diff --git a/Cargo.lock b/Cargo.lock
index aabfb9d2..1c7e1d69 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1754,6 +1754,24 @@ dependencies = [
  "url",
 ]
 
+[[package]]
+name = "example-ha-cluster"
+version = "0.1.0"
+dependencies = [
+ "brocade",
+ "cidr",
+ "env_logger",
+ "harmony",
+ "harmony_macros",
+ "harmony_secret",
+ "harmony_tui",
+ "harmony_types",
+ "log",
+ "serde",
+ "tokio",
+ "url",
+]
+
 [[package]]
 name = "example-kube-rs"
 version = "0.1.0"
@@ -1942,9 +1960,28 @@ dependencies = [
  "cidr",
  "env_logger",
  "harmony",
+ "harmony_cli",
  "harmony_macros",
  "harmony_secret",
- "harmony_tui",
+ "harmony_types",
+ "log",
+ "serde",
+ "tokio",
+ "url",
+]
+
+[[package]]
+name = "example-opnsense-node-exporter"
+version = "0.1.0"
+dependencies = [
+ "async-trait",
+ "cidr",
+ "env_logger",
+ "harmony",
+ "harmony_cli",
+ "harmony_macros",
+ "harmony_secret",
+ "harmony_secret_derive",
  "harmony_types",
  "log",
  "serde",
@@ -1982,25 +2019,6 @@ dependencies = [
  "url",
 ]
 
-[[package]]
-name = "example-opnsense-node-exporter"
-version = "0.1.0"
-dependencies = [
- "async-trait",
- "cidr",
- "env_logger",
- "harmony",
- "harmony_cli",
- "harmony_macros",
- "harmony_secret",
- "harmony_secret_derive",
- "harmony_types",
- "log",
- "serde",
- "tokio",
- "url",
-]
-
 [[package]]
 name = "example-pxe"
 version = "0.1.0"
@@ -3464,6 +3482,25 @@ dependencies = [
  "thiserror 1.0.69",
 ]
 
+[[package]]
+name = "json-prompt"
+version = "0.1.0"
+dependencies = [
+ "brocade",
+ "cidr",
+ "env_logger",
+ "harmony",
+ "harmony_cli",
+ "harmony_macros",
+ "harmony_secret",
+ "harmony_secret_derive",
+ "harmony_types",
+ "log",
+ "serde",
+ "tokio",
+ "url",
+]
+
 [[package]]
 name = "jsonpath-rust"
 version = "0.7.5"
@@ -6062,6 +6099,25 @@ dependencies = [
  "syn 2.0.106",
 ]
 
+[[package]]
+name = "sttest"
+version = "0.1.0"
+dependencies = [
+ "brocade",
+ "cidr",
+ "env_logger",
+ "harmony",
+ "harmony_cli",
+ "harmony_macros",
+ "harmony_secret",
+ "harmony_secret_derive",
+ "harmony_types",
+ "log",
+ "serde",
+ "tokio",
+ "url",
+]
+
 [[package]]
 name = "subtle"
 version = "2.6.1"
@@ -7357,7 +7413,7 @@ checksum = "cfe53a6657fd280eaa890a3bc59152892ffa3e30101319d168b781ed6529b049"
 [[package]]
 name = "yaserde"
 version = "0.12.0"
-source = "git+https://github.com/jggc/yaserde.git#adfdb1c5f4d054f114e5bd0ea7bda9c07a369def"
+source = "git+https://github.com/jggc/yaserde.git#2eacb304113beee7270a10b81046d40ed3a99550"
 dependencies = [
  "log",
  "xml-rs",
@@ -7366,7 +7422,7 @@ dependencies = [
 [[package]]
 name = "yaserde_derive"
 version = "0.12.0"
-source = "git+https://github.com/jggc/yaserde.git#adfdb1c5f4d054f114e5bd0ea7bda9c07a369def"
+source = "git+https://github.com/jggc/yaserde.git#2eacb304113beee7270a10b81046d40ed3a99550"
 dependencies = [
  "heck",
  "log",
diff --git a/examples/sttest/Cargo.toml b/examples/sttest/Cargo.toml
new file mode 100644
index 00000000..b8f90f8c
--- /dev/null
+++ b/examples/sttest/Cargo.toml
@@ -0,0 +1,22 @@
+[package]
+name = "sttest"
+edition = "2024"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+publish = false
+
+[dependencies]
+harmony = { path = "../../harmony" }
+harmony_cli = { path = "../../harmony_cli" }
+harmony_types = { path = "../../harmony_types" }
+cidr = { workspace = true }
+tokio = { workspace = true }
+harmony_macros = { path = "../../harmony_macros" }
+harmony_secret = { path = "../../harmony_secret" }
+harmony_secret_derive = { path = "../../harmony_secret_derive" }
+log = { workspace = true }
+env_logger = { workspace = true }
+url = { workspace = true }
+serde = { workspace = true }
+brocade = { path = "../../brocade" }
diff --git a/examples/sttest/data b/examples/sttest/data
new file mode 120000
index 00000000..b8fb52e7
--- /dev/null
+++ b/examples/sttest/data
@@ -0,0 +1 @@
+../../data/
\ No newline at end of file
diff --git a/examples/sttest/env.sh b/examples/sttest/env.sh
new file mode 100644
index 00000000..4a3c24ee
--- /dev/null
+++ b/examples/sttest/env.sh
@@ -0,0 +1,4 @@
+export HARMONY_SECRET_NAMESPACE=sttest0
+export HARMONY_SECRET_STORE=file
+export HARMONY_DATABASE_URL=sqlite://harmony_sttest0.sqlite
+export RUST_LOG=info
diff --git a/examples/sttest/src/main.rs b/examples/sttest/src/main.rs
new file mode 100644
index 00000000..ba049cfa
--- /dev/null
+++ b/examples/sttest/src/main.rs
@@ -0,0 +1,41 @@
+mod topology;
+
+use crate::topology::{get_inventory, get_topology};
+use harmony::{
+    config::secret::SshKeyPair,
+    data::{FileContent, FilePath},
+    modules::{
+        inventory::HarmonyDiscoveryStrategy,
+        okd::{installation::OKDInstallationPipeline, ipxe::OKDIpxeScore},
+    },
+    score::Score,
+    topology::HAClusterTopology,
+};
+use harmony_secret::SecretManager;
+
+#[tokio::main]
+async fn main() {
+    // env_logger::init();
+
+    let inventory = get_inventory();
+    let topology = get_topology().await;
+
+    let ssh_key = SecretManager::get_or_prompt::<SshKeyPair>().await.unwrap();
+
+    let mut scores: Vec<Box<dyn Score<HAClusterTopology>>> = vec![Box::new(OKDIpxeScore {
+        kickstart_filename: "inventory.kickstart".to_string(),
+        harmony_inventory_agent: "harmony_inventory_agent".to_string(),
+        cluster_pubkey: FileContent {
+            path: FilePath::Relative("cluster_ssh_key.pub".to_string()),
+            content: ssh_key.public,
+        },
+    })];
+
+    // let mut scores: Vec<Box<dyn Score<HAClusterTopology>>> = vec![];
+    scores
+        .append(&mut OKDInstallationPipeline::get_all_scores(HarmonyDiscoveryStrategy::MDNS).await);
+
+    harmony_cli::run(inventory, topology, scores, None)
+        .await
+        .unwrap();
+}
diff --git a/examples/sttest/src/topology.rs b/examples/sttest/src/topology.rs
new file mode 100644
index 00000000..ca797eb0
--- /dev/null
+++ b/examples/sttest/src/topology.rs
@@ -0,0 +1,99 @@
+use cidr::Ipv4Cidr;
+use harmony::{
+    hardware::{Location, SwitchGroup},
+    infra::{brocade::UnmanagedSwitch, opnsense::OPNSenseManagementInterface},
+    inventory::Inventory,
+    topology::{HAClusterTopology, LogicalHost, UnmanagedRouter},
+};
+use harmony_macros::{ip, ipv4};
+use harmony_secret::{Secret, SecretManager};
+use serde::{Deserialize, Serialize};
+use std::{
+    net::IpAddr,
+    sync::{Arc, OnceLock},
+};
+
+#[derive(Secret, Serialize, Deserialize, Debug, PartialEq)]
+struct OPNSenseFirewallConfig {
+    username: String,
+    password: String,
+}
+
+pub async fn get_topology() -> HAClusterTopology {
+    let firewall = harmony::topology::LogicalHost {
+        ip: ip!("192.168.40.1"),
+        name: String::from("fw0"),
+    };
+
+    let switch_client = UnmanagedSwitch::init()
+        .await
+        .expect("Failed to connect to switch");
+
+    let switch_client = Arc::new(switch_client);
+
+    let config = SecretManager::get_or_prompt::<OPNSenseFirewallConfig>().await;
+    let config = config.unwrap();
+
+    let opnsense = Arc::new(
+        harmony::infra::opnsense::OPNSenseFirewall::new(
+            firewall,
+            None,
+            &config.username,
+            &config.password,
+        )
+        .await,
+    );
+    let lan_subnet = ipv4!("192.168.40.0");
+    let gateway_ipv4 = ipv4!("192.168.40.1");
+    let gateway_ip = IpAddr::V4(gateway_ipv4);
+    harmony::topology::HAClusterTopology {
+        kubeconfig: None,
+        domain_name: "sttest0.harmony.mcd".to_string(),
+        router: Arc::new(UnmanagedRouter::new(
+            gateway_ip,
+            Ipv4Cidr::new(lan_subnet, 24).unwrap(),
+        )),
+        load_balancer: opnsense.clone(),
+        firewall: opnsense.clone(),
+        tftp_server: opnsense.clone(),
+        http_server: opnsense.clone(),
+        dhcp_server: opnsense.clone(),
+        dns_server: opnsense.clone(),
+        control_plane: vec![
+            LogicalHost {
+                ip: ip!("192.168.40.20"),
+                name: "cp0".to_string(),
+            },
+            LogicalHost {
+                ip: ip!("192.168.40.21"),
+                name: "cp1".to_string(),
+            },
+            LogicalHost {
+                ip: ip!("192.168.40.22"),
+                name: "cp2".to_string(),
+            },
+        ],
+        bootstrap_host: LogicalHost {
+            ip: ip!("192.168.40.10"),
+            name: "bootstrap".to_string(),
+        },
+        workers: vec![LogicalHost {
+            ip: ip!("192.168.40.30"),
+            name: "wk0".to_string(),
+        }],
+        node_exporter: opnsense.clone(),
+        switch_client: switch_client.clone(),
+        network_manager: OnceLock::new(),
+    }
+}
+
+pub fn get_inventory() -> Inventory {
+    Inventory {
+        location: Location::new("Sylvain's basement".to_string(), "Charlesbourg".to_string()),
+        switch: SwitchGroup::from([]),
+        firewall_mgmt: Box::new(OPNSenseManagementInterface::new()),
+        storage_host: vec![],
+        worker_host: vec![],
+        control_plane_host: vec![],
+    }
+}
diff --git a/harmony/src/modules/okd/bootstrap_04_workers.rs b/harmony/src/modules/okd/bootstrap_04_workers.rs
index 53e32c5e..4dbfdecb 100644
--- a/harmony/src/modules/okd/bootstrap_04_workers.rs
+++ b/harmony/src/modules/okd/bootstrap_04_workers.rs
@@ -22,7 +22,7 @@ pub struct OKDSetup04WorkersScore {
 impl Score<HAClusterTopology> for OKDSetup04WorkersScore {
     fn create_interpret(&self) -> Box<dyn Interpret<HAClusterTopology>> {
         Box::new(OKDNodeInterpret::new(
-            HostRole::ControlPlane,
+            HostRole::Worker,
             self.discovery_strategy.clone(),
         ))
     }
diff --git a/opnsense-config-xml/Cargo.toml b/opnsense-config-xml/Cargo.toml
index ef0d4265..26efa50e 100644
--- a/opnsense-config-xml/Cargo.toml
+++ b/opnsense-config-xml/Cargo.toml
@@ -9,6 +9,7 @@ license.workspace = true
 serde = { version = "1.0.123", features = [ "derive" ] }
 log = { workspace = true }
 env_logger = { workspace = true }
+#yaserde = { path = "../../yaserde/yaserde" }
 yaserde = { git = "https://github.com/jggc/yaserde.git" }
 yaserde_derive = { git = "https://github.com/jggc/yaserde.git" }
 xml-rs = "0.8"
diff --git a/opnsense-config-xml/src/data/caddy.rs b/opnsense-config-xml/src/data/caddy.rs
index 80088b9d..4c150fc2 100644
--- a/opnsense-config-xml/src/data/caddy.rs
+++ b/opnsense-config-xml/src/data/caddy.rs
@@ -8,6 +8,8 @@ pub struct Pischem {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Caddy {
+    #[yaserde(attribute = true)]
+    pub version: Option<String>,
     pub general: CaddyGeneral,
     pub reverseproxy: MaybeString,
 }
diff --git a/opnsense-config-xml/src/data/dnsmasq.rs b/opnsense-config-xml/src/data/dnsmasq.rs
index fe76b663..d66ba2df 100644
--- a/opnsense-config-xml/src/data/dnsmasq.rs
+++ b/opnsense-config-xml/src/data/dnsmasq.rs
@@ -8,6 +8,8 @@ pub struct DnsMasq {
     pub version: String,
     #[yaserde(attribute = true)]
     pub persisted_at: Option<String>,
+    #[yaserde(attribute = true)]
+    pub description: Option<String>,
 
     pub enable: u8,
     pub regdhcp: u8,
@@ -23,7 +25,7 @@ pub struct DnsMasq {
     pub dnssec: u8,
     pub regdhcpdomain: MaybeString,
     pub interface: Option<String>,
-    pub port: Option<u32>,
+    pub port: Option<MaybeString>,
     pub dns_forward_max: MaybeString,
     pub cache_size: MaybeString,
     pub local_ttl: MaybeString,
@@ -73,6 +75,8 @@ pub struct Dhcp {
     pub reply_delay: MaybeString,
     pub enable_ra: u8,
     pub nosync: u8,
+    pub log_dhcp: Option<u8>,
+    pub log_quiet: Option<u8>,
 }
 
 // Represents a single <dhcp_ranges> element.
