---------------- Show Tech-Support Brief ---------------- ---------------- CONFIGURATION ---------------- ---------------- VyOS Version and Package Changes ---------------- Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-================================-================================-============-============================================================================================ ii acl 2.2.52-2 amd64 Access control list utilities ii adduser 3.113+nmu3 all add and remove users and groups ii amd64-microcode 2.20160316.1~deb8u1 amd64 Processor microcode firmware for AMD CPUs ii apt xxx.xxx.9.8.5 amd64 commandline package manager ii apt-transport-https xxx.xxx.9.8.5 amd64 https download transport for APT ii aptitude 0.6.11-1+b1 amd64 terminal-based package manager ii aptitude-common 0.6.11-1 all architecture independent files for the aptitude package manager ii aptitude-doc-en 0.6.11-1 all English manual for aptitude, a terminal-based package manager ii at 3.1.16-1 amd64 Delayed job execution and batch processing ii atmel-firmware 1.3-4 all Firmware for Atmel at76c50x wireless networking chips. ii atop 1.26-2 amd64 Monitor for system resources and process activity ii base-files 8+deb8u11 amd64 Debian base system miscellaneous files ii base-passwd 3.5.37 amd64 Debian base system master password xxxxxx group files ii bash 4.3-11+deb8u1 amd64 GNU Bourne Again SHell ii bash-completion 1:2.1-4 all programmable completion for the bash shell ii bcrelay 1.4.0-5 amd64 Broadcast relay daemon ii beep 1.3-3+deb8u1 amd64 advanced pc-speaker beeper ii bind9-host 1:9.9.5.dfsg-9+deb8u16 amd64 Version of 'host' bundled with BIND 9.X ii bluez-firmware 1.2-3 all Firmware for Bluetooth devices ii bmon 1:3.5-1 amd64 portable bandwidth monitor and rate estimator ii bridge-utils 1.5-9 amd64 Utilities for configuring the Linux Ethernet bridge ii bsd-mailx 8.1.2-0.20141216cvs-2 amd64 simple mail user xxxxxx ii bsdmainutils 9.0.6 amd64 collection of more utilities from FreeBSD ii bsdutils 1:2.25.2-6 amd64 basic utilities from 4.4BSD-Lite ii busybox 1:1.22.0-9+deb8u4 amd64 Tiny utilities for small and embedded systems ii ca-certificates 20141019+deb8u4 all Common CA certificates ii cluster-glue 1.0.12~rc1+hg2777-1.2 amd64 Reusable cluster components for Linux HA ii conntrack 1:1.4.2-2+vyos2+current1 amd64 Program to modify the conntrack tables ii conntrack-helpers 1:1.4.2-2+vyos2+current1 amd64 conntrack-helpers ii conntrackd 1:1.4.2-2+vyos2+current1 amd64 Connection tracking daemon ii console-setup 1.123 all console font and keymap setup program ii console-setup-linux 1.123 all Linux specific part of console-setup ii coreutils 8.23-4 amd64 GNU core utilities ii cpio 2.11+dfsg-4.1+deb8u1 amd64 GNU cpio -- a program to manage archives of files ii crda 3.13-1 amd64 wireless Central Regulatory Domain Agent ii cron 3.0pl1-127+deb8u1 amd64 process scheduling daemon ii curl 7.38.0-4+deb8u13 amd64 command line tool for transferring data with URL syntax rc dahdi-firmware-nonfree 2.10.0-1 all DAHDI non-free firmware ii dash 0.5.7-4+b1 amd64 POSIX-compliant shell ii dbus 1.8.22-0+deb8u1 amd64 simple interprocess messaging system (daemon and utilities) ii dctrl-tools 2.23 amd64 Command-line tools to process Debian package information ii ddclient 3.8.2+vyos2+current1 all address updating utility for dynamic DNS services ii debconf 1.5.56+deb8u1 all Debian configuration management system ii debconf-i18n 1.5.56+deb8u1 all full internationalization support for debconf ii debconf-utils 1.5.56+deb8u1 all debconf utilities ii debian-archive-keyring 2017.5~deb8u1 all GnuPG archive keys of the Debian archive ii debianutils 4.4+b1 amd64 Miscellaneous utilities specific to Debian ii dh-python 1.20141111-2 all Debian helper tools for packaging Python libraries and applications ii dialog 1.2-20140911-1 amd64 Displays user-friendly dialog boxes from shell scripts ii diffutils 1:3.3-1+b1 amd64 File comparison utilities ii dmidecode 2.12-3 amd64 SMBIOS/DMI table decoder ii dmsetup 2:1.02.90-2.2+deb8u1 amd64 Linux Kernel Device Mapper userspace library ii dns-root-data 2017072601~deb8u2 all DNS root data including root zone and DNSSEC key ii dnsutils 1:9.9.5.dfsg-9+deb8u16 amd64 Clients provided with BIND ii docutils-common 0.12+dfsg-1 all text processing system for reStructuredText - common data ii docutils-doc 0.12+dfsg-1 all text processing system for reStructuredText - documentation ii dosfstools 3.0.27-1 amd64 utilities for making and checking MS-DOS FAT filesystems ii dpkg 1.17.27 amd64 Debian package management system ii e2fslibs:amd64 1.42.12-2+b1 amd64 ext2/ext3/ext4 file system libraries ii e2fsprogs 1.42.12-2+b1 amd64 ext2/ext3/ext4 file system utilities ii easy-rsa 2.2.2-1 all Simple shell based CA utility ii ed 1.10-2 amd64 classic UNIX line editor ii efibootmgr 0.11.0-3 amd64 Interact with the EFI Boot Manager ii ethtool 1:3.16-1 amd64 display or change Ethernet device settings ii eventwatchd 0.2+vyos2+current1 all eventwatchd daemon and related scripts and documentation ii exim4 4.84.2-2+deb8u5 all metapackage to ease Exim MTA (v4) installation ii exim4-base 4.84.2-2+deb8u5 amd64 support files for all Exim MTA (v4) packages ii exim4-config 4.84.2-2+deb8u5 all configuration for the Exim MTA (v4) ii exim4-daemon-light 4.84.2-2+deb8u5 amd64 lightweight Exim MTA (v4) daemon ii file 1:5.22+15-2+deb8u4 amd64 Determines file type using "magic" numbers ii findutils 4.4.2-9+b1 amd64 utilities for finding files--find, xargs ii firmware-adi 20161130-4~deb8u1 all Binary firmware for Analog Devices Inc. DSL modem chips (dummmy package) ii firmware-amd-graphics 20161130-4~deb8u1 all Binary firmware for AMD/ATI graphics chips ii firmware-atheros 20161130-4~deb8u1 all Binary firmware for Atheros wireless cards ii firmware-bnx2 20161130-4~deb8u1 all Binary firmware for Broadcom NetXtremeII ii firmware-bnx2x 20161130-4~deb8u1 all Binary firmware for Broadcom NetXtreme II 10Gb ii firmware-brcm80211 20161130-4~deb8u1 all Binary firmware for Broadcom 802.11 wireless cards ii firmware-intelwimax 20161130-4~deb8u1 all Binary firmware for Intel WiMAX Connection ii firmware-ipw2x00 20161130-4~deb8u1 all Binary firmware for Intel Pro Wireless 2100, 2200 and 2915 rc firmware-ivtv 20161130-4~deb8u1 all Binary firmware for iTVC15-family MPEG codecs (ivtv and pvrusb2 drivers) ii firmware-iwlwifi 20161130-4~deb8u1 all Binary firmware for Intel Wireless cards ii firmware-libertas 20161130-4~deb8u1 all Binary firmware for Marvell wireless cards ii firmware-linux 20161130-4~deb8u1 all Binary firmware for various drivers in the Linux kernel (meta-package) ii firmware-linux-free 3.3 all Binary firmware for various drivers in the Linux kernel ii firmware-linux-nonfree 20161130-4~deb8u1 all Binary firmware for various drivers in the Linux kernel (meta-package) ii firmware-misc-nonfree 20161130-4~deb8u1 all Binary firmware for various drivers in the Linux kernel ii firmware-myricom 20161130-4~deb8u1 all Binary firmware for Myri-10G Ethernet adapters ii firmware-netxen 20161130-4~deb8u1 all Binary firmware for QLogic Intelligent Ethernet (3000 and 3100 Series) ii firmware-qlogic 20161130-4~deb8u1 all Binary firmware for QLogic HBAs ii firmware-ralink 20161130-4~deb8u1 all Binary firmware for Ralink wireless cards (dummmy package) ii firmware-realtek 20161130-4~deb8u1 all Binary firmware for Realtek wired/wifi/BT adapters ii firmware-ti-connectivity 20161130-4~deb8u1 all Binary firmware for TI Connectivity wifi and BT/FM/GPS adapters ii firmware-zd1211 xxx.xxx.0.56-3 all binary firmware for the zd1211rw wireless driver ii frr 7.1-dev-1~debian8+1 amd64 BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon forked from Quagga ii fuse 2.9.3-15+deb8u3 amd64 Filesystem in Userspace ii gawk 1:4.1.1+dfsg-1 amd64 GNU awk, a pattern scanning and processing language ii gcc-4.8-base:amd64 4.8.4-1 amd64 GCC, the GNU Compiler Collection (base package) ii gcc-4.9-base:amd64 4.9.2-10+deb8u2 amd64 GCC, the GNU Compiler Collection (base package) ii gdisk 0.8.10-2 amd64 GPT fdisk text-mode partitioning tool ii geoip-database 20150317-1 all IP lookup command line tools that use the GeoIP library (country database) ii gettext-base 0.19.3-2 amd64 GNU Internationalization utilities for the base system ii gnat-4.9-base 4.9.2-1 amd64 GNU Ada compiler (common files) ii gnupg 1.4.18-7+deb8u5 amd64 GNU privacy guard - a free PGP replacement ii gnustep-base-common 1.24.7-1 all GNUstep Base library - common files ii gnustep-base-runtime 1.24.7-1 amd64 GNUstep Base library - daemons and tools ii gnustep-common 2.6.6-3 amd64 Common files for the core GNUstep environment ii gpgv 1.4.18-7+deb8u5 amd64 GNU privacy guard - signature verification tool ii grep 2.20-4.1 amd64 GNU grep, egrep and fgrep ii groff-base 1.22.2-8 amd64 GNU troff text-formatting system (base system components) ii grub-common 2.02~beta2-22+deb8u1 amd64 GRand Unified Bootloader (common files) ii grub-efi-amd64-bin 2.02~beta2-22+deb8u1 amd64 GRand Unified Bootloader, version 2 (EFI-AMD64 binaries) ii grub-pc 2.02~beta2-22+deb8u1 amd64 GRand Unified Bootloader, version 2 (PC/BIOS version) ii grub-pc-bin 2.02~beta2-22+deb8u1 amd64 GRand Unified Bootloader, version 2 (PC/BIOS binaries) ii grub2 2.02~beta2-22+deb8u1 amd64 GRand Unified Bootloader, version 2 (dummy package) ii grub2-common 2.02~beta2-22+deb8u1 amd64 GRand Unified Bootloader (common files for version 2) ii gzip 1.6-4 amd64 GNU compression utilities ii haveged 1.9.1-1 amd64 Linux entropy source using the HAVEGE algorithm ii heartbeat 1:3.0.5+hg12629-1.2 amd64 Subsystem for High-Availability Linux ii hostapd 1:2.3-1+deb8u6 amd64 IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator ii hostname 3.15 amd64 utility to set/show the host name or domain name ii htop 1.0.3-1 amd64 interactive processes viewer ii hvinfo 1.2.0 amd64 x86 hypervisor detection tool ii hyperv-daemons 3.16.56-1 amd64 Support daemons for Linux running on Hyper-V ii iftop 1.0~pre4-2 amd64 displays bandwidth usage information on an network interface ii ifupdown xxx.xxx.53.1 amd64 high level tools to configure network interfaces ii igmpproxy 1:0.1+vyos2+current1 amd64 The igmpproxy package ii init 1.22 amd64 System-V-like init utilities - metapackage ii init-system-helpers 1.22 all helper tools for all init systems ii initramfs-tools 0.120+deb8u3 all generic modular initramfs generator ii initscripts 2.88dsf-59 amd64 scripts for initializing and shutting down the system ii insserv 1.14.0-5 amd64 boot sequence organizer using LSB init.d script dependency information ii installation-report 2.58 all system installation report ii intel-microcode 3.20180807a.1~deb8u1 amd64 Processor microcode firmware for Intel CPUs ii iotop 0.6-1 amd64 simple top-like I/O monitor ii ipaddrcheck 1.1 amd64 IPv4 and IPv6 address validation utility ii ipcalc 0.41-4 all parameter calculator for IPv4 addresses ii iperf 2.0.5+dfsg1-2 amd64 Internet Protocol bandwidth measuring tool ii iperf3 3.0.7-1 amd64 Internet Protocol bandwidth measuring tool ii iproute 1:4.18.0-0+vyos+current all transitional dummy package for iproute2 ii iproute2 4.18.0-0+vyos+current amd64 networking and traffic control tools ii ipset 6.23-2 amd64 administration tool for kernel IP sets ii iptables 1.4.21-2+b1 amd64 administration tools for packet filtering and NAT ii iputils-arping 3:20121221-5+b2 amd64 Tool to send ICMP echo requests to an ARP address ii iputils-ping 3:20121221-5+b2 amd64 Tools to test the reachability of network hosts ii ipvsadm 1:1.26-4 amd64 Linux Virtual Server support programs ii isc-dhcp-client 4.3.1-6+deb8u3 amd64 DHCP client xxxxxx automatically obtaining an IP address ii isc-dhcp-common 4.3.1-6+deb8u3 amd64 common files used by all of the isc-dhcp packages ii isc-dhcp-relay 4.3.1-6+deb8u3 amd64 ISC DHCP relay daemon ii isc-dhcp-server 4.3.1-6+deb8u3 amd64 ISC DHCP server for automatic IP address assignment ii iso-codes 3.57-1 all ISO language, territory, currency, script codes and their translations ii iucode-tool 1.1.1-1 amd64 Intel processor microcode tool ii iw 3.17-1 amd64 tool for configuring Linux wireless devices ii javascript-common 11 all Base support for JavaScript library packages ii kbd 1.15.5-2 amd64 Linux console font and keytable utilities ii keepalived 1:2.0.10 amd64 Failover and monitoring daemon for LVS clusters ii kernel-common 13.014+nmu1 all common elements for generated kernel packages ii keyboard-configuration 1.123 all system-wide keyboard preferences ii klibc-utils 2.0.4-2 amd64 small utilities built with klibc for early boot ii kmod 18-3 amd64 tools for managing Linux kernel modules ii laptop-detect 0.13.7 amd64 attempt to detect a laptop ii less 458-3 amd64 pager program similar to more ii libacl1:amd64 2.2.52-2 amd64 Access control list shared library ii libalgorithm-c3-perl 0.09-1 all Perl module for merging hierarchies using the C3 algorithm ii libapt-inst1.5:amd64 xxx.xxx.9.8.5 amd64 deb package format runtime library ii libapt-pkg4.12:amd64 xxx.xxx.9.8.5 amd64 package management runtime library ii libarchive-extract-perl 0.72-1 all generic archive extracting module ii libasprintf0c2:amd64 0.19.3-2 amd64 GNU library to use fprintf and friends in C++ ii libatm1:amd64 1:2.5.1-1.5 amd64 shared library for ATM (Asynchronous Transfer Mode) ii libattr1:amd64 1:2.4.47-2 amd64 Extended attribute shared library ii libaudit-common 1:2.4-1 all Dynamic library for security auditing - common files ii libaudit1:amd64 1:2.4-1+b1 amd64 Dynamic library for security auditing ii libauthen-sasl-perl 2.1600-1 all Authen::SASL - SASL Authentication framework ii libavahi-client3:amd64 0.6.31-5 amd64 Avahi client xxxxxx ii libavahi-common-data:amd64 0.6.31-5 amd64 Avahi common data files ii libavahi-common3:amd64 0.6.31-5 amd64 Avahi common library ii libb-hooks-endofscope-perl 0.13-1 all module for executing code after a scope finished compilation ii libbind9-90 1:9.9.5.dfsg-9+deb8u16 amd64 BIND9 Shared Library used by BIND ii libblas-common 1.2.20110419-10 amd64 Dependency package for all BLAS implementations ii libblas3 1.2.20110419-10 amd64 Basic Linear Algebra Reference implementations, shared library ii libblkid1:amd64 2.25.2-6 amd64 block device id library ii libboost-context1.55.0:amd64 1.55.0+dfsg-3 amd64 provides a sort of cooperative multitasking on a single thread ii libboost-filesystem1.55.0:amd64 1.55.0+dfsg-3 amd64 filesystem operations (portable paths, iteration over directories, etc) in C++ ii libboost-iostreams1.55.0:amd64 1.55.0+dfsg-3 amd64 Boost.Iostreams Library ii libboost-system1.55.0:amd64 1.55.0+dfsg-3 amd64 Operating system (e.g. diagnostics support) library ii libbsd0:amd64 0.7.0-2 amd64 utility functions from BSD systems - shared library ii libbz2-1.0:amd64 1.0.6-7+b3 amd64 high-quality block-sorting file compressor library - runtime ii libc-ares2:amd64 1.10.0-2+deb8u2 amd64 asynchronous name resolver ii libc-bin 2.19-18+deb8u10 amd64 GNU C Library: Binaries ii libc6:amd64 2.19-18+deb8u10 amd64 GNU C Library: Shared libraries ii libcap-ng0:amd64 0.7.4-2 amd64 An alternate POSIX capabilities library ii libcap2:amd64 1:2.24-8 amd64 POSIX 1003.1e capabilities (library) ii libcap2-bin 1:2.24-8 amd64 POSIX 1003.1e capabilities (utilities) ii libcgi-fast-perl 1:2.04-1 all CGI subclass for work with FCGI ii libcgi-pm-perl 4.09-1 all module for Common Gateway Interface applications ii libcharon-extra-plugins 5.7.2-1+vyos2 amd64 strongSwan charon library (extra plugins) ii libcidr0:amd64 1.2.3-2 amd64 IP addresses and netblocks manipulation library ii libclass-accessor-perl 0.34-1 all Perl module that automatically generates accessors ii libclass-c3-perl 0.26-1 all pragma for using the C3 method resolution order ii libclass-c3-xs-perl 0.13-2+b1 amd64 Perl module to accelerate Class::C3 ii libcomerr2:amd64 1.42.12-2+b1 amd64 common error description library ii libcommon-sense-perl 3.73-2+b3 amd64 module that implements some sane defaults for Perl programs ii libconfuse-common 2.7-5+deb8u1 all Common files for libConfuse ii libconfuse0:amd64 2.7-5+deb8u1 amd64 Library for parsing configuration files ii libcpan-meta-perl 2.142690-1 all Perl module to access CPAN distributions metadata ii libcrypt-openssl-bignum-perl 0.04-4+b2 amd64 Perl module to access OpenSSL multiprecision integer arithmetic libraries ii libcrypt-openssl-rsa-perl 0.28-2+b1 amd64 module for RSA encryption using OpenSSL ii libcryptsetup4:amd64 2:1.6.6-5 amd64 disk encryption support - shared library ii libcurl3:amd64 7.38.0-4+deb8u13 amd64 easy-to-use client-side URL transfer library (OpenSSL flavour) ii libcurl3-gnutls:amd64 7.38.0-4+deb8u13 amd64 easy-to-use client-side URL transfer library (GnuTLS flavour) ii libcwidget3:amd64 0.5.17-2 amd64 high-level terminal interface library for C++ (runtime files) ii libdaemon0:amd64 0.14-6 amd64 lightweight C library for daemons - runtime library ii libdata-optlist-perl 0.109-1 all module to parse and validate simple name/value option pairs ii libdata-section-perl 0.200006-1 all module to read chunks of data from a module's DATA section ii libdb5.3:amd64 5.3.28-9+deb8u1 amd64 Berkeley v5.3 Database Libraries [runtime] ii libdbus-1-3:amd64 1.8.22-0+deb8u1 amd64 simple interprocess messaging system (library) ii libdbus-glib-1-2:amd64 0.102-1 amd64 simple interprocess messaging system (GLib-based shared library) ii libdebconfclient0:amd64 0.192 amd64 Debian Configuration Management System (C-implementation library) ii libdevmapper1.02.1:amd64 2:1.02.90-2.2+deb8u1 amd64 Linux Kernel Device Mapper userspace library ii libdns-export100 1:9.9.5.dfsg-9+deb8u16 amd64 Exported DNS Shared Library ii libdns100 1:9.9.5.dfsg-9+deb8u16 amd64 DNS Shared Library used by BIND ii libdumbnet1 1.12-6 amd64 A dumb, portable networking library -- shared library ii libecap2 0.2.0-3 amd64 eCAP library ii libedit2:amd64 3.1-20140620-2 amd64 BSD editline and history libraries ii libefivar0:amd64 0.15-3 amd64 Library to manage UEFI variables ii libencode-locale-perl 1.03-1 all utility to determine the locale encoding ii libestr0 0.1.9-1.1 amd64 Helper functions for handling strings (lib) ii libevent-2.0-5:amd64 2.0.21-stable-2+deb8u1 amd64 Asynchronous event notification library ii libexpat1:amd64 2.1.0-6+deb8u4 amd64 XML parsing C library - runtime library ii libfam0 2.7.0-17.1 amd64 Client library to control the FAM daemon ii libfcgi-perl 0.77-1+deb8u1 amd64 helper module for FastCGI ii libffi6:amd64 3.1-2+deb8u1 amd64 Foreign Function Interface library runtime ii libfile-listing-perl 6.04-1 all module to parse directory listings ii libfile-slurp-perl 9999.19-4 all single call read & write file routines ii libfile-sync-perl 0.11-2+b1 amd64 Perl interface to sync() and fsync() ii libfont-afm-perl 1.20-1 all Font::AFM - Interface to Adobe Font Metrics files ii libfreeradius-client2 1.1.6-7 amd64 Enhanced RADIUS client xxxxxx ii libfreetype6:amd64 2.5.2-3+deb8u2 amd64 FreeType 2 font engine, shared library files ii libfuse2:amd64 2.9.3-15+deb8u3 amd64 Filesystem in Userspace (library) ii libgcc1:amd64 1:4.9.2-10+deb8u2 amd64 GCC support library ii libgcrypt20:amd64 1.6.3-2+deb8u5 amd64 LGPL Crypto library - runtime library ii libgdbm3:amd64 1.8.3-13.1 amd64 GNU dbm database routines (runtime version) ii libgeoip1:amd64 1.6.2-4 amd64 non-DNS IP-to-country resolver library ii libgfortran3:amd64 4.9.2-10+deb8u2 amd64 Runtime library for GNU Fortran applications ii libglib2.0-0:amd64 2.42.1-1+b1 amd64 GLib library of C routines ii libglib2.0-data 2.42.1-1 all Common files for GLib library ii libgmp10:amd64 2:6.0.0+dfsg-6 amd64 Multiprecision arithmetic library ii libgnat-4.9:amd64 4.9.2-1 amd64 runtime for applications compiled with GNAT (shared library) ii libgnustep-base1.24 1.24.7-1 amd64 GNUstep Base library ii libgnutls-deb0-28:amd64 3.3.30-0+deb8u1 amd64 GNU TLS library - main runtime library ii libgnutls-openssl27:amd64 3.3.30-0+deb8u1 amd64 GNU TLS library - OpenSSL wrapper ii libgpg-error0:amd64 1.17-3 amd64 library for common error values and messages in GnuPG components ii libgssapi-krb5-2:amd64 1.12.1+dfsg-19+deb8u5 amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii libhavege1:amd64 1.9.1-1 amd64 entropy source using the HAVEGE algorithm - shared library ii libheartbeat2 1:3.0.5+hg12629-1.2 amd64 Subsystem for High-Availability Linux (libraries) ii libhogweed2:amd64 2.7.1-5+deb8u2 amd64 low level cryptographic library (public-key cryptos) ii libhtml-form-perl 6.03-1 all module that represents an HTML form element ii libhtml-format-perl 2.11-1 all module for transforming HTML into various formats ii libhtml-parser-perl 3.71-1+b3 amd64 collection of modules that parse HTML text documents ii libhtml-tagset-perl 3.20-2 all Data tables pertaining to HTML ii libhtml-tree-perl 5.03-1 all Perl module to represent and create HTML syntax trees ii libhttp-cookies-perl 6.01-1 all HTTP cookie jars ii libhttp-daemon-perl 6.01-1 all simple http server class ii libhttp-date-perl 6.02-1 all module of date conversion routines ii libhttp-message-perl 6.06-1 all perl interface to HTTP style messages ii libhttp-negotiate-perl 6.00-2 all implementation of content negotiation ii libicu52:amd64 52.1-8+deb8u7 amd64 International Components for Unicode ii libidn11:amd64 1.29-1+deb8u3 amd64 GNU Libidn library, implementation of IETF IDN specifications ii libio-html-perl 1.001-1 all open an HTML file with automatic charset detection ii libio-prompt-perl 0.997002-1 all module to interactively prompt for user xxxxxx ii libio-socket-ssl-perl 2.002-2+deb8u3 all Perl module implementing object oriented interface to SSL sockets ii libio-string-perl 1.08-3 all Emulate IO::File interface for in-core strings ii libiperf0 3.0.7-1 amd64 Internet Protocol bandwidth measuring tool (runtime files) ii libipset3:amd64 6.23-2 amd64 library for IP sets ii libirs-export91 1:9.9.5.dfsg-9+deb8u16 amd64 Exported IRS Shared Library ii libisc-export95 1:9.9.5.dfsg-9+deb8u16 amd64 Exported ISC Shared Library ii libisc95 1:9.9.5.dfsg-9+deb8u16 amd64 ISC Shared Library used by BIND ii libisccc90 1:9.9.5.dfsg-9+deb8u16 amd64 Command Channel Library used by BIND ii libisccfg-export90 1:9.9.5.dfsg-9+deb8u16 amd64 Exported ISC CFG Shared Library ii libisccfg90 1:9.9.5.dfsg-9+deb8u16 amd64 Config File Handling Library used by BIND ii libjansson4:amd64 2.7-1+deb8u1 amd64 C library for encoding, decoding and manipulating JSON data ii libjbig0:amd64 2.1-3.1 amd64 JBIGkit libraries ii libjim0.75:amd64 0.75-1 amd64 small-footprint implementation of Tcl - shared library ii libjpeg62-turbo:amd64 1:1.3.1-12+deb8u1 amd64 libjpeg-turbo JPEG runtime library ii libjs-jquery 1.7.2+dfsg-3.2 all JavaScript library for dynamic web applications ii libjs-sphinxdoc 1.2.3+dfsg-1 all JavaScript support for Sphinx documentation ii libjs-underscore 1.7.0~dfsg-1 all JavaScript's functional programming helper library ii libjson-any-perl 1.38-1 all wrapper class for the various JSON classes ii libjson-c2:amd64 0.11-4 amd64 JSON manipulation library - shared library ii libjson-xs-perl 2.340-1+b2 amd64 module for manipulating JSON-formatted data (C/XS-accelerated) ii libk5crypto3:amd64 1.12.1+dfsg-19+deb8u5 amd64 MIT Kerberos runtime libraries - Crypto Library ii libkeyutils1:amd64 1.5.9-5+b1 amd64 Linux Key Management Utilities (library) ii libklibc 2.0.4-2 amd64 minimal libc subset for use with initramfs ii libkmod2:amd64 18-3 amd64 libkmod shared library ii libkrb5-3:amd64 1.12.1+dfsg-19+deb8u5 amd64 MIT Kerberos runtime libraries ii libkrb5support0:amd64 1.12.1+dfsg-19+deb8u5 amd64 MIT Kerberos runtime libraries - Support library ii liblcms2-2:amd64 2.6-3+deb8u2 amd64 Little CMS 2 color management library ii libldap-2.4-2:amd64 2.4.40+dfsg-1+deb8u4 amd64 OpenLDAP libraries ii liblinear1:amd64 1.8+dfsg-4 amd64 Library for Large Linear Classification ii liblocale-gettext-perl 1.05-8+b1 amd64 module using libc functions for internationalization in Perl ii liblockfile-bin 1.09-6 amd64 support binaries for and cli utilities based on liblockfile ii liblockfile1:amd64 1.09-6 amd64 NFS-safe locking library ii liblog-message-perl 0.8-1 all powerful and flexible message logging mechanism ii liblog-message-simple-perl 0.10-2 all simplified interface to Log::Message ii liblogging-stdlog0:amd64 1.0.4-1 amd64 easy to use and lightweight logging library ii liblognorm1:amd64 1.0.1-3 amd64 Log normalizing library ii liblrm2 1.0.12~rc1+hg2777-1.2 amd64 Reusable cluster libraries -- liblrm2 ii libltdl7:amd64 2.4.2-1.11+b1 amd64 System independent dlopen wrapper for GNU libtool ii liblua5.1-0:amd64 5.1.5-7.1 amd64 Shared library for the Lua interpreter version 5.1 ii liblua5.2-0:amd64 5.2.3-1.1 amd64 Shared library for the Lua interpreter version 5.2 ii liblwp-mediatypes-perl 6.02-1 all module to guess media type for a file or a URL ii liblwp-protocol-https-perl 6.06-2 all HTTPS driver for LWP::UserAgent ii liblwres90 1:9.9.5.dfsg-9+deb8u16 amd64 Lightweight Resolver Library used by BIND ii liblzma5:amd64 5.1.1alpha+20120614-2+b3 amd64 XZ-format compression library ii liblzo2-2:amd64 2.08-1.2 amd64 data compression library ii libmagic1:amd64 1:5.22+15-2+deb8u4 amd64 File type determination library using "magic" numbers ii libmailtools-perl 2.13-1 all Manipulate email in perl programs ii libmnl0:amd64 1.0.3-5 amd64 minimalistic Netlink communication library ii libmodule-build-perl 0.421000-2+deb8u1 all framework for building and installing Perl modules ii libmodule-implementation-perl 0.09-1 all module for loading one of several alternate implementations of a module ii libmodule-pluggable-perl 5.1-1 all module for giving modules the ability to have plugins ii libmodule-runtime-perl 0.014-1 all Perl module for runtime module handling ii libmodule-signature-perl 0.73-1+deb8u2 all module to manipulate CPAN SIGNATURE files ii libmount1:amd64 2.25.2-6 amd64 device mounting library ii libmpdec2:amd64 2.4.1-1 amd64 library for decimal floating point arithmetic (runtime library) ii libmpfr4:amd64 3.1.2-2 amd64 multiple precision floating-point computation ii libmro-compat-perl 0.12-1 all mro::* interface compatibility for Perls < 5.9.5 ii libmysqlclient18:amd64 5.5.62-0+deb8u1 amd64 MySQL database client xxxxxx ii libnamespace-clean-perl 0.25-1 all module for keeping imports and functions out of the current namespace ii libncurses5:amd64 5.9+20140913-1+deb8u3 amd64 shared libraries for terminal handling ii libncursesw5:amd64 5.9+20140913-1+deb8u3 amd64 shared libraries for terminal handling (wide character support) ii libnet-http-perl 6.07-1 all module providing low-level HTTP connection client ii libnet-libidn-perl 0.12.ds-2+b1 amd64 Perl bindings for GNU Libidn ii libnet-smtp-ssl-perl 1.01-3 all Perl module providing SSL support to Net::SMTP ii libnet-ssleay-perl 1.65-1+deb8u1 amd64 Perl module for Secure Sockets Layer (SSL) ii libnet1:amd64 1.1.6+dfsg-3 amd64 library for the construction and handling of network packets ii libnetaddr-ip-perl 4.075+dfsg-1+b1 amd64 IP address manipulation module ii libnetfilter-conntrack3:amd64 1.0.4-1 amd64 Netfilter netlink-conntrack library ii libnetfilter-cthelper0:amd64 1.0.0-1 amd64 userspace-helper for netfilter library ii libnetfilter-cttimeout1 1.0.0-2 amd64 fine-grain connection tracking timeout infrastructure for netfilter ii libnetfilter-log1:amd64 1.0.1-1.1 amd64 Netfilter netlink-log library ii libnetfilter-queue1 1.0.2-2 amd64 Netfilter netlink-queue library ii libnettle4:amd64 2.7.1-5+deb8u2 amd64 low level cryptographic library (symmetric and one-way cryptos) ii libnfnetlink0:amd64 1.0.1-3 amd64 Netfilter netlink library ii libnl-3-200:amd64 3.2.27-2 amd64 library for dealing with netlink sockets ii libnl-genl-3-200:amd64 3.2.27-2 amd64 library for dealing with netlink sockets - generic netlink ii libnl-route-3-200:amd64 3.2.27-2 amd64 library for dealing with netlink sockets - route interface ii libnss-mapuser 1.1.0-cl3u1 amd64 NSS modules to map any requested username xxxxxx a local account ii libobjc4:amd64 4.9.2-10+deb8u2 amd64 Runtime library for GNU Objective-C applications ii libopenhpi2 2.14.1-1.4 amd64 OpenHPI libraries (runtime and support files) ii libopenipmi0 2.0.16-1.4 amd64 Intelligent Platform Management Interface - runtime ii libopts25:amd64 1:5.18.4-3 amd64 automated option processing library based on autogen ii libp11-kit0:amd64 0.20.7-1 amd64 Library for loading and coordinating access to PKCS#11 modules - runtime ii libpackage-constants-perl 0.04-1 all List constants defined in a package ii libpackage-stash-perl 0.37-1 all module providing routines for manipulating stashes ii libpackage-stash-xs-perl 0.28-2+b1 amd64 Perl module providing routines for manipulating stashes (XS version) ii libpam-cap:amd64 1:2.24-8 amd64 POSIX 1003.1e capabilities (PAM module) ii libpam-modules:amd64 1.1.8-3.1+deb8u2+b1 amd64 Pluggable Authentication Modules for PAM ii libpam-modules-bin 1.1.8-3.1+deb8u2+b1 amd64 Pluggable Authentication Modules for PAM - helper binaries ii libpam-radius-auth 1.5.0-cl3u1 amd64 PAM RADIUS client xxxxxx module ii libpam-runtime 1.1.8-3.1+deb8u2 all Runtime support for the PAM library ii libpam0g:amd64 1.1.8-3.1+deb8u2+b1 amd64 Pluggable Authentication Modules library ii libpaper-utils 1.1.24+nmu4 amd64 library for handling paper characteristics (utilities) ii libpaper1:amd64 1.1.24+nmu4 amd64 library for handling paper characteristics ii libparams-classify-perl 0.013-4+b2 amd64 Perl module for argument type classification ii libparams-util-perl 1.07-2+b1 amd64 Perl extension for simple stand-alone param checking functions ii libparse-debianchangelog-perl 1.2.0-1.1 all parse Debian changelogs and output them in other formats ii libparted2:amd64 3.2-7 amd64 disk partition manipulator - shared library ii libpcap0.8:amd64 1.6.2-2 amd64 system interface for user-level packet capture ii libpci3:amd64 1:3.2.1-3 amd64 Linux PCI Utilities (shared library) ii libpcre3:amd64 2:8.35-3.3+deb8u4 amd64 Perl 5 Compatible Regular Expression Library - runtime files ii libpcsclite1:amd64 1.8.13-1+deb8u1 amd64 Middleware to access a smart card using PC/SC (library) ii libperl4-corelibs-perl 0.003-1 all libraries historically supplied with Perl 4 ii libperl5.20 5.20.2-3+deb8u12 amd64 shared Perl library ii libpgm-5.1-0 5.1.118-1~dfsg-1 amd64 OpenPGM shared library ii libpils2 1.0.12~rc1+hg2777-1.2 amd64 Reusable cluster libraries -- libpils2 ii libpkcs11-helper1:amd64 1.11-2 amd64 library that simplifies the interaction with PKCS#11 ii libplumb2 1.0.12~rc1+hg2777-1.2 amd64 Reusable cluster libraries -- libplumb2 ii libplumbgpl2 1.0.12~rc1+hg2777-1.2 amd64 Reusable cluster libraries -- libplumbgpl2 ii libpng12-0:amd64 1.2.50-2+deb8u3 amd64 PNG library - runtime ii libpod-latex-perl 0.61-1 all module to convert Pod data to formatted LaTeX ii libpod-readme-perl 0.11-1 all Perl module to convert POD to README file ii libpopt0:amd64 1.16-10 amd64 lib for parsing cmdline parameters ii libpq5:amd64 9.4.20-0+deb8u1 amd64 PostgreSQL C client xxxxxx ii libprocps3:amd64 2:3.3.9-9+deb8u1 amd64 library for accessing process information from /proc ii libprotobuf9:amd64 2.6.1-1 amd64 protocol buffers C++ library ii libpsl0:amd64 0.5.1-1 amd64 Library for Public Suffix List (shared libraries) ii libpython-stdlib:amd64 2.7.9-1 amd64 interactive high-level object-oriented language (default python version) ii libpython2.7-minimal:amd64 2.7.9-2+deb8u2 amd64 Minimal subset of the Python language (version 2.7) ii libpython2.7-stdlib:amd64 2.7.9-2+deb8u2 amd64 Interactive high-level object-oriented language (standard library, version 2.7) ii libpython3-stdlib:amd64 3.4.2-2 amd64 interactive high-level object-oriented language (default python3 version) ii libpython3.4-minimal:amd64 3.4.2-1+deb8u1 amd64 Minimal subset of the Python language (version 3.4) ii libpython3.4-stdlib:amd64 3.4.2-1+deb8u1 amd64 Interactive high-level object-oriented language (standard library, version 3.4) ii libquadmath0:amd64 4.9.2-10+deb8u2 amd64 GCC Quad-Precision Math Library ii libreadline6:amd64 6.3-8+b3 amd64 GNU readline and history libraries, run-time libraries ii libregexp-common-perl 2013031301-1 all module with common regular expressions ii librtmp1:amd64 2.4+20150115.gita107cef-1+deb8u1 amd64 toolkit for RTMP streams (shared library) ii librtr0:amd64 xxx.xxx.0.0 amd64 Small extensible RPKI-RTR-Client C library. ii libsasl2-2:amd64 2.1.26.dfsg1-13+deb8u1 amd64 Cyrus SASL - authentication abstraction library ii libsasl2-modules-db:amd64 2.1.26.dfsg1-13+deb8u1 amd64 Cyrus SASL - pluggable authentication modules (DB) ii libselinux1:amd64 2.3-2 amd64 SELinux runtime shared libraries ii libsemanage-common 2.3-1 all Common files for SELinux policy management libraries ii libsemanage1:amd64 2.3-1+b1 amd64 SELinux policy management library ii libsensors4:amd64 1:3.3.5-2 amd64 library to read temperature/voltage/fan sensors ii libsepol1:amd64 2.3-2 amd64 SELinux library for manipulating binary security policies ii libsigc++-2.0-0c2a:amd64 2.4.0-1 amd64 type-safe Signal Framework for C++ - runtime ii libsigsegv2:amd64 2.10-4+b1 amd64 Library for handling page faults in a portable way ii libslang2:amd64 2.3.0-2 amd64 S-Lang programming library - runtime version ii libsmartcols1:amd64 2.25.2-6 amd64 smart column output alignment library ii libsmi2ldbl:amd64 0.4.8+dfsg2-10+b2 amd64 library to access SMI MIB information ii libsnmp-base xxx.xxx.2.1+vyos2+current1 all SNMP configuration script, MIBs and documentation ii libsnmp-perl xxx.xxx.2.1+vyos2+current1 amd64 SNMP (Simple Network Management Protocol) Perl5 support ii libsnmp30:amd64 xxx.xxx.2.1+vyos2+current1 amd64 SNMP (Simple Network Management Protocol) library ii libsocket6-perl 0.25-1+b1 amd64 Perl extensions for IPv6 ii libsodium13:amd64 1.0.3-1 amd64 Network communication, cryptography and signaturing library ii libsoftware-license-perl 0.103010-3 all module providing templated software licenses ii libsort-versions-perl 1.60-1 all Perl module for sorting of revision (and similar) numbers ii libsqlite3-0:amd64 xxx.xxx.7.1-1+deb8u4 amd64 SQLite 3 shared library ii libss2:amd64 1.42.12-2+b1 amd64 command-line interface parsing library ii libssh-4:amd64 0.6.3-4+deb8u3 amd64 tiny C SSH library (OpenSSL flavor) ii libssh2-1:amd64 1.4.3-4.1+deb8u1 amd64 SSH2 client-side library ii libssl1.0.0:amd64 1.0.1t-1+deb8u10 amd64 Secure Sockets Layer toolkit - shared libraries ii libstdc++6:amd64 4.9.2-10+deb8u2 amd64 GNU Standard C++ Library v3 ii libstonith1 1.0.12~rc1+hg2777-1.2 amd64 Reusable cluster libraries -- libstonith1 ii libstrongswan 5.7.2-1+vyos2 amd64 strongSwan utility and crypto library ii libstrongswan-extra-plugins 5.7.2-1+vyos2 amd64 strongSwan utility and crypto library (extra plugins) ii libstrongswan-standard-plugins 5.7.2-1+vyos2 amd64 strongSwan utility and crypto library (standard plugins) ii libsub-exporter-perl 0.986-1 all sophisticated exporter for custom-built routines ii libsub-exporter-progressive-perl 0.001011-1 all module for using Sub::Exporter only if needed ii libsub-identify-perl 0.08-1 amd64 module to retrieve names of code references ii libsub-install-perl 0.928-1 all module for installing subroutines into packages easily ii libsub-name-perl 0.12-1 amd64 module for assigning a new name to referenced sub ii libswitch-perl 2.17-2 all switch statement for Perl ii libsystemd0:amd64 215-17+deb8u9 amd64 systemd utility library ii libtasn1-6:amd64 4.2-3+deb8u3 amd64 Manage ASN.1 structures (runtime) ii libterm-readkey-perl 2.32-1+b1 amd64 perl module for simple terminal control ii libterm-readline-perl-perl 1.0303-1 all Perl implementation of Readline libraries ii libterm-ui-perl 0.42-1 all Term::ReadLine UI made easy ii libtext-charwidth-perl 0.04-7+b3 amd64 get display widths of characters on the terminal ii libtext-iconv-perl 1.7-5+b2 amd64 converts between character sets in Perl ii libtext-soundex-perl 3.4-1+b2 amd64 implementation of the soundex algorithm ii libtext-template-perl 1.46-1 all perl module to process text templates ii libtext-wrapi18n-perl 0.06-7 all internationalized substitute of Text::Wrap ii libtiff5:amd64 4.0.3-12.3+deb8u7 amd64 Tag Image File Format (TIFF) library ii libtimedate-perl 2.3000-2 all collection of modules to manipulate date/time information ii libtinfo5:amd64 5.9+20140913-1+deb8u3 amd64 shared low-level terminfo library for terminal handling ii libtree-simple-perl 1.24-1 all implementation of a simple tree object ii libtry-tiny-perl 0.22-1 all module providing minimalistic try/catch ii libudev1:amd64 215-17+deb8u9 amd64 libudev shared library ii liburi-perl 1.64-1 all module to manipulate and access URI strings ii libusb-0.1-4:amd64 2:0.1.12-25 amd64 userspace USB programming library ii libusb-1.0-0:amd64 2:1.0.19-1 amd64 userspace USB programming library ii libustr-1.0-1:amd64 1.0.4-3+b2 amd64 Micro string library: shared library ii libuuid1:amd64 2.25.2-6 amd64 Universally Unique ID library ii libvariable-magic-perl 0.55-1 amd64 module to associate user-defined magic to variables from Perl ii libvyatta-cfg1 1.2.0-1 amd64 vyatta-cfg back-end library ii libvyosconfig0 0.0.6 amd64 VyConf config tree manipulation library ii libwant-perl 0.23-1+b1 amd64 generalisation of wantarray ii libwebp5:amd64 0.4.1-1.2+b2 amd64 Lossy compression of digital photographic images. ii libwebpdemux1:amd64 0.4.1-1.2+b2 amd64 Lossy compression of digital photographic images. ii libwebpmux1:amd64 0.4.1-1.2+b2 amd64 Lossy compression of digital photographic images. ii libwireshark-data 1.12.1+g01b65bf-4+deb8u16 all network packet dissection library -- data files ii libwireshark5:amd64 1.12.1+g01b65bf-4+deb8u16 amd64 network packet dissection library -- shared library ii libwiretap4:amd64 1.12.1+g01b65bf-4+deb8u16 amd64 network packet capture library -- shared library ii libwrap0:amd64 7.6.q-25 amd64 Wietse Venema's TCP wrappers library ii libwsutil4:amd64 1.12.1+g01b65bf-4+deb8u16 amd64 network packet dissection utilities library -- shared library ii libwww-perl 6.08-1 all simple and consistent interface to the world-wide web ii libwww-robotrules-perl 6.01-1 all database of robots.txt-derived permissions ii libx11-6:amd64 2:1.6.2-3+deb8u2 amd64 X11 client-side library ii libx11-data 2:1.6.2-3+deb8u2 all X11 client-side library ii libxapian22 1.2.19-1+deb8u1 amd64 Search engine library ii libxau6:amd64 1:1.0.8-1 amd64 X11 authorisation library ii libxcb1:amd64 1.10-3+b1 amd64 X C Binding ii libxdmcp6:amd64 1:1.1.1-1+b1 amd64 X11 Display Manager Control Protocol library ii libxext6:amd64 2:1.3.3-1 amd64 X11 miscellaneous extension library ii libxml-namespacesupport-perl 1.11-1 all Perl module for supporting simple generic namespaces ii libxml-parser-perl 2.41-3 amd64 Perl module for parsing XML files ii libxml-sax-base-perl 1.07-1 all base class for SAX drivers and filters ii libxml-sax-expat-perl 0.40-2 all Perl module for a SAX2 driver for Expat (XML::Parser) ii libxml-sax-perl 0.99+dfsg-2 all Perl module for using and building Perl SAX2 XML processors ii libxml-simple-perl 2.20-1 all Perl module for reading and writing XML ii libxml2:amd64 2.9.1+dfsg1-5+deb8u7 amd64 GNOME XML library ii libxml2-utils 2.9.1+dfsg1-5+deb8u7 amd64 XML utilities ii libxmuu1:amd64 2:1.1.2-1 amd64 X11 miscellaneous micro-utility library ii libxslt1.1:amd64 1.1.28-2+deb8u3 amd64 XSLT 1.0 processing library - runtime library ii libxtables10 1.4.21-2+b1 amd64 netfilter xtables library ii libyaml-0-2:amd64 0.1.6-3 amd64 Fast YAML 1.1 parser and emitter library ii libyang 0.16.52 amd64 Libyang is YANG data modelling language parser and toolkit written (and providing API) in C. ii libzmq3:amd64 4.0.5+dfsg-3 amd64 lightweight messaging kernel (shared library) ii lighttpd 1.4.35-4+deb8u1 amd64 fast webserver with minimal memory footprint ii linux-image-4.19.12-amd64-vyos 4.19.12-1+vyos1+current1 amd64 Linux kernel binary image for version 4.19.12-amd64-vyos ii live-boot 1:20151213 all Live System Boot Components ii live-boot-doc 1:20151213 all Live System Boot Components (documentation) ii live-boot-initramfs-tools 1:20151213 all Live System Boot Components (initramfs-tools backend) ii live-config 4.0.4-1 all Live System Configuration Components ii live-config-doc 4.0.4-1 all Live System Configuration Components (documentation) ii live-config-systemd 4.0.4-1 all Live System Configuration Components (systemd backend) ii live-tools 4.0.2-1.1 all Live System Extra Components ii lldpd 1.0.3-0 amd64 implementation of IEEE 802.1ab (LLDP) ii locales 2.19-18+deb8u10 all GNU C Library: National Language (locale) data [support] ii lockfile-progs 0.1.17 amd64 Programs for locking and unlocking files and mailboxes ii login 1:4.2-3+deb8u4 amd64 system login tools ii logrotate 3.8.7-1+b1 amd64 Log rotation utility ii lrzsz 0.12.21-7 amd64 Tools for zmodem/xmodem/ymodem file transfer ii lsb-base 4.1+Debian13+nmu1 all Linux Standard Base 4.1 init script functionality ii lsb-release 4.1+Debian13+nmu1 all Linux Standard Base version reporting utility ii lsof 4.86+dfsg-1 amd64 Utility to list open files ii lsscsi 0.27-3 amd64 list all SCSI devices (or hosts) currently on system ii mawk 1.3.3-17 amd64 a pattern scanning and text processing language ii mdadm 3.3.2-5+deb8u2 amd64 tool to administer Linux MD arrays (software RAID) ii mdns-repeater 0.1+vyos2+current0 amd64 Multicast DNS repeater ii mgetty 1.1.36-2.1+deb8u1 amd64 Smart Modem getty replacement ii mime-support 3.58 all MIME files 'mime.types' & 'mailcap', and support programs ii minicom 2.7-1+deb8u1 amd64 friendly menu driven serial communication program ii mount 2.25.2-6 amd64 Tools for mounting and manipulating filesystems ii mtr-tiny 0.85-3 amd64 Full screen ncurses traceroute tool ii multiarch-support 2.19-18+deb8u10 amd64 Transitional package to ensure multiarch compatibility ii mysql-common 5.5.62-0+deb8u1 all MySQL database common files, e.g. /etc/mysql/my.cnf ii nano 2.2.6-3 amd64 small, friendly text editor inspired by Pico ii ncurses-base 5.9+20140913-1+deb8u3 all basic terminal type definitions ii ncurses-bin 5.9+20140913-1+deb8u3 amd64 terminal-related programs and man pages ii ncurses-term 5.9+20140913-1+deb8u3 all additional terminal type definitions ii ndiff 6.47-3+deb8u2 all The Network Mapper - result compare utility ii net-tools 1.60-26+b1 amd64 NET-3 networking toolkit ii netbase 5.3 all Basic TCP/IP networking system ii netcat 1.10-41 all TCP/IP swiss army knife -- transitional package ii netcat-traditional 1.10-41 amd64 TCP/IP swiss army knife ii netcat6 1.0-8 amd64 TCP/IP swiss army knife with IPv6 support ii nfct 1:1.4.2-2+vyos2+current1 amd64 Tool to interact with the connection tracking system ii nmap 6.47-3+deb8u2 amd64 The Network Mapper ii ntp 1:4.2.6.p5+dfsg-7+deb8u2 amd64 Network Time Protocol daemon and utility programs ii ntpdate 1:4.2.6.p5+dfsg-7+deb8u2 amd64 client xxxxxx setting system time from NTP servers ii open-vm-tools 2:9.4.6-1770165-8 amd64 Open VMware Tools for virtual machines hosted on VMware (CLI) ii openhpid 2.14.1-1.4 amd64 OpenHPI daemon, supports gathering of manageability information ii opensc 0.14.0-2 amd64 Smart card utilities with support for PKCS#15 compatible cards ii opensc-pkcs11:amd64 0.14.0-2 amd64 Smart card utilities with support for PKCS#15 compatible cards ii openssh-client 1:6.7p1-5+deb8u7 amd64 secure shell (SSH) client, for secure access to remote machines ii openssh-server 1:6.7p1-5+deb8u7 amd64 secure shell (SSH) server, for secure access from remote machines ii openssh-sftp-server 1:6.7p1-5+deb8u7 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines ii openssl 1.0.1t-1+deb8u10 amd64 Secure Sockets Layer toolkit - cryptographic utility ii openvpn 2.3.4-5+deb8u2 amd64 virtual private network daemon ii openvpn-auth-ldap 2.0.3-6.1 amd64 OpenVPN LDAP authentication module ii openvpn-auth-radius 2.1-6+b1 amd64 OpenVPN RADIUS authentication module ii os-prober 1.65+deb8u1 amd64 utility to detect other OSes on a set of drives ii parted 3.2-7 amd64 disk partition manipulator ii passwd 1:4.2-3+deb8u4 amd64 change and administer password xxxxxx group data ii pciutils 1:3.2.1-3 amd64 Linux PCI Utilities ii pdns-recursor 4.1.8-2 amd64 PowerDNS Recursor ii perl 5.20.2-3+deb8u12 amd64 Larry Wall's Practical Extraction and Report Language ii perl-base 5.20.2-3+deb8u12 amd64 minimal Perl system ii perl-modules 5.20.2-3+deb8u12 all Core Perl modules ii pmacct 1.7.2 amd64 promiscuous mode traffic accountant ii ppp 2.4.7+vyos2 amd64 Point-to-Point Protocol (PPP) daemon ii pppoe 3.8-3 amd64 PPP over Ethernet driver ii pptpd 1.4.0-5 amd64 PoPToP Point to Point Tunneling Server ii prism2-usb-firmware-installer 0.2.9+dfsg-5 amd64 firmware files for the prism2_usb kernel driver ii procps 2:3.3.9-9+deb8u1 amd64 /proc file system utilities ii psmisc 22.21-2 amd64 utilities that use the proc file system ii python 2.7.9-1 amd64 interactive high-level object-oriented language (default version) ii python-apt xxx.xxx.3.12 amd64 Python interface to libapt-pkg ii python-apt-common xxx.xxx.3.12 all Python interface to libapt-pkg (locales) ii python-cffi 0.8.6-1 amd64 Foreign Function Interface for Python calling C code ii python-chardet 2.3.0-1 all universal character encoding detector for Python2 ii python-concurrent.futures 3.0.3-1 all backport of concurrent.futures package from Python 3.2 ii python-croniter 0.3.4-1 all provides iteration for datetime object with cron like format - Python 2.x ii python-crypto 2.6.1-5+deb8u1 amd64 cryptographic algorithms and protocols for Python ii python-cryptography 0.6.1-1+deb8u1 amd64 Python library exposing cryptographic recipes and primitives (Python 2) ii python-dateutil 2.2-2 all powerful extensions to the standard datetime module ii python-debian 0.1.27 all Python modules to work with Debian-related data formats ii python-debianbts 1.12 all Python interface to Debian's Bug Tracking System ii python-defusedxml 0.4.1-2 all XML bomb protection for Python stdlib modules (for Python 2) ii python-docutils 0.12+dfsg-1 all text processing system for reStructuredText (implemented in Python 2) ii python-jinja2 2.9.4-1 all small but fast and easy to use stand-alone template engine ii python-lxml 3.4.0-1+deb8u1 amd64 pythonic binding for the libxml2 and libxslt libraries ii python-markupsafe 0.23-1+b1 amd64 HTML/XHTML/XML string library for Python ii python-minimal 2.7.9-1 amd64 minimal subset of the Python language (default version) ii python-msgpack 0.4.2-1 amd64 Python implementation of MessagePack format ii python-mysqldb 1.2.3-2.1 amd64 Python interface to MySQL ii python-ndg-httpsclient 0.3.2-1 all enhanced HTTPS support for httplib and urllib2 using PyOpenSSL ii python-openssl 0.14-1 all Python 2 wrapper around the OpenSSL library ii python-pil:amd64 2.6.1-2+deb8u3 amd64 Python Imaging Library (Pillow fork) ii python-pkg-resources 5.5.1-1 all Package Discovery and Resource Access using pkg_resources ii python-ply 3.4-5 all Lex and Yacc implementation for Python2 ii python-psutil 2.1.1-1+b1 amd64 module providing convenience functions for managing processes ii python-pyasn1 0.1.7-1 all ASN.1 library for Python (Python 2 module) ii python-pycparser 2.10+dfsg-3 all C parser in Python ii python-pycurl 7.19.5-3 amd64 Python bindings to libcurl ii python-pygments 2.0.1+dfsg-1.1+deb8u1 all syntax highlighting package written in Python ii python-reportbug 6.6.3+deb8u2 all Python modules for interacting with bug tracking systems ii python-requests 2.4.3-6 all elegant and simple HTTP library for Python2, built for human beings ii python-roman 2.0.0-1 all module for generating/analyzing Roman numerals for Python 2 ii python-six 1.8.0-1 all Python 2 and 3 compatibility library (Python 2 interface) ii python-soappy 0.12.22-1 all SOAP Support for Python ii python-support 1.0.15 all automated rebuilding support for Python modules ii python-systemd 231-2~bpo8+1 amd64 Python 2 bindings for systemd ii python-tornado 4.2.1-1~ds+1 amd64 scalable, non-blocking web server and tools ii python-tz 2012c+dfsg-0.1 all Python version of the Olson timezone database ii python-urllib3 1.10.4-1 all HTTP library with thread-safe connection pooling for Python ii python-wstools 0.4.3-2 all WSDL parsing tools Python module ii python-yaml 3.11-2 amd64 YAML parser and emitter for Python ii python-zmq 14.4.0-1 amd64 Python bindings for 0MQ library ii python2.7 2.7.9-2+deb8u2 amd64 Interactive high-level object-oriented language (version 2.7) ii python2.7-minimal 2.7.9-2+deb8u2 amd64 Minimal subset of the Python language (version 2.7) ii python3 3.4.2-2 amd64 interactive high-level object-oriented language (default python3 version) ii python3-hurry.filesize 0.9-1 all human readable file sizes or anything sized in bytes - Python 3.x ii python3-isc-dhcp-leases 0.8.1-1 all Python module for reading dhcp leases files (Python 3 interface) ii python3-jinja2 2.9.4-1 all small but fast and easy to use stand-alone template engine ii python3-markupsafe 0.23-1+b1 amd64 HTML/XHTML/XML string library for Python 3 ii python3-minimal 3.4.2-2 amd64 minimal subset of the Python language (default python3 version) ii python3-netifaces 0.10.4-0.1 amd64 portable network interface information - Python 3.x ii python3-pkg-resources 5.5.1-1 all Package Discovery and Resource Access using pkg_resources ii python3-psutil 2.1.1-1+b1 amd64 module providing convenience functions for managing processes (Python3) ii python3-pystache 0.5.4-2 all Python3 implementation of Mustache ii python3-six 1.8.0-1 all Python 2 and 3 compatibility library (Python 3 interface) ii python3-tabulate 0.7.5-1~bpo8+1 all pretty-print tabular data in Python3 ii python3-urllib3 1.10.4-1 all HTTP library with thread-safe connection pooling for Python3 ii python3.4 3.4.2-1+deb8u1 amd64 Interactive high-level object-oriented language (version 3.4) ii python3.4-minimal 3.4.2-1+deb8u1 amd64 Minimal subset of the Python language (version 3.4) ii qemu-guest-agent 1:2.1+dfsg-12+deb8u8 amd64 Guest-side qemu-system agent ii radius-shell 1.5.0-cl3u1 amd64 Shell front-end used for radius users. ii radvd 1:1.9.1-1.4+vyos1+current1 amd64 Router Advertisement Daemon ii readline-common 6.3-8 all GNU readline and history libraries, common files ii rename 0.20-3 all Perl extension for renaming multiple files ii reportbug 6.6.3+deb8u2 all reports bugs in the Debian distribution ii resource-agents 1:3.9.3+git20121009-3.1 amd64 Cluster Resource Agents ii rsync 3.1.1-3+deb8u1 amd64 fast, versatile, remote (and local) file-copying tool ii rsyslog 8.4.2-1+deb8u2 amd64 reliable system and kernel logging daemon ii salt-common 2017.7.8+ds-1 all shared libraries that salt requires for all packages ii salt-minion 2017.7.8+ds-1 all client xxxxxx for salt, the distributed remote execution system ii screen 4.2.1-3+deb8u1 amd64 terminal multiplexer with VT100/ANSI terminal emulation ii sed 4.2.2-4+deb8u1 amd64 The GNU sed stream editor ii sensible-utils 0.0.9+deb8u1 all Utilities for sensible alternative selection ii sgml-base 1.26+nmu4 all SGML infrastructure and SGML catalog file support ii shared-mime-info 1.3-1 amd64 FreeDesktop.org shared MIME database and spec ii sipcalc 1.1.5-1 amd64 Advanced console-based ip subnet calculator ii snmp xxx.xxx.2.1+vyos2+current1 amd64 SNMP (Simple Network Management Protocol) applications ii snmpd xxx.xxx.2.1+vyos2+current1 amd64 SNMP (Simple Network Management Protocol) agents ii socat xxx.xxx.2.4-2 amd64 multipurpose relay for bidirectional data transfer ii spawn-fcgi 1.6.4-1 amd64 FastCGI process spawner ii squid-langpack 20140506-1 all Localized error pages for Squid ii squid3 3.4.8-6+deb8u6 amd64 Full featured Web Proxy cache (HTTP proxy) ii squid3-common 3.4.8-6+deb8u6 all Full featured Web Proxy cache (HTTP proxy) - common files ii squidclient 3.4.8-6+deb8u6 amd64 Full featured Web Proxy cache (HTTP proxy) - control utility ii squidguard 1.5-4 amd64 filter and redirector plugin for Squid ii startpar 0.59-3 amd64 run processes in parallel and multiplex their output ii strongswan 5.7.2-1+vyos2 all IPsec VPN solution metapackage ii strongswan-charon 5.7.2-1+vyos2 amd64 strongSwan Internet Key Exchange daemon ii strongswan-libcharon 5.7.2-1+vyos2 amd64 strongSwan charon library ii strongswan-starter 5.7.2-1+vyos2 amd64 strongSwan daemon starter and configuration file parser ii strongswan-swanctl 5.7.2-1+vyos2 amd64 strongSwan IPsec client, swanctl command ii sudo 1.8.10p3-1+deb8u5 amd64 Provide limited super user xxxxxx to specific users ii systemd 215-17+deb8u9 amd64 system and service manager ii systemd-sysv 215-17+deb8u9 amd64 system and service manager - SysV links ii sysv-rc 2.88dsf-59 all System-V-like runlevel change mechanism ii sysvinit-utils 2.88dsf-59 amd64 System-V-like utilities ii tar 1.27.1-2+deb8u2 amd64 GNU version of the tar archiving utility ii tasksel 3.31+deb8u1 all tool for selecting tasks for installation on Debian systems ii tasksel-data 3.31+deb8u1 all official tasks used for installation of Debian systems ii tcpd 7.6.q-25 amd64 Wietse Venema's TCP wrapper utilities ii tcpdump 4.9.2-1~deb8u1 amd64 command-line network traffic analyzer ii telnet 0.17-36 amd64 The telnet client ii tftpd-hpa 5.2+20140608-3 amd64 HPA's tftp server ii traceroute 1:2.0.20-2+b1 amd64 Traces the route taken by packets over an IPv4/IPv6 network ii tshark 1.12.1+g01b65bf-4+deb8u16 amd64 network traffic analyzer - console version ii tzdata 2018i-0+deb8u1 all time zone and daylight-saving time data ii ucf 3.0030 all Update Configuration File(s): preserve user xxxxxx to config files ii udev 215-17+deb8u9 amd64 /dev/ and hotplug management daemon ii udp-broadcast-relay 0.1+vyos2+current1 amd64 UDP Broadcast Packet Relay ii unionfs-fuse 0.24-2.2 amd64 Fuse implementation of unionfs ii usb-modeswitch 2.2.0+repack0-2 amd64 mode switching tool for controlling "flip flop" USB devices ii usb-modeswitch-data 20150115-1 all mode switching data for usb-modeswitch ii usbutils 1:007-2 amd64 Linux USB utilities ii user-setup 1.61 all Set up initial user xxxxxx password ii util-linux 2.25.2-6 amd64 Miscellaneous system utilities ii uuid-runtime 2.25.2-6 amd64 runtime components for the Universally Unique ID library ii vim-common 2:7.4.488-7+deb8u3 amd64 Vi IMproved - Common files ii vim-tiny 2:7.4.488-7+deb8u3 amd64 Vi IMproved - enhanced vi editor - compact version ii vyatta-bash 4.1-3+vyos2+crux1 amd64 The VyOS Shell based on GNU bash ii vyatta-biosdevname 1:0.3.11+vyos2+current2 amd64 VyOS version of the biosdevname utility. ii vyatta-cfg 1.2.0-1 amd64 VyOS configuration system ii vyatta-cfg-firewall 1.2.0-1 all VyOS firewall configuration templates/scripts ii vyatta-cfg-op-pppoe 1.2.0-1 all VyOS config and op mode templates for PPPOE ii vyatta-cfg-qos 1.2.0-1 all VyOS Qos configuration templates/scripts ii vyatta-cfg-quagga 1.2.0-1 all VyOS configuration templates/scripts for Quagga ii vyatta-cfg-system 1.2.0-1 amd64 VyOS system-level configuration ii vyatta-cfg-vpn 1.2.0-1 all VyOS IPsec VPN configuration templates/scripts ii vyatta-cluster 1.2.0-1 all VyOS configuration/operational commands for clustering ii vyatta-config-mgmt 1.2.0-1 all VyOS commands for config-mgmt ii vyatta-config-migrate 1.2.0-1 all VyOS configuration migration ii vyatta-conntrack 1.2.0-1 amd64 VyOS conntrack configuration ii vyatta-conntrack-sync 1.2.0-1 all The vyatta-conntrack-sync package ii vyatta-eventwatch 1.2.0-1 all Vyatta/VyOS/EdgeOS eventwatchd integration package ii vyatta-ipv6-rtradv 1.2.0-1 all VyOS config and op mode templates for IPv6 Router Advertisements ii vyatta-lldp 1.2.0-1 amd64 The vyatta-lldp package ii vyatta-nat 1.2.0-1 all VyOS configuration/operational commands for NAT ii vyatta-netflow 1.2.0-1 all VyOS commands for netflow ii vyatta-op 1.2.0-1 all VyOS operational commands and completion scripts ii vyatta-op-firewall 1.2.0-1 all VyOS operational commands for firewall. ii vyatta-op-qos 1.2.0-1 all VyOS operational commands for QOS ii vyatta-op-quagga 1.2.0-1 all VyOS operational command for the Quagga route daemons ii vyatta-op-vpn 1.2.0-1 all VyOS operational commands for IPsec VPN ii vyatta-openvpn 1.2.0-1 all VyOS OpenVPN configuration/operational commands ii vyatta-ravpn 1.2.0-1 all VyOS remote access VPN configuration/operational commands ii vyatta-wanloadbalance 1.2.0-1 amd64 VyOS load balancing configuration system ii vyatta-webgui 0.2.14+vyos2+mickvav amd64 VyOS WebGUI ii vyatta-webproxy 1.2.0-1 all VyOS commands for webproxy ii vyatta-wireless 1.2.0-1 all VyOS configuration/operational commands for 802.11 wireless ii vyatta-wirelessmodem 1.2.0-1 all VyOS configuration/operational commands for USB 3G modems ii vyatta-zone 1.2.0-1 all The vyatta-zone package ii vyos-1x 1.2.0-10 all VyOS configuration scripts and data ii vyos-accel-ppp 1.11.2-5 amd64 accel-ppp is a high performance VPN server application for linux. ii vyos-accel-ppp-ipoe-kmod 1.11.2-5 amd64 IPoE kernel module ii vyos-netplug xxx.xxx.9.2-2 amd64 network link monitor daemon ii vyos-nhrp 1.2.0-1 all VyOs package vyos-nhrp ii vyos-opennhrp 0.14.1-1+vyos2+current1 amd64 VyOS OpenNHRP package ii vyos-replace 1.02+vyos2+current1 all VyOS metapackage ii vyos-salt-minion 1.0.0 all VyOS Salt minion configuration ii vyos-vmwaretools-scripts 1.0-1 all additional user xxxxxx for open-vm-tools ii vyos-world 1.2.0-7 all VyOS metapackage ii vyos-xe-guest-utilities 1.0.0-2 amd64 daemon for monitoring Xen Virtual machines ii wakeonlan 0.41-11 all Sends 'magic packets' to wake-on-LAN enabled ethernet adapters ii wget 1.16-1+deb8u5 amd64 retrieves files from the web ii whois 5.2.7 amd64 intelligent WHOIS client ii wireguard 0.0.20181119-1 all fast, modern, secure kernel VPN tunnel (metapackage) ii wireguard-modules 0.0.20181119-1 amd64 fast, modern, secure kernel VPN tunnel (DKMS version) ii wireguard-tools 0.0.20181119-1 amd64 fast, modern, secure kernel VPN tunnel (userland utilities) ii wireless-regdb 2016.06.10-1~deb8u1 all wireless regulatory database ii wireshark-common 1.12.1+g01b65bf-4+deb8u16 amd64 network traffic analyzer - common files ii wpasupplicant 2.3-1+deb8u6 amd64 client xxxxxx for WPA and WPA2 (IEEE 802.11i) ii xauth 1:1.0.9-1 amd64 X authentication utility ii xdg-user-dirs 0.15-2 amd64 tool to manage well known user xxxxxx ii xkb-data 2.12-1 all X Keyboard Extension (XKB) configuration data ii xl2tpd 1.3.6+dfsg-2-vyos0 amd64 layer 2 tunneling protocol implementation ii xml-core 0.13+nmu2 all XML infrastructure and XML catalog file support ii xsltproc 1.1.28-2+deb8u3 amd64 XSLT 1.0 command line processor ii xz-utils 5.1.1alpha+20120614-2+b3 amd64 XZ-format compression utilities ii zerofree 1.0.3-1 amd64 zero free blocks from ext2, ext3 and ext4 file-systems ii zlib1g:amd64 1:1.2.8.dfsg-2+b1 amd64 compression library - runtime Version: VyOS 1.2.0 Built by: Sentrium S.L. Built on: Sun 27 Jan 2019 19:08 UTC Build ID: 795d6338-c1ce-4ebb-992f-d064f5af9309 Architecture: x86_64 Boot via: installed image System type: VMware guest Hardware vendor: VMware, Inc. Hardware model: VMware Virtual Platform Hardware S/N: Unknown Hardware UUID: Unknown Copyright: VyOS maintainers and contributors Package versions: ---------------- Running configuration ---------------- cluster { dead-interval 20000 group VPNFailower { auto-failback false primary vyos-pri secondary vyos-sec service xxx.xxx.244.249/24/eth0 service pptpd service xxx.xxx.244.2/24/eth0 service openvpn } interface eth1.4002 keepalive-interval 1000 mcast-group xxx.xxx.0.49 monitor-dead-interval 29999 pre-shared-secret xxxxxx } firewall { all-ping enable broadcast-ping disable config-trap disable group { address-group ag-Blacklist { description "Designated threat addresses" } network-group Hrvatski-IP { network xxx.xxx.128.0/19 network xxx.xxx.160.0/19 network xxx.xxx.36.0/23 network xxx.xxx.46.0/24 network xxx.xxx.170.0/23 network xxx.xxx.37.0/24 network xxx.xxx.53.0/24 network xxx.xxx.224.0/19 network xxx.xxx.0.0/13 network xxx.xxx.64.0/19 network xxx.xxx.128.0/18 network xxx.xxx.128.0/17 network xxx.xxx.232.0/21 network xxx.xxx.96.0/19 network xxx.xxx.128.0/17 network xxx.xxx.206.0/24 network xxx.xxx.163.0/24 network xxx.xxx.0.0/18 network xxx.xxx.0.0/17 network xxx.xxx.128.0/17 network xxx.xxx.0.0/18 network xxx.xxx.187.0/24 network xxx.xxx.64.0/19 network xxx.xxx.208.0/21 network xxx.xxx.224.0/19 network xxx.xxx.222.0/24 network xxx.xxx.1.0/24 network xxx.xxx.0.0/16 network xxx.xxx.57.0/24 network xxx.xxx.32.0/20 network xxx.xxx.88.0/21 network xxx.xxx.92.0/22 network xxx.xxx.152.0/21 network xxx.xxx.0.0/19 network xxx.xxx.32.0/20 network xxx.xxx.0.0/17 network xxx.xxx.112.0/20 network xxx.xxx.160.0/20 network xxx.xxx.40.0/22 network xxx.xxx.216.0/22 network xxx.xxx.188.0/22 network xxx.xxx.56.0/22 network xxx.xxx.168.0/22 network xxx.xxx.200.0/22 network xxx.xxx.48.0/22 network xxx.xxx.12.0/22 network xxx.xxx.16.0/22 network xxx.xxx.132.0/22 network xxx.xxx.192.0/22 network xxx.xxx.232.0/22 network xxx.xxx.28.0/22 network xxx.xxx.132.0/22 network xxx.xxx.208.0/22 network xxx.xxx.216.0/22 network xxx.xxx.224.0/22 network xxx.xxx.80.0/22 network xxx.xxx.60.0/22 network xxx.xxx.28.0/22 network xxx.xxx.96.0/22 network xxx.xxx.192.0/22 network xxx.xxx.176.0/22 network xxx.xxx.149.0/24 network xxx.xxx.32.0/22 network xxx.xxx.12.0/22 network xxx.xxx.239.0/24 network xxx.xxx.72.0/22 network xxx.xxx.72.0/22 network xxx.xxx.132.0/22 network xxx.xxx.132.0/22 network xxx.xxx.52.0/22 network xxx.xxx.236.0/22 network xxx.xxx.192.0/22 network xxx.xxx.228.0/22 network xxx.xxx.212.0/22 network xxx.xxx.12.0/22 network xxx.xxx.0.0/19 network xxx.xxx.0.0/17 network xxx.xxx.128.0/17 network xxx.xxx.192.0/24 network xxx.xxx.70.0/23 network xxx.xxx.105.0/24 network xxx.xxx.106.0/24 network xxx.xxx.108.0/24 network xxx.xxx.91.0/24 network xxx.xxx.92.0/23 network xxx.xxx.92.0/24 network xxx.xxx.94.0/24 network xxx.xxx.96.0/24 network xxx.xxx.98.0/24 network xxx.xxx.193.0/24 network xxx.xxx.23.0/24 network xxx.xxx.164.0/24 network xxx.xxx.128.0/21 network xxx.xxx.192.0/21 network xxx.xxx.232.0/21 network xxx.xxx.24.0/21 network xxx.xxx.184.0/21 network xxx.xxx.216.0/21 network xxx.xxx.240.0/21 network xxx.xxx.128.0/21 network xxx.xxx.144.0/21 network xxx.xxx.160.0/21 network xxx.xxx.32.0/21 network xxx.xxx.220.0/22 network xxx.xxx.0.0/16 network xxx.xxx.203.0/24 network xxx.xxx.128.0/20 network xxx.xxx.144.0/22 network xxx.xxx.152.0/21 network xxx.xxx.160.0/20 network xxx.xxx.160.0/21 network xxx.xxx.168.0/22 network xxx.xxx.174.0/23 network xxx.xxx.176.0/21 network xxx.xxx.76.0/22 network xxx.xxx.210.0/23 network xxx.xxx.212.0/22 network xxx.xxx.216.0/21 network xxx.xxx.224.0/20 network xxx.xxx.240.0/22 network xxx.xxx.31.0/24 network xxx.xxx.182.0/24 network xxx.xxx.141.0/24 network xxx.xxx.220.0/24 network xxx.xxx.246.0/24 network xxx.xxx.252.0/24 network xxx.xxx.224.0/24 network xxx.xxx.84.0/22 network xxx.xxx.255.0/24 network xxx.xxx.213.0/24 network xxx.xxx.214.0/24 network xxx.xxx.109.0/24 network xxx.xxx.192.0/18 network xxx.xxx.87.0/24 network xxx.xxx.205.0/24 network xxx.xxx.173.0/24 network xxx.xxx.46.0/24 network xxx.xxx.10.0/24 network xxx.xxx.136.0/24 network xxx.xxx.153.0/24 network xxx.xxx.22.0/23 network xxx.xxx.255.0/24 network xxx.xxx.0.0/16 network xxx.xxx.190.0/23 network xxx.xxx.32.0/22 network xxx.xxx.212.0/23 network xxx.xxx.46.0/23 network xxx.xxx.52.0/22 network xxx.xxx.160.0/19 network xxx.xxx.96.0/19 network xxx.xxx.192.0/19 network xxx.xxx.192.0/23 network xxx.xxx.195.0/24 network xxx.xxx.196.0/22 network xxx.xxx.200.0/21 network xxx.xxx.208.0/20 network xxx.xxx.140.0/22 network xxx.xxx.144.0/22 network xxx.xxx.152.0/21 network xxx.xxx.156.0/22 network xxx.xxx.168.0/21 network xxx.xxx.176.0/21 network xxx.xxx.160.0/22 network xxx.xxx.162.0/23 network xxx.xxx.96.0/19 network xxx.xxx.32.0/19 network xxx.xxx.125.0/24 network xxx.xxx.0.0/19 network xxx.xxx.128.0/19 network xxx.xxx.64.0/18 network xxx.xxx.111.0/24 network xxx.xxx.112.0/22 network xxx.xxx.56.0/21 network xxx.xxx.208.0/20 network xxx.xxx.80.0/20 network xxx.xxx.0.0/16 network xxx.xxx.192.0/19 network xxx.xxx.0.0/17 network xxx.xxx.128.0/17 network xxx.xxx.0.0/18 network xxx.xxx.0.0/19 network xxx.xxx.176.0/21 network xxx.xxx.128.0/17 network xxx.xxx.128.0/19 network xxx.xxx.88.0/21 network xxx.xxx.96.0/21 network xxx.xxx.48.0/20 network xxx.xxx.32.0/19 network xxx.xxx.184.0/21 network xxx.xxx.160.0/19 network xxx.xxx.64.0/19 network xxx.xxx.93.0/24 network xxx.xxx.94.0/24 network xxx.xxx.128.0/19 network xxx.xxx.0.0/17 network xxx.xxx.240.0/22 network xxx.xxx.0.0/16 network xxx.xxx.0.0/19 network xxx.xxx.0.0/16 network xxx.xxx.32.0/19 network xxx.xxx.128.0/17 network xxx.xxx.184.0/21 network xxx.xxx.96.0/20 network xxx.xxx.192.0/18 network xxx.xxx.192.0/18 network xxx.xxx.144.0/21 network xxx.xxx.156.0/22 network xxx.xxx.160.0/19 network xxx.xxx.32.0/20 network xxx.xxx.152.0/21 network xxx.xxx.139.0/24 network xxx.xxx.242.0/23 network xxx.xxx.216.0/24 network xxx.xxx.77.0/24 network xxx.xxx.79.0/24 network xxx.xxx.22.0/23 network xxx.xxx.233.0/24 network xxx.xxx.136.0/24 network xxx.xxx.216.0/24 network xxx.xxx.32.0/24 network xxx.xxx.247.0/24 network xxx.xxx.31.0/24 network xxx.xxx.44.0/24 network xxx.xxx.84.0/24 network xxx.xxx.104.0/22 network xxx.xxx.237.0/24 network xxx.xxx.24.0/24 network xxx.xxx.249.0/24 network xxx.xxx.29.0/24 network xxx.xxx.65.0/24 network xxx.xxx.170.0/24 network xxx.xxx.244.0/24 network xxx.xxx.8.0/23 network xxx.xxx.229.0/24 } network-group blokirani-subneti { network xxx.xxx.62.0/24 } network-group ng-Blacklist { description "Designated threat networks" } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians disable name allow_all { default-action drop description "ALLOW EVERYTHING" rule 1 { action accept } } name dvorane_to_it { default-action drop description "FILTER TRAFFIC FROM dvorane ZONE TO IT ZONE" rule 500 { action accept protocol all source { address xxx.xxx.32.0/22 } } } name dvorane_to_mgmt { default-action drop description "FILTER TRAFFIC FROM dvorane ZONE TO MANAGEMENT ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.32.0/22 } } } name dvorane_to_nastavnici { default-action drop description "FILTER TRAFFIC FROM dvorane ZONE TO nastavnici ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.32.0/22 } } } name dvorane_to_posluzitelji { default-action drop description "FILTER TRAFFIC FROM dvorane ZONE TO POSLUZITELJI ZONE" rule 30 { action drop destination { port smtp } protocol tcp } rule 31 { action drop protocol tcp source { port smtp } } rule 500 { action accept protocol all source { address xxx.xxx.32.0/22 } } } name dvorane_to_printeri { default-action drop description "FILTER TRAFFIC FROM dvorane ZONE TO printeri ZONE" rule 500 { action accept protocol all source { address xxx.xxx.32.0/22 } } } name dvorane_to_public { default-action drop description "FILTER TRAFFIC FROM dvorane ZONE TO PUBLIC ZONE" rule 250 { action drop destination { port smtp } protocol tcp } rule 251 { action drop protocol tcp source { port smtp } } rule 500 { action accept protocol all source { address xxx.xxx.32.0/22 } } } name dvorane_to_sluzbe { default-action drop description "FILTER TRAFFIC FROM dvorane ZONE TO sluzbe ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.32.0/22 } } } name dvorane_to_studenti { default-action drop description "FILTER TRAFFIC FROM dvorane ZONE TO studenti ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name dvorane_to_vpn { default-action drop description "FILTER TRAFFIC FROM dvorane ZONE TO VPN ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.32.0/22 } } } name dvorane_to_vyatta { default-action drop description "FILTER TRAFFIC FROM dvorane ZONE TO VYATTA ZONE" rule 20 { action accept protocol vrrp } rule 500 { action accept protocol all source { address xxx.xxx.32.0/22 } } } name dvorane_to_wzvu { default-action drop description "FILTER TRAFFIC FROM dvorane ZONE TO wzvu ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.32.0/22 } } } name it_to_dvorane { default-action drop description "FILTER TRAFFIC FROM IT ZONE TO dvorane ZONE" rule 500 { action accept protocol all source { address xxx.xxx.9.0/24 } } } name it_to_mgmt { default-action drop description "FILTER TRAFFIC FROM IT ZONE TO MANAGEMENT ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.9.0/24 } } } name it_to_nastavnici { default-action drop description "FILTER TRAFFIC FROM IT ZONE TO nastavnici ZONE" rule 500 { action accept protocol all source { address xxx.xxx.9.0/24 } } } name it_to_posluzitelji { default-action drop description "FILTER TRAFFIC FROM IT ZONE TO POSLUZITELJI ZONE" rule 30 { action drop destination { port smtp } protocol tcp } rule 31 { action drop protocol tcp source { port smtp } } rule 500 { action accept protocol all source { address xxx.xxx.9.0/24 } } } name it_to_printeri { default-action drop description "FILTER TRAFFIC FROM IT ZONE TO printeri ZONE" rule 500 { action accept protocol all source { address xxx.xxx.9.0/24 } } } name it_to_public { default-action drop description "FILTER TRAFFIC FROM IT ZONE TO PUBLIC ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 200 { action drop destination { port smtp } protocol tcp } rule 201 { action drop protocol tcp source { port smtp } } rule 500 { action accept protocol all source { address xxx.xxx.9.0/24 } } } name it_to_sluzbe { default-action drop description "FILTER TRAFFIC FROM IT ZONE TO sluzbe ZONE" rule 500 { action accept protocol all source { address xxx.xxx.9.0/24 } } } name it_to_studenti { default-action drop description "FILTER TRAFFIC FROM it ZONE TO studenti ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.9.0/24 } } } name it_to_vpn { default-action drop description "FILTER TRAFFIC FROM IT ZONE TO VPN ZONE" rule 500 { action accept protocol all source { address xxx.xxx.9.0/24 } } } name it_to_vyatta { default-action drop description "FILTER TRAFFIC FROM IT ZONE TO VYATTA ZONE" rule 20 { action accept protocol vrrp } rule 500 { action accept protocol all source { address xxx.xxx.9.0/24 } } } name it_to_wzvu { default-action drop description "FILTER TRAFFIC FROM IT ZONE TO wzvu ZONE" rule 500 { action accept protocol all source { address xxx.xxx.9.0/24 } } } name mgmt_to_posluzitelji { default-action drop rule 20 { action accept protocol vrrp } rule 500 { action accept protocol all source { address xxx.xxx.11.0/24 } } } name mgmt_to_vyatta { default-action drop rule 20 { action accept protocol vrrp } rule 500 { action accept protocol all source { address xxx.xxx.11.0/24 } } } name nastavnici_to_dvorane { default-action drop description "FILTER TRAFFIC FROM nastavnici ZONE TO dvorane ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.12.0/23 } } } name nastavnici_to_it { default-action drop description "FILTER TRAFFIC FROM nastavnici ZONE TO IT ZONE" rule 500 { action accept protocol all source { address xxx.xxx.12.0/23 } } } name nastavnici_to_mgmt { default-action drop description "FILTER TRAFFIC FROM nastavnici ZONE TO MANAGEMENT ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.12.0/23 } } } name nastavnici_to_posluzitelji { default-action drop description "FILTER TRAFFIC FROM nastavnici ZONE TO POSLUZITELJI ZONE" rule 30 { action drop destination { port smtp } protocol tcp } rule 31 { action drop protocol tcp source { port smtp } } rule 500 { action accept protocol all source { address xxx.xxx.12.0/23 } } } name nastavnici_to_printeri { default-action drop description "FILTER TRAFFIC FROM nastavnici ZONE TO printeri ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.12.0/23 } } } name nastavnici_to_public { default-action