Hi - Attachements not working so here is the XML Plaintext:
<?xml version="1.0"?>
<pfsense>
<version>17.9</version>
<lastchange></lastchange>
<system>
<optimization>normal</optimization>
<hostname>pfSenseOne</hostname>
<domain>xy.zz</domain>
<group>
<name>all</name>
<description><![CDATA[All Users]]></description>
<scope>system</scope>
<gid>1998</gid>
</group>
<group>
<name>admins</name>
<description><![CDATA[System Administrators]]></description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>page-all</priv>
</group>
<user>
<name>admin</name>
<descr><![CDATA[System Administrator]]></descr>
<scope>system</scope>
<groupname>admins</groupname>
<bcrypt-hash>$2b$10$C8yZ8UYAa1OHML2Ij/yBZeU4vOD1TLJe5LVsDniaqmNS.VpRghPUe</bcrypt-hash>
<uid>0</uid>
<priv>user-shell-access</priv>
<expires></expires>
<dashboardcolumns>2</dashboardcolumns>
<authorizedkeys></authorizedkeys>
<ipsecpsk></ipsecpsk>
<webguicss>pfSense.css</webguicss>
</user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timeservers>0.pfsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<loginautocomplete></loginautocomplete>
<ssl-certref>5af55220d03bc</ssl-certref>
<port></port>
<max_procs>2</max_procs>
<dashboardcolumns>2</dashboardcolumns>
<webguicss>pfSense.css</webguicss>
<logincss>1e3f75;</logincss>
</webgui>
<disablesegmentationoffloading></disablesegmentationoffloading>
<disablelargereceiveoffloading></disablelargereceiveoffloading>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>weekly</interval>
</bogons>
<timezone>Europe/Amsterdam</timezone>
<serialspeed>115200</serialspeed>
<primaryconsole>serial</primaryconsole>
<enablesshd>enabled</enablesshd>
<maximumstates></maximumstates>
<aliasesresolveinterval></aliasesresolveinterval>
<maximumtableentries>5000000</maximumtableentries>
<maximumfrags></maximumfrags>
<reflectiontimeout></reflectiontimeout>
<language>en_US</language>
<enablenatreflectionpurenat>yes</enablenatreflectionpurenat>
<enablebinatreflection>yes</enablebinatreflection>
<enablenatreflectionhelper>yes</enablenatreflectionhelper>
<dnsserver>1.1.1.1</dnsserver>
</system>
<interfaces>
<wan>
<enable></enable>
<if>em0</if>
<blockpriv></blockpriv>
<blockbogons></blockbogons>
<descr><![CDATA[WAN]]></descr>
<spoofmac></spoofmac>
<ipaddr>1.1.1.254</ipaddr>
<subnet>28</subnet>
<ipaddrv6>dhcp6</ipaddrv6>
<dhcp6-duid></dhcp6-duid>
<dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
<dhcp6cvpt>bk</dhcp6cvpt>
<adv_dhcp6_prefix_selected_interface>wan</adv_dhcp6_prefix_selected_interface>
</wan>
<lan>
<enable></enable>
<if>em1</if>
<descr><![CDATA[LAN]]></descr>
<spoofmac></spoofmac>
<ipaddr>192.168.100.1</ipaddr>
<subnet>24</subnet>
</lan>
<opt1>
<if>em2</if>
<descr><![CDATA[WAN2]]></descr>
<spoofmac></spoofmac>
<enable></enable>
<blockpriv></blockpriv>
<ipaddr>1.1.2.250</ipaddr>
<subnet>28</subnet>
</opt1>
<opt2>
<if>em3</if>
<descr><![CDATA[PublicWIFI]]></descr>
<ipaddr>192.168.99.1</ipaddr>
<subnet>32</subnet>
<gateway>PublicWiFi_GW</gateway>
<spoofmac></spoofmac>
</opt2>
</interfaces>
<staticroutes>
<route>
<network>192.168.111.0/24</network>
<gateway>GW_LAN</gateway>