diff --git a/opnsense-config-xml/src/data/haproxy.rs b/opnsense-config-xml/src/data/haproxy.rs
index 1114038b..1f96022a 100644
--- a/opnsense-config-xml/src/data/haproxy.rs
+++ b/opnsense-config-xml/src/data/haproxy.rs
@@ -598,7 +598,7 @@ pub struct HAProxyServer {
     pub ssl_client_certificate: MaybeString,
     #[yaserde(rename = "maxConnections")]
     pub max_connections: MaybeString,
-    pub weight: Option<u32>,
+    pub weight: Option<MaybeString>,
     #[yaserde(rename = "checkInterval")]
     pub check_interval: MaybeString,
     #[yaserde(rename = "checkDownInterval")]
diff --git a/opnsense-config-xml/src/data/opnsense.rs b/opnsense-config-xml/src/data/opnsense.rs
index ae277dc5..c1e2acc4 100644
--- a/opnsense-config-xml/src/data/opnsense.rs
+++ b/opnsense-config-xml/src/data/opnsense.rs
@@ -30,6 +30,7 @@ pub struct OPNsense {
     pub staticroutes: StaticRoutes,
     pub ca: MaybeString,
     pub gateways: Option<RawXml>,
+    pub hostwatch: Option<RawXml>,
     pub cert: Vec<Cert>,
     pub dhcpdv6: DhcpDv6,
     pub virtualip: VirtualIp,
@@ -162,11 +163,15 @@ pub struct Username {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Sysctl {
+    #[yaserde(attribute = true)]
+    pub version: Option<String>,
     pub item: Vec<SysctlItem>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct SysctlItem {
+    #[yaserde(attribute = true)]
+    pub uuid: Option<String>,
     pub descr: Option<MaybeString>,
     pub tunable: Option<String>,
     pub value: Option<MaybeString>,
@@ -174,6 +179,8 @@ pub struct SysctlItem {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct System {
+    #[yaserde(attribute = true)]
+    pub uuid: Option<String>,
     pub use_mfs_tmp: Option<MaybeString>,
     pub use_mfs_var: Option<MaybeString>,
     pub serialspeed: u32,
@@ -268,6 +275,8 @@ pub struct Bogons {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Group {
+    #[yaserde(attribute = true)]
+    pub uuid: Option<String>,
     pub name: String,
     pub description: Option<String>,
     pub scope: String,
@@ -280,6 +289,8 @@ pub struct Group {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct User {
+    #[yaserde(attribute = true)]
+    pub uuid: Option<String>,
     pub name: String,
     pub descr: MaybeString,
     pub scope: String,
@@ -463,6 +474,8 @@ pub struct OPNsenseXmlSection {
     pub openvpn: ConfigOpenVPN,
     #[yaserde(rename = "Gateways")]
     pub gateways: RawXml,
+    #[yaserde(rename = "Hostwatch")]
+    pub hostwatch: Option<RawXml>,
     #[yaserde(rename = "HAProxy")]
     pub haproxy: Option<HAProxy>,
 }
@@ -1143,9 +1156,9 @@ pub struct UnboundGeneral {
     pub dns64: MaybeString,
     pub dns64prefix: MaybeString,
     pub noarecords: MaybeString,
-    pub regdhcp: Option<i8>,
+    pub regdhcp: Option<MaybeString>,
     pub regdhcpdomain: MaybeString,
-    pub regdhcpstatic: Option<i8>,
+    pub regdhcpstatic: Option<MaybeString>,
     pub noreglladdr6: MaybeString,
     pub noregrecords: MaybeString,
     pub txtsupport: MaybeString,
@@ -1153,27 +1166,27 @@ pub struct UnboundGeneral {
     pub local_zone_type: String,
     pub outgoing_interface: MaybeString,
     pub enable_wpad: MaybeString,
-    pub safesearch: MaybeString,
+    pub safesearch: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Advanced {
-    pub hideidentity: Option<i8>,
-    pub hideversion: Option<i8>,
-    pub prefetch: Option<i8>,
-    pub prefetchkey: Option<i8>,
-    pub dnssecstripped: Option<i8>,
+    pub hideidentity: Option<MaybeString>,
+    pub hideversion: Option<MaybeString>,
+    pub prefetch: Option<MaybeString>,
+    pub prefetchkey: Option<MaybeString>,
+    pub dnssecstripped: Option<MaybeString>,
     pub aggressivensec: Option<i8>,
-    pub serveexpired: Option<i8>,
+    pub serveexpired: Option<MaybeString>,
     pub serveexpiredreplyttl: MaybeString,
     pub serveexpiredttl: MaybeString,
-    pub serveexpiredttlreset: Option<i32>,
+    pub serveexpiredttlreset: Option<MaybeString>,
     pub serveexpiredclienttimeout: MaybeString,
-    pub qnameminstrict: Option<i32>,
-    pub extendedstatistics: Option<i32>,
-    pub logqueries: Option<i32>,
-    pub logreplies: Option<i32>,
-    pub logtagqueryreply: Option<i32>,
+    pub qnameminstrict: Option<MaybeString>,
+    pub extendedstatistics: Option<MaybeString>,
+    pub logqueries: Option<MaybeString>,
+    pub logreplies: Option<MaybeString>,
+    pub logtagqueryreply: Option<MaybeString>,
     pub logservfail: MaybeString,
     pub loglocalactions: MaybeString,
     pub logverbosity: i32,
@@ -1216,12 +1229,12 @@ pub struct Dnsbl {
     pub blocklists: Option<MaybeString>,
     pub wildcards: Option<MaybeString>,
     pub address: Option<MaybeString>,
-    pub nxdomain: Option<i32>,
+    pub nxdomain: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Forwarding {
-    pub enabled: Option<i32>,
+    pub enabled: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1243,7 +1256,7 @@ pub struct Host {
     pub ttl: Option<MaybeString>,
     pub server: String,
     pub description: Option<String>,
-    pub txtdata: MaybeString,
+    pub txtdata: Option<MaybeString>,
 }
 
 impl Host {
@@ -1259,7 +1272,7 @@ impl Host {
             ttl: Some(MaybeString::default()),
             mx: MaybeString::default(),
             description: None,
-            txtdata: MaybeString::default(),
+            txtdata: Some(MaybeString::default()),
         }
     }
 }
@@ -1421,7 +1434,7 @@ pub struct StaticRoutes {
     #[yaserde(attribute = true)]
     pub version: String,
     #[yaserde(rename = "route")]
-    pub route: Option<MaybeString>,
+    pub route: Option<RawXml>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
diff --git a/opnsense-config/src/config/config.rs b/opnsense-config/src/config/config.rs
index 7c292c8e..cbb39ac4 100644
--- a/opnsense-config/src/config/config.rs
+++ b/opnsense-config/src/config/config.rs
@@ -234,14 +234,15 @@ mod tests {
     #[tokio::test]
     async fn test_load_config_from_local_file() {
         for path in [
-            // "src/tests/data/config-opnsense-25.1.xml",
-            // "src/tests/data/config-vm-test.xml",
+            "src/tests/data/config-opnsense-25.1.xml",
+            "src/tests/data/config-vm-test.xml",
             "src/tests/data/config-structure.xml",
             "src/tests/data/config-full-1.xml",
             // "src/tests/data/config-full-ncd0.xml",
             // "src/tests/data/config-full-25.7.xml",
             // "src/tests/data/config-full-25.7-dummy-dnsmasq-options.xml",
             "src/tests/data/config-25.7-dnsmasq-static-host.xml",
+            "src/tests/data/config-full-25.7.11_2.xml",
         ] {
             let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
             test_file_path.push(path);
diff --git a/opnsense-config/src/modules/dns.rs b/opnsense-config/src/modules/dns.rs
index 517b5ea6..42c8b54b 100644
--- a/opnsense-config/src/modules/dns.rs
+++ b/opnsense-config/src/modules/dns.rs
@@ -1,4 +1,4 @@
-use opnsense_config_xml::{Host, OPNsense};
+use opnsense_config_xml::{Host, MaybeString, OPNsense};
 
 pub struct UnboundDnsConfig<'a> {
     opnsense: &'a mut OPNsense,
@@ -31,7 +31,8 @@ impl<'a> UnboundDnsConfig<'a> {
             None => todo!("Handle case where unboundplus is not used"),
         };
 
-        unbound.general.regdhcp = Some(register as i8);
-        unbound.general.regdhcpstatic = Some(register as i8);
+        unbound.general.regdhcp = Some(MaybeString::from_bool_as_int("regdhcp", register));
+        unbound.general.regdhcpstatic =
+            Some(MaybeString::from_bool_as_int("regdhcpstatic", register));
     }
 }
diff --git a/opnsense-config/src/tests/data/config-full-25.7.11_2.xml b/opnsense-config/src/tests/data/config-full-25.7.11_2.xml
new file mode 100644
index 00000000..690844f3
--- /dev/null
+++ b/opnsense-config/src/tests/data/config-full-25.7.11_2.xml
@@ -0,0 +1,2376 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense</theme>
+  <sysctl/>
+  <system>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>video</primaryconsole>
+    <optimization>normal</optimization>
+    <hostname>fw0</hostname>
+    <domain>sttest0.harmony.mcd</domain>
+    <group>
+      <name>admins</name>
+      <description>System Administrators</description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <priv>page-all</priv>
+      <source_networks/>
+    </group>
+    <user>
+      <name>root</name>
+      <descr>System Administrator</descr>
+      <scope>system</scope>
+      <password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
+      <pwd_changed_at/>
+      <uid>0</uid>
+      <disabled>0</disabled>
+      <landing_page/>
+      <comment/>
+      <email/>
+      <apikeys/>
+      <priv/>
+      <language/>
+      <expires/>
+      <authorizedkeys/>
+      <dashboard/>
+      <otp_seed/>
+      <shell/>
+    </user>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>69355bf776c20</ssl-certref>
+      <port>8443</port>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression/>
+    </webgui>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disablenatreflection>yes</disablenatreflection>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces/>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <enabled>enabled</enabled>
+      <passwordauth>1</passwordauth>
+      <keysig/>
+      <permitrootlogin>1</permitrootlogin>
+      <rekeylimit/>
+    </ssh>
+    <rrdbackup>-1</rrdbackup>
+    <netflowbackup>-1</netflowbackup>
+    <firmware version="1.0.1">
+      <mirror/>
+      <flavour/>
+      <plugins>os-caddy,os-haproxy,os-tftp</plugins>
+      <type/>
+      <subscription/>
+      <reboot>0</reboot>
+    </firmware>
+    <dnsallowoverride>1</dnsallowoverride>
+    <dnsallowoverride_exclude/>
+    <language>en_US</language>
+    <dnsserver/>
+    <dns1gw>none</dns1gw>
+    <dns2gw>none</dns2gw>
+    <dns3gw>none</dns3gw>
+    <dns4gw>none</dns4gw>
+    <dns5gw>none</dns5gw>
+    <dns6gw>none</dns6gw>
+    <dns7gw>none</dns7gw>
+    <dns8gw>none</dns8gw>
+  </system>
+  <interfaces>
+    <wan>
+      <if>em0</if>
+      <descr/>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>dhcp</ipaddr>
+      <dhcphostname/>
+      <alias-address/>
+      <alias-subnet>32</alias-subnet>
+      <blockbogons>1</blockbogons>
+      <dhcprejectfrom/>
+      <adv_dhcp_pt_timeout>60</adv_dhcp_pt_timeout>
+      <adv_dhcp_pt_retry>10</adv_dhcp_pt_retry>
+      <adv_dhcp_pt_select_timeout/>
+      <adv_dhcp_pt_reboot/>
+      <adv_dhcp_pt_backoff_cutoff/>
+      <adv_dhcp_pt_initial_interval/>
+      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
+      <adv_dhcp_send_options/>
+      <adv_dhcp_request_options/>
+      <adv_dhcp_required_options/>
+      <adv_dhcp_option_modifiers/>
+      <adv_dhcp_config_advanced>advanced</adv_dhcp_config_advanced>
+      <adv_dhcp_config_file_override/>
+      <adv_dhcp_config_file_override_path/>
+    </wan>
+    <lan>
+      <if>bge0</if>
+      <enable>1</enable>
+      <ipaddr>192.168.40.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6/>
+      <subnetv6/>
+      <gateway/>
+      <gatewayv6/>
+      <media/>
+      <mediaopt/>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <if>lo0</if>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <ipaddr>127.0.0.1</ipaddr>
+      <type>none</type>
+      <virtual>1</virtual>
+      <subnet>8</subnet>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnetv6>128</subnetv6>
+    </lo0>
+    <opt1>
+      <if>bge1</if>
+      <enable>1</enable>
+    </opt1>
+  </interfaces>
+  <dhcpd/>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <syslog/>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+  </nat>
+  <filter>
+    <rule uuid="3d12c0eb-52b9-485b-8fa5-69de8bfcaa90">
+      <type>pass</type>
+      <interface>lan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Default allow LAN to any rule</descr>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="5e2a66b1-51b9-4645-a348-52cba44f65ba">
+      <type>pass</type>
+      <interface>lan</interface>
+      <ipprotocol>inet6</ipprotocol>
+      <descr>Default allow LAN IPv6 to any rule</descr>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="1811bc46-382a-489a-88de-de4ddab949c3">
+      <type>pass</type>
+      <interface>lan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow from 192.168.2.0/24</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <address>192.168.2.0/24</address>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>root@192.168.40.112</username>
+        <time>1768656743.17</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.40.112</username>
+        <time>1768656743.17</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+  </filter>
+  <rrd>
+    <enable/>
+  </rrd>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <revision>
+    <username>root@192.168.40.112</username>
+    <description>/system_general.php made changes</description>
+    <time>1769023546.34</time>
+  </revision>
+  <OPNsense>
+    <captiveportal version="1.0.4">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <cron version="1.0.4">
+      <jobs/>
+    </cron>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces/>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Category version="1.0.0">
+        <categories/>
+      </Category>
+      <Filter version="1.0.4">
+        <rules/>
+        <snatrules/>
+        <npt/>
+        <onetoone/>
+      </Filter>
+      <Alias version="1.0.1">
+        <geoip>
+          <url/>
+        </geoip>
+        <aliases/>
+      </Alias>
+    </Firewall>
+    <IDS version="1.1.1">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files/>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo/>
+        <detect>
+          <Profile/>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+        <eveLog>
+          <http>
+            <enable>0</enable>
+            <extended>0</extended>
+            <dumpAllHeaders/>
+          </http>
+          <tls>
+            <enable>0</enable>
+            <extended>0</extended>
+            <sessionResumption>0</sessionResumption>
+            <custom/>
+          </tls>
+        </eveLog>
+      </general>
+    </IDS>
+    <IPsec version="1.0.5">
+      <general>
+        <enabled/>
+        <preferred_oldsa>0</preferred_oldsa>
+        <disablevpnrules>0</disablevpnrules>
+        <passthrough_networks/>
+        <user_source/>
+        <local_group/>
+      </general>
+      <keyPairs/>
+      <preSharedKeys/>
+      <charon>
+        <max_ikev1_exchanges/>
+        <threads>16</threads>
+        <ikesa_table_size>32</ikesa_table_size>
+        <ikesa_table_segments>4</ikesa_table_segments>
+        <init_limit_half_open>1000</init_limit_half_open>
+        <ignore_acquire_ts>1</ignore_acquire_ts>
+        <install_routes>0</install_routes>
+        <cisco_unity>0</cisco_unity>
+        <make_before_break>0</make_before_break>
+        <retransmit_tries/>
+        <retransmit_timeout/>
+        <retransmit_base/>
+        <retransmit_jitter/>
+        <retransmit_limit/>
+        <reqid_base/>
+        <syslog>
+          <daemon>
+            <ike_name>1</ike_name>
+            <log_level>0</log_level>
+            <app>1</app>
+            <asn>1</asn>
+            <cfg>1</cfg>
+            <chd>1</chd>
+            <dmn>1</dmn>
+            <enc>1</enc>
+            <esp>1</esp>
+            <ike>1</ike>
+            <imc>1</imc>
+            <imv>1</imv>
+            <job>1</job>
+            <knl>1</knl>
+            <lib>1</lib>
+            <mgr>1</mgr>
+            <net>1</net>
+            <pts>1</pts>
+            <tls>1</tls>
+            <tnc>1</tnc>
+          </daemon>
+        </syslog>
+        <plugins>
+          <attr>
+            <subnet/>
+            <split-include/>
+            <x_28674/>
+            <x_28675/>
+            <x_28672/>
+            <x_28673>0</x_28673>
+            <x_28679/>
+            <dns/>
+            <nbns/>
+          </attr>
+          <eap-radius>
+            <servers/>
+            <accounting>0</accounting>
+            <class_group>0</class_group>
+          </eap-radius>
+          <xauth-pam>
+            <pam_service>ipsec</pam_service>
+            <session>0</session>
+            <trim_email>1</trim_email>
+          </xauth-pam>
+        </plugins>
+      </charon>
+    </IPsec>
+    <Interfaces>
+      <vxlans version="1.0.2"/>
+      <loopbacks version="1.0.0"/>
+      <neighbors version="1.0.0"/>
+    </Interfaces>
+    <Kea>
+      <ctrl_agent version="0.0.1" persisted_at="1765104462.37">
+        <general>
+          <enabled>0</enabled>
+          <http_host>127.0.0.1</http_host>
+          <http_port>8000</http_port>
+        </general>
+      </ctrl_agent>
+      <dhcp4 version="1.0.4" persisted_at="1765104462.38">
+        <general>
+          <enabled>0</enabled>
+          <manual_config>0</manual_config>
+          <interfaces/>
+          <valid_lifetime>4000</valid_lifetime>
+          <fwrules>1</fwrules>
+          <dhcp_socket_type>raw</dhcp_socket_type>
+        </general>
+        <ha>
+          <enabled>0</enabled>
+          <this_server_name/>
+          <max_unacked_clients>2</max_unacked_clients>
+        </ha>
+        <subnets/>
+        <reservations/>
+        <ha_peers/>
+      </dhcp4>
+      <dhcp6 version="1.0.0" persisted_at="1765104462.38">
+        <general>
+          <enabled>0</enabled>
+          <manual_config>0</manual_config>
+          <interfaces/>
+          <valid_lifetime>4000</valid_lifetime>
+          <fwrules>1</fwrules>
+        </general>
+        <ha>
+          <enabled>0</enabled>
+          <this_server_name/>
+          <max_unacked_clients>2</max_unacked_clients>
+        </ha>
+        <subnets/>
+        <reservations/>
+        <pd_pools/>
+        <ha_peers/>
+      </dhcp6>
+    </Kea>
+    <monit version="1.0.14">
+      <general>
+        <enabled>0</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>127.0.0.1</mailserver>
+        <port>25</port>
+        <username/>
+        <password/>
+        <ssl>0</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile/>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword/>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="48cad926-2d78-4a15-a3ef-519b8c8a91dc">
+        <enabled>0</enabled>
+        <recipient>root@localhost.local</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder/>
+        <description/>
+      </alert>
+      <service uuid="513a0382-88d5-4407-993d-12fbc1a43dbf">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>0c5ad352-6965-4fc3-81a6-6b7d68db1e1c,bed84737-9833-4356-b3f2-e6be29222bf9,d494e04e-72a2-44f9-bdee-84b0b762390a,e15baa92-7793-4e7c-900c-526f3bf443bf</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="d6d928a9-7e18-4a9c-87c2-69279cee4b8b">
+        <enabled>1</enabled>
+        <name>RootFs</name>
+        <description/>
+        <type>filesystem</type>
+        <pidfile/>
+        <match/>
+        <path>/</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>491c5187-e8f8-4ac0-b17e-4981ce765e5c</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="3dfdc2c7-0749-4a5e-888d-203a2f35151b">
+        <enabled>0</enabled>
+        <name>carp_status_change</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/monit/carp_status.php</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>33846c3c-4b3d-426c-88fc-8010ae579fbb</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="1389a31b-cedb-4699-8a4d-f55342f763f4">
+        <enabled>0</enabled>
+        <name>gateway_alert</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/monit/gateway_alert.php</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>ef40e63c-036c-4874-b322-a53667179644</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="1a80821d-720d-4b15-b9ec-725da6e7ae4f">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="0abba81a-4c6f-4786-aec3-7b38ec1af01d">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="9402f76a-36d8-4aac-914c-acf8c6961961">
+        <name>NetworkSaturation</name>
+        <type>NetworkInterface</type>
+        <condition>saturation is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="0c5ad352-6965-4fc3-81a6-6b7d68db1e1c">
+        <name>MemoryUsage</name>
+        <type>SystemResource</type>
+        <condition>memory usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="bed84737-9833-4356-b3f2-e6be29222bf9">
+        <name>CPUUsage</name>
+        <type>SystemResource</type>
+        <condition>cpu usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="d494e04e-72a2-44f9-bdee-84b0b762390a">
+        <name>LoadAvg1</name>
+        <type>SystemResource</type>
+        <condition>loadavg (1min) is greater than 12</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="e15baa92-7793-4e7c-900c-526f3bf443bf">
+        <name>LoadAvg5</name>
+        <type>SystemResource</type>
+        <condition>loadavg (5min) is greater than 9</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="142c0692-f178-4966-a930-6bbcd0065ea6">
+        <name>LoadAvg15</name>
+        <type>SystemResource</type>
+        <condition>loadavg (15min) is greater than 6</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="491c5187-e8f8-4ac0-b17e-4981ce765e5c">
+        <name>SpaceUsage</name>
+        <type>SpaceUsage</type>
+        <condition>space usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="33846c3c-4b3d-426c-88fc-8010ae579fbb">
+        <name>ChangedStatus</name>
+        <type>ProgramStatus</type>
+        <condition>changed status</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="ef40e63c-036c-4874-b322-a53667179644">
+        <name>NonZeroStatus</name>
+        <type>ProgramStatus</type>
+        <condition>status != 0</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <Syslog version="1.0.2">
+      <general>
+        <enabled>1</enabled>
+        <loglocal>1</loglocal>
+        <maxpreserve>31</maxpreserve>
+        <maxfilesize/>
+      </general>
+      <destinations/>
+    </Syslog>
+    <TrafficShaper version="1.0.3" persisted_at="1765104462.50">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <unboundplus version="1.0.13">
+      <general>
+        <enabled>0</enabled>
+        <port>53</port>
+        <stats>0</stats>
+        <active_interface/>
+        <dnssec>0</dnssec>
+        <dns64>0</dns64>
+        <dns64prefix/>
+        <noarecords>0</noarecords>
+        <regdhcp>0</regdhcp>
+        <regdhcpdomain/>
+        <regdhcpstatic>0</regdhcpstatic>
+        <noreglladdr6>0</noreglladdr6>
+        <noregrecords>0</noregrecords>
+        <txtsupport>0</txtsupport>
+        <cacheflush>0</cacheflush>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad>0</enable_wpad>
+        <safesearch>0</safesearch>
+      </general>
+      <advanced>
+        <hideidentity>0</hideidentity>
+        <hideversion>0</hideversion>
+        <prefetch>0</prefetch>
+        <prefetchkey>0</prefetchkey>
+        <dnssecstripped>0</dnssecstripped>
+        <aggressivensec>1</aggressivensec>
+        <serveexpired>0</serveexpired>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset>0</serveexpiredttlreset>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict>0</qnameminstrict>
+        <extendedstatistics>0</extendedstatistics>
+        <logqueries>0</logqueries>
+        <logreplies>0</logreplies>
+        <logtagqueryreply>0</logtagqueryreply>
+        <logservfail>0</logservfail>
+        <loglocalactions>0</loglocalactions>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <discardtimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing>0</infrakeepprobing>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl/>
+      <forwarding>
+        <enabled>0</enabled>
+      </forwarding>
+      <dots/>
+      <hosts/>
+      <aliases/>
+    </unboundplus>
+    <DHCRelay version="1.0.1" persisted_at="1765104461.39"/>
+    <trust>
+      <general version="1.0.1" persisted_at="1765104462.79">
+        <store_intermediate_certs>0</store_intermediate_certs>
+        <install_crls>0</install_crls>
+        <fetch_crls>0</fetch_crls>
+        <enable_legacy_sect>1</enable_legacy_sect>
+        <enable_config_constraints>0</enable_config_constraints>
+        <CipherString/>
+        <Ciphersuites/>
+        <SignatureAlgorithms/>
+        <groups/>
+        <MinProtocol/>
+        <MinProtocol_DTLS/>
+      </general>
+    </trust>
+    <tftp>
+      <general version="0.0.1">
+        <enabled>1</enabled>
+        <listen>192.168.40.1</listen>
+      </general>
+    </tftp>
+    <wireguard>
+      <general version="0.0.1">
+        <enabled>0</enabled>
+      </general>
+      <server version="1.0.1">
+        <servers/>
+      </server>
+      <client version="1.0.0">
+        <clients/>
+      </client>
+    </wireguard>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <OpenVPN version="1.0.1">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <Gateways version="1.0.0" persisted_at="1768656351.96">
+      <gateway_item uuid="1ae577f0-434e-4842-964f-46d8b17c6485">
+        <disabled>0</disabled>
+        <name>Pi_Jumpbox</name>
+        <descr/>
+        <interface>lan</interface>
+        <ipprotocol>inet</ipprotocol>
+        <gateway>192.168.40.112</gateway>
+        <defaultgw>0</defaultgw>
+        <fargw>0</fargw>
+        <monitor_disable>1</monitor_disable>
+        <monitor_noroute>0</monitor_noroute>
+        <monitor_killstates>0</monitor_killstates>
+        <monitor_killstates_priority>0</monitor_killstates_priority>
+        <monitor/>
+        <force_down>0</force_down>
+        <priority>255</priority>
+        <weight>1</weight>
+        <latencylow/>
+        <latencyhigh/>
+        <losslow/>
+        <losshigh/>
+        <interval/>
+        <time_period/>
+        <loss_interval/>
+        <data_length/>
+      </gateway_item>
+    </Gateways>
+    <Hostwatch version="1.0.0" persisted_at="1768936290.59" description="Host discovery">
+      <general>
+        <enabled>1</enabled>
+        <promisc>0</promisc>
+        <verbose>0</verbose>
+        <skip_nets/>
+        <interface/>
+      </general>
+    </Hostwatch>
+    <HAProxy version="4.1.0">
+      <general>
+        <enabled>1</enabled>
+        <gracefulStop>0</gracefulStop>
+        <hardStopAfter>60s</hardStopAfter>
+        <closeSpreadTime/>
+        <seamlessReload>0</seamlessReload>
+        <storeOcsp>0</storeOcsp>
+        <showIntro>1</showIntro>
+        <peers>
+          <enabled>0</enabled>
+          <name1/>
+          <listen1/>
+          <port1>1024</port1>
+          <name2/>
+          <listen2/>
+          <port2>1024</port2>
+        </peers>
+        <tuning>
+          <root>0</root>
+          <maxConnections/>
+          <nbthread>1</nbthread>
+          <resolversPrefer>ipv4</resolversPrefer>
+          <sslServerVerify>ignore</sslServerVerify>
+          <maxDHSize>2048</maxDHSize>
+          <bufferSize>16384</bufferSize>
+          <spreadChecks>2</spreadChecks>
+          <bogusProxyEnabled>0</bogusProxyEnabled>
+          <luaMaxMem>0</luaMaxMem>
+          <customOptions/>
+          <ocspUpdateEnabled>0</ocspUpdateEnabled>
+          <ocspUpdateMinDelay>300</ocspUpdateMinDelay>
+          <ocspUpdateMaxDelay>3600</ocspUpdateMaxDelay>
+          <ssl_defaultsEnabled>0</ssl_defaultsEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <h2_initialWindowSize/>
+          <h2_initialWindowSizeOutgoing/>
+          <h2_initialWindowSizeIncoming/>
+          <h2_maxConcurrentStreams/>
+          <h2_maxConcurrentStreamsOutgoing/>
+          <h2_maxConcurrentStreamsIncoming/>
+        </tuning>
+        <defaults>
+          <maxConnections/>
+          <maxConnectionsServers/>
+          <timeoutClient>30s</timeoutClient>
+          <timeoutConnect>30s</timeoutConnect>
+          <timeoutCheck/>
+          <timeoutServer>30s</timeoutServer>
+          <retries>3</retries>
+          <redispatch>x-1</redispatch>
+          <init_addr>last,libc</init_addr>
+          <customOptions/>
+        </defaults>
+        <logging>
+          <host>127.0.0.1</host>
+          <facility>local0</facility>
+          <level>info</level>
+          <length/>
+        </logging>
+        <stats>
+          <enabled>0</enabled>
+          <port>8822</port>
+          <remoteEnabled>0</remoteEnabled>
+          <remoteBind/>
+          <authEnabled>0</authEnabled>
+          <users/>
+          <allowedUsers/>
+          <allowedGroups/>
+          <customOptions/>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_bind>*:8404</prometheus_bind>
+          <prometheus_path>/metrics</prometheus_path>
+        </stats>
+        <cache>
+          <enabled>0</enabled>
+          <totalMaxSize>4</totalMaxSize>
+          <maxAge>60</maxAge>
+          <maxObjectSize/>
+          <processVary>0</processVary>
+          <maxSecondaryEntries>10</maxSecondaryEntries>
+        </cache>
+      </general>
+      <frontends>
+        <frontend uuid="c52106f0-50c4-48a0-9020-808bdcd861c0">
+          <id>c77e5c9d9c020af5.a2cb2ff3</id>
+          <enabled>1</enabled>
+          <name>frontend_192.168.40.1:80</name>
+          <description/>
+          <bind>192.168.40.1:80</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>74e016a6-7b3a-4612-9905-3cbfc0caea87</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions/>
+          <ssl_minVersion/>
+          <ssl_maxVersion/>
+          <ssl_cipherList/>
+          <ssl_cipherSuites/>
+          <ssl_hstsEnabled>0</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>0</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify/>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire/>
+          <stickiness_size/>
+          <stickiness_counter>0</stickiness_counter>
+          <stickiness_counter_key/>
+          <stickiness_length/>
+          <stickiness_connRatePeriod/>
+          <stickiness_sessRatePeriod/>
+          <stickiness_httpReqRatePeriod/>
+          <stickiness_httpErrRatePeriod/>
+          <stickiness_bytesInRatePeriod/>
+          <stickiness_bytesOutRatePeriod/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols/>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path/>
+          <connectionBehaviour/>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+        <frontend uuid="6b637dbc-e237-41ad-bd50-6dd974ab1294">
+          <id>b1679ba2eb842e5.b30d0330</id>
+          <enabled>1</enabled>
+          <name>frontend_192.168.40.1:443</name>
+          <description/>
+          <bind>192.168.40.1:443</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>d49fdd12-5bf3-4f61-92f4-85aa61031a05</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions/>
+          <ssl_minVersion/>
+          <ssl_maxVersion/>
+          <ssl_cipherList/>
+          <ssl_cipherSuites/>
+          <ssl_hstsEnabled>0</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>0</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify/>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire/>
+          <stickiness_size/>
+          <stickiness_counter>0</stickiness_counter>
+          <stickiness_counter_key/>
+          <stickiness_length/>
+          <stickiness_connRatePeriod/>
+          <stickiness_sessRatePeriod/>
+          <stickiness_httpReqRatePeriod/>
+          <stickiness_httpErrRatePeriod/>
+          <stickiness_bytesInRatePeriod/>
+          <stickiness_bytesOutRatePeriod/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols/>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path/>
+          <connectionBehaviour/>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+        <frontend uuid="b01be32b-0f9b-4e8b-b9dc-307336d70be7">
+          <id>12a94182c74eaacc.cb520a04</id>
+          <enabled>1</enabled>
+          <name>frontend_192.168.40.1:22623</name>
+          <description/>
+          <bind>192.168.40.1:22623</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>e2c97e7d-f255-4c94-ae16-222d9100132b</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions/>
+          <ssl_minVersion/>
+          <ssl_maxVersion/>
+          <ssl_cipherList/>
+          <ssl_cipherSuites/>
+          <ssl_hstsEnabled>0</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>0</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify/>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire/>
+          <stickiness_size/>
+          <stickiness_counter>0</stickiness_counter>
+          <stickiness_counter_key/>
+          <stickiness_length/>
+          <stickiness_connRatePeriod/>
+          <stickiness_sessRatePeriod/>
+          <stickiness_httpReqRatePeriod/>
+          <stickiness_httpErrRatePeriod/>
+          <stickiness_bytesInRatePeriod/>
+          <stickiness_bytesOutRatePeriod/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols/>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path/>
+          <connectionBehaviour/>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+        <frontend uuid="7954ff5a-a683-4f6b-8bb7-0542d39d8086">
+          <id>13d6ac21ee3ccc60.96cd4b70</id>
+          <enabled>1</enabled>
+          <name>frontend_192.168.40.1:6443</name>
+          <description/>
+          <bind>192.168.40.1:6443</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>4dcf78bf-2543-4c2c-bc0c-8a0d594d3248</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions/>
+          <ssl_minVersion/>
+          <ssl_maxVersion/>
+          <ssl_cipherList/>
+          <ssl_cipherSuites/>
+          <ssl_hstsEnabled>0</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>0</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify/>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire/>
+          <stickiness_size/>
+          <stickiness_counter>0</stickiness_counter>
+          <stickiness_counter_key/>
+          <stickiness_length/>
+          <stickiness_connRatePeriod/>
+          <stickiness_sessRatePeriod/>
+          <stickiness_httpReqRatePeriod/>
+          <stickiness_httpErrRatePeriod/>
+          <stickiness_bytesInRatePeriod/>
+          <stickiness_bytesOutRatePeriod/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols/>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path/>
+          <connectionBehaviour/>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+      </frontends>
+      <backends>
+        <backend uuid="74e016a6-7b3a-4612-9905-3cbfc0caea87">
+          <id>f08894401df05ad8.3d5c30db</id>
+          <enabled>1</enabled>
+          <name>backend_192.168.40.1:80</name>
+          <description/>
+          <mode>tcp</mode>
+          <algorithm>roundrobin</algorithm>
+          <random_draws>2</random_draws>
+          <proxyProtocol/>
+          <linkedServers>3c7b4f9e-7c71-4599-928c-a245d3967be7,3cb381bd-cd9b-44d1-96b2-35c53849ff93,51b5b214-59cd-4bf4-9787-213079b95744,f6a3ea11-3d67-4096-ac22-112cf7d69e6e,3572b374-5516-4ef1-8c65-9f905f396165</linkedServers>
+          <linkedFcgi/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <source/>
+          <healthCheckEnabled>1</healthCheckEnabled>
+          <healthCheck>11ec6494-d394-406a-9768-08148134e3eb</healthCheck>
+          <healthCheckLogStatus>0</healthCheckLogStatus>
+          <checkInterval/>
+          <checkDownInterval/>
+          <healthCheckFall/>
+          <healthCheckRise/>
+          <linkedMailer/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <ba_advertised_protocols/>
+          <persistence/>
+          <persistence_cookiemode/>
+          <persistence_cookiename/>
+          <persistence_stripquotes>0</persistence_stripquotes>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_cookiename/>
+          <stickiness_cookielength/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_timeoutConnect/>
+          <tuning_timeoutCheck/>
+          <tuning_timeoutServer/>
+          <tuning_retries/>
+          <customOptions/>
+          <tuning_defaultserver/>
+          <tuning_noport>0</tuning_noport>
+          <tuning_httpreuse/>
+          <tuning_caching>0</tuning_caching>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </backend>
+        <backend uuid="d49fdd12-5bf3-4f61-92f4-85aa61031a05">
+          <id>53b09184e47806ad.6062e3bd</id>
+          <enabled>1</enabled>
+          <name>backend_192.168.40.1:443</name>
+          <description/>
+          <mode>tcp</mode>
+          <algorithm>roundrobin</algorithm>
+          <random_draws>2</random_draws>
+          <proxyProtocol/>
+          <linkedServers>4098fdb2-ba6d-4edd-ab05-e997c9cef626,af439509-7e75-40bd-9c72-8f6a2710498c,e8467e26-1c2d-4fd8-a67e-e17b1f619967,fea2cfee-2dd9-4046-b172-ae2b941063d5,4a8587cc-d3a4-4fa6-97e9-c079d0d22240</linkedServers>
+          <linkedFcgi/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <source/>
+          <healthCheckEnabled>1</healthCheckEnabled>
+          <healthCheck>a5d88192-aef3-42f0-aec4-cb6eaebca84f</healthCheck>
+          <healthCheckLogStatus>0</healthCheckLogStatus>
+          <checkInterval/>
+          <checkDownInterval/>
+          <healthCheckFall/>
+          <healthCheckRise/>
+          <linkedMailer/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <ba_advertised_protocols/>
+          <persistence/>
+          <persistence_cookiemode/>
+          <persistence_cookiename/>
+          <persistence_stripquotes>0</persistence_stripquotes>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_cookiename/>
+          <stickiness_cookielength/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_timeoutConnect/>
+          <tuning_timeoutCheck/>
+          <tuning_timeoutServer/>
+          <tuning_retries/>
+          <customOptions/>
+          <tuning_defaultserver/>
+          <tuning_noport>0</tuning_noport>
+          <tuning_httpreuse/>
+          <tuning_caching>0</tuning_caching>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </backend>
+        <backend uuid="e2c97e7d-f255-4c94-ae16-222d9100132b">
+          <id>fb3d213167709bf2.f6d030ee</id>
+          <enabled>1</enabled>
+          <name>backend_192.168.40.1:22623</name>
+          <description/>
+          <mode>tcp</mode>
+          <algorithm>roundrobin</algorithm>
+          <random_draws>2</random_draws>
+          <proxyProtocol/>
+          <linkedServers>b1a99d0e-75c9-42a8-a0ea-91ee1bfbc508,7a606821-2d1f-41f1-8edb-3a8bebbe0aa4,4e091504-977f-4e83-bf90-678d68ad4816,741e99a1-fe92-4b6d-b6c2-3bd039934a7f,dd5f78b0-e083-4080-972b-73b53924d059</linkedServers>
+          <linkedFcgi/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <source/>
+          <healthCheckEnabled>1</healthCheckEnabled>
+          <healthCheck>17bc9250-d232-4e99-b77c-9cbcc0fb633e</healthCheck>
+          <healthCheckLogStatus>0</healthCheckLogStatus>
+          <checkInterval/>
+          <checkDownInterval/>
+          <healthCheckFall/>
+          <healthCheckRise/>
+          <linkedMailer/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <ba_advertised_protocols/>
+          <persistence/>
+          <persistence_cookiemode/>
+          <persistence_cookiename/>
+          <persistence_stripquotes>0</persistence_stripquotes>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_cookiename/>
+          <stickiness_cookielength/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_timeoutConnect/>
+          <tuning_timeoutCheck/>
+          <tuning_timeoutServer/>
+          <tuning_retries/>
+          <customOptions/>
+          <tuning_defaultserver/>
+          <tuning_noport>0</tuning_noport>
+          <tuning_httpreuse/>
+          <tuning_caching>0</tuning_caching>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </backend>
+        <backend uuid="4dcf78bf-2543-4c2c-bc0c-8a0d594d3248">
+          <id>f3bf483e1e76c8b8.78ae61ca</id>
+          <enabled>1</enabled>
+          <name>backend_192.168.40.1:6443</name>
+          <description/>
+          <mode>tcp</mode>
+          <algorithm>roundrobin</algorithm>
+          <random_draws>2</random_draws>
+          <proxyProtocol/>
+          <linkedServers>a817a002-3892-47a3-82ac-f28a3c357ffe,25906935-b3e3-482f-b0ba-a082d5316d6b,ee918485-01b0-462b-ad1b-1b35f4e871a6,cced84b6-f99f-49e7-af31-c71f7478405d,e1ab9bb3-4c4a-4a20-96e2-0710fa3d4fc2</linkedServers>
+          <linkedFcgi/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <source/>
+          <healthCheckEnabled>1</healthCheckEnabled>
+          <healthCheck>25bfdc19-6d79-41c6-951e-74bac3d249e8</healthCheck>
+          <healthCheckLogStatus>0</healthCheckLogStatus>
+          <checkInterval/>
+          <checkDownInterval/>
+          <healthCheckFall/>
+          <healthCheckRise/>
+          <linkedMailer/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <ba_advertised_protocols/>
+          <persistence/>
+          <persistence_cookiemode/>
+          <persistence_cookiename/>
+          <persistence_stripquotes>0</persistence_stripquotes>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_cookiename/>
+          <stickiness_cookielength/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_timeoutConnect/>
+          <tuning_timeoutCheck/>
+          <tuning_timeoutServer/>
+          <tuning_retries/>
+          <customOptions/>
+          <tuning_defaultserver/>
+          <tuning_noport>0</tuning_noport>
+          <tuning_httpreuse/>
+          <tuning_caching>0</tuning_caching>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </backend>
+      </backends>
+      <servers>
+        <server uuid="3c7b4f9e-7c71-4599-928c-a245d3967be7">
+          <id>e659e683eb4f8cbf.bc6647fd</id>
+          <enabled>1</enabled>
+          <name>192.168.40.20_80</name>
+          <description/>
+          <address>192.168.40.20</address>
+          <port>80</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="3cb381bd-cd9b-44d1-96b2-35c53849ff93">
+          <id>98e07b8c2cf4e121.f80ffb86</id>
+          <enabled>1</enabled>
+          <name>192.168.40.21_80</name>
+          <description/>
+          <address>192.168.40.21</address>
+          <port>80</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="51b5b214-59cd-4bf4-9787-213079b95744">
+          <id>6d610bd3274928f0.772b633a</id>
+          <enabled>1</enabled>
+          <name>192.168.40.22_80</name>
+          <description/>
+          <address>192.168.40.22</address>
+          <port>80</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="f6a3ea11-3d67-4096-ac22-112cf7d69e6e">
+          <id>4e766be7687ff1b2.9f602</id>
+          <enabled>1</enabled>
+          <name>192.168.40.30_80</name>
+          <description/>
+          <address>192.168.40.30</address>
+          <port>80</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="3572b374-5516-4ef1-8c65-9f905f396165">
+          <id>96f86eff29c19586.899c8c7d</id>
+          <enabled>1</enabled>
+          <name>192.168.40.10_80</name>
+          <description/>
+          <address>192.168.40.10</address>
+          <port>80</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="4098fdb2-ba6d-4edd-ab05-e997c9cef626">
+          <id>b1ef1eac98733197.75fa14c7</id>
+          <enabled>1</enabled>
+          <name>192.168.40.20_443</name>
+          <description/>
+          <address>192.168.40.20</address>
+          <port>443</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="af439509-7e75-40bd-9c72-8f6a2710498c">
+          <id>7b8e5951eea6c199.a6da8696</id>
+          <enabled>1</enabled>
+          <name>192.168.40.21_443</name>
+          <description/>
+          <address>192.168.40.21</address>
+          <port>443</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="e8467e26-1c2d-4fd8-a67e-e17b1f619967">
+          <id>a8a3af8568459ef8.ce390541</id>
+          <enabled>1</enabled>
+          <name>192.168.40.22_443</name>
+          <description/>
+          <address>192.168.40.22</address>
+          <port>443</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="fea2cfee-2dd9-4046-b172-ae2b941063d5">
+          <id>993b27c0684e9142.41d99327</id>
+          <enabled>1</enabled>
+          <name>192.168.40.30_443</name>
+          <description/>
+          <address>192.168.40.30</address>
+          <port>443</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="4a8587cc-d3a4-4fa6-97e9-c079d0d22240">
+          <id>7ed96373b629946d.a2234a79</id>
+          <enabled>1</enabled>
+          <name>192.168.40.10_443</name>
+          <description/>
+          <address>192.168.40.10</address>
+          <port>443</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="b1a99d0e-75c9-42a8-a0ea-91ee1bfbc508">
+          <id>ebfb123745ab99fa.56b7e81</id>
+          <enabled>1</enabled>
+          <name>192.168.40.20_22623</name>
+          <description/>
+          <address>192.168.40.20</address>
+          <port>22623</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="7a606821-2d1f-41f1-8edb-3a8bebbe0aa4">
+          <id>5b336dfe21d70db0.de1c1873</id>
+          <enabled>1</enabled>
+          <name>192.168.40.21_22623</name>
+          <description/>
+          <address>192.168.40.21</address>
+          <port>22623</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="4e091504-977f-4e83-bf90-678d68ad4816">
+          <id>aa954ffc2004a428.3f979125</id>
+          <enabled>1</enabled>
+          <name>192.168.40.22_22623</name>
+          <description/>
+          <address>192.168.40.22</address>
+          <port>22623</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="741e99a1-fe92-4b6d-b6c2-3bd039934a7f">
+          <id>2c5ad4987d529880.8404a1cb</id>
+          <enabled>1</enabled>
+          <name>192.168.40.30_22623</name>
+          <description/>
+          <address>192.168.40.30</address>
+          <port>22623</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="dd5f78b0-e083-4080-972b-73b53924d059">
+          <id>f61263456cb23546.1b8fc725</id>
+          <enabled>1</enabled>
+          <name>192.168.40.10_22623</name>
+          <description/>
+          <address>192.168.40.10</address>
+          <port>22623</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="a817a002-3892-47a3-82ac-f28a3c357ffe">
+          <id>2c76a5e648a22d31.acb00182</id>
+          <enabled>1</enabled>
+          <name>192.168.40.20_6443</name>
+          <description/>
+          <address>192.168.40.20</address>
+          <port>6443</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="25906935-b3e3-482f-b0ba-a082d5316d6b">
+          <id>1dec35d79dc64d6d.35d924e9</id>
+          <enabled>1</enabled>
+          <name>192.168.40.21_6443</name>
+          <description/>
+          <address>192.168.40.21</address>
+          <port>6443</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="ee918485-01b0-462b-ad1b-1b35f4e871a6">
+          <id>8fec2b81ef16ac1.c768ff85</id>
+          <enabled>1</enabled>
+          <name>192.168.40.22_6443</name>
+          <description/>
+          <address>192.168.40.22</address>
+          <port>6443</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="cced84b6-f99f-49e7-af31-c71f7478405d">
+          <id>9c142802a8b9a550.b0ae2086</id>
+          <enabled>1</enabled>
+          <name>192.168.40.30_6443</name>
+          <description/>
+          <address>192.168.40.30</address>
+          <port>6443</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="e1ab9bb3-4c4a-4a20-96e2-0710fa3d4fc2">
+          <id>2773c715be07db11.6ce4873a</id>
+          <enabled>1</enabled>
+          <name>192.168.40.10_6443</name>
+          <description/>
+          <address>192.168.40.10</address>
+          <port>6443</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol/>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>0</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+      </servers>
+      <healthchecks>
+        <healthcheck uuid="11ec6494-d394-406a-9768-08148134e3eb">
+          <name>TCP_serverport</name>
+          <description/>
+          <type>tcp</type>
+          <interval>2s</interval>
+          <ssl/>
+          <sslSNI/>
+          <force_ssl>0</force_ssl>
+          <checkport/>
+          <http_method/>
+          <http_uri/>
+          <http_version/>
+          <http_host/>
+          <http_expression/>
+          <http_negate/>
+          <http_value/>
+          <tcp_enabled/>
+          <tcp_sendValue/>
+          <tcp_matchType/>
+          <tcp_negate/>
+          <tcp_matchValue/>
+          <agent_port/>
+          <mysql_user/>
+          <mysql_post41/>
+          <pgsql_user/>
+          <smtp_domain/>
+          <esmtp_domain/>
+          <agentPort/>
+          <dbUser/>
+          <smtpDomain/>
+        </healthcheck>
+        <healthcheck uuid="a5d88192-aef3-42f0-aec4-cb6eaebca84f">
+          <name>TCP_serverport</name>
+          <description/>
+          <type>tcp</type>
+          <interval>2s</interval>
+          <ssl/>
+          <sslSNI/>
+          <force_ssl>0</force_ssl>
+          <checkport/>
+          <http_method/>
+          <http_uri/>
+          <http_version/>
+          <http_host/>
+          <http_expression/>
+          <http_negate/>
+          <http_value/>
+          <tcp_enabled/>
+          <tcp_sendValue/>
+          <tcp_matchType/>
+          <tcp_negate/>
+          <tcp_matchValue/>
+          <agent_port/>
+          <mysql_user/>
+          <mysql_post41/>
+          <pgsql_user/>
+          <smtp_domain/>
+          <esmtp_domain/>
+          <agentPort/>
+          <dbUser/>
+          <smtpDomain/>
+        </healthcheck>
+        <healthcheck uuid="17bc9250-d232-4e99-b77c-9cbcc0fb633e">
+          <name>TCP_serverport</name>
+          <description/>
+          <type>tcp</type>
+          <interval>2s</interval>
+          <ssl/>
+          <sslSNI/>
+          <force_ssl>0</force_ssl>
+          <checkport/>
+          <http_method/>
+          <http_uri/>
+          <http_version/>
+          <http_host/>
+          <http_expression/>
+          <http_negate/>
+          <http_value/>
+          <tcp_enabled/>
+          <tcp_sendValue/>
+          <tcp_matchType/>
+          <tcp_negate/>
+          <tcp_matchValue/>
+          <agent_port/>
+          <mysql_user/>
+          <mysql_post41/>
+          <pgsql_user/>
+          <smtp_domain/>
+          <esmtp_domain/>
+          <agentPort/>
+          <dbUser/>
+          <smtpDomain/>
+        </healthcheck>
+        <healthcheck uuid="25bfdc19-6d79-41c6-951e-74bac3d249e8">
+          <name>HTTP_GET_/readyz</name>
+          <description/>
+          <type>http</type>
+          <interval>2s</interval>
+          <ssl>ssl</ssl>
+          <sslSNI/>
+          <force_ssl>0</force_ssl>
+          <checkport/>
+          <http_method>GET</http_method>
+          <http_uri>/readyz</http_uri>
+          <http_version/>
+          <http_host/>
+          <http_expression/>
+          <http_negate/>
+          <http_value/>
+          <tcp_enabled/>
+          <tcp_sendValue/>
+          <tcp_matchType/>
+          <tcp_negate/>
+          <tcp_matchValue/>
+          <agent_port/>
+          <mysql_user/>
+          <mysql_post41/>
+          <pgsql_user/>
+          <smtp_domain/>
+          <esmtp_domain/>
+          <agentPort/>
+          <dbUser/>
+          <smtpDomain/>
+        </healthcheck>
+      </healthchecks>
+      <acls/>
+      <actions/>
+      <luas/>
+      <fcgis/>
+      <errorfiles/>
+      <mapfiles/>
+      <groups/>
+      <users/>
+      <cpus/>
+      <resolvers/>
+      <mailers/>
+      <maintenance>
+        <cronjobs>
+          <syncCerts>0</syncCerts>
+          <syncCertsCron/>
+          <updateOcsp>0</updateOcsp>
+          <updateOcspCron/>
+          <reloadService>0</reloadService>
+          <reloadServiceCron/>
+          <restartService>0</restartService>
+          <restartServiceCron/>
+        </cronjobs>
+      </maintenance>
+    </HAProxy>
+  </OPNsense>
+  <staticroutes version="1.0.0">
+    <route uuid="bb4b6d33-2806-40f6-8ca4-0252208075b9">
+      <network>192.168.2.62/32</network>
+      <gateway>Pi_Jumpbox</gateway>
+      <descr>Route to 192.168.2.0 ...</descr>
+      <disabled>0</disabled>
+    </route>
+  </staticroutes>
+  <ca/>
+  <cert uuid="7e1689a7-b927-44d2-9bd1-d6629bdb2e70">
+    <refid>69355bf776c20</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhFakNDQlBxZ0F3SUJBZ0lVQlJrcksrdWdLSXFITkdjNEFCVVM0NmxNZDZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZWXhHakFZQmdOVkJBTU1FVTlRVG5ObGJuTmxMbWx1ZEdWeWJtRnNNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWlRBZUZ3MHkKTlRFeU1EY3hNRFV3TXpKYUZ3MHlOekF4TURneE1EVXdNekphTUlHR01Sb3dHQVlEVlFRRERCRlBVRTV6Wlc1egpaUzVwYm5SbGNtNWhiREVMTUFrR0ExVUVCaE1DVGt3eEZUQVRCZ05WQkFnTURGcDFhV1F0U0c5c2JHRnVaREVWCk1CTUdBMVVFQnd3TVRXbGtaR1ZzYUdGeWJtbHpNUzB3S3dZRFZRUUtEQ1JQVUU1elpXNXpaU0J6Wld4bUxYTnAKWjI1bFpDQjNaV0lnWTJWeWRHbG1hV05oZEdVd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJSwpBb0lDQVFDclF3Q29XZitzMUl3UjdqZ0twcTlRVUhlbEtxbDNzWkZjSk5iU2lKMWdlL2ZLM2ZheVEvMkJOZzVhCkhFOWp1Vk1SOTJiSzZrS3NnajJQb1M2d21aVE5zMVJtYkljd29qUVRCdlh3ZElheG5jbTZkRzc5TkFwZ3pPYmMKNDNBaTNnVG1KdTUybndzSEVqUWtHUzlhWnhSTzNuTVB5UUFNWDFjRW1WM2FjTGdmbGtadHdLSjQ3OEVHSVpFSwpIbzhHbE5YNUs1eDNmZFEreGpzQ2I3Wk9hMU5vYU9ZTm0xMmt6V21qelRISmd6eFdKbTlhUU05Mi9rUm1JU0VLClZjU1N1UDMvTzAyd2J0cDJZMDE1TTNyOU1kc2lLUTRVOHhuVlNoMG1ZajBYNXJ1TmJpZVVydVRMRHRQU0NwaksKQmZCTjRtNFl6R2NFTTEyZ2pITHN5TCt4WEN5bmI1MDJmNTVnb2ZDNHFuWlFLOWdOUFRzR1dMU3FXYVdGY3hSLwpoNjJmdVE4VnZYMmJsSGRRenNveXhXSXRzci9xbTJtYUY3NGdOTWRacFpMamFkQ3JOWVY1SDlPVVZ6b0hWTmd2CmxjTWFaaEcxQkUwV3R5THNhcjFwU2IzdVhPcmFRdXlHM0ZaS1dNQnl4VmRRUGR6WmgrMk1sMDU4Tnp1V3dyZ2wKN085V3ZWa3YwREwzZStXRzE0TlAwOFJEa0JyRjk2SUpJM2hoRkRwMk1TR3BVWitYZW1TN1pVQ2o5b2NWdGVocworcXlIeWxZMkQyU2FYZG1SUmNwK3l5RkFNYmhDeHBoMnI4WFMvTXgrZXRaSDU4ZFU3emlZdEQvNUJsSzBkRGRzCmZ4eGcwSG5QL2lGOEpuSU1sK3BWWXVpdk1wRnh0RFJtRUNZSnZMWi9RTHNxU3AvSUhRSURBUUFCbzRJQmREQ0MKQVhBd0NRWURWUjBUQkFJd0FEQVJCZ2xnaGtnQmh2aENBUUVFQkFNQ0JrQXdOQVlKWUlaSUFZYjRRZ0VOQkNjVwpKVTlRVG5ObGJuTmxJRWRsYm1WeVlYUmxaQ0JUWlhKMlpYSWdRMlZ5ZEdsbWFXTmhkR1V3SFFZRFZSME9CQllFCkZNWXI5NGdMS2doZDVYT2RXWGV3R3BMd0ZlZEZNSUd3QmdOVkhTTUVnYWd3Z2FXaGdZeWtnWWt3Z1lZeEdqQVkKQmdOVkJBTU1FVTlRVG5ObGJuTmxMbWx1ZEdWeWJtRnNNUXN3Q1FZRFZRUUdFd0pPVERFVk1CTUdBMVVFQ0F3TQpXblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyQmdOVkJBb01KRTlRClRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUJSa3JLK3VnS0lxSE5HYzQKQUJVUzQ2bE1kNll3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01Bc0dBMVVkRHdRRQpBd0lGb0RBY0JnTlZIUkVFRlRBVGdoRlBVRTV6Wlc1elpTNXBiblJsY201aGJEQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBZ0VBVVlJQ1FXUHdkR25FNHdUVG9MUVg4Mm1GbzdreWlneGpIMGlrenJDclZFZlUxcE1CakNldUl0WFEKZnpmS0NXSFplVVhWeE1uNkwyWkxpaE9lalZRVVM3c0psWW9PZGdiYUJmRm9Zd1dTTTMrSHZGQWtWelI3ZW1uUQpMbDh6U0lnN3B3UFgrOTBLcVNRRnhPOUdKcWE0MWEvc1hCZlAvVkxxZHh4SFhsb3dsK1JpRmJZMDRhdFo3a0xtCjI4R1AwSTFMVEYyRnRzNXhsN2EzNzRLdm9wSFNici9LQmV0b1ZJb3pSVXN6WGE1ODI3alBOZVBGQTlsS2lPNUkKSkNLS1pZVVpsM2F4NkF5a2FsOHJ5SFlIVWUwaGZaaFZyWDZLNDFEQjBoL210SWxOSm9sLzBqdnI2aDgySFhaNAo4dVJQNHNWZGxwOXVQTVVKcVNWRW84aGo0ajc1b0dSU3JHSEpKMk0zUXhKVE1ITTQ5UkpCT1EzRmtQOVBaakprCkRFRjc1UUttZGZxWGo4OXZnNUhQUTBzU0owbGpTVVVQVGR6Vlc2cUFtYll0T3ZwTWV0MVcxMjAyNFd2RitlNkEKMG4rMUU0Ri9oNEdyVWg3NmFmSG1LcTRrNXVBU1daOUNFbTF1Wm9mZjZSdVk2N3ZPVXdpVkgzUlpTWEN2aDluUQppZVhtWXMya09KMzNnUUpHTE1qNEhNeWw1ZTFudW9wekhkR0xmNVJ1bFdvbS8yL21YckpXQXNVL3AxY2dGMW5sClJ6em1hZ0NSeUE2RzBFRWMyZW9FODFYMjQ0azJwa3NRcUIrL3VibmxNa0VGaE1JQWtOeDU2N3dON2hDUTFvQ0IKbW51cWpBRkc3NE5jUFYyT0w1KzhlQmJaa3FONTNBMDVzQngrTG41ZnlEZEd4VzN1eVZrPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
+    <caref/>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRQ3JRd0NvV2YrczFJd1IKN2pnS3BxOVFVSGVsS3FsM3NaRmNKTmJTaUoxZ2UvZkszZmF5US8yQk5nNWFIRTlqdVZNUjkyYks2a0tzZ2oyUApvUzZ3bVpUTnMxUm1iSWN3b2pRVEJ2WHdkSWF4bmNtNmRHNzlOQXBnek9iYzQzQWkzZ1RtSnU1Mm53c0hFalFrCkdTOWFaeFJPM25NUHlRQU1YMWNFbVYzYWNMZ2Zsa1p0d0tKNDc4RUdJWkVLSG84R2xOWDVLNXgzZmRRK3hqc0MKYjdaT2ExTm9hT1lObTEya3pXbWp6VEhKZ3p4V0ptOWFRTTkyL2tSbUlTRUtWY1NTdVAzL08wMndidHAyWTAxNQpNM3I5TWRzaUtRNFU4eG5WU2gwbVlqMFg1cnVOYmllVXJ1VExEdFBTQ3BqS0JmQk40bTRZekdjRU0xMmdqSExzCnlMK3hYQ3luYjUwMmY1NWdvZkM0cW5aUUs5Z05QVHNHV0xTcVdhV0ZjeFIvaDYyZnVROFZ2WDJibEhkUXpzb3kKeFdJdHNyL3FtMm1hRjc0Z05NZFpwWkxqYWRDck5ZVjVIOU9VVnpvSFZOZ3ZsY01hWmhHMUJFMFd0eUxzYXIxcApTYjN1WE9yYVF1eUczRlpLV01CeXhWZFFQZHpaaCsyTWwwNThOenVXd3JnbDdPOVd2Vmt2MERMM2UrV0cxNE5QCjA4UkRrQnJGOTZJSkkzaGhGRHAyTVNHcFVaK1hlbVM3WlVDajlvY1Z0ZWhzK3F5SHlsWTJEMlNhWGRtUlJjcCsKeXlGQU1iaEN4cGgycjhYUy9NeCtldFpINThkVTd6aVl0RC81QmxLMGREZHNmeHhnMEhuUC9pRjhKbklNbCtwVgpZdWl2TXBGeHREUm1FQ1lKdkxaL1FMc3FTcC9JSFFJREFRQUJBb0lDQUJSRERoaUhqLzlEcFByRGJnVkhQcENkCnBJOTVvbFBUUWZrSk1XZjJoU0FTMVUzcGF0N0x1bm9IWDRxbVgzZDk4cEpsUWRmRXFzb1JjcC9EN2NFenVtNHkKY2FHRE9qb0tjV2R3T0dLNnkrdHhycG5pWFVzKy8vSC9RVnBsaDRaOTIvaUZmS0JlSlZ1RnozNFhMZ29LWTFXeQp3eUdIOTFCL2F5SitmcU1jYmp4QklaTlVsTThDd1VTQ0dOQitBdy9xbTFJcWZiZzBFK0N3RlVVdTJ2NTJKakpyCnpybFNFTEhjZDZETE9HdTRuTWZZZzVqRm90dFhnOWQ0R0pwS0ZzS3J6bFBjWnFSTUhvbEpLd2orMytYYXpkYVgKSXQrMFQwY2VjMHB2bWFqSDdKZjBBMklpT3dGbktnVVIvemVrOGptcURnL2RzYkViM3FUakE2bk4vOEtkRkNTSAp2VHpNZUVEbzV5eEJuWlBHaTE1OS9LSUYyQU5yLzI1K2pPWVZibnpoZjZHQkxNSjZObDhjc1BLdWgzRkg4MTNBCkhyVUZZckQ1OERYQm1aUFdUYXFacWRxSkhIS25DVThnRUZoTDFFYVNlbWhnMHhPSGcwQjNuUXFPT25aMG1aSm0KZ3BsTy9GemxTN1dGSVB5NGU5RFhJRldoUDRCNWpGaDhubXB6bHZ4cXJSaXkvYUc2VmVSS2hTY3FMTksyOE53Qgo2OWNuM25NdFlDOCs0azhhR0ducDBLeWRDcFU4MFcwVW9PZzJCNHMzSDdHZENUbnZpK2ZwdithNFJ5ZE8yNCtXCmo4Wk15UUpHaFY1TTMwckpaZ1R2MmVxVHhpVjlYVEswV2JrQ1JUNHFTeVJxY2dwYm1IM3dNcGdXbmRqc3dGTVQKOUhrSllMVEFqeEppM09KeVdha0ZBb0lCQVFEeFU3dWQwUlJGVVI1cE1uRzRBeTk2U0hscG1VU0ltZVpzWXlwcQpmamtUL0J6Y1VnZ3Bzam80bnJpMnZBbEN0a3VEWW45K3ovSVR1RzA5Wng1RitmMlRiTUw5L0YvZTZIdUM1NXpTCjBBQ003K3d2QVNLaDdJbVYveit2dVYrSkxud2FISU4xeWh4U2ZLdFF3czBpc2ZsT21EMzUrS054Uk40NUQvbDAKR0tmcm5XcVZGQ29GSTNaN2xiWCszZnpURDdkdEY1ZkFCSTlVdnVaTXNMVis3Uk9lbXhvMXlnN0QyLzFiNnRQSwpONzVwR1d2QzUvbHZnSnMzZ2tmdmlEMi91b3hZM0hrQjFuUU55Sis2clNMajJyUjh2TWl1UCtMeHFvMnZEMVFhCitCYjNmWDRqMDQrMGxOdDRYaGRaSXVGNThKamF5ZzlGZnFQVnBlTnVGNkE2QVhMekFvSUJBUUMxckxNQ1RMSnMKRE8wbjI5cUh6VUtkbHl2USs5QmsxLzByRFpVQVZPNDQrNVhXQ081TlFndWxIOWUxclJJekVVZTZEdXlYVlVTbwpvU1JvenkxUHVSd0tldXNhWVNKZk5JVHJGVGlMRnEzOXJwcnVzWWl4Zk1jM2tSeDVYKyszeFJLOFY0ZlNiMDRkCjdjRStHNkhYRHZkVGxqRmRXRUZRTmRqMkUyWC9jYW1yT0JsRU16RzBGL0VHRWZrLytRNHdVWDUydkY5ZSthVXUKYUJoQ2dtSzhEWXFwMWdlY3hscFE1cEtMVndORFNLVjFLK2ZIMGYwVHRKOUhCWlVNWU9KSlpWdnYzN3NDNk9BawpyYzA0eTRKNVAvWHVlaHFFNmhhbHFrdVdiSW0wV2xWVXArSS9oTEdXajcwK3ZmSG41bFJCVjR0MXhtYVVHTTVRCmdQb2tlbWJBV2Z5dkFvSUJBQkxhZDgzY2g3amluWDJhYzBmczk4aVY0T1pmRXZ1WkNtZHRWK0w1K1h1V05xci8KdmFPRVNRZ2pYa3JvWmREUWJSWFduQjlNSDUxcXl4NEE4RnlISzBoWk51S2cxTnlWVFJEdEIxTnc3Sm9XSkYySAp1U3p0VGRKcUhvK2I2OXJMeHVaRFZBSGZ5RmFwWnJqb2Z4NDJ5VU5hb1h6bDc5N3Bnbkx5eklwRll0a0ZjMDR5ClJSWWhyeC80a2o5WEdHbGswTyswNkNZWU5ScHB6NVF1T2Yrd2hkZmVSaTN0bXpteDloazRQMU9OQjFNdXFUeVEKNHV2VElFMDE0R2pXTy95K2xqaGJBUmtqcCsxcnZ3N1dkK05WTXNTTCt5R2gzQmtGT2d4ekpoNzFRdFlTOThmVQp2MlZjTzhrcmtLZG1FamQwbEh5RFRLNGhOcXQ2U2twUGpqVDU2QUVDZ2dFQUNLcGlKM3Z0RHNaWEVZMmxFTkV6Cm1qeTV0RkF1a29EUzdKakxRS2JNYmg5aCtFR1l6RXFZTDVvak9lRTFld1laKzcvMmZRbHVLdlQwdmFNVU1EZE8KSlJuVDJRQkZHWEZ4M1p5M2c3cmpOYlI4WTJKSWVON1F5Yys4SWZYM2d6WjlQRXFZaWVzUk9OQThaVy8vK2pnVwppQUFqL3FYVkI3UnAwdUw5L0g4NWJwZFFiVFpiNnBFeHgrNVhpenVmOTZJTGZESmtBaTI2T1VweHpjcFdWMDMyCkRUL09RU1ljN0xyeXhuNnlBeVdWN3M3WFVXcXN2YUhoN3d0UEhyWUlWU1Btakx5Sk9ReE9sTEZObHFYdVpVWXQKdnVCSUg0cmk1YWdIenZjQ1luM2trQk1wOFltc3h0ZTRXU1BLUkJ0eWJXTjFuWHFITGcwNDJoSXMzRXlTVmg1MAp0UUtDQVFBdEVtbDVEQWVncjZyaWlHdnVBWkJDa3JuV1YweUZjN2NIbEVHMkFYaCs0OGkxQjNhQXRPNCttZVlzCkZzdERGdHJITGVOd2tKckhzOG0xbXhsWUVjZzdZYy96MmhNQXlNVk9ONWRuMW13QVA1dEViVzllb2NYYUUyamMKeXREbXFsUmMxMk5uRGprT1pIWWRQZ1lORHg2UkhsSHJEVUdKN1BnaHB0SkFFOVhBNk5YQTMrYkZrZGN6RVZNRgpuY2NERGlWNE1yenJib1lZS2xCMzdNWG40S3dVQWdlaFMvdXZBSGUvZjVTLzBUTG1GVkVqWC9nTnNma0tyMzgwCnhoSTJxb2RmbGMvRHRBcFUvU0hJSFZjUklteGFtTHZWZUFSS2c3eFJJejZjY2hET24vbUlEOVRqZUQ1NjJzQWoKRkJwOWNoL3ZObm9IMXhLZWVGUWJWa2FHRFpsVgotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==</prv>
+  </cert>
+  <dhcpdv6/>
+  <virtualip version="1.0.1">
+    <vip/>
+  </virtualip>
+  <openvpn/>
+  <ppps>
+    <ppp/>
+  </ppps>
+  <vlans version="1.0.0">
+    <vlan/>
+  </vlans>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <gifs version="1.0.0">
+    <gif/>
+  </gifs>
+  <gres version="1.0.0">
+    <gre/>
+  </gres>
+  <laggs version="1.0.0">
+    <lagg/>
+  </laggs>
+  <wireless>
+    <clone/>
+  </wireless>
+  <hasync version="1.0.2">
+    <pfsyncinterface/>
+    <synchronizetoip/>
+    <verifypeer>0</verifypeer>
+    <username/>
+    <password/>
+    <disablepreempt>0</disablepreempt>
+    <disconnectppps>0</disconnectppps>
+    <pfsyncpeerip/>
+    <pfsyncversion>1400</pfsyncversion>
+    <syncitems/>
+  </hasync>
+  <Pischem>
+    <caddy>
+      <general>
+        <enabled>1</enabled>
+        <EnableLayer4>0</EnableLayer4>
+        <HttpPort>8080</HttpPort>
+        <HttpsPort>8443</HttpsPort>
+        <TlsEmail/>
+        <TlsAutoHttps/>
+        <TlsDnsProvider/>
+        <TlsDnsApiKey/>
+        <TlsDnsPropagationTimeout>0</TlsDnsPropagationTimeout>
+        <TlsDnsPropagationTimeoutPeriod/>
+        <TlsDnsPropagationDelay/>
+        <TlsDnsPropagationResolvers/>
+        <TlsDnsEchDomain/>
+        <accesslist/>
+        <DisableSuperuser>0</DisableSuperuser>
+        <GracePeriod>10</GracePeriod>
+        <HttpVersions>h1,h2</HttpVersions>
+        <timeout_read_body/>
+        <timeout_read_header/>
+        <timeout_write/>
+        <timeout_idle/>
+        <LogCredentials>0</LogCredentials>
+        <LogAccessPlain>0</LogAccessPlain>
+        <LogAccessPlainKeep>10</LogAccessPlainKeep>
+        <LogLevel/>
+        <DynDnsSimpleHttp/>
+        <DynDnsInterface/>
+        <DynDnsInterval/>
+        <DynDnsIpVersions/>
+        <DynDnsTtl/>
+        <DynDnsUpdateOnly>0</DynDnsUpdateOnly>
+        <AuthProvider/>
+        <AuthToDomain/>
+        <AuthToPort/>
+        <AuthToTls>0</AuthToTls>
+        <AuthToUri/>
+        <ClientIpHeaders/>
+        <CopyHeaders/>
+      </general>
+      <reverseproxy/>
+    </caddy>
+  </Pischem>
+  <ifgroups version="1.0.0"/>
+  <dnsmasq version="1.0.8" persisted_at="1769020088.65" description="Dnsmasq DNS and DHCP">
+    <enable>1</enable>
+    <regdhcp>0</regdhcp>
+    <regdhcpstatic>0</regdhcpstatic>
+    <dhcpfirst>0</dhcpfirst>
+    <strict_order>0</strict_order>
+    <domain_needed>0</domain_needed>
+    <no_private_reverse>0</no_private_reverse>
+    <no_resolv>0</no_resolv>
+    <log_queries>0</log_queries>
+    <no_hosts>0</no_hosts>
+    <strictbind>0</strictbind>
+    <dnssec>0</dnssec>
+    <regdhcpdomain/>
+    <interface>lan</interface>
+    <port/>
+    <dns_forward_max/>
+    <cache_size/>
+    <local_ttl/>
+    <add_mac/>
+    <add_subnet>0</add_subnet>
+    <strip_subnet>0</strip_subnet>
+    <dhcp>
+      <no_interface/>
+      <fqdn>1</fqdn>
+      <domain/>
+      <local>1</local>
+      <lease_max/>
+      <authoritative>0</authoritative>
+      <default_fw_rules>1</default_fw_rules>
+      <reply_delay/>
+      <enable_ra>0</enable_ra>
+      <nosync>0</nosync>
+      <log_dhcp>0</log_dhcp>
+      <log_quiet>0</log_quiet>
+    </dhcp>
+    <no_ident>1</no_ident>
+    <hosts uuid="8b95e250-a07a-4a51-9da3-d3d81b2cf5a1">
+      <host>*</host>
+      <domain>apps.sttest0.harmony.mcd</domain>
+      <local>0</local>
+      <ip>192.168.40.1</ip>
+      <cnames/>
+      <client_id/>
+      <hwaddr/>
+      <lease_time/>
+      <ignore>0</ignore>
+      <set_tag/>
+      <descr/>
+      <comments/>
+      <aliases/>
+    </hosts>
+    <hosts uuid="7e1f59f2-7f9f-46d1-b96a-73084d00e413">
+      <host>api</host>
+      <domain>sttest0.harmony.mcd</domain>
+      <local>0</local>
+      <ip>192.168.40.1</ip>
+      <cnames/>
+      <client_id/>
+      <hwaddr/>
+      <lease_time/>
+      <ignore>0</ignore>
+      <set_tag/>
+      <descr/>
+      <comments/>
+      <aliases/>
+    </hosts>
+    <hosts uuid="c11c1d25-a0a1-4e49-b4d3-d7e2d47e43f6">
+      <host>api-int</host>
+      <domain>sttest0.harmony.mcd</domain>
+      <local>0</local>
+      <ip>192.168.40.1</ip>
+      <cnames/>
+      <client_id/>
+      <hwaddr/>
+      <lease_time/>
+      <ignore>0</ignore>
+      <set_tag/>
+      <descr/>
+      <comments/>
+      <aliases/>
+    </hosts>
+    <hosts uuid="e11e8669-51ea-4172-a9df-c8d128373f04">
+      <host>cp0</host>
+      <domain>sttest0.harmony.mcd</domain>
+      <local>1</local>
+      <ip>192.168.40.20</ip>
+      <cnames/>
+      <client_id/>
+      <hwaddr>f4:39:09:16:65:ea</hwaddr>
+      <lease_time/>
+      <ignore>0</ignore>
+      <set_tag/>
+      <descr/>
+      <comments/>
+      <aliases/>
+    </hosts>
+    <hosts uuid="eb4322fa-2454-4781-8b26-3a62e3e5cba6">
+      <host>cp1</host>
+      <domain>sttest0.harmony.mcd</domain>
+      <local>1</local>
+      <ip>192.168.40.21</ip>
+      <cnames/>
+      <client_id/>
+      <hwaddr>f4:39:09:16:65:33</hwaddr>
+      <lease_time/>
+      <ignore>0</ignore>
+      <set_tag/>
+      <descr/>
+      <comments/>
+      <aliases/>
+    </hosts>
+    <hosts uuid="b37f9201-a75c-45a4-bc1f-94d285b640b2">
+      <host>cp2</host>
+      <domain>sttest0.harmony.mcd</domain>
+      <local>1</local>
+      <ip>192.168.40.22</ip>
+      <cnames/>
+      <client_id/>
+      <hwaddr>f4:39:09:07:c8:f2</hwaddr>
+      <lease_time/>
+      <ignore>0</ignore>
+      <set_tag/>
+      <descr/>
+      <comments/>
+      <aliases/>
+    </hosts>
+    <hosts uuid="1cdd8163-8b92-4925-9a37-9f689c6efcfc">
+      <host>wk0</host>
+      <domain>sttest0.harmony.mcd</domain>
+      <local>1</local>
+      <ip>192.168.40.30</ip>
+      <cnames/>
+      <client_id/>
+      <hwaddr>64:00:6a:88:a3:50</hwaddr>
+      <lease_time/>
+      <ignore>0</ignore>
+      <set_tag/>
+      <descr/>
+      <comments/>
+      <aliases/>
+    </hosts>
+    <dhcp_ranges uuid="13449854-b1c6-43f4-b1a1-bc6a3ee5fce6">
+      <interface>lan</interface>
+      <set_tag/>
+      <start_addr>192.168.40.101</start_addr>
+      <end_addr>192.168.40.151</end_addr>
+      <subnet_mask/>
+      <constructor/>
+      <mode/>
+      <prefix_len/>
+      <lease_time/>
+      <domain_type>range</domain_type>
+      <domain/>
+      <nosync>0</nosync>
+      <ra_mode/>
+      <ra_priority/>
+      <ra_mtu/>
+      <ra_interval/>
+      <ra_router_lifetime/>
+      <description/>
+    </dhcp_ranges>
+  </dnsmasq>
+</opnsense>
diff --git a/opnsense-config/src/tests/data/config-full-ncd0.xml b/opnsense-config/src/tests/data/config-full-ncd0.xml
index 6cb61861..b14d3b2f 100644
--- a/opnsense-config/src/tests/data/config-full-ncd0.xml
+++ b/opnsense-config/src/tests/data/config-full-ncd0.xml
@@ -271,7 +271,6 @@
     </firmware>
     <language>en_US</language>
     <dnsserver>1.1.1.1</dnsserver>
-    <dnsserver>8.8.8.8</dnsserver>
     <dns1gw>none</dns1gw>
     <dns2gw>none</dns2gw>
     <dns3gw>none</dns3gw>
diff --git a/opnsense-config/src/tests/data/config-opnsense-25.1.xml b/opnsense-config/src/tests/data/config-opnsense-25.1.xml
index 0c9a6f11..1df9dc10 100644
--- a/opnsense-config/src/tests/data/config-opnsense-25.1.xml
+++ b/opnsense-config/src/tests/data/config-opnsense-25.1.xml
@@ -30,28 +30,17 @@
     <item uuid="b6b18051-830f-4b27-81ec-f772b14681e2">
       <tunable>net.inet.ip.sourceroute</tunable>
       <value>default</value>
-      <descr>
-        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
-        It can also be used to probe for information about your internal networks. These functions come enabled
-        as part of the standard FreeBSD core system.
-      </descr>
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system.</descr>
     </item>
     <item uuid="ea21409c-62d6-4040-aa2b-36bd01af5578">
       <tunable>net.inet.ip.accept_sourceroute</tunable>
       <value>default</value>
-      <descr>
-        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
-        It can also be used to probe for information about your internal networks. These functions come enabled
-        as part of the standard FreeBSD core system.
-      </descr>
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system.</descr>
     </item>
     <item uuid="1613256c-ef7e-4b53-a44c-234440046293">
       <tunable>net.inet.icmp.log_redirect</tunable>
       <value>default</value>
-      <descr>
-        This option turns off the logging of redirect packets because there is no limit and this could fill
-        up your logs consuming your whole hard drive.
-      </descr>
+      <descr>This option turns off the logging of redirect packets because there is no limit and this could fill up your logs consuming your whole hard drive.</descr>
     </item>
     <item uuid="1ba88c72-6e5b-4f19-abba-351c2b76d5dc">
       <tunable>net.inet.tcp.drop_synfin</tunable>
@@ -181,9 +170,7 @@
     <item uuid="2c42ae2f-a7bc-48cb-b27d-db72e738e80b">
       <tunable>net.inet.ip.redirect</tunable>
       <value>default</value>
-      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
-        and for the sender directly reachable, route and next hop is known.
-      </descr>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better, and for the sender directly reachable, route and next hop is known.</descr>
     </item>
     <item uuid="7d315fb1-c638-4b79-9f6c-240b41e6d643">
       <tunable>net.local.dgram.maxdgram</tunable>
@@ -938,4 +925,3 @@
   </cert>
   <syslog/>
 </opnsense>
-
diff --git a/opnsense-config/src/tests/data/config-vm-test.xml b/opnsense-config/src/tests/data/config-vm-test.xml
index 06429df6..ffa78ba1 100644
--- a/opnsense-config/src/tests/data/config-vm-test.xml
+++ b/opnsense-config/src/tests/data/config-vm-test.xml
@@ -28,28 +28,17 @@
       <value>default</value>
     </item>
     <item>
-      <descr>
-        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
-        It can also be used to probe for information about your internal networks. These functions come enabled
-        as part of the standard FreeBSD core system.
-      </descr>
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system.</descr>
       <tunable>net.inet.ip.sourceroute</tunable>
       <value>default</value>
     </item>
     <item>
-      <descr>
-        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
-        It can also be used to probe for information about your internal networks. These functions come enabled
-        as part of the standard FreeBSD core system.
-      </descr>
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system.</descr>
       <tunable>net.inet.ip.accept_sourceroute</tunable>
       <value>default</value>
     </item>
     <item>
-      <descr>
-        This option turns off the logging of redirect packets because there is no limit and this could fill
-        up your logs consuming your whole hard drive.
-      </descr>
+      <descr>This option turns off the logging of redirect packets because there is no limit and this could fill up your logs consuming your whole hard drive.</descr>
       <tunable>net.inet.icmp.log_redirect</tunable>
       <value>default</value>
     </item>
@@ -179,9 +168,7 @@
       <value>default</value>
     </item>
     <item>
-      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
-        and for the sender directly reachable, route and next hop is known.
-      </descr>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better, and for the sender directly reachable, route and next hop is known.</descr>
       <tunable>net.inet.ip.redirect</tunable>
       <value>default</value>
     </item>