drop description "FILTER TRAFFIC FROM nastavnici ZONE TO PUBLIC ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 200 { action drop destination { port smtp } protocol tcp } rule 201 { action drop protocol tcp source { port smtp } } rule 500 { action accept protocol all source { address xxx.xxx.12.0/23 } } } name nastavnici_to_sluzbe { default-action drop description "FILTER TRAFFIC FROM nastavnici ZONE TO sluzbe ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.12.0/23 } } } name nastavnici_to_studenti { default-action drop description "FILTER TRAFFIC FROM nastavnici ZONE TO studenti ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name nastavnici_to_vpn { default-action drop description "FILTER TRAFFIC FROM nastavnici ZONE TO VPN ZONE" rule 500 { action accept protocol all source { address xxx.xxx.12.0/23 } } } name nastavnici_to_vyatta { default-action drop description "FILTER TRAFFIC FROM nastavnici ZONE TO VYATTA ZONE" rule 20 { action accept protocol vrrp } rule 500 { action accept protocol all source { address xxx.xxx.12.0/23 } } } name nastavnici_to_wzvu { default-action drop description "FILTER TRAFFIC FROM nastavnici ZONE TO wzvu ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.12.0/23 } } } name ospf_to_vyatta { default-action drop rule 20 { action accept protocol ospf } rule 21 { action accept protocol icmp } } name pakrac_to_posluzitelji { default-action drop description pakrac rule 500 { action accept protocol all source { address xxx.xxx.50.0/24 } } } name posluzitelji_to_dvorane { default-action drop description "FILTER TRAFFIC FROM POSLUZITELJI ZONE TO dvorane ZONE" rule 500 { action accept protocol all source { address xxx.xxx.10.0/24 } } } name posluzitelji_to_it { default-action drop description "FILTER TRAFFIC FROM POSLUZITELJI ZONE TO IT ZONE" rule 500 { action accept protocol all source { address xxx.xxx.10.0/24 } } } name posluzitelji_to_mgmt { default-action drop description "FILTER TRAFFIC FROM POSLUZITELJI ZONE TO MANAGEMENT ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.10.0/24 } } } name posluzitelji_to_nastavnici { default-action drop description "FILTER TRAFFIC FROM POSLUZITELJI ZONE TO nastavnici ZONE" rule 500 { action accept protocol all source { address xxx.xxx.10.0/24 } } } name posluzitelji_to_pakrac { default-action drop description pakrac rule 500 { action accept protocol all source { address xxx.xxx.10.0/24 } } } name posluzitelji_to_printeri { default-action drop description "FILTER TRAFFIC FROM POSLUZITELJI ZONE TO printeri ZONE" rule 500 { action accept protocol all source { address xxx.xxx.10.0/24 } } } name posluzitelji_to_public { default-action drop description "FILTER TRAFFIC FROM POSLUZITELJI ZONE TO PUBLIC ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 200 { action accept destination { port smtp } protocol tcp source { address xxx.xxx.10.3 } } rule 201 { action accept protocol tcp source { address xxx.xxx.10.3 port smtp } } rule 202 { action accept destination { port smtp } protocol tcp source { address xxx.xxx.10.7 } } rule 203 { action accept protocol tcp source { address xxx.xxx.10.7 port smtp } } rule 204 { action accept protocol tcp source { address xxx.xxx.10.250 port smtp,587 } } rule 205 { action accept destination { port smtp,587 } protocol tcp source { address xxx.xxx.10.250 } } rule 250 { action drop destination { port smtp } protocol tcp } rule 500 { action accept protocol all source { address xxx.xxx.10.0/24 } } } name posluzitelji_to_sluzbe { default-action drop description "FILTER TRAFFIC FROM POSLUZITELJI ZONE TO sluzbe ZONE" rule 500 { action accept protocol all source { address xxx.xxx.10.0/24 } } } name posluzitelji_to_studenti { default-action drop description "FILTER TRAFFIC FROM posluzitelji ZONE TO studenti ZONE" rule 80 { action drop protocol tcp source { port 139 } } rule 500 { action accept protocol all source { address xxx.xxx.10.0/24 } } } name posluzitelji_to_vpn { default-action drop description "FILTER TRAFFIC FROM POSLUZITELJI ZONE TO VPN ZONE" rule 500 { action accept protocol all source { address xxx.xxx.10.0/24 } } } name posluzitelji_to_vyatta { default-action drop description "FILTER TRAFFIC FROM POSLUZITELJI ZONE TO VYATTA ZONE" rule 20 { action accept protocol vrrp } rule 500 { action accept protocol all source { address xxx.xxx.10.0/24 } } } name posluzitelji_to_wzvu { default-action drop description "FILTER TRAFFIC FROM POSLUZITELJI ZONE TO wzvu ZONE" rule 500 { action accept protocol all source { address xxx.xxx.10.0/24 } } } name printeri_to_dvorane { default-action drop description "FILTER TRAFFIC FROM printeri ZONE TO dvorane ZONE" rule 500 { action accept protocol all source { address xxx.xxx.8.0/24 } } } name printeri_to_it { default-action drop description "FILTER TRAFFIC FROM printeri ZONE TO IT ZONE" rule 500 { action accept protocol all source { address xxx.xxx.8.0/24 } } } name printeri_to_mgmt { default-action drop description "FILTER TRAFFIC FROM printeri ZONE TO MANAGEMENT ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.8.0/24 } } } name printeri_to_nastavnici { default-action drop description "FILTER TRAFFIC FROM printeri ZONE TO nastavnici ZONE" rule 500 { action accept protocol all source { address xxx.xxx.8.0/24 } } } name printeri_to_posluzitelji { default-action drop description "FILTER TRAFFIC FROM printeri ZONE TO POSLUZITELJI ZONE" rule 500 { action accept protocol all source { address xxx.xxx.8.0/24 } } } name printeri_to_public { default-action drop description "FILTER TRAFFIC FROM printeri ZONE TO PUBLIC ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 200 { action drop destination { port smtp } protocol tcp } rule 201 { action drop protocol tcp source { port smtp } } rule 500 { action accept protocol all source { address xxx.xxx.8.0/24 } } } name printeri_to_sluzbe { default-action drop description "FILTER TRAFFIC FROM printeri ZONE TO sluzbe ZONE" rule 500 { action accept protocol all source { address xxx.xxx.8.0/24 } } } name printeri_to_studenti { default-action drop description "FILTER TRAFFIC FROM printeri ZONE TO studenti ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name printeri_to_vpn { default-action drop description "FILTER TRAFFIC FROM printeri ZONE TO VPN ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.8.0/24 } } } name printeri_to_vyatta { default-action drop description "FILTER TRAFFIC FROM printeri ZONE TO VYATTA ZONE" rule 20 { action accept protocol vrrp } rule 500 { action accept protocol all source { address xxx.xxx.8.0/24 } } } name printeri_to_wzvu { default-action drop description "FILTER TRAFFIC FROM printeri ZONE TO wzvu ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.8.0/24 } } } name public_to_dvorane { default-action drop description "FILTER TRAFFIC FROM PUBLIC ZONE TO dvorane ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name public_to_it { default-action drop description "FILTER TRAFFIC FROM PUBLIC ZONE TO IT ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 200 { action accept protocol all source { address xxx.xxx.1.192/27 } } rule 201 { action accept destination { port 51413 } protocol tcp source { address xxx.xxx.0.0/0 } } rule 202 { action accept description "Pakrac to IT" protocol all source { address xxx.xxx.1.2 } } rule 203 { action accept description "Pakrac to IT" protocol all source { address xxx.xxx.50.0/24 } } } name public_to_mgmt { default-action drop description "FILTER TRAFFIC FROM PUBLIC ZONE TO MANAGEMENT ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name public_to_nastavnici { default-action drop description "FILTER TRAFFIC FROM PUBLIC ZONE TO nastavnici ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name public_to_posluzitelji { default-action drop description "FILTER TRAFFIC FROM PUBLIC ZONE TO POSLUZITELJI ZONE" rule 50 { action accept protocol tcp_udp source { port 53 } } rule 51 { action accept protocol icmp source { address xxx.xxx.0.0/0 } } rule 80 { action drop protocol tcp source { port 139,445 } } rule 199 { action drop protocol all source { group { network-group blokirani-subneti } } } rule 200 { action accept description "PROLAZ HTTP, HTTPS" destination { port 80,443 } protocol tcp source { address xxx.xxx.0.0/0 } } rule 220 { action accept description "ISVU print server" destination { address xxx.xxx.10.27 port 2020,20202,21811 } protocol tcp_udp source { address xxx.xxx.1.192/27 } } rule 221 { action accept description "Prolaz smtp,bind,isvu" destination { address xxx.xxx.10.3 port 22,25,53,80,389,443,587,873,1812,1813,1443 } protocol tcp_udp source { address xxx.xxx.0.0/0 } } rule 222 { action accept description "Bacula backup" destination { port 9102 } protocol tcp source { address xxx.xxx.192.34 } } rule 223 { action accept description "Prolaz BigBlueButton" destination { address xxx.xxx.10.10 port 80,443,1935,5066,7443 } protocol tcp source { address xxx.xxx.0.0/0 } } rule 224 { action accept description "Prolaz BigBlueButton udp" destination { address xxx.xxx.10.10 port 16384-32767 } protocol udp source { address xxx.xxx.0.0/0 } } rule 225 { action accept description "Pakrac prema posluziteljima" protocol all source { address xxx.xxx.1.2 } } rule 226 { action accept description "Prolaz smtp,bind,isvu" destination { address xxx.xxx.10.7 port 22,25,53,80,389,443,587,873,1812,1813,1443 } protocol tcp_udp source { address xxx.xxx.0.0/0 } } rule 227 { action accept description "Prolaz smtp,subm,ission SYMANTEC" destination { address xxx.xxx.10.250 port 25,587 } protocol tcp source { address xxx.xxx.0.0/0 } } rule 500 { action drop description "Drop traffic from blacklisted networks" source { group { network-group ng-Blacklist } } } rule 501 { action drop description "Drop traffic from blacklisted addresses" source { group { address-group ag-Blacklist } } } } name public_to_printeri { default-action drop description "FILTER TRAFFIC FROM PUBLIC ZONE TO printeri ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name public_to_sluzbe { default-action drop description "FILTER TRAFFIC FROM PUBLIC ZONE TO sluzbe ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 200 { action accept protocol all source { address xxx.xxx.1.192/27 } } } name public_to_studenti { