt>
+    <prv>L22o=</prv>
+  </cert>
+  <dhcpdv6/>
+  <virtualip version="1.0.0">
+    <vip uuid="756c3b4a-f61a-4406-8776-383bc429a5b3">
+      <interface>wan</interface>
+      <mode>ipalias</mode>
+      <subnet>192.168.20.155</subnet>
+      <subnet_bits>32</subnet_bits>
+      <gateway>10.11.16.17</gateway>
+      <noexpand>0</noexpand>
+      <nobind>0</nobind>
+      <password/>
+      <vhid/>
+      <advbase>1</advbase>
+      <advskew>0</advskew>
+      <descr>virtual ip for service</descr>
+    </vip>
+  </virtualip>
+  <openvpn>
+    <openvpn-server/>
+    <openvpn-client/>
+  </openvpn>
+  <ppps>
+    <ppp>
+      <ptpid>0</ptpid>
+      <type>pppoe</type>
+      <if>pppoe0</if>
+      <ports>em0</ports>
+      <username>someuser@ppoeserver.com</username>
+      <password>5555555555AyNA==</password>
+    </ppp>
+  </ppps>
+  <dyndnses>
+    <dyndns>
+      <type>someddnsprovider</type>
+      <username/>
+      <password>5555555555ee479874398u1298e98u18</password>
+      <host>yourpublic.host.com</host>
+      <mx/>
+      <interface>wan</interface>
+      <zoneid/>
+      <resourceid/>
+      <ttl/>
+      <updateurl/>
+      <resultmatch/>
+      <requestif>wan</requestif>
+      <descr/>
+      <id>0</id>
+    </dyndns>
+  </dyndnses>
+  <vlans version="1.0.0">
+    <vlan/>
+  </vlans>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <gifs>
+    <gif/>
+  </gifs>
+  <gres>
+    <gre/>
+  </gres>
+  <laggs version="1.0.0"/>
+  <wireless>
+    <clone/>
+  </wireless>
+  <hasync>
+    <synchronizealiases>on</synchronizealiases>
+    <synchronizeauthservers>on</synchronizeauthservers>
+    <synchronizecerts>on</synchronizecerts>
+    <synchronizedhcpd>on</synchronizedhcpd>
+    <synchronizenat>on</synchronizenat>
+    <synchronizerules>on</synchronizerules>
+    <synchronizeschedules>on</synchronizeschedules>
+    <synchronizestaticroutes>on</synchronizestaticroutes>
+    <synchronizeusers>on</synchronizeusers>
+    <synchronizevirtualip>on</synchronizevirtualip>
+    <synchronizewidgets>on</synchronizewidgets>
+    <synchronizedhcrelay>on</synchronizedhcrelay>
+    <synchronizedhcpdv6>on</synchronizedhcpdv6>
+    <synchronizedhcrelay6>on</synchronizedhcrelay6>
+    <synchronizentpd>on</synchronizentpd>
+    <synchronizesyslog>on</synchronizesyslog>
+    <synchronizecron>on</synchronizecron>
+    <synchronizesysctl>on</synchronizesysctl>
+    <synchronizewebgui>on</synchronizewebgui>
+    <synchronizednsforwarder>on</synchronizednsforwarder>
+    <synchronizeshaper>on</synchronizeshaper>
+    <synchronizecaptiveportal>on</synchronizecaptiveportal>
+    <synchronizeipsec>on</synchronizeipsec>
+    <synchronizemonit>on</synchronizemonit>
+    <synchronizessh>on</synchronizessh>
+    <synchronizeopenvpn>on</synchronizeopenvpn>
+    <synchronizeifgroups>on</synchronizeifgroups>
+    <synchronizecategories>on</synchronizecategories>
+    <synchronizelvtemplate>on</synchronizelvtemplate>
+    <synchronizesquid>on</synchronizesquid>
+    <synchronizesuricata>on</synchronizesuricata>
+    <synchronizednsresolver>on</synchronizednsresolver>
+    <pfsyncinterface>opt1</pfsyncinterface>
+    <synchronizetoip>10.10.5.2</synchronizetoip>
+    <username>root</username>
+    <password>555555555</password>
+    <pfsyncenabled>on</pfsyncenabled>
+    <disablepreempt>on</disablepreempt>
+    <disconnectppps>on</disconnectppps>
+  </hasync>
+  <ifgroups version="1.0.0"/>
+</opnsense>
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-structure.xml b/harmony-rs/opnsense-config/src/tests/data/config-structure.xml
new file mode 100644
index 0000000..7816a8a
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-structure.xml
@@ -0,0 +1,1423 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense</theme>
+  <sysctl>
+    <item>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+      <tunable>vfs.read_max</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value>default</value>
+    </item>
+  </sysctl>
+  <system>
+    <use_mfs_tmp/>
+    <use_mfs_var/>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>serial</primaryconsole>
+    <secondaryconsole>video</secondaryconsole>
+    <optimization>normal</optimization>
+    <hostname>OPN1</hostname>
+    <domain>somedomain.yourlocal.mcd</domain>
+    <group>
+      <name>admins</name>
+      <description>System Administrators</description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <member>2000</member>
+      <priv>page-all</priv>
+    </group>
+    <user>
+      <name>root</name>
+      <descr>System Administrator</descr>
+      <scope>system</scope>
+      <groupname>admins</groupname>
+      <password>$2y$10$5555555555o8dj21980j1doiOIJDIOASJOID!jidjeue19812y</password>
+      <uid>0</uid>
+      <expires/>
+      <authorizedkeys/>
+      <ipsecpsk/>
+      <otp_seed/>
+    </user>
+    <user>
+      <password>$2y$11$55555555556D8198uOASIDJaiojdjd1oijdijosaoijdaoidOIASJDoijdoiadOASdoiK</password>
+      <scope>user</scope>
+      <name>someuser</name>
+      <descr/>
+      <expires/>
+      <authorizedkeys/>
+      <ipsecpsk/>
+      <otp_seed/>
+      <shell>/bin/sh</shell>
+      <uid>2000</uid>
+    </user>
+    <nextuid>2001</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>6155aba4c9375</ssl-certref>
+      <port/>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression/>
+    </webgui>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <crypto_hardware>aesni</crypto_hardware>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <kill_states>1</kill_states>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces/>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <enabled>enabled</enabled>
+      <passwordauth>1</passwordauth>
+      <keysig/>
+      <permitrootlogin>1</permitrootlogin>
+    </ssh>
+    <firmware version="1.0.1">
+      <mirror/>
+      <flavour/>
+      <plugins>os-ddclient,os-dyndns,os-haproxy,os-wireguard</plugins>
+      <type/>
+      <subscription/>
+    </firmware>
+    <sudo_allow_wheel>1</sudo_allow_wheel>
+    <sudo_allow_group>admins</sudo_allow_group>
+    <enablenatreflectionhelper>yes</enablenatreflectionhelper>
+    <rulesetoptimization>basic</rulesetoptimization>
+    <maximumstates/>
+    <maximumfrags/>
+    <aliasesresolveinterval/>
+    <maximumtableentries/>
+    <language>en_US</language>
+    <dnsserver/>
+    <dns1gw>none</dns1gw>
+    <dns2gw>none</dns2gw>
+    <dns3gw>none</dns3gw>
+    <dns4gw>none</dns4gw>
+    <dns5gw>none</dns5gw>
+    <dns6gw>none</dns6gw>
+    <dns7gw>none</dns7gw>
+    <dns8gw>none</dns8gw>
+    <dnsallowoverride>1</dnsallowoverride>
+    <dnsallowoverride_exclude/>
+  </system>
+  <interfaces>
+    <wan>
+      <if>pppoe0</if>
+      <descr>WAN</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <ipaddr>pppoe</ipaddr>
+      <blockpriv>1</blockpriv>
+      <blockbogons>1</blockbogons>
+    </wan>
+    <lan>
+      <if>em1</if>
+      <descr>LAN</descr>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>192.168.20.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <track6-interface/>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <if>lo0</if>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <ipaddr>127.0.0.1</ipaddr>
+      <type>none</type>
+      <virtual>1</virtual>
+      <subnet>8</subnet>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnetv6>128</subnetv6>
+    </lo0>
+    <opt1>
+      <if>em5</if>
+      <descr>backup_sync</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <ipaddr>10.10.5.1</ipaddr>
+      <subnet>24</subnet>
+    </opt1>
+    <wireguard>
+      <internal_dynamic>1</internal_dynamic>
+      <if>wireguard</if>
+      <descr>WireGuard (Group)</descr>
+      <enable>1</enable>
+      <type>group</type>
+      <virtual>1</virtual>
+      <networks/>
+    </wireguard>
+    <openvpn>
+      <internal_dynamic>1</internal_dynamic>
+      <if>openvpn</if>
+      <descr>OpenVPN</descr>
+      <enable>1</enable>
+      <type>group</type>
+      <virtual>1</virtual>
+      <networks/>
+    </openvpn>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable>1</enable>
+      <gateway>192.168.20.1</gateway>
+      <domain>somedomain.yourlocal.mcd</domain>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+      <range>
+        <from>192.168.20.50</from>
+        <to>192.168.20.200</to>
+      </range>
+      <winsserver/>
+      <dnsserver>192.168.20.1</dnsserver>
+      <ntpserver/>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.160</ipaddr>
+        <hostname>somehost983</hostname>
+        <descr>someservire8</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.155</ipaddr>
+        <hostname>somehost893</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.50</ipaddr>
+        <hostname>hostswitch2</hostname>
+        <descr>switch-2 (bottom)</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <pool/>
+    </lan>
+  </dhcpd>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <syslog>
+    <reverse/>
+    <preservelogs>3</preservelogs>
+  </syslog>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_618812d37b8193.31302503</associated-rule-id>
+      <target>host_3</target>
+      <local-port>22</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>55555</port>
+      </destination>
+      <updated>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.506</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.506</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_651ffc35e573d9.09092618</associated-rule-id>
+      <target>192.168.20.140</target>
+      <local-port>22</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>30140</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+  </nat>
+  <filter>
+    <rule uuid="36bf9a49-7705-40d4-9ea8-815a215ce007">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>allow public connections to vpn</descr>
+      <direction>in</direction>
+      <category>wireguard</category>
+      <quick>1</quick>
+      <protocol>udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>51820</port>
+      </destination>
+      <updated>
+        <username>root@192.168.1.118</username>
+        <time>1636306863.2747</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636305029.8036</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <associated-rule-id>nat_670979b3279551.73601303</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>port forwarding for virtual ip for someservice2 servers</descr>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.1</address>
+        <port>55555</port>
+      </destination>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728674227.1622</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+      <disabled>1</disabled>
+    </rule>
+  </filter>
+  <load_balancer>
+    <monitor_type>
+      <name>ICMP</name>
+      <type>icmp</type>
+      <descr>ICMP</descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>TCP</name>
+      <type>tcp</type>
+      <descr>Generic TCP</descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>HTTP</name>
+      <type>http</type>
+      <descr>Generic HTTP</descr>
+      <options>
+        <path>/</path>
+        <host/>
+        <code>200</code>
+      </options>
+    </monitor_type>
+  </load_balancer>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <widgets>
+    <sequence>system_information-container:00000000-col3:show,traffic_graphs-container:00000001-col3:show,thermal_sensors-container:00000002-col3:show,log-container:00000003-col3:show,services_status-container:00000004-col4:show,gateways-container:00000005-col4:show,interface_list-container:00000006-col4:show,carp_status-container:00000007-col4:show,wireguard-container:00000008-col4:show,dyn_dns_status-container:00000009-col4:show,system_log-container:00000010-col4:show</sequence>
+    <column_count>2</column_count>
+  </widgets>
+  <revision>
+    <username>root@172.12.0.12</username>
+    <time>1728676391.9878</time>
+    <description>/firewall_nat.php made changes</description>
+  </revision>
+  <OPNsense>
+    <captiveportal version="1.0.1">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <cron version="1.0.4">
+      <jobs/>
+    </cron>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces/>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Category version="1.0.0">
+        <categories>
+          <category uuid="1d91d52b-7588-40c5-8c2c-05acdfcf8c1e">
+            <name>wireguard</name>
+            <auto>1</auto>
+            <color/>
+          </category>
+        </categories>
+      </Category>
+      <Alias version="1.0.1">
+        <geoip>
+          <url/>
+        </geoip>
+        <aliases>
+          <alias uuid="298089ad-f84a-4dda-9c10-6653a7464294">
+            <enabled>1</enabled>
+            <name>x3690_3</name>
+            <type>host</type>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.1.136</content>
+            <categories/>
+            <description/>
+          </alias>
+          <alias uuid="e80d6d23-a0b0-4432-aff5-b5be0557eb01">
+            <enabled>1</enabled>
+            <name>someservice2_vip</name>
+            <type>host</type>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.20.225</content>
+            <categories/>
+            <description>alias for someservice2 vip</description>
+          </alias>
+        </aliases>
+      </Alias>
+    </Firewall>
+    <IDS version="1.0.9">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files/>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo>ac</MPMAlgo>
+        <detect>
+          <Profile>medium</Profile>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+      </general>
+    </IDS>
+    <IPsec version="1.0.1">
+      <general>
+        <enabled/>
+      </general>
+      <keyPairs/>
+      <preSharedKeys/>
+    </IPsec>
+    <Interfaces>
+      <vxlans version="1.0.1"/>
+      <loopbacks version="1.0.0"/>
+    </Interfaces>
+    <monit version="1.0.12">
+      <general>
+        <enabled>0</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>127.0.0.1</mailserver>
+        <port>25</port>
+        <username/>
+        <password/>
+        <ssl>0</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile>syslog facility log_daemon</logfile>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword>oiujds9889DSIJSDIJSDIjdj</httpdPassword>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="d307f1df-e759-4262-a4cd-7b9673f0ad36">
+        <enabled>0</enabled>
+        <recipient>root@localhost.local</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder>10</reminder>
+        <description/>
+      </alert>
+      <service uuid="9f01617b-08c1-487d-9c8a-fa1340add37e">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>da6083fd-852c-44af-9ae7-8c9de443bbc9,4f18b847-c2ab-4707-9686-bf656e187ab8,62ea6632-3554-43be-bb0b-ceceab685338,f543f50a-4e52-4afd-85ce-95fe6d61dc54</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="93365006-3a70-4d80-bab8-72fb9214a51b">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="48a4ae66-c879-40fe-a554-0f354ee67770">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <proxy version="1.0.6">
+      <general>
+        <enabled>0</enabled>
+        <error_pages>opnsense</error_pages>
+        <icpPort/>
+        <logging>
+          <enable>
+            <accessLog>1</accessLog>
+            <storeLog>1</storeLog>
+          </enable>
+          <ignoreLogACL/>
+          <target/>
+        </logging>
+        <alternateDNSservers/>
+        <dnsV4First>0</dnsV4First>
+        <forwardedForHandling>on</forwardedForHandling>
+        <uriWhitespaceHandling>strip</uriWhitespaceHandling>
+        <enablePinger>1</enablePinger>
+        <useViaHeader>1</useViaHeader>
+        <suppressVersion>0</suppressVersion>
+        <connecttimeout/>
+        <VisibleEmail>admin@localhost.local</VisibleEmail>
+        <VisibleHostname/>
+        <cache>
+          <local>
+            <enabled>0</enabled>
+            <directory>/var/squid/cache</directory>
+            <cache_mem>256</cache_mem>
+            <maximum_object_size/>
+            <maximum_object_size_in_memory/>
+            <memory_cache_mode>always</memory_cache_mode>
+            <size>100</size>
+            <l1>16</l1>
+            <l2>256</l2>
+            <cache_linux_packages>0</cache_linux_packages>
+            <cache_windows_updates>0</cache_windows_updates>
+          </local>
+        </cache>
+        <traffic>
+          <enabled>0</enabled>
+          <maxDownloadSize>2048</maxDownloadSize>
+          <maxUploadSize>1024</maxUploadSize>
+          <OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
+          <perHostTrotteling>256</perHostTrotteling>
+        </traffic>
+        <parentproxy>
+          <enabled>0</enabled>
+          <host/>
+          <enableauth>0</enableauth>
+          <user>username</user>
+          <password>password</password>
+          <port/>
+          <localdomains/>
+          <localips/>
+        </parentproxy>
+      </general>
+      <forward>
+        <interfaces>lan</interfaces>
+        <port>3128</port>
+        <sslbumpport>3129</sslbumpport>
+        <sslbump>0</sslbump>
+        <sslurlonly>0</sslurlonly>
+        <sslcertificate/>
+        <sslnobumpsites/>
+        <ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
+        <sslcrtd_children>5</sslcrtd_children>
+        <snmp_enable>0</snmp_enable>
+        <snmp_port>3401</snmp_port>
+        <snmp_password>public</snmp_password>
+        <ftpInterfaces/>
+        <ftpPort>2121</ftpPort>
+        <ftpTransparentMode>0</ftpTransparentMode>
+        <addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
+        <transparentMode>0</transparentMode>
+        <acl>
+          <allowedSubnets/>
+          <unrestricted/>
+          <bannedHosts/>
+          <whiteList/>
+          <blackList/>
+          <browser/>
+          <mimeType/>
+          <googleapps/>
+          <youtube/>
+          <safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
+          <sslPorts>443:https</sslPorts>
+          <remoteACLs>
+            <blacklists/>
+            <UpdateCron/>
+          </remoteACLs>
+        </acl>
+        <icap>
+          <enable>0</enable>
+          <RequestURL>icap://[::1]:1344/avscan</RequestURL>
+          <ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
+          <SendClientIP>1</SendClientIP>
+          <SendUsername>0</SendUsername>
+          <EncodeUsername>0</EncodeUsername>
+          <UsernameHeader>X-Username</UsernameHeader>
+          <EnablePreview>1</EnablePreview>
+          <PreviewSize>1024</PreviewSize>
+          <OptionsTTL>60</OptionsTTL>
+          <exclude/>
+        </icap>
+        <authentication>
+          <method/>
+          <authEnforceGroup/>
+          <realm>OPNsense proxy authentication</realm>
+          <credentialsttl>2</credentialsttl>
+          <children>5</children>
+        </authentication>
+      </forward>
+      <pac/>
+      <error_pages>
+        <template/>
+      </error_pages>
+    </proxy>
+    <Syslog version="1.0.1">
+      <general>
+        <enabled>1</enabled>
+      </general>
+      <destinations/>
+    </Syslog>
+    <TrafficShaper version="1.0.3">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <unboundplus version="1.0.8">
+      <general>
+        <enabled>1</enabled>
+        <port>53</port>
+        <stats/>
+        <active_interface/>
+        <dnssec/>
+        <dns64/>
+        <dns64prefix/>
+        <noarecords/>
+        <regdhcp>1</regdhcp>
+        <regdhcpdomain/>
+        <regdhcpstatic>1</regdhcpstatic>
+        <noreglladdr6/>
+        <noregrecords/>
+        <txtsupport/>
+        <cacheflush/>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad/>
+      </general>
+      <advanced>
+        <hideidentity>0</hideidentity>
+        <hideversion>0</hideversion>
+        <prefetch>0</prefetch>
+        <prefetchkey>0</prefetchkey>
+        <dnssecstripped>0</dnssecstripped>
+        <serveexpired>0</serveexpired>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset>0</serveexpiredttlreset>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict>0</qnameminstrict>
+        <extendedstatistics>0</extendedstatistics>
+        <logqueries>0</logqueries>
+        <logreplies>0</logreplies>
+        <logtagqueryreply>0</logtagqueryreply>
+        <logservfail/>
+        <loglocalactions/>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl>
+        <enabled>0</enabled>
+        <safesearch/>
+        <type/>
+        <lists/>
+        <whitelists/>
+        <blocklists/>
+        <wildcards/>
+        <address/>
+        <nxdomain>0</nxdomain>
+      </dnsbl>
+      <forwarding>
+        <enabled>0</enabled>
+      </forwarding>
+      <dots/>
+      <hosts>
+        <host uuid="a681fc39-70fa-4cf1-9331-79f5cbf9048f">
+          <enabled>1</enabled>
+          <hostname>api</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+        <host uuid="dd593e95-02bc-476f-8610-fa1ee454e950">
+          <enabled>1</enabled>
+          <hostname>api-int</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+        <host uuid="e1606f96-dd38-471f-a3d7-ad25e41e810d">
+          <enabled>1</enabled>
+          <hostname>*</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+      </hosts>
+      <aliases/>
+      <domains/>
+    </unboundplus>
+    <wireguard>
+      <general version="0.0.1">
+        <enabled>1</enabled>
+      </general>
+      <server version="0.0.4">
+        <servers>
+          <server uuid="3ec7bf83-b3b7-4fba-b4f2-a96dafbfb162">
+            <enabled>1</enabled>
+            <name>publicwg</name>
+            <instance>0</instance>
+            <pubkey>89udsjiuod109jadsSUIDSAUIduhashuiauas/asdkj=</pubkey>
+            <privkey>eH555555555555555+892jdjiodsjiodsoijsdjiodj=</privkey>
+            <port>51820</port>
+            <mtu/>
+            <dns/>
+            <tunneladdress>172.12.0.1/24</tunneladdress>
+            <disableroutes>0</disableroutes>
+            <gateway/>
+            <carp_depend_on/>
+            <peers>03031aec-2e84-462e-9eab-57762dde667a,98e6ca3d-1de9-449b-be80-77022221b509,67c0ace5-e802-4d2b-a536-f8b7a2db6f99,74b60fff-7844-4097-9966-f1c2b1ad29ff,3de82ad5-bc1b-4b91-9598-f906e58ac937,a95e6b5e-24a4-40b5-bb41-b79e784f6f1c,6c9a12c6-c1ca-4c14-866b-975406a30590,c33b308b-7125-4688-9561-989ace8787b5,e43f004a-23bf-4027-8fb0-953fbb40479f</peers>
+          </server>
+        </servers>
+      </server>
+      <client version="0.0.7">
+        <clients>
+          <client uuid="98e6ca3d-1de9-449b-be80-77022221b509">
+            <enabled>1</enabled>
+            <name>some-laptop</name>
+            <pubkey>95555555555555555555555555555FN2aCHemL3RjA8=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.8/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="74b60fff-7844-4097-9966-f1c2b1ad29ff">
+            <enabled>1</enabled>
+            <name>user2</name>
+            <pubkey>pJ555555555555555555xiUxuJof78XXugx1KUrrYg8=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.6/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="67c0ace5-e802-4d2b-a536-f8b7a2db6f99">
+            <enabled>1</enabled>
+            <name>some-phone</name>
+            <pubkey>SLQXdM/555555555555555555MWhR2WSEkaSXh1ZpXU=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.9/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+        </clients>
+      </client>
+    </wireguard>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <DynDNS version="1.5.1">
+      <general>
+        <enabled>1</enabled>
+        <verbose>0</verbose>
+        <allowipv6>0</allowipv6>
+        <daemon_delay>300</daemon_delay>
+        <backend>ddclient</backend>
+      </general>
+      <accounts>
+        <account uuid="5be8a905-3cde-4e34-b16c-e53623146c95">
+          <enabled>1</enabled>
+          <service>someddnsprovider</service>
+          <protocol/>
+          <server/>
+          <username>someusername.com</username>
+          <password>55555555555555555555555555555dsi</password>
+          <resourceId/>
+          <hostnames>yourpublic.host.com</hostnames>
+          <wildcard>0</wildcard>
+          <zone/>
+          <checkip>if</checkip>
+          <checkip_timeout>10</checkip_timeout>
+          <force_ssl>1</force_ssl>
+          <ttl>300</ttl>
+          <interface>wan</interface>
+          <description>yourpublic.host.com</description>
+        </account>
+      </accounts>
+    </DynDNS>
+    <OpenVPN version="1.0.0">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <Gateways version="0.0.1"/>
+    <HAProxy version="4.0.0">
+      <general>
+        <enabled>1</enabled>
+        <gracefulStop>0</gracefulStop>
+        <hardStopAfter>60s</hardStopAfter>
+        <closeSpreadTime/>
+        <seamlessReload>0</seamlessReload>
+        <storeOcsp>0</storeOcsp>
+        <showIntro>1</showIntro>
+        <peers>
+          <enabled>0</enabled>
+          <name1/>
+          <listen1/>
+          <port1>1024</port1>
+          <name2/>
+          <listen2/>
+          <port2>1024</port2>
+        </peers>
+        <tuning>
+          <root>0</root>
+          <maxConnections/>
+          <nbthread>1</nbthread>
+          <sslServerVerify>ignore</sslServerVerify>
+          <maxDHSize>2048</maxDHSize>
+          <bufferSize>16384</bufferSize>
+          <spreadChecks>2</spreadChecks>
+          <bogusProxyEnabled>0</bogusProxyEnabled>
+          <luaMaxMem>0</luaMaxMem>
+          <customOptions/>
+          <ssl_defaultsEnabled>0</ssl_defaultsEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+        </tuning>
+        <defaults>
+          <maxConnections/>
+          <maxConnectionsServers/>
+          <timeoutClient>30s</timeoutClient>
+          <timeoutConnect>30s</timeoutConnect>
+          <timeoutCheck/>
+          <timeoutServer>30s</timeoutServer>
+          <retries>3</retries>
+          <redispatch>x-1</redispatch>
+          <init_addr>last,libc</init_addr>
+          <customOptions/>
+        </defaults>
+        <logging>
+          <host>127.0.0.1</host>
+          <facility>local0</facility>
+          <level>info</level>
+          <length/>
+        </logging>
+        <stats>
+          <enabled>0</enabled>
+          <port>8822</port>
+          <remoteEnabled>0</remoteEnabled>
+          <remoteBind/>
+          <authEnabled>0</authEnabled>
+          <users/>
+          <allowedUsers/>
+          <allowedGroups/>
+          <customOptions/>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_bind>*:8404</prometheus_bind>
+          <prometheus_path>/metrics</prometheus_path>
+        </stats>
+        <cache>
+          <enabled>0</enabled>
+          <totalMaxSize>4</totalMaxSize>
+          <maxAge>60</maxAge>
+          <maxObjectSize/>
+          <processVary>0</processVary>
+          <maxSecondaryEntries>10</maxSecondaryEntries>
+        </cache>
+      </general>
+      <frontends>
+        <frontend uuid="379ce7bf-4df6-4b12-8aee-a32cff084d92">
+          <id>6707fe74642f67.52019899</id>
+          <enabled>1</enabled>
+          <name>some-ingress</name>
+          <description>public service redirecting traffic</description>
+          <bind>192.168.20.55:55555</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>f0c76bef-8623-4fa8-a992-61f83d504b87</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+        <frontend uuid="e5cdd687-92a0-46a1-93c0-7b26431fea92">
+          <id>670979396dea69.72299427</id>
+          <enabled>0</enabled>
+          <name>another-ingress</name>
+          <description>public service redirecting traffic with non descriptive description</description>
+          <bind>192.168.20.1:55555</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>f0c76bef-8623-4fa8-a992-61f83d504b87</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+      </frontends>
+      <backends>
+        <backend uuid="f0c76bef-8623-4fa8-a992-61f83d504b87">
+          <id>6707fa71c3cb99.64451664</id>
+          <enabled>1</enabled>
+          <name>some_servers</name>
+          <description/>
+          <mode>tcp</mode>
+          <algorithm>roundrobin</algorithm>
+          <random_draws>2</random_draws>
+          <proxyProtocol/>
+          <linkedServers>c0364e69-459d-48b2-a1d1-808324fea9cb,187d8b79-4376-45fc-9fd7-476074a7a577</linkedServers>
+          <linkedFcgi/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <source/>
+          <healthCheckEnabled>1</healthCheckEnabled>
+          <healthCheck>5110db0c-afa9-4bad-bbbe-5bbeb52262bb</healthCheck>
+          <healthCheckLogStatus>0</healthCheckLogStatus>
+          <checkInterval/>
+          <checkDownInterval/>
+          <healthCheckFall/>
+          <healthCheckRise/>
+          <linkedMailer/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <ba_advertised_protocols>h2,http11</ba_advertised_protocols>
+          <persistence>sticktable</persistence>
+          <persistence_cookiemode>piggyback</persistence_cookiemode>
+          <persistence_cookiename>SRVCOOKIE</persistence_cookiename>
+          <persistence_stripquotes>1</persistence_stripquotes>
+          <stickiness_pattern>sourceipv4</stickiness_pattern>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_cookiename/>
+          <stickiness_cookielength/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_timeoutConnect/>
+          <tuning_timeoutCheck/>
+          <tuning_timeoutServer/>
+          <tuning_retries/>
+          <customOptions/>
+          <tuning_defaultserver/>
+          <tuning_noport>0</tuning_noport>
+          <tuning_httpreuse>safe</tuning_httpreuse>
+          <tuning_caching>0</tuning_caching>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </backend>
+      </backends>
+      <servers>
+        <server uuid="c0364e69-459d-48b2-a1d1-808324fea9cb">
+          <id>6707f9a980b271.59222580</id>
+          <enabled>1</enabled>
+          <name>server1</name>
+          <description>server running on host</description>
+          <address>192.168.20.55</address>
+          <port>55555</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>1</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight>33</weight>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="187d8b79-4376-45fc-9fd7-476074a7a577">
+          <id>6707faa46d5f57.14318783</id>
+          <enabled>1</enabled>
+          <name>server2</name>
+          <description>server running something</description>
+          <address>192.168.20.155</address>
+          <port>55555</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>1</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight>67</weight>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+      </servers>
+      <healthchecks>
+        <healthcheck uuid="5110db0c-afa9-4bad-bbbe-5bbeb52262bb">
+          <name>server-loadbalancer-monitor</name>
+          <description/>
+          <type>tcp</type>
+          <interval>2s</interval>
+          <ssl>nopref</ssl>
+          <sslSNI/>
+          <force_ssl>0</force_ssl>
+          <checkport/>
+          <http_method>options</http_method>
+          <http_uri>/</http_uri>
+          <http_version>http10</http_version>
+          <http_host>localhost</http_host>
+          <http_expressionEnabled>0</http_expressionEnabled>
+          <http_expression/>
+          <http_negate>0</http_negate>
+          <http_value/>
+          <tcp_enabled>0</tcp_enabled>
+          <tcp_sendValue/>
+          <tcp_matchType>string</tcp_matchType>
+          <tcp_negate>0</tcp_negate>
+          <tcp_matchValue/>
+          <agent_port/>
+          <mysql_user/>
+          <mysql_post41>0</mysql_post41>
+          <pgsql_user/>
+          <smtp_domain/>
+          <esmtp_domain/>
+          <agentPort/>
+          <dbUser/>
+          <smtpDomain/>
+        </healthcheck>
+      </healthchecks>
+      <acls/>
+      <actions/>
+      <luas/>
+      <fcgis/>
+      <errorfiles/>
+      <mapfiles/>
+      <groups/>
+      <users/>
+      <cpus/>
+      <resolvers/>
+      <mailers/>
+      <maintenance>
+        <cronjobs>
+          <syncCerts>0</syncCerts>
+          <syncCertsCron/>
+          <updateOcsp>0</updateOcsp>
+          <updateOcspCron/>
+          <reloadService>0</reloadService>
+          <reloadServiceCron/>
+          <restartService>0</restartService>
+          <restartServiceCron/>
+        </cronjobs>
+      </maintenance>
+    </HAProxy>
+  </OPNsense>
+  <staticroutes version="1.0.0">
+    <route/>
+  </staticroutes>
+  <ca/>
+  <gateways>
+    <gateway_item/>
+  </gateways>
+  <cert>
+    <refid>6155aba4c9375</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <crt>LtCg==</crt>
+    <prv>L22o=</prv>
+  </cert>
+  <dhcpdv6/>
+  <virtualip version="1.0.0">
+    <vip uuid="756c3b4a-f61a-4406-8776-383bc429a5b3">
+      <interface>wan</interface>
+      <mode>ipalias</mode>
+      <subnet>192.168.20.155</subnet>
+      <subnet_bits>32</subnet_bits>
+      <gateway>10.11.16.17</gateway>
+      <noexpand>0</noexpand>
+      <nobind>0</nobind>
+      <password/>
+      <vhid/>
+      <advbase>1</advbase>
+      <advskew>0</advskew>
+      <descr>virtual ip for service</descr>
+    </vip>
+  </virtualip>
+  <openvpn>
+    <openvpn-server/>
+    <openvpn-client/>
+  </openvpn>
+  <ppps>
+    <ppp>
+      <ptpid>0</ptpid>
+      <type>pppoe</type>
+      <if>pppoe0</if>
+      <ports>em0</ports>
+      <username>someuser@ppoeserver.com</username>
+      <password>5555555555AyNA==</password>
+    </ppp>
+  </ppps>
+  <dyndnses>
+    <dyndns>
+      <type>someddnsprovider</type>
+      <username/>
+      <password>5555555555ee479874398u1298e98u18</password>
+      <host>yourpublic.host.com</host>
+      <mx/>
+      <interface>wan</interface>
+      <zoneid/>
+      <resourceid/>
+      <ttl/>
+      <updateurl/>
+      <resultmatch/>
+      <requestif>wan</requestif>
+      <descr/>
+      <id>0</id>
+    </dyndns>
+  </dyndnses>
+  <vlans version="1.0.0">
+    <vlan/>
+  </vlans>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <gifs>
+    <gif/>
+  </gifs>
+  <gres>
+    <gre/>
+  </gres>
+  <laggs version="1.0.0"/>
+  <wireless>
+    <clone/>
+  </wireless>
+  <hasync>
+    <synchronizealiases>on</synchronizealiases>
+    <synchronizeauthservers>on</synchronizeauthservers>
+    <synchronizecerts>on</synchronizecerts>
+    <synchronizedhcpd>on</synchronizedhcpd>
+    <synchronizenat>on</synchronizenat>
+    <synchronizerules>on</synchronizerules>
+    <synchronizeschedules>on</synchronizeschedules>
+    <synchronizestaticroutes>on</synchronizestaticroutes>
+    <synchronizeusers>on</synchronizeusers>
+    <synchronizevirtualip>on</synchronizevirtualip>
+    <synchronizewidgets>on</synchronizewidgets>
+    <synchronizedhcrelay>on</synchronizedhcrelay>
+    <synchronizedhcpdv6>on</synchronizedhcpdv6>
+    <synchronizedhcrelay6>on</synchronizedhcrelay6>
+    <synchronizentpd>on</synchronizentpd>
+    <synchronizesyslog>on</synchronizesyslog>
+    <synchronizecron>on</synchronizecron>
+    <synchronizesysctl>on</synchronizesysctl>
+    <synchronizewebgui>on</synchronizewebgui>
+    <synchronizednsforwarder>on</synchronizednsforwarder>
+    <synchronizeshaper>on</synchronizeshaper>
+    <synchronizecaptiveportal>on</synchronizecaptiveportal>
+    <synchronizeipsec>on</synchronizeipsec>
+    <synchronizemonit>on</synchronizemonit>
+    <synchronizessh>on</synchronizessh>
+    <synchronizeopenvpn>on</synchronizeopenvpn>
+    <synchronizeifgroups>on</synchronizeifgroups>
+    <synchronizecategories>on</synchronizecategories>
+    <synchronizelvtemplate>on</synchronizelvtemplate>
+    <synchronizesquid>on</synchronizesquid>
+    <synchronizesuricata>on</synchronizesuricata>
+    <synchronizednsresolver>on</synchronizednsresolver>
+    <pfsyncinterface>opt1</pfsyncinterface>
+    <synchronizetoip>10.10.5.2</synchronizetoip>
+    <username>root</username>
+    <password>555555555</password>
+    <pfsyncenabled>on</pfsyncenabled>
+    <disablepreempt>on</disablepreempt>
+    <disconnectppps>on</disconnectppps>
+  </hasync>
+  <ifgroups version="1.0.0"/>
+</opnsense>
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-vm-test.xml b/harmony-rs/opnsense-config/src/tests/data/config-vm-test.xml
new file mode 100644
index 0000000..1d176b4
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-vm-test.xml
@@ -0,0 +1,994 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense</theme>
+  <sysctl>
+    <item>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+      <tunable>vfs.read_max</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop packets to closed TCP ports without returning a RST</descr>
+      <tunable>net.inet.tcp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
+      <tunable>net.inet.udp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize the ID field in IP packets</descr>
+      <tunable>net.inet.ip.random_id</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
+      <tunable>net.inet.ip.sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
+      <tunable>net.inet.ip.accept_sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        This option turns off the logging of redirect packets because there is no limit and this could fill
+        up your logs consuming your whole hard drive.
+      </descr>
+      <tunable>net.inet.icmp.log_redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
+      <tunable>net.inet.tcp.drop_synfin</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable sending IPv6 redirects</descr>
+      <tunable>net.inet6.ip6.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
+      <tunable>net.inet6.ip6.use_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Prefer privacy addresses and use them over the normal addresses</descr>
+      <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
+      <tunable>net.inet.tcp.syncookies</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
+      <tunable>net.inet.tcp.recvspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
+      <tunable>net.inet.tcp.sendspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
+      <tunable>net.inet.tcp.delayed_ack</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.inet.udp.maxdgram</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
+      <tunable>net.link.bridge.pfil_onlyip</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
+      <tunable>net.link.bridge.pfil_local_phys</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
+      <tunable>net.link.bridge.pfil_member</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to enable filtering on the bridge interface</descr>
+      <tunable>net.link.bridge.pfil_bridge</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Allow unprivileged access to tap(4) device nodes</descr>
+      <tunable>net.link.tap.user_open</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
+      <tunable>kern.randompid</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
+      <tunable>hw.syscons.kbd_reboot</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable TCP extended debugging</descr>
+      <tunable>net.inet.tcp.log_debug</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set ICMP Limits</descr>
+      <tunable>net.inet.icmp.icmplim</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>TCP Offload Engine</descr>
+      <tunable>net.inet.tcp.tso</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>UDP Checksums</descr>
+      <tunable>net.inet.udp.checksum</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum socket buffer size</descr>
+      <tunable>kern.ipc.maxsockbuf</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
+      <tunable>vm.pmap.pti</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
+      <tunable>hw.ibrs_disable</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other groups</descr>
+      <tunable>security.bsd.see_other_gids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other users</descr>
+      <tunable>security.bsd.see_other_uids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+        and for the sender directly reachable, route and next hop is known.
+      </descr>
+      <tunable>net.inet.ip.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.local.dgram.maxdgram</tunable>
+      <value>default</value>
+    </item>
+  </sysctl>
+  <system>
+    <optimization>normal</optimization>
+    <hostname>OPNsense</hostname>
+    <domain>localdomain</domain>
+    <dnsallowoverride>1</dnsallowoverride>
+    <group>
+      <name>admins</name>
+      <description>System Administrators</description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <priv>page-all</priv>
+    </group>
+    <user>
+      <name>root</name>
+      <descr>System Administrator</descr>
+      <scope>system</scope>
+      <groupname>admins</groupname>
+      <password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
+      <uid>0</uid>
+    </user>
+    <nextuid>2000</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>6734d6c82dc59</ssl-certref>
+      <port/>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression/>
+    </webgui>
+    <disablenatreflection>yes</disablenatreflection>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces/>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <keysig/>
+      <enabled>enabled</enabled>
+      <passwordauth>1</passwordauth>
+      <permitrootlogin>1</permitrootlogin>
+    </ssh>
+    <rrdbackup>-1</rrdbackup>
+    <netflowbackup>-1</netflowbackup>
+    <firmware version="1.0.1">
+      <mirror/>
+      <flavour/>
+      <plugins/>
+      <type/>
+      <subscription/>
+      <reboot/>
+    </firmware>
+    <dnsserver>192.168.5.1</dnsserver>
+    <language>en_US</language>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>video</primaryconsole>
+    <secondaryconsole>serial</secondaryconsole>
+  </system>
+  <interfaces>
+    <lan>
+      <enable>1</enable>
+      <if>le1</if>
+      <ipaddr>10.100.8.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <subnetv6>64</subnetv6>
+      <media/>
+      <mediaopt/>
+      <track6-interface>wan</track6-interface>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <if>lo0</if>
+      <ipaddr>127.0.0.1</ipaddr>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnet>8</subnet>
+      <subnetv6>128</subnetv6>
+      <type>none</type>
+      <virtual>1</virtual>
+    </lo0>
+    <wan>
+      <if>le0</if>
+      <descr/>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>dhcp</ipaddr>
+      <dhcphostname/>
+      <alias-address/>
+      <alias-subnet>32</alias-subnet>
+      <dhcprejectfrom/>
+      <adv_dhcp_pt_timeout/>
+      <adv_dhcp_pt_retry/>
+      <adv_dhcp_pt_select_timeout/>
+      <adv_dhcp_pt_reboot/>
+      <adv_dhcp_pt_backoff_cutoff/>
+      <adv_dhcp_pt_initial_interval/>
+      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
+      <adv_dhcp_send_options/>
+      <adv_dhcp_request_options/>
+      <adv_dhcp_required_options/>
+      <adv_dhcp_option_modifiers/>
+      <adv_dhcp_config_advanced/>
+      <adv_dhcp_config_file_override/>
+      <adv_dhcp_config_file_override_path/>
+    </wan>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable/>
+      <range>
+        <from>10.100.8.10</from>
+        <to>10.100.8.245</to>
+      </range>
+      <staticmap>
+        <mac>d8:5e:d3:e7:2c:8c</mac>
+        <ipaddr>10.100.8.15</ipaddr>
+        <hostname>rtx4090</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+    </lan>
+  </dhcpd>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+  </nat>
+  <filter>
+    <rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>80</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518072.7612</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518072.7612</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>443</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518084.0639</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518084.0639</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp/udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <any>1</any>
+        <port>22</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518114.2801</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518114.2801</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow ping</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>icmp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>(self)</network>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518356.7559</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518311.7033</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
+      <type>pass</type>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Default allow LAN to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
+      <type>pass</type>
+      <ipprotocol>inet6</ipprotocol>
+      <descr>Default allow LAN IPv6 to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+  </filter>
+  <rrd>
+    <enable/>
+  </rrd>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <widgets>
+    <sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
+    <column_count>2</column_count>
+  </widgets>
+  <revision>
+    <username>root@192.168.5.204</username>
+    <time>1731534516.7156</time>
+    <description>/interfaces.php made changes</description>
+  </revision>
+  <OPNsense>
+    <DHCRelay version="1.0.1"/>
+    <wireguard>
+      <client version="1.0.0">
+        <clients/>
+      </client>
+      <general version="0.0.1">
+        <enabled>0</enabled>
+      </general>
+      <server version="1.0.0">
+        <servers/>
+      </server>
+    </wireguard>
+    <IPsec version="1.0.1">
+      <general>
+        <enabled/>
+      </general>
+      <keyPairs/>
+      <preSharedKeys/>
+    </IPsec>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <OpenVPN version="1.0.0">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <captiveportal version="1.0.2">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <cron version="1.0.4">
+      <jobs/>
+    </cron>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Alias version="1.0.1">
+        <geoip>
+          <url/>
+        </geoip>
+        <aliases/>
+      </Alias>
+      <Category version="1.0.0">
+        <categories/>
+      </Category>
+      <Filter version="1.0.4">
+        <rules/>
+        <snatrules/>
+        <npt/>
+        <onetoone/>
+      </Filter>
+    </Firewall>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces/>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <IDS version="1.0.9">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files/>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo/>
+        <detect>
+          <Profile/>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+      </general>
+    </IDS>
+    <Interfaces>
+      <loopbacks version="1.0.0"/>
+      <neighbors version="1.0.0"/>
+      <vxlans version="1.0.2"/>
+    </Interfaces>
+    <Kea>
+      <ctrl_agent version="0.0.1">
+        <general>
+          <enabled>0</enabled>
+          <http_host>127.0.0.1</http_host>
+          <http_port>8000</http_port>
+        </general>
+      </ctrl_agent>
+      <dhcp4 version="1.0.0">
+        <general>
+          <enabled>0</enabled>
+          <interfaces/>
+          <valid_lifetime>4000</valid_lifetime>
+          <fwrules>1</fwrules>
+        </general>
+        <ha>
+          <enabled>0</enabled>
+          <this_server_name/>
+        </ha>
+        <subnets/>
+        <reservations/>
+        <ha_peers/>
+      </dhcp4>
+    </Kea>
+    <monit version="1.0.13">
+      <general>
+        <enabled>0</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>127.0.0.1</mailserver>
+        <port>25</port>
+        <username/>
+        <password/>
+        <ssl>0</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile/>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword/>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
+        <enabled>0</enabled>
+        <recipient>root@localhost.local</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder/>
+        <description/>
+      </alert>
+      <service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
+        <enabled>1</enabled>
+        <name>RootFs</name>
+        <description/>
+        <type>filesystem</type>
+        <pidfile/>
+        <match/>
+        <path>/</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
+        <enabled>0</enabled>
+        <name>carp_status_change</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
+        <enabled>0</enabled>
+        <name>gateway_alert</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
+        <name>NetworkSaturation</name>
+        <type>NetworkInterface</type>
+        <condition>saturation is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
+        <name>MemoryUsage</name>
+        <type>SystemResource</type>
+        <condition>memory usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
+        <name>CPUUsage</name>
+        <type>SystemResource</type>
+        <condition>cpu usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="c0708923-88de-4178-abdd-819737440ce0">
+        <name>LoadAvg1</name>
+        <type>SystemResource</type>
+        <condition>loadavg (1min) is greater than 4</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
+        <name>LoadAvg5</name>
+        <type>SystemResource</type>
+        <condition>loadavg (5min) is greater than 3</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
+        <name>LoadAvg15</name>
+        <type>SystemResource</type>
+        <condition>loadavg (15min) is greater than 2</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
+        <name>SpaceUsage</name>
+        <type>SpaceUsage</type>
+        <condition>space usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
+        <name>ChangedStatus</name>
+        <type>ProgramStatus</type>
+        <condition>changed status</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
+        <name>NonZeroStatus</name>
+        <type>ProgramStatus</type>
+        <condition>status != 0</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <Gateways version="1.0.0">
+      <gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
+        <disabled>0</disabled>
+        <name>WAN_GW</name>
+        <descr>Interface WAN Gateway</descr>
+        <interface>wan</interface>
+        <ipprotocol>inet</ipprotocol>
+        <gateway>172.17.0.1</gateway>
+        <defaultgw>1</defaultgw>
+        <fargw>0</fargw>
+        <monitor_disable>1</monitor_disable>
+        <monitor_noroute/>
+        <monitor/>
+        <force_down/>
+        <priority>255</priority>
+        <weight>1</weight>
+        <latencylow/>
+        <latencyhigh/>
+        <losslow/>
+        <losshigh/>
+        <interval/>
+        <time_period/>
+        <loss_interval/>
+        <data_length/>
+      </gateway_item>
+    </Gateways>
+    <Syslog version="1.0.2">
+      <general>
+        <enabled>1</enabled>
+        <loglocal>1</loglocal>
+        <maxpreserve>31</maxpreserve>
+        <maxfilesize/>
+      </general>
+      <destinations/>
+    </Syslog>
+    <TrafficShaper version="1.0.3">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <unboundplus version="1.0.9">
+      <general>
+        <enabled>1</enabled>
+        <port>53</port>
+        <stats/>
+        <active_interface/>
+        <dns64/>
+        <dns64prefix/>
+        <noarecords/>
+        <regdhcp/>
+        <regdhcpdomain/>
+        <regdhcpstatic/>
+        <noreglladdr6/>
+        <noregrecords/>
+        <txtsupport/>
+        <cacheflush/>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad/>
+      </general>
+      <advanced>
+        <hideidentity/>
+        <hideversion/>
+        <prefetch/>
+        <prefetchkey/>
+        <aggressivensec>1</aggressivensec>
+        <serveexpired/>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset/>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict/>
+        <extendedstatistics/>
+        <logqueries/>
+        <logreplies/>
+        <logtagqueryreply/>
+        <logservfail/>
+        <loglocalactions/>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl>
+        <enabled>0</enabled>
+        <safesearch/>
+        <type/>
+        <lists/>
+        <whitelists/>
+        <blocklists/>
+        <wildcards/>
+        <address/>
+        <nxdomain/>
+      </dnsbl>
+      <forwarding>
+        <enabled/>
+      </forwarding>
+      <dots/>
+      <hosts/>
+      <aliases/>
+      <domains/>
+    </unboundplus>
+  </OPNsense>
+  <hasync version="1.0.0">
+    <disablepreempt>0</disablepreempt>
+    <disconnectppps>0</disconnectppps>
+    <pfsyncenabled>0</pfsyncenabled>
+    <pfsyncinterface>lan</pfsyncinterface>
+    <pfsyncpeerip/>
+    <pfsyncversion>1400</pfsyncversion>
+    <synchronizetoip/>
+    <username/>
+    <password/>
+    <syncitems/>
+  </hasync>
+  <openvpn/>
+  <ifgroups version="1.0.0"/>
+  <gifs version="1.0.0">
+    <gif/>
+  </gifs>
+  <gres version="1.0.0">
+    <gre/>
+  </gres>
+  <laggs version="1.0.0">
+    <lagg/>
+  </laggs>
+  <virtualip version="1.0.0">
+    <vip/>
+  </virtualip>
+  <vlans version="1.0.0">
+    <vlan/>
+  </vlans>
+  <staticroutes version="1.0.0">
+    <route/>
+  </staticroutes>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <ppps>
+    <ppp/>
+  </ppps>
+  <wireless>
+    <clone/>
+  </wireless>
+  <ca/>
+  <dhcpdv6/>
+  <cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
+    <refid>6734d13fa9e4a</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <caref/>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+  </cert>
+  <cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
+    <refid>6734d6c82dc59</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <caref/>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+  </cert>
+  <syslog/>
+</opnsense>
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-vm-test_cheat_descr.xml b/harmony-rs/opnsense-config/src/tests/data/config-vm-test_cheat_descr.xml
new file mode 100644
index 0000000..4f1442a
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-vm-test_cheat_descr.xml
@@ -0,0 +1,987 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense</theme>
+  <sysctl>
+    <item>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+      <tunable>vfs.read_max</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop packets to closed TCP ports without returning a RST</descr>
+      <tunable>net.inet.tcp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
+      <tunable>net.inet.udp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize the ID field in IP packets</descr>
+      <tunable>net.inet.ip.random_id</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.</descr>
+      <tunable>net.inet.ip.sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.</descr>
+      <tunable>net.inet.ip.accept_sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>This option turns off the logging of redirect packets because there is no limit and this could fill
+        up your logs consuming your whole hard drive.</descr>
+      <tunable>net.inet.icmp.log_redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
+      <tunable>net.inet.tcp.drop_synfin</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable sending IPv6 redirects</descr>
+      <tunable>net.inet6.ip6.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
+      <tunable>net.inet6.ip6.use_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Prefer privacy addresses and use them over the normal addresses</descr>
+      <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
+      <tunable>net.inet.tcp.syncookies</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
+      <tunable>net.inet.tcp.recvspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
+      <tunable>net.inet.tcp.sendspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
+      <tunable>net.inet.tcp.delayed_ack</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.inet.udp.maxdgram</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
+      <tunable>net.link.bridge.pfil_onlyip</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
+      <tunable>net.link.bridge.pfil_local_phys</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
+      <tunable>net.link.bridge.pfil_member</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to enable filtering on the bridge interface</descr>
+      <tunable>net.link.bridge.pfil_bridge</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Allow unprivileged access to tap(4) device nodes</descr>
+      <tunable>net.link.tap.user_open</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
+      <tunable>kern.randompid</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
+      <tunable>hw.syscons.kbd_reboot</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable TCP extended debugging</descr>
+      <tunable>net.inet.tcp.log_debug</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set ICMP Limits</descr>
+      <tunable>net.inet.icmp.icmplim</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>TCP Offload Engine</descr>
+      <tunable>net.inet.tcp.tso</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>UDP Checksums</descr>
+      <tunable>net.inet.udp.checksum</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum socket buffer size</descr>
+      <tunable>kern.ipc.maxsockbuf</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
+      <tunable>vm.pmap.pti</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
+      <tunable>hw.ibrs_disable</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other groups</descr>
+      <tunable>security.bsd.see_other_gids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other users</descr>
+      <tunable>security.bsd.see_other_uids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+        and for the sender directly reachable, route and next hop is known.</descr>
+      <tunable>net.inet.ip.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.local.dgram.maxdgram</tunable>
+      <value>default</value>
+    </item>
+  </sysctl>
+  <system>
+    <optimization>normal</optimization>
+    <hostname>OPNsense</hostname>
+    <domain>localdomain</domain>
+    <dnsallowoverride>1</dnsallowoverride>
+    <group>
+      <name>admins</name>
+      <description>System Administrators</description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <priv>page-all</priv>
+    </group>
+    <user>
+      <name>root</name>
+      <descr>System Administrator</descr>
+      <scope>system</scope>
+      <groupname>admins</groupname>
+      <password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
+      <uid>0</uid>
+    </user>
+    <nextuid>2000</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>6734d6c82dc59</ssl-certref>
+      <port/>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression/>
+    </webgui>
+    <disablenatreflection>yes</disablenatreflection>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces/>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <keysig/>
+      <enabled>enabled</enabled>
+      <passwordauth>1</passwordauth>
+      <permitrootlogin>1</permitrootlogin>
+    </ssh>
+    <rrdbackup>-1</rrdbackup>
+    <netflowbackup>-1</netflowbackup>
+    <firmware version="1.0.1">
+      <mirror/>
+      <flavour/>
+      <plugins/>
+      <type/>
+      <subscription/>
+      <reboot/>
+    </firmware>
+    <dnsserver>192.168.5.1</dnsserver>
+    <language>en_US</language>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>video</primaryconsole>
+    <secondaryconsole>serial</secondaryconsole>
+  </system>
+  <interfaces>
+    <lan>
+      <enable>1</enable>
+      <if>le1</if>
+      <ipaddr>10.100.8.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <subnetv6>64</subnetv6>
+      <media/>
+      <mediaopt/>
+      <track6-interface>wan</track6-interface>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <if>lo0</if>
+      <ipaddr>127.0.0.1</ipaddr>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnet>8</subnet>
+      <subnetv6>128</subnetv6>
+      <type>none</type>
+      <virtual>1</virtual>
+    </lo0>
+    <wan>
+      <if>le0</if>
+      <descr/>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>dhcp</ipaddr>
+      <dhcphostname/>
+      <alias-address/>
+      <alias-subnet>32</alias-subnet>
+      <dhcprejectfrom/>
+      <adv_dhcp_pt_timeout/>
+      <adv_dhcp_pt_retry/>
+      <adv_dhcp_pt_select_timeout/>
+      <adv_dhcp_pt_reboot/>
+      <adv_dhcp_pt_backoff_cutoff/>
+      <adv_dhcp_pt_initial_interval/>
+      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
+      <adv_dhcp_send_options/>
+      <adv_dhcp_request_options/>
+      <adv_dhcp_required_options/>
+      <adv_dhcp_option_modifiers/>
+      <adv_dhcp_config_advanced/>
+      <adv_dhcp_config_file_override/>
+      <adv_dhcp_config_file_override_path/>
+    </wan>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable/>
+      <range>
+        <from>10.100.8.10</from>
+        <to>10.100.8.245</to>
+      </range>
+      <staticmap>
+        <mac>d8:5e:d3:e7:2c:8c</mac>
+        <ipaddr>10.100.8.15</ipaddr>
+        <hostname>rtx4090</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+    </lan>
+  </dhcpd>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+  </nat>
+  <filter>
+    <rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>80</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518072.7612</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518072.7612</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>443</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518084.0639</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518084.0639</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp/udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <any>1</any>
+        <port>22</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518114.2801</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518114.2801</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow ping</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>icmp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>(self)</network>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518356.7559</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518311.7033</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
+      <type>pass</type>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Default allow LAN to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
+      <type>pass</type>
+      <ipprotocol>inet6</ipprotocol>
+      <descr>Default allow LAN IPv6 to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+  </filter>
+  <rrd>
+    <enable/>
+  </rrd>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <widgets>
+    <sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
+    <column_count>2</column_count>
+  </widgets>
+  <revision>
+    <username>root@192.168.5.204</username>
+    <time>1731534516.7156</time>
+    <description>/interfaces.php made changes</description>
+  </revision>
+  <OPNsense>
+    <DHCRelay version="1.0.1"/>
+    <wireguard>
+      <client version="1.0.0">
+        <clients/>
+      </client>
+      <general version="0.0.1">
+        <enabled>0</enabled>
+      </general>
+      <server version="1.0.0">
+        <servers/>
+      </server>
+    </wireguard>
+    <IPsec version="1.0.1">
+      <general>
+        <enabled/>
+      </general>
+      <keyPairs/>
+      <preSharedKeys/>
+    </IPsec>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <OpenVPN version="1.0.0">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <captiveportal version="1.0.2">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <cron version="1.0.4">
+      <jobs/>
+    </cron>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Alias version="1.0.1">
+        <geoip>
+          <url/>
+        </geoip>
+        <aliases/>
+      </Alias>
+      <Category version="1.0.0">
+        <categories/>
+      </Category>
+      <Filter version="1.0.4">
+        <rules/>
+        <snatrules/>
+        <npt/>
+        <onetoone/>
+      </Filter>
+    </Firewall>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces/>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <IDS version="1.0.9">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files/>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo/>
+        <detect>
+          <Profile/>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+      </general>
+    </IDS>
+    <Interfaces>
+      <loopbacks version="1.0.0"/>
+      <neighbors version="1.0.0"/>
+      <vxlans version="1.0.2"/>
+    </Interfaces>
+    <Kea>
+      <ctrl_agent version="0.0.1">
+        <general>
+          <enabled>0</enabled>
+          <http_host>127.0.0.1</http_host>
+          <http_port>8000</http_port>
+        </general>
+      </ctrl_agent>
+      <dhcp4 version="1.0.0">
+        <general>
+          <enabled>0</enabled>
+          <interfaces/>
+          <valid_lifetime>4000</valid_lifetime>
+          <fwrules>1</fwrules>
+        </general>
+        <ha>
+          <enabled>0</enabled>
+          <this_server_name/>
+        </ha>
+        <subnets/>
+        <reservations/>
+        <ha_peers/>
+      </dhcp4>
+    </Kea>
+    <monit version="1.0.13">
+      <general>
+        <enabled>0</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>127.0.0.1</mailserver>
+        <port>25</port>
+        <username/>
+        <password/>
+        <ssl>0</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile/>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword/>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
+        <enabled>0</enabled>
+        <recipient>root@localhost.local</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder/>
+        <description/>
+      </alert>
+      <service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
+        <enabled>1</enabled>
+        <name>RootFs</name>
+        <description/>
+        <type>filesystem</type>
+        <pidfile/>
+        <match/>
+        <path>/</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
+        <enabled>0</enabled>
+        <name>carp_status_change</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
+        <enabled>0</enabled>
+        <name>gateway_alert</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
+        <name>NetworkSaturation</name>
+        <type>NetworkInterface</type>
+        <condition>saturation is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
+        <name>MemoryUsage</name>
+        <type>SystemResource</type>
+        <condition>memory usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
+        <name>CPUUsage</name>
+        <type>SystemResource</type>
+        <condition>cpu usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="c0708923-88de-4178-abdd-819737440ce0">
+        <name>LoadAvg1</name>
+        <type>SystemResource</type>
+        <condition>loadavg (1min) is greater than 4</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
+        <name>LoadAvg5</name>
+        <type>SystemResource</type>
+        <condition>loadavg (5min) is greater than 3</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
+        <name>LoadAvg15</name>
+        <type>SystemResource</type>
+        <condition>loadavg (15min) is greater than 2</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
+        <name>SpaceUsage</name>
+        <type>SpaceUsage</type>
+        <condition>space usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
+        <name>ChangedStatus</name>
+        <type>ProgramStatus</type>
+        <condition>changed status</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
+        <name>NonZeroStatus</name>
+        <type>ProgramStatus</type>
+        <condition>status != 0</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <Gateways version="1.0.0">
+      <gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
+        <disabled>0</disabled>
+        <name>WAN_GW</name>
+        <descr>Interface WAN Gateway</descr>
+        <interface>wan</interface>
+        <ipprotocol>inet</ipprotocol>
+        <gateway>172.17.0.1</gateway>
+        <defaultgw>1</defaultgw>
+        <fargw>0</fargw>
+        <monitor_disable>1</monitor_disable>
+        <monitor_noroute/>
+        <monitor/>
+        <force_down/>
+        <priority>255</priority>
+        <weight>1</weight>
+        <latencylow/>
+        <latencyhigh/>
+        <losslow/>
+        <losshigh/>
+        <interval/>
+        <time_period/>
+        <loss_interval/>
+        <data_length/>
+      </gateway_item>
+    </Gateways>
+    <Syslog version="1.0.2">
+      <general>
+        <enabled>1</enabled>
+        <loglocal>1</loglocal>
+        <maxpreserve>31</maxpreserve>
+        <maxfilesize/>
+      </general>
+      <destinations/>
+    </Syslog>
+    <TrafficShaper version="1.0.3">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <unboundplus version="1.0.9">
+      <general>
+        <enabled>1</enabled>
+        <port>53</port>
+        <stats/>
+        <active_interface/>
+        <dns64/>
+        <dns64prefix/>
+        <noarecords/>
+        <regdhcp/>
+        <regdhcpdomain/>
+        <regdhcpstatic/>
+        <noreglladdr6/>
+        <noregrecords/>
+        <txtsupport/>
+        <cacheflush/>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad/>
+      </general>
+      <advanced>
+        <hideidentity/>
+        <hideversion/>
+        <prefetch/>
+        <prefetchkey/>
+        <aggressivensec>1</aggressivensec>
+        <serveexpired/>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset/>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict/>
+        <extendedstatistics/>
+        <logqueries/>
+        <logreplies/>
+        <logtagqueryreply/>
+        <logservfail/>
+        <loglocalactions/>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl>
+        <enabled>0</enabled>
+        <safesearch/>
+        <type/>
+        <lists/>
+        <whitelists/>
+        <blocklists/>
+        <wildcards/>
+        <address/>
+        <nxdomain/>
+      </dnsbl>
+      <forwarding>
+        <enabled/>
+      </forwarding>
+      <dots/>
+      <hosts/>
+      <aliases/>
+      <domains/>
+    </unboundplus>
+  </OPNsense>
+  <hasync version="1.0.0">
+    <disablepreempt>0</disablepreempt>
+    <disconnectppps>0</disconnectppps>
+    <pfsyncenabled>0</pfsyncenabled>
+    <pfsyncinterface>lan</pfsyncinterface>
+    <pfsyncpeerip/>
+    <pfsyncversion>1400</pfsyncversion>
+    <synchronizetoip/>
+    <username/>
+    <password/>
+    <syncitems/>
+  </hasync>
+  <openvpn/>
+  <ifgroups version="1.0.0"/>
+  <gifs version="1.0.0">
+    <gif/>
+  </gifs>
+  <gres version="1.0.0">
+    <gre/>
+  </gres>
+  <laggs version="1.0.0">
+    <lagg/>
+  </laggs>
+  <virtualip version="1.0.0">
+    <vip/>
+  </virtualip>
+  <vlans version="1.0.0">
+    <vlan/>
+  </vlans>
+  <staticroutes version="1.0.0">
+    <route/>
+  </staticroutes>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <ppps>
+    <ppp/>
+  </ppps>
+  <wireless>
+    <clone/>
+  </wireless>
+  <ca/>
+  <dhcpdv6/>
+  <cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
+    <refid>6734d13fa9e4a</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <caref/>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+  </cert>
+  <cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
+    <refid>6734d6c82dc59</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <caref/>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+  </cert>
+  <syslog/>
+</opnsense>
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-vm-test_linted.xml b/harmony-rs/opnsense-config/src/tests/data/config-vm-test_linted.xml
new file mode 100644
index 0000000..1d176b4
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-vm-test_linted.xml
@@ -0,0 +1,994 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense</theme>
+  <sysctl>
+    <item>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+      <tunable>vfs.read_max</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop packets to closed TCP ports without returning a RST</descr>
+      <tunable>net.inet.tcp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
+      <tunable>net.inet.udp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize the ID field in IP packets</descr>
+      <tunable>net.inet.ip.random_id</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
+      <tunable>net.inet.ip.sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
+      <tunable>net.inet.ip.accept_sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        This option turns off the logging of redirect packets because there is no limit and this could fill
+        up your logs consuming your whole hard drive.
+      </descr>
+      <tunable>net.inet.icmp.log_redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
+      <tunable>net.inet.tcp.drop_synfin</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable sending IPv6 redirects</descr>
+      <tunable>net.inet6.ip6.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
+      <tunable>net.inet6.ip6.use_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Prefer privacy addresses and use them over the normal addresses</descr>
+      <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
+      <tunable>net.inet.tcp.syncookies</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
+      <tunable>net.inet.tcp.recvspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
+      <tunable>net.inet.tcp.sendspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
+      <tunable>net.inet.tcp.delayed_ack</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.inet.udp.maxdgram</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
+      <tunable>net.link.bridge.pfil_onlyip</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
+      <tunable>net.link.bridge.pfil_local_phys</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
+      <tunable>net.link.bridge.pfil_member</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to enable filtering on the bridge interface</descr>
+      <tunable>net.link.bridge.pfil_bridge</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Allow unprivileged access to tap(4) device nodes</descr>
+      <tunable>net.link.tap.user_open</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
+      <tunable>kern.randompid</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
+      <tunable>hw.syscons.kbd_reboot</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable TCP extended debugging</descr>
+      <tunable>net.inet.tcp.log_debug</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set ICMP Limits</descr>
+      <tunable>net.inet.icmp.icmplim</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>TCP Offload Engine</descr>
+      <tunable>net.inet.tcp.tso</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>UDP Checksums</descr>
+      <tunable>net.inet.udp.checksum</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum socket buffer size</descr>
+      <tunable>kern.ipc.maxsockbuf</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
+      <tunable>vm.pmap.pti</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
+      <tunable>hw.ibrs_disable</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other groups</descr>
+      <tunable>security.bsd.see_other_gids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other users</descr>
+      <tunable>security.bsd.see_other_uids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+        and for the sender directly reachable, route and next hop is known.
+      </descr>
+      <tunable>net.inet.ip.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.local.dgram.maxdgram</tunable>
+      <value>default</value>
+    </item>
+  </sysctl>
+  <system>
+    <optimization>normal</optimization>
+    <hostname>OPNsense</hostname>
+    <domain>localdomain</domain>
+    <dnsallowoverride>1</dnsallowoverride>
+    <group>
+      <name>admins</name>
+      <description>System Administrators</description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <priv>page-all</priv>
+    </group>
+    <user>
+      <name>root</name>
+      <descr>System Administrator</descr>
+      <scope>system</scope>
+      <groupname>admins</groupname>
+      <password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
+      <uid>0</uid>
+    </user>
+    <nextuid>2000</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>6734d6c82dc59</ssl-certref>
+      <port/>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression/>
+    </webgui>
+    <disablenatreflection>yes</disablenatreflection>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces/>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <keysig/>
+      <enabled>enabled</enabled>
+      <passwordauth>1</passwordauth>
+      <permitrootlogin>1</permitrootlogin>
+    </ssh>
+    <rrdbackup>-1</rrdbackup>
+    <netflowbackup>-1</netflowbackup>
+    <firmware version="1.0.1">
+      <mirror/>
+      <flavour/>
+      <plugins/>
+      <type/>
+      <subscription/>
+      <reboot/>
+    </firmware>
+    <dnsserver>192.168.5.1</dnsserver>
+    <language>en_US</language>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>video</primaryconsole>
+    <secondaryconsole>serial</secondaryconsole>
+  </system>
+  <interfaces>
+    <lan>
+      <enable>1</enable>
+      <if>le1</if>
+      <ipaddr>10.100.8.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <subnetv6>64</subnetv6>
+      <media/>
+      <mediaopt/>
+      <track6-interface>wan</track6-interface>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <if>lo0</if>
+      <ipaddr>127.0.0.1</ipaddr>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnet>8</subnet>
+      <subnetv6>128</subnetv6>
+      <type>none</type>
+      <virtual>1</virtual>
+    </lo0>
+    <wan>
+      <if>le0</if>
+      <descr/>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>dhcp</ipaddr>
+      <dhcphostname/>
+      <alias-address/>
+      <alias-subnet>32</alias-subnet>
+      <dhcprejectfrom/>
+      <adv_dhcp_pt_timeout/>
+      <adv_dhcp_pt_retry/>
+      <adv_dhcp_pt_select_timeout/>
+      <adv_dhcp_pt_reboot/>
+      <adv_dhcp_pt_backoff_cutoff/>
+      <adv_dhcp_pt_initial_interval/>
+      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
+      <adv_dhcp_send_options/>
+      <adv_dhcp_request_options/>
+      <adv_dhcp_required_options/>
+      <adv_dhcp_option_modifiers/>
+      <adv_dhcp_config_advanced/>
+      <adv_dhcp_config_file_override/>
+      <adv_dhcp_config_file_override_path/>
+    </wan>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable/>
+      <range>
+        <from>10.100.8.10</from>
+        <to>10.100.8.245</to>
+      </range>
+      <staticmap>
+        <mac>d8:5e:d3:e7:2c:8c</mac>
+        <ipaddr>10.100.8.15</ipaddr>
+        <hostname>rtx4090</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+    </lan>
+  </dhcpd>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+  </nat>
+  <filter>
+    <rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>80</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518072.7612</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518072.7612</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>443</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518084.0639</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518084.0639</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp/udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <any>1</any>
+        <port>22</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518114.2801</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518114.2801</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow ping</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>icmp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>(self)</network>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518356.7559</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518311.7033</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
+      <type>pass</type>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Default allow LAN to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
+      <type>pass</type>
+      <ipprotocol>inet6</ipprotocol>
+      <descr>Default allow LAN IPv6 to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+  </filter>
+  <rrd>
+    <enable/>
+  </rrd>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <widgets>
+    <sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
+    <column_count>2</column_count>
+  </widgets>
+  <revision>
+    <username>root@192.168.5.204</username>
+    <time>1731534516.7156</time>
+    <description>/interfaces.php made changes</description>
+  </revision>
+  <OPNsense>
+    <DHCRelay version="1.0.1"/>
+    <wireguard>
+      <client version="1.0.0">
+        <clients/>
+      </client>
+      <general version="0.0.1">
+        <enabled>0</enabled>
+      </general>
+      <server version="1.0.0">
+        <servers/>
+      </server>
+    </wireguard>
+    <IPsec version="1.0.1">
+      <general>
+        <enabled/>
+      </general>
+      <keyPairs/>
+      <preSharedKeys/>
+    </IPsec>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <OpenVPN version="1.0.0">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <captiveportal version="1.0.2">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <cron version="1.0.4">
+      <jobs/>
+    </cron>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Alias version="1.0.1">
+        <geoip>
+          <url/>
+        </geoip>
+        <aliases/>
+      </Alias>
+      <Category version="1.0.0">
+        <categories/>
+      </Category>
+      <Filter version="1.0.4">
+        <rules/>
+        <snatrules/>
+        <npt/>
+        <onetoone/>
+      </Filter>
+    </Firewall>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces/>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <IDS version="1.0.9">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files/>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo/>
+        <detect>
+          <Profile/>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+      </general>
+    </IDS>
+    <Interfaces>
+      <loopbacks version="1.0.0"/>
+      <neighbors version="1.0.0"/>
+      <vxlans version="1.0.2"/>
+    </Interfaces>
+    <Kea>
+      <ctrl_agent version="0.0.1">
+        <general>
+          <enabled>0</enabled>
+          <http_host>127.0.0.1</http_host>
+          <http_port>8000</http_port>
+        </general>
+      </ctrl_agent>
+      <dhcp4 version="1.0.0">
+        <general>
+          <enabled>0</enabled>
+          <interfaces/>
+          <valid_lifetime>4000</valid_lifetime>
+          <fwrules>1</fwrules>
+        </general>
+        <ha>
+          <enabled>0</enabled>
+          <this_server_name/>
+        </ha>
+        <subnets/>
+        <reservations/>
+        <ha_peers/>
+      </dhcp4>
+    </Kea>
+    <monit version="1.0.13">
+      <general>
+        <enabled>0</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>127.0.0.1</mailserver>
+        <port>25</port>
+        <username/>
+        <password/>
+        <ssl>0</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile/>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword/>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
+        <enabled>0</enabled>
+        <recipient>root@localhost.local</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder/>
+        <description/>
+      </alert>
+      <service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
+        <enabled>1</enabled>
+        <name>RootFs</name>
+        <description/>
+        <type>filesystem</type>
+        <pidfile/>
+        <match/>
+        <path>/</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
+        <enabled>0</enabled>
+        <name>carp_status_change</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
+        <enabled>0</enabled>
+        <name>gateway_alert</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
+        <name>NetworkSaturation</name>
+        <type>NetworkInterface</type>
+        <condition>saturation is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
+        <name>MemoryUsage</name>
+        <type>SystemResource</type>
+        <condition>memory usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
+        <name>CPUUsage</name>
+        <type>SystemResource</type>
+        <condition>cpu usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="c0708923-88de-4178-abdd-819737440ce0">
+        <name>LoadAvg1</name>
+        <type>SystemResource</type>
+        <condition>loadavg (1min) is greater than 4</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
+        <name>LoadAvg5</name>
+        <type>SystemResource</type>
+        <condition>loadavg (5min) is greater than 3</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
+        <name>LoadAvg15</name>
+        <type>SystemResource</type>
+        <condition>loadavg (15min) is greater than 2</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
+        <name>SpaceUsage</name>
+        <type>SpaceUsage</type>
+        <condition>space usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
+        <name>ChangedStatus</name>
+        <type>ProgramStatus</type>
+        <condition>changed status</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
+        <name>NonZeroStatus</name>
+        <type>ProgramStatus</type>
+        <condition>status != 0</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <Gateways version="1.0.0">
+      <gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
+        <disabled>0</disabled>
+        <name>WAN_GW</name>
+        <descr>Interface WAN Gateway</descr>
+        <interface>wan</interface>
+        <ipprotocol>inet</ipprotocol>
+        <gateway>172.17.0.1</gateway>
+        <defaultgw>1</defaultgw>
+        <fargw>0</fargw>
+        <monitor_disable>1</monitor_disable>
+        <monitor_noroute/>
+        <monitor/>
+        <force_down/>
+        <priority>255</priority>
+        <weight>1</weight>
+        <latencylow/>
+        <latencyhigh/>
+        <losslow/>
+        <losshigh/>
+        <interval/>
+        <time_period/>
+        <loss_interval/>
+        <data_length/>
+      </gateway_item>
+    </Gateways>
+    <Syslog version="1.0.2">
+      <general>
+        <enabled>1</enabled>
+        <loglocal>1</loglocal>
+        <maxpreserve>31</maxpreserve>
+        <maxfilesize/>
+      </general>
+      <destinations/>
+    </Syslog>
+    <TrafficShaper version="1.0.3">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <unboundplus version="1.0.9">
+      <general>
+        <enabled>1</enabled>
+        <port>53</port>
+        <stats/>
+        <active_interface/>
+        <dns64/>
+        <dns64prefix/>
+        <noarecords/>
+        <regdhcp/>
+        <regdhcpdomain/>
+        <regdhcpstatic/>
+        <noreglladdr6/>
+        <noregrecords/>
+        <txtsupport/>
+        <cacheflush/>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad/>
+      </general>
+      <advanced>
+        <hideidentity/>
+        <hideversion/>
+        <prefetch/>
+        <prefetchkey/>
+        <aggressivensec>1</aggressivensec>
+        <serveexpired/>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset/>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict/>
+        <extendedstatistics/>
+        <logqueries/>
+        <logreplies/>
+        <logtagqueryreply/>
+        <logservfail/>
+        <loglocalactions/>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl>
+        <enabled>0</enabled>
+        <safesearch/>
+        <type/>
+        <lists/>
+        <whitelists/>
+        <blocklists/>
+        <wildcards/>
+        <address/>
+        <nxdomain/>
+      </dnsbl>
+      <forwarding>
+        <enabled/>
+      </forwarding>
+      <dots/>
+      <hosts/>
+      <aliases/>
+      <domains/>
+    </unboundplus>
+  </OPNsense>
+  <hasync version="1.0.0">
+    <disablepreempt>0</disablepreempt>
+    <disconnectppps>0</disconnectppps>
+    <pfsyncenabled>0</pfsyncenabled>
+    <pfsyncinterface>lan</pfsyncinterface>
+    <pfsyncpeerip/>
+    <pfsyncversion>1400</pfsyncversion>
+    <synchronizetoip/>
+    <username/>
+    <password/>
+    <syncitems/>
+  </hasync>
+  <openvpn/>
+  <ifgroups version="1.0.0"/>
+  <gifs version="1.0.0">
+    <gif/>
+  </gifs>
+  <gres version="1.0.0">
+    <gre/>
+  </gres>
+  <laggs version="1.0.0">
+    <lagg/>
+  </laggs>
+  <virtualip version="1.0.0">
+    <vip/>
+  </virtualip>
+  <vlans version="1.0.0">
+    <vlan/>
+  </vlans>
+  <staticroutes version="1.0.0">
+    <route/>
+  </staticroutes>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <ppps>
+    <ppp/>
+  </ppps>
+  <wireless>
+    <clone/>
+  </wireless>
+  <ca/>
+  <dhcpdv6/>
+  <cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
+    <refid>6734d13fa9e4a</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <caref/>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+  </cert>
+  <cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
+    <refid>6734d6c82dc59</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <caref/>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+  </cert>
+  <syslog/>
+</opnsense>
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-vm-test_sorted.xml b/harmony-rs/opnsense-config/src/tests/data/config-vm-test_sorted.xml
new file mode 100644
index 0000000..185d765
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-vm-test_sorted.xml
@@ -0,0 +1,987 @@
+      </acls>
+      <acls>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <active_interface/>
+      <activeTimeout>1800</activeTimeout>
+        <address/>
+        <address/>
+        <address/>
+        <address/>
+        <address/>
+      </advanced>
+      <advanced>
+      <adv_dhcp_config_advanced/>
+      <adv_dhcp_config_file_override/>
+      <adv_dhcp_config_file_override_path/>
+      <adv_dhcp_option_modifiers/>
+      <adv_dhcp_pt_backoff_cutoff/>
+      <adv_dhcp_pt_initial_interval/>
+      <adv_dhcp_pt_reboot/>
+      <adv_dhcp_pt_retry/>
+      <adv_dhcp_pt_select_timeout/>
+      <adv_dhcp_pt_timeout/>
+      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
+      <adv_dhcp_request_options/>
+      <adv_dhcp_required_options/>
+      <adv_dhcp_send_options/>
+        <aggressivensec>1</aggressivensec>
+      </alert>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+      <alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
+      </Alias>
+      <alias-address/>
+        <aliases/>
+      <aliases/>
+      <alias-subnet>32</alias-subnet>
+      <Alias version="1.0.1">
+        and for the sender directly reachable, route and next hop is known.</descr>
+        <any/>
+        <any/>
+        <any>1</any>
+        <any>1</any>
+        <any>1</any>
+        <any>1</any>
+        <any>1</any>
+        as part of the standard FreeBSD core system.</descr>
+        as part of the standard FreeBSD core system.</descr>
+        <blocklists/>
+    </bogons>
+    <bogons>
+    <bridged/>
+  </bridges>
+  <bridges>
+  <ca/>
+        <cacheflush/>
+        <cachemaxnegativettl/>
+        <cachemaxttl/>
+        <cacheminttl/>
+    </captiveportal>
+    <captiveportal version="1.0.2">
+      </capture>
+      <capture>
+    <caref/>
+    <caref/>
+        <categories/>
+      </Category>
+      <Category version="1.0.0">
+  </cert>
+  </cert>
+  <cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
+  <cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
+      <children/>
+      <ciphers/>
+      </client>
+        <clients/>
+      <client version="1.0.0">
+    <clone/>
+      </collect>
+      <collect>
+    <column_count>2</column_count>
+      <compression/>
+        <condition>changed status</condition>
+        <condition>cpu usage is greater than 75%</condition>
+        <condition>failed link</condition>
+        <condition>failed ping</condition>
+        <condition>loadavg (15min) is greater than 2</condition>
+        <condition>loadavg (1min) is greater than 4</condition>
+        <condition>loadavg (5min) is greater than 3</condition>
+        <condition>memory usage is greater than 75%</condition>
+        <condition>saturation is greater than 75%</condition>
+        <condition>space usage is greater than 75%</condition>
+        <condition>status != 0</condition>
+      <Connections/>
+      </created>
+      </created>
+      </created>
+      </created>
+      <created>
+      <created>
+      <created>
+      <created>
+    </cron>
+    <cron version="1.0.4">
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <csr/>
+      </ctrl_agent>
+      <ctrl_agent version="0.0.1">
+        <data_length/>
+        <default_action>allow</default_action>
+        <defaultgw>1</defaultgw>
+        <defaultPacketSize/>
+        <depends/>
+        <depends/>
+        <depends/>
+        <depends/>
+      <descr/>
+      <descr>Allow ping</descr>
+      <descr>Allow unprivileged access to tap(4) device nodes</descr>
+      <descr>Default allow LAN IPv6 to any rule</descr>
+      <descr>Default allow LAN to any rule</descr>
+      <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
+      <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
+      <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
+      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
+      <descr>Drop packets to closed TCP ports without returning a RST</descr>
+      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
+      <descr>Enable sending IPv6 redirects</descr>
+      <descr>Enable TCP extended debugging</descr>
+      <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
+      <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
+      <descr>Hide processes running as other groups</descr>
+      <descr>Hide processes running as other users</descr>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+        <descr>Interface WAN Gateway</descr>
+        <description/>
+        <description/>
+        <description/>
+        <description/>
+        <description/>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+    <description>/interfaces.php made changes</description>
+      <description>System Administrators</description>
+      <descr>Loopback</descr>
+      <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
+      <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <descr>Maximum socket buffer size</descr>
+      <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
+      <descr>Prefer privacy addresses and use them over the normal addresses</descr>
+      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
+      <descr>Randomize the ID field in IP packets</descr>
+      <descr>Set ICMP Limits</descr>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
+      <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
+      <descr>Set to 1 to enable filtering on the bridge interface</descr>
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+      <descr>System Administrator</descr>
+      <descr>TCP Offload Engine</descr>
+      <descr>This option turns off the logging of redirect packets because there is no limit and this could fill
+      <descr>UDP Checksums</descr>
+    <descr>Web GUI TLS certificate</descr>
+    <descr>Web GUI TLS certificate</descr>
+      </destination>
+      </destination>
+      </destination>
+      </destination>
+      </destination>
+      </destination>
+      <destination>
+      <destination>
+      <destination>
+      <destination>
+      <destination>
+      <destination>
+      <destinations/>
+        </detect>
+        <detect>
+      </dhcp4>
+      <dhcp4 version="1.0.0">
+  </dhcpd>
+  <dhcpd>
+  <dhcpdv6/>
+      <dhcphostname/>
+      <dhcprejectfrom/>
+    <DHCRelay version="1.0.1"/>
+      <direction>in</direction>
+      <direction>in</direction>
+      <direction>in</direction>
+      <direction>in</direction>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disableconsolemenu>1</disableconsolemenu>
+        <disabled>0</disabled>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <disablenatreflection>yes</disablenatreflection>
+    <disablepreempt>0</disablepreempt>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disconnectppps>0</disconnectppps>
+        <dns64/>
+        <dns64prefix/>
+    <dnsallowoverride>1</dnsallowoverride>
+      </dnsbl>
+      <dnsbl>
+        <dnsserver/>
+    <dnsserver>192.168.5.1</dnsserver>
+    <domain>localdomain</domain>
+      <domains/>
+      <dots/>
+        <egress_only/>
+      <enable/>
+    <enable/>
+        <enable>0</enable>
+      <enable>1</enable>
+      <enable>1</enable>
+      <enable>1</enable>
+        <enabled/>
+        <enabled/>
+          <enabled>0</enabled>
+          <enabled>0</enabled>
+          <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>1</enabled>
+        <enabled>1</enabled>
+        <enabled>1</enabled>
+        <enabled>1</enabled>
+      <enabled>enabled</enabled>
+        <enable_wpad/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <events/>
+        <extendedstatistics/>
+        <fargw>0</fargw>
+      <files/>
+      <fileTags/>
+  </filter>
+  <filter>
+      </Filter>
+      <Filter version="1.0.4">
+    </Firewall>
+    <Firewall>
+    </firmware>
+    <firmware version="1.0.1">
+      <flavour/>
+        <force_down/>
+        <format/>
+      </forwarding>
+      <forwarding>
+        <from>10.100.8.10</from>
+          <fwrules>1</fwrules>
+        <gateway>172.17.0.1</gateway>
+      </gateway_item>
+      <gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
+    </Gateways>
+    <Gateways version="1.0.0">
+        </general>
+        </general>
+        <general>
+        <general>
+      </general>
+      </general>
+      </general>
+      </general>
+      </general>
+      </general>
+      <general>
+      <general>
+      <general>
+      <general>
+      <general>
+      <general version="0.0.1">
+        </geoip>
+        <geoip>
+      <gid>1999</gid>
+    <gif/>
+  </gifs>
+  <gifs version="1.0.0">
+    <gre/>
+  </gres>
+  <gres version="1.0.0">
+    </group>
+    <group>
+      <group>admins</group>
+      <groupname>admins</groupname>
+        </ha>
+        <ha>
+        <ha_peers/>
+  </hasync>
+  <hasync version="1.0.0">
+        <hideidentity/>
+        <hideversion/>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+    <hostname>OPNsense</hostname>
+        <hostname>rtx4090</hostname>
+      <hosts/>
+        <httpdAllow/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdPassword/>
+        <httpdPort>2812</httpdPort>
+        <httpdUsername>root</httpdUsername>
+          <http_host>127.0.0.1</http_host>
+          <http_port>8000</http_port>
+    </IDS>
+    <IDS version="1.0.9">
+  <ifgroups version="1.0.0"/>
+      <if>le0</if>
+      <if>le1</if>
+      <if>lo0</if>
+      <inactiveTimeout>15</inactiveTimeout>
+        <incomingnumtcp/>
+        <infracachenumhosts/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <insecuredomain/>
+      <Instances/>
+        <interface/>
+        <interface/>
+        <interface/>
+        <interface/>
+      <interface>lan</interface>
+      <interface>lan</interface>
+          <interfaces/>
+        <interfaces/>
+      <interfaces/>
+      <interfaces/>
+  </interfaces>
+  <interfaces>
+    </Interfaces>
+    <Interfaces>
+        <interfaces>wan</interfaces>
+        <interface>wan</interface>
+      <interface>wan</interface>
+      <interface>wan</interface>
+      <interface>wan</interface>
+      <interface>wan</interface>
+      <internal_dynamic>1</internal_dynamic>
+        <interval/>
+        <interval>120</interval>
+      <interval>monthly</interval>
+        <ipaddr>10.100.8.15</ipaddr>
+      <ipaddr>10.100.8.1</ipaddr>
+      <ipaddr>127.0.0.1</ipaddr>
+      <ipaddr>dhcp</ipaddr>
+      <ipaddrv6>::1</ipaddrv6>
+      <ipaddrv6>track6</ipaddrv6>
+      <ipprotocol>inet6</ipprotocol>
+        <ipprotocol>inet</ipprotocol>
+      <ipprotocol>inet</ipprotocol>
+      <ipprotocol>inet</ipprotocol>
+      <ipprotocol>inet</ipprotocol>
+      <ipprotocol>inet</ipprotocol>
+      <ipprotocol>inet</ipprotocol>
+        <ips>0</ips>
+    </IPsec>
+    <IPsec version="1.0.1">
+    <ipv6allow>1</ipv6allow>
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        It can also be used to probe for information about your internal networks. These functions come enabled
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+      <jobs/>
+        <jostletimeout/>
+    </Kea>
+    <Kea>
+      <kex/>
+      <keyPairs/>
+      <keys/>
+      <keysig/>
+    <lagg/>
+  </laggs>
+  <laggs version="1.0.0">
+    </lan>
+    </lan>
+    <lan>
+    <lan>
+    <language>en_US</language>
+        <latencyhigh/>
+        <latencylow/>
+    <lb_use_sticky>1</lb_use_sticky>
+        <lists/>
+    </lo0>
+    <lo0>
+      <locals/>
+        <local_zone_type>transparent</local_zone_type>
+        <logfile/>
+        <loglocal>1</loglocal>
+        <loglocalactions/>
+        <LogPayload>0</LogPayload>
+        <logqueries/>
+        <logreplies/>
+        <logservfail/>
+        <logtagqueryreply/>
+        <logverbosity>1</logverbosity>
+      <loopbacks version="1.0.0"/>
+        <losshigh/>
+        <loss_interval/>
+        <losslow/>
+      </Lvtemplate>
+      <Lvtemplate version="0.0.1">
+        <mac>d8:5e:d3:e7:2c:8c</mac>
+      <macs/>
+        <mailserver>127.0.0.1</mailserver>
+        <match/>
+        <match/>
+        <match/>
+        <match/>
+        <maxfilesize/>
+        <maxpreserve>31</maxpreserve>
+      <media/>
+      <mediaopt/>
+      <member>0</member>
+      <mirror/>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitUrl/>
+      <mode>automatic</mode>
+    </monit>
+        <monitor/>
+        <monitor_disable>1</monitor_disable>
+        <monitor_noroute/>
+    <monit version="1.0.13">
+        <MPMAlgo/>
+        <msgcachesize/>
+        <name>$HOST</name>
+      <name>admins</name>
+        <name>carp_status_change</name>
+        <name>ChangedStatus</name>
+        <name>CPUUsage</name>
+        <name>gateway_alert</name>
+        <name>LoadAvg15</name>
+        <name>LoadAvg1</name>
+        <name>LoadAvg5</name>
+        <name>MemoryUsage</name>
+        <name>NetworkLink</name>
+        <name>NetworkSaturation</name>
+        <name>NonZeroStatus</name>
+        <name>Ping</name>
+        <name>RootFs</name>
+      <name>root</name>
+        <name>SpaceUsage</name>
+        <name>WAN_GW</name>
+  </nat>
+  <nat>
+      <neighbors version="1.0.0"/>
+    </Netflow>
+    <netflowbackup>-1</netflowbackup>
+    <Netflow version="1.0.1">
+        <network>lan</network>
+        <network>lan</network>
+        <network>(self)</network>
+        <network>wanip</network>
+        <network>wanip</network>
+    <nextgid>2000</nextgid>
+    <nextuid>2000</nextuid>
+        <noarecords/>
+      <noauto>1</noauto>
+        <noreglladdr6/>
+        <noregrecords/>
+        <noton>0</noton>
+        <npt/>
+  </ntpd>
+  <ntpd>
+        <ntpserver/>
+        <numqueriesperthread/>
+        <nxdomain/>
+        <onetoone/>
+  <openvpn/>
+    </OpenVPN>
+    </OpenVPNExport>
+    <OpenVPNExport version="0.0.1">
+    <OpenVPN version="1.0.0">
+</opnsense>
+<opnsense>
+  </OPNsense>
+  <OPNsense>
+    <optimization>normal</optimization>
+    </outbound>
+    <outbound>
+        <outgoing_interface/>
+        <outgoingnumtcp/>
+        <outgoingrange/>
+      <Overwrites/>
+        <password/>
+    <password/>
+      <password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
+      <passwordauth>1</passwordauth>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path>/</path>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
+      <permitrootlogin>1</permitrootlogin>
+    <pf_share_forward>1</pf_share_forward>
+    <pfsyncenabled>0</pfsyncenabled>
+    <pfsyncinterface>lan</pfsyncinterface>
+    <pfsyncpeerip/>
+    <pfsyncversion>1400</pfsyncversion>
+        <pidfile/>
+        <pidfile/>
+        <pidfile/>
+        <pidfile/>
+      <pipes/>
+      <plugins/>
+      <policies/>
+        <polltime/>
+        <polltime/>
+        <polltime/>
+        <polltime/>
+      <Pools/>
+      <port/>
+        <port>22</port>
+        <port>25</port>
+        <port>443</port>
+        <port>53</port>
+        <port>80</port>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <ppp/>
+  </ppps>
+  <ppps>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+        <prefetch/>
+        <prefetchkey/>
+      <preSharedKeys/>
+    <primaryconsole>video</primaryconsole>
+        <priority>255</priority>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <privatedomain/>
+      <priv>page-all</priv>
+          <Profile/>
+        <promisc>0</promisc>
+      <protocol>https</protocol>
+      <protocol>icmp</protocol>
+      <protocol>tcp</protocol>
+      <protocol>tcp</protocol>
+      <protocol>tcp/udp</protocol>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+        <qnameminstrict/>
+      <queues/>
+      <quick>1</quick>
+      <quick>1</quick>
+      <quick>1</quick>
+      <quick>1</quick>
+      </range>
+      <range>
+      <reboot/>
+        <recipient>root@localhost.local</recipient>
+    <refid>6734d13fa9e4a</refid>
+    <refid>6734d6c82dc59</refid>
+        <regdhcp/>
+        <regdhcpdomain/>
+        <regdhcpstatic/>
+        <reminder/>
+      <remotes/>
+        <reservations/>
+  </revision>
+  <revision>
+    <rocommunity>public</rocommunity>
+    <route/>
+  </rrd>
+  <rrd>
+    <rrdbackup>-1</rrdbackup>
+        <rrsetcachesize/>
+    </rule>
+    </rule>
+    </rule>
+    </rule>
+    </rule>
+    </rule>
+        <rules/>
+      <rules/>
+      <rules/>
+    <rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
+    <rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
+    <rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
+    <rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
+    <rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
+    <rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
+        <safesearch/>
+      <scope>system</scope>
+      <scope>system</scope>
+    <secondaryconsole>serial</secondaryconsole>
+    <sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
+    <serialspeed>115200</serialspeed>
+        <serveexpired/>
+        <serveexpiredclienttimeout/>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset/>
+      </server>
+        <servers/>
+      <servers/>
+      <server version="1.0.0">
+      </service>
+      </service>
+      </service>
+      </service>
+      <service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
+      <service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
+      <service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
+      <service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
+        <snatrules/>
+  </snmpd>
+  <snmpd>
+      </source>
+      </source>
+      </source>
+      </source>
+      </source>
+      </source>
+      <source>
+      <source>
+      <source>
+      <source>
+      <source>
+      <source>
+      <SPDs/>
+      <spoofmac/>
+    </ssh>
+    <ssh>
+        <ssl>0</ssl>
+      <ssl-certref>6734d6c82dc59</ssl-certref>
+      <ssl-ciphers/>
+        <sslverify>1</sslverify>
+        <sslversion>auto</sslversion>
+        <start/>
+        <start/>
+        <start/>
+        <start/>
+        <startdelay>120</startdelay>
+        <starttimeout>30</starttimeout>
+        <starttimeout>30</starttimeout>
+        <starttimeout>30</starttimeout>
+        <starttimeout>30</starttimeout>
+        <statefile/>
+      <statetype>keep state</statetype>
+      <statetype>keep state</statetype>
+      <statetype>keep state</statetype>
+      <statetype>keep state</statetype>
+      <StaticKeys/>
+      </staticmap>
+      <staticmap>
+  </staticroutes>
+  <staticroutes version="1.0.0">
+        <stats/>
+        <stop/>
+        <stop/>
+        <stop/>
+        <stop/>
+      <subnet>24</subnet>
+      <subnet>8</subnet>
+        <subnets/>
+      <subnetv6>128</subnetv6>
+      <subnetv6>64</subnetv6>
+      <subscription/>
+    </Swanctl>
+    <Swanctl version="1.0.0">
+    <synchronizetoip/>
+    <syncitems/>
+    <syscontact/>
+  </sysctl>
+  <sysctl>
+    <syslocation/>
+  <syslog/>
+    </Syslog>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+    <Syslog version="1.0.2">
+  </system>
+  <system>
+        <targets/>
+        <templates/>
+      <templates/>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+        <tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
+        <tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
+        <tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
+        <tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
+      <test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
+      <test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
+      <test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
+      <test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
+      <test uuid="c0708923-88de-4178-abdd-819737440ce0">
+      <test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
+      <test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
+      <test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
+      <test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
+      <test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
+      <test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
+  <theme>opnsense</theme>
+          <this_server_name/>
+        <time>1731518072.7612</time>
+        <time>1731518072.7612</time>
+        <time>1731518084.0639</time>
+        <time>1731518084.0639</time>
+        <time>1731518114.2801</time>
+        <time>1731518114.2801</time>
+        <time>1731518311.7033</time>
+        <time>1731518356.7559</time>
+    <time>1731534516.7156</time>
+        <timeout>300</timeout>
+        <timeout>300</timeout>
+        <timeout>300</timeout>
+        <timeout>300</timeout>
+        <time_period/>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <timezone>Etc/UTC</timezone>
+        <to>10.100.8.245</to>
+          <toclient_groups/>
+          <toserver_groups/>
+      <track6-interface>wan</track6-interface>
+      <track6-prefix-id>0</track6-prefix-id>
+    </TrafficShaper>
+    <TrafficShaper version="1.0.3">
+      <tunable>hw.ibrs_disable</tunable>
+      <tunable>hw.syscons.kbd_reboot</tunable>
+      <tunable>kern.ipc.maxsockbuf</tunable>
+      <tunable>kern.randompid</tunable>
+      <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
+      <tunable>net.inet6.ip6.redirect</tunable>
+      <tunable>net.inet6.ip6.use_tempaddr</tunable>
+      <tunable>net.inet.icmp.icmplim</tunable>
+      <tunable>net.inet.icmp.log_redirect</tunable>
+      <tunable>net.inet.ip.accept_sourceroute</tunable>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <tunable>net.inet.ip.random_id</tunable>
+      <tunable>net.inet.ip.redirect</tunable>
+      <tunable>net.inet.ip.sourceroute</tunable>
+      <tunable>net.inet.tcp.blackhole</tunable>
+      <tunable>net.inet.tcp.delayed_ack</tunable>
+      <tunable>net.inet.tcp.drop_synfin</tunable>
+      <tunable>net.inet.tcp.log_debug</tunable>
+      <tunable>net.inet.tcp.recvspace</tunable>
+      <tunable>net.inet.tcp.sendspace</tunable>
+      <tunable>net.inet.tcp.syncookies</tunable>
+      <tunable>net.inet.tcp.tso</tunable>
+      <tunable>net.inet.udp.blackhole</tunable>
+      <tunable>net.inet.udp.checksum</tunable>
+      <tunable>net.inet.udp.maxdgram</tunable>
+      <tunable>net.link.bridge.pfil_bridge</tunable>
+      <tunable>net.link.bridge.pfil_local_phys</tunable>
+      <tunable>net.link.bridge.pfil_member</tunable>
+      <tunable>net.link.bridge.pfil_onlyip</tunable>
+      <tunable>net.link.tap.user_open</tunable>
+      <tunable>net.local.dgram.maxdgram</tunable>
+      <tunable>security.bsd.see_other_gids</tunable>
+      <tunable>security.bsd.see_other_uids</tunable>
+      <tunable>vfs.read_max</tunable>
+      <tunable>vm.pmap.pti</tunable>
+        <txtsupport/>
+        <type/>
+      <type/>
+        <type>custom</type>
+        <type>custom</type>
+        <type>filesystem</type>
+        <type>NetworkInterface</type>
+        <type>NetworkInterface</type>
+        <type>NetworkPing</type>
+      <type>none</type>
+      <type>pass</type>
+      <type>pass</type>
+      <type>pass</type>
+      <type>pass</type>
+      <type>pass</type>
+      <type>pass</type>
+        <type>ProgramStatus</type>
+        <type>ProgramStatus</type>
+        <type>SpaceUsage</type>
+        <type>SystemResource</type>
+        <type>SystemResource</type>
+        <type>SystemResource</type>
+        <type>SystemResource</type>
+        <type>SystemResource</type>
+        <type>system</type>
+      <uid>0</uid>
+    </unboundplus>
+    <unboundplus version="1.0.9">
+        <unwantedreplythreshold/>
+        <UpdateCron/>
+      </updated>
+      </updated>
+      </updated>
+      </updated>
+      <updated>
+      <updated>
+      <updated>
+      <updated>
+        up your logs consuming your whole hard drive.</descr>
+          <url/>
+    </user>
+    <user>
+      <userDefinedRules/>
+        <username/>
+    <username/>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+    <username>root@192.168.5.204</username>
+    <usevirtualterminal>1</usevirtualterminal>
+          <valid_lifetime>4000</valid_lifetime>
+        <valloglevel>0</valloglevel>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+        <verbosity/>
+        <version>v9</version>
+    <vip/>
+      <virtual>1</virtual>
+  </virtualip>
+  <virtualip version="1.0.0">
+    <vlan/>
+  </vlans>
+  <vlans version="1.0.0">
+      <VTIs/>
+      <vxlans version="1.0.2"/>
+    </wan>
+    <wan>
+    </webgui>
+    <webgui>
+        <weight>1</weight>
+        <whitelists/>
+  </widgets>
+  <widgets>
+        <wildcards/>
+        <winsserver/>
+    </wireguard>
+    <wireguard>
+  </wireless>
+  <wireless>
+<?xml version="1.0"?>
+      <zones/>