<descr><![CDATA[Test-Netzwerk (ANU)]]></descr>
</route>
<route>
<network>192.168.210.0/24</network>
<gateway>GW_LAN</gateway>
<descr><![CDATA[Aditi Adressraum]]></descr>
</route>
<route>
<network>192.168.114.0/24</network>
<gateway>GW_LAN</gateway>
<descr><![CDATA[Anu Projektnetzwerk]]></descr>
</route>
<route>
<network>192.168.110.0/24</network>
<gateway>GW_LAN</gateway>
<descr><![CDATA[Anu Projektmaschinen]]></descr>
</route>
</staticroutes>
<dhcpd>
<lan>
<enable></enable>
<range>
<from>192.168.100.200</from>
<to>192.168.100.254</to>
</range>
</lan>
</dhcpd>
<dhcpdv6>
<lan>
<range>
<from>::1000</from>
<to>::2000</to>
</range>
<ramode>assist</ramode>
<rapriority>medium</rapriority>
</lan>
</dhcpdv6>
<snmpd>
<syslocation></syslocation>
<syscontact></syscontact>
<rocommunity>public</rocommunity>
</snmpd>
<diag>
<ipv6nat></ipv6nat>
</diag>
<syslog>
<filterdescriptions>1</filterdescriptions>
<filter_settings>
<cronorder>reverse</cronorder>
</filter_settings>
</syslog>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
</nat>
<filter>
<rule>
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr><![CDATA[Default allow LAN to any rule]]></descr>
<interface>lan</interface>
<tracker>0100000101</tracker>
<source>
<network>lan</network>
</source>
<destination>
<any></any>
</destination>
</rule>
<rule>
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>
<interface>lan</interface>
<tracker>0100000102</tracker>
<source>
<network>lan</network>
</source>
<destination>
<any></any>
</destination>
</rule>
<rule>
<id></id>
<tracker>1526032752</tracker>
<type>pass</type>
<interface>lan</interface>
<ipprotocol>inet</ipprotocol>
<tag></tag>
<tagged></tagged>
<max></max>
<max-src-nodes></max-src-nodes>
<max-src-conn></max-src-conn>
<max-src-states></max-src-states>
<statetimeout></statetimeout>
<statetype><![CDATA[keep state]]></statetype>
<os></os>
<protocol>icmp</protocol>
<icmptype>any</icmptype>
<source>
<any></any>
</source>
<destination>
<any></any>
</destination>
<log></log>
<descr><![CDATA[Ping Everywhere]]></descr>
<created>
<time>1526032752</time>
<username>***@192.168.100.200</username>
</created>
<updated>
<time>1526032899</time>
<username>***@192.168.100.200</username>
</updated>
</rule>
<rule>
<id></id>
<tracker>1526031689</tracker>
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<tag></tag>
<tagged></tagged>
<max></max>
<max-src-nodes></max-src-nodes>
<max-src-conn></max-src-conn>
<max-src-states></max-src-states>
<statetimeout></statetimeout>
<statetype><![CDATA[keep state]]></statetype>
<os></os>
<protocol>udp</protocol>
<source>
<any></any>
</source>
<destination>
<network>opt1ip</network>
<port>1194</port>
</destination>
<descr><![CDATA[OpenVPN incoming]]></descr>
<updated>
<time>1526031689</time>
<username>***@192.168.100.200</username>
</updated>
<created>
<time>1526031689</time>
<username>***@192.168.100.200</username>
</created>
</rule>
<bypassstaticroutes>yes</bypassstaticroutes>
<separator>
<opt1></opt1>
</separator>
</filter>
<shaper></shaper>
<ipsec></ipsec>
<aliases></aliases>
<proxyarp></proxyarp>
<cron>
<item>
<minute>1,31</minute>
<hour>0-5</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 adjkerntz -a</command>
</item>
<item>
<minute>1</minute>
<hour>3</hour>
<mday>*</mday>
<month>*</month>
<wday>0</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v
-t 3600 sshlockout</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v
-t 3600 webConfiguratorlockout</command>
</item>
<item>
<minute>1</minute>
<hour>1</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v
-t 3600 virusprot</command>
</item>
<item>
<minute>30</minute>
<hour>12</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
</item>
<item>
<minute>1</minute>
<hour>0</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20
/etc/rc.update_pkg_metadata</command>
</item>
</cron>
<wol></wol>
<rrd>
<enable></enable>
<category>left=system-processor&right=&resolution=300&timePeriod=-1d&startDate=&endDate=&startTime=0&endTime=0&graphtype=line&invert=true&refresh-interval=0</category>
</rrd>
<load_balancer>
<monitor_type>
<name>ICMP</name>
<type>icmp</type>
<descr><![CDATA[ICMP]]></descr>
<options></options>
</monitor_type>
<monitor_type>
<name>TCP</name>
<type>tcp</type>
<descr><![CDATA[Generic TCP]]></descr>
<options></options>
</monitor_type>
<monitor_type>
<name>HTTP</name>
<type>http</type>
<descr><![CDATA[Generic HTTP]]></descr>
<options>
<path>/</path>
<host></host>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>HTTPS</name>
<type>https</type>
<descr><![CDATA[Generic HTTPS]]></descr>
<options>
<path>/</path>
<host></host>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>SMTP</name>
<type>send</type>
<descr><![CDATA[Generic SMTP]]></descr>
<options>
<send></send>
<expect>220 *</expect>
</options>
</monitor_type>
</load_balancer>
<widgets>
<sequence>system_information:col1:open:0,interfaces:col2:open:0,gateways:col2:open:0,traffic_graphs:col2:open:0</sequence>
<period>10</period>
</widgets>
<openvpn></openvpn>
<dnshaper></dnshaper>
<unbound>
<enable></enable>
<dnssec></dnssec>
<active_interface>all</active_interface>
<outgoing_interface>wan,opt1</outgoing_interface>
<custom_options></custom_options>
<hideidentity></hideidentity>
<hideversion></hideversion>
<dnssecstripped></dnssecstripped>
<port></port>
<system_domain_local_zone_type>transparent</system_domain_local_zone_type>
</unbound>
<cert>
<refid>5af55220d03bc</refid>
<descr><![CDATA[webConfigurator default (5af55220d03bc)]]></descr>
<type>server</type>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZqekNDQkhlZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBRENCdERFTE1Ba0dBMVVFQmhNQ1ZWTXgKRGpBTUJnTlZCQWdUQlZOMFlYUmxNUkV3RHdZRFZRUUhFd2hNYjJOaGJHbDBlVEU0TURZR0ExVUVDaE12Y0daVApaVzV6WlNCM1pXSkRiMjVtYVdkMWNtRjBiM0lnVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhLREFtCkJna3Foa2lHOXcwQkNRRVdHV0ZrYldsdVFIQm1VMlZ1YzJVdWJHOWpZV3hrYjIxaGFXNHhIakFjQmdOVkJBTVQKRlhCbVUyVnVjMlV0TldGbU5UVXlNakJrTUROaVl6QWVGdzB4T0RBMU1URXdPREU1TkRWYUZ3MHlNekV4TURFdwpPREU1TkRWYU1JRzBNUXN3Q1FZRFZRUUdFd0pWVXpFT01Bd0dBMVVFQ0JNRlUzUmhkR1V4RVRBUEJnTlZCQWNUCkNFeHZZMkZzYVhSNU1UZ3dOZ1lEVlFRS0V5OXdabE5sYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG0KTFZOcFoyNWxaQ0JEWlhKMGFXWnBZMkYwWlRFb01DWUdDU3FHU0liM0RRRUpBUllaWVdSdGFXNUFjR1pUWlc1egpaUzVzYjJOaGJHUnZiV0ZwYmpFZU1Cd0dBMVVFQXhNVmNHWlRaVzV6WlMwMVlXWTFOVEl5TUdRd00ySmpNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0QXFKRnNwN1lBSkRydGwyNUNjdURvQ2kKOGhIQ1lxN1pES2t1eFNTdUZTVVYwUnFxcHZmWUtwVHVITkpaMGxUYjV0MHBFVGI5TnYvYVlLRnJhdDRTdmJodwpQRGxvS3hBTTlFYmU3bHc2bHZhckpnTlJjVlYxQ0F3TzN0UzdYS2duMWQrYUFPbmhYZUlENDlrK2hBbGpvTkJDCmVuSzB1Z3drU1ZkZHMrZXZJSEc5a3QwcHZPYWZqZGRVY3V5ck1VWmVoakErQXl2OXVhVVZiTzVXeUFtaHNmOXYKN3QwMDY1aWNxWFBZY1hRK3dXSFAxVUliQ1hKR0NOMWlTVnVJbmd2WjVJY2taMEdhczV5WTZQOVBkYW9YK0RPTgpUSDVFYlpTOVhiWmNrYUxyaWU4bW1Yb05GYUhpVE0yQzJpaCtZWURSdWVEc1o1cEFobU8weXRJS1pmMFF1d0lECkFRQUJvNElCcURDQ0FhUXdDUVlEVlIwVEJBSXdBREFSQmdsZ2hrZ0JodmhDQVFFRUJBTUNCa0F3Q3dZRFZSMFAKQkFRREFnV2dNRE1HQ1dDR1NBR0crRUlCRFFRbUZpUlBjR1Z1VTFOTUlFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZwpRMlZ5ZEdsbWFXTmhkR1V3SFFZRFZSME9CQllFRklvbGNUNTh3WksybXd1emlMdVJCVks2ZThuY01JSGhCZ05WCkhTTUVnZGt3Z2RhQUZJb2xjVDU4d1pLMm13dXppTHVSQlZLNmU4bmNvWUc2cElHM01JRzBNUXN3Q1FZRFZRUUcKRXdKVlV6RU9NQXdHQTFVRUNCTUZVM1JoZEdVeEVUQVBCZ05WQkFjVENFeHZZMkZzYVhSNU1UZ3dOZ1lEVlFRSwpFeTl3WmxObGJuTmxJSGRsWWtOdmJtWnBaM1Z5WVhSdmNpQlRaV3htTFZOcFoyNWxaQ0JEWlhKMGFXWnBZMkYwClpURW9NQ1lHQ1NxR1NJYjNEUUVKQVJZWllXUnRhVzVBY0daVFpXNXpaUzVzYjJOaGJHUnZiV0ZwYmpFZU1Cd0cKQTFVRUF4TVZjR1pUWlc1elpTMDFZV1kxTlRJeU1HUXdNMkpqZ2dFQU1CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRgpCd01CQmdnckJnRUZCUWdDQWpBZ0JnTlZIUkVFR1RBWGdoVndabE5sYm5ObExUVmhaalUxTWpJd1pEQXpZbU13CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHSmtRdlh6dFh5L1RVQWk1ek9KK3JOc0dGcjZMVWlVSFVRbVNxSUsKdVB0cWNDUkpCalhiYTV1cTVIR0hLRzZsbXErR2JzSTFBUisveDdGaXZ0RGZOc1JlWHlhL0xWNVVWTnZ3cUVSRwpkUTk2LzNNS0wweWpjQWc4SUNxOWZKd2VQdTd3aHdRQTNEcENEYUtTSXJXdUFvZE5ORUNCc1h1Nk5GQ1VKWGUvCmpOZXpjZzgrNEpVSFB3dUs4NnNmTlUxNS9UNGJ5NGxJZlF5U1QrcFZ6R0VPaHlLYm1aRU5qd0FXM0NETjRrckgKQVRpejZsdWZ4MlN6UGcyYlhYbld6SUxJQlBoS3pENUkwZ0FBZE94MlVTb2l4dWthaXR3aEJPWU5ONUllNEhHYgpjaGxvM3JBRkdFSnA2NjhuV2pjTEVnc09VVitvZjMvcy9nS1NmTGlKQklKcGM0QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=</crt>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQzBDb2tXeW50Z0FrT3UKMlhia0p5NE9nS0x5RWNKaXJ0a01xUzdGSks0VkpSWFJHcXFtOTlncWxPNGMwbG5TVk52bTNTa1JOdjAyLzlwZwpvV3RxM2hLOXVIQThPV2dyRUF6MFJ0N3VYRHFXOXFzbUExRnhWWFVJREE3ZTFMdGNxQ2ZWMzVvQTZlRmQ0Z1BqCjJUNkVDV09nMEVKNmNyUzZEQ1JKVjEyejU2OGdjYjJTM1NtODVwK04xMVJ5N0tzeFJsNkdNRDRESy8yNXBSVnMKN2xiSUNhR3gvMi91M1RUcm1KeXBjOWh4ZEQ3QlljL1ZRaHNKY2tZSTNXSkpXNGllQzlua2h5Um5RWnF6bkpqbwovMDkxcWhmNE00MU1ma1J0bEwxZHRseVJvdXVKN3lhWmVnMFZvZUpNellMYUtINWhnTkc1NE94bm1rQ0dZN1RLCjBncGwvUkM3QWdNQkFBRUNnZ0VBTzlqWXN4dkJvU3QvaGlyQmk1dStncEdlR0t0d20wOFYxVkNUdkhLeDcxTngKaWgyOEpsNXltOHovemRMYWlzRXNpL1J1UjB1cEpsUXNLanplTVJyNnpkZjJidjZDTXZaVjZBbDY1MjcvQnRtZQpFTGUvcGRYTFhrNXJ6d1NWOTNucUsvejArMkxEU0dydDhocHYzb0lrZlB0ZGJjaWRiTTdHYlI2K2hpUDRvZWErCkNQVEhkVFpIWXRNWmhITmh6SFh5K1hCeEp2ZWJOSWg5ZWZoMjUrMWJuZDNsUUtyTi9TMmVuWFVVRDRUZFFWYncKT2RYM2IwQ3lUN3I2Nmpwem5zTG1LalJqR3FFQWI4OW1kamJLYnVuY1oxYzB1RnQ3Q3phY2ZqYVZyYngrd0p6cgpWYW5laXBjWjRablp0OGoyZWZ3NlA3NzB3bklSenJNQXh1ZFMwVnlXVVFLQmdRRG5FZTJZbCs2Mk1FL015TjJ3CkpxRU5rdWhYYzBWL1dNRDQvNEhoYng5RDhYNm13RkZ4NUVrRzQ3RElHVlZYYXlTMjFXblJzUU16ajZnNXJQWDQKVFl3S1o0eWFubVY1N2NuY0lTalVqSTlTTWRvSmxKSDZzNXVrOGdOZENpV2t0SWhubjk5MmI3aWRRYm9rOS9ycwpsK2U1UXBQSXQ3TUdzS3hidTRuaUxOc3ZhUUtCZ1FESGR6VS9Ld2o5cFk3LzYyNkExTFh3WmRtbjExTzRGa1pFCnpKWHJCL0pUdjhHNHZEckR5dWNNZTNaem40V2NvYzd5YkQ5YVo5YVI5US9hVEdibnQ2Z3dRaFkrY292SXhTckQKTTRqZUdCNGhNbUlSbFlsZmxsanhFV2JzRU1QUVBUb2psLzczQUtpQTFqN1JwaDhRdjRUYmRENWN1UVl2OTI3QgpUa1JqWk9tZWd3S0JnUURrK09FR2F0ZkRkZEE5ejNYT1Roa2R5RXV3REt2N2EwbWQ5Q01SN3ZsK2JGbmloNFN0ClpWZndHY1JlSkt4cXVlTmh3Y3pnVzVZZWkrWlpjTWsweWpOUlJCY1NTSStwNlRZMGlpOVpvQWVOblpUQUZaY3EKWkx5QkVNakFjNE9sMkxlcVo4UWFLczg0RlorTmJxWVp1TldJd1M2TW9Xd24zdjZNMENQc0dpTUFzUUtCZ0FvcgpKSmJFemQrSWFpTFgwTGxXbnJQVHJXWG1EMG1LTVNqZXVTSFROT0phR3prY3QyNDEwTk9ORTd2UFBST0FHRG01CmxQMDUzL0Z1NmRENkppRFg5d1lHeUhXRWgyWER6MnRHSEVzZU5hTUJtNGhEOUUzZ0wwYVMyWWxkVFc0M1FOaUIKcmlqUGFzZXVwR014c2RHN3diMGlUdStSS3lTVTI1dVZMdDFXVHFhYkFvR0JBTEtCMTE1QzFaMExvdUtDUXpEdwpwV2JFTUhBTmVZbU91dExnLzdFRTN4QjNBbjJyK0Z4S1FIQ2FDUDQzblI3dThGSTZXdWNmakphcWlpQ1NUWjl0CnJHQVBQWUZmRjVIMGV1WFczZDhGckcwa3dsUVAxV3pRdzdZN1dISDB4Z2p4MThsdndvcEFYd29wMk16ZnpPMFoKVmNpajFkd09qbVQranJCOFdwVHArV1k3Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K</prv>
</cert>
<revision>
<time>1526279936</time>
<description><![CDATA[***@192.168.100.200:
/system_usermanager.php made unknown change]]></description>
<username>***@192.168.100.200</username>
</revision>
<ntpd></ntpd>
<dhcrelay></dhcrelay>
<dhcrelay6></dhcrelay6>
<wizardtemp>
<system>
<hostname>pfSenseOne</hostname>
<domain>xy.zz</domain>
</system>
<wangateway>1.1.1.250</wangateway>
</wizardtemp>
<ppps></ppps>
<gateways>
<gateway_item>
<interface>opt2</interface>
<gateway>192.168.99.1</gateway>
<name>PublicWiFi_GW</name>
<weight></weight>
<ipprotocol></ipprotocol>
<descr><![CDATA[Public WiFi Gateway]]></descr>
</gateway_item>
<gateway_item>
<interface>lan</interface>
<gateway>192.168.100.1</gateway>
<name>GW_LAN</name>
<weight>1</weight>
<ipprotocol>inet</ipprotocol>
<descr><![CDATA[LAN Gateway]]></descr>
<monitor>192.168.100.1</monitor>
</gateway_item>
</gateways>
<notifications>
<growl>
<ipaddress></ipaddress>
<password></password>
<name>pfSense-Growl</name>
<notification_name>pfSense growl alert</notification_name>
<disable></disable>
</growl>
<smtp>
<ipaddress></ipaddress>
<port>587</port>
<ssl></ssl>
<timeout></timeout>
<notifyemailaddress></notifyemailaddress>
<username>pfsense</username>
<authentication_mechanism>PLAIN</authentication_mechanism>
<fromaddress></fromaddress>
<password></password>
</smtp>
</notifications>
<virtualip>
<vip>
<mode>ipalias</mode>
<interface>lan</interface>
<uniqid>5af55ff0656d2</uniqid>
<descr><![CDATA[Anu Projektmaschinen]]></descr>
<type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>192.168.110.1</subnet>
</vip>
<vip>
<mode>ipalias</mode>
<interface>lan</interface>
<uniqid>5af5666f562a0</uniqid>
<descr><![CDATA[Aditi Adressraum]]></descr>
<type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>192.168.210.1</subnet>
</vip>
<vip>
<mode>ipalias</mode>
<interface>lan</interface>
<uniqid>5af5668fc803f</uniqid>
<descr><![CDATA[Anu Projektnetzwerk]]></descr>
<type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>192.168.114.1</subnet>
</vip>
<vip>
<mode>ipalias</mode>
<interface>lan</interface>
<uniqid>5af5680307a0e</uniqid>
<descr><![CDATA[Test-Netzwerk]]></descr>
<type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>192.168.111.1</subnet>
</vip>
</virtualip>
</pfsense>
thank you!
Fabian
Post by Fabian BoschHi,
I spent hours in this to get this running under version 2.4.3.
It's still the case that I get some kind of routing-loop at LAN
interface if I want to route between subnets which leads to lost
ping-echo requests or the disability to interconnect between subnets.
Even the ARP-table is showing the proper mappings for virtualPs of LAN
Interface, only the packages got lost.
I cannot imagine the problem anymore whether it resides in the
configuration or it is simply a hardware-issue.
I need help from you guys so I attached the minimalized configuration
backup file and I am thankful for everyone to take a look at it and
test this out.
Password is reset to default 'pfsense' and WAN-gateways and WAN
Interfaces should/could be reconfigured.
cheers
Fabian
Post by Fabian BoschHi,
Yes I cecked the Bypass firewall checkbox.
There it says
"This option only applies if one or more static routes have been
defined. If it is enabled, traffic that enters and leaves through the
same interface will not be checked by the firewall. This may be
desirable in some situations where multiple subnets are connected to
the same interface."
Because of that I set up my static routes for this Interface.
Meanwhile I updated to v2.4.2_1 - have to test it again.
Are there any other ideas of possible differences in automatic
routing between v2.3.x and v.2.4.x since there is also a change of
underlying FreeBSD-Version.
cheers!
Fabian
Post by PiBaHi Fabian,
System/Advanced/Firewall & NAT: "Static route filtering, Bypass
firewall rules for traffic on the same interface"
As for your 'static routes', i'm not sure what purpose they serve..
Routing between subnets known on a pfSense interface is 'automatic'.
Regards,
PiBa-NL
Post by Fabian BoschHello,
I cannot switch from Version 2.3.3 to 2.4.1 because of the routing
at the same interface.
I transfered the backup.xml from machine A (2.3.3) to machine B
(2.4.1) and everything worked fine but the routing between Subnets
assigned at LAN-Interface.
There are multiple subnets set up via VirtualIPs and there are
static routes to each of the subnets via the native LAN-Gateway
Adress e.g route 192.168.110.0/24 via GW_LAN(192.168.100.1) and
assigned VirtualIP in this case 192.168.110.1
Since this configuration runs well on 2.3.3 I wanted to ask whether
there are major changes in default handling of traffic at the same
interface. In 2.3.3 you don't need firewall-rules to allow traffic
between subnets at the same interface - did this change in 2.4.1?
Thanks!
Fabian
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
--
--
Fabian Bosch, Solutions-Engineer
DAASI International GmbH
Europaplatz 3
D-72072 Tübingen
Germany
phone: +49 7071 407109-0
fax: +49 7071 407109-9
email: ***@daasi.de
web: www.daasi.de
Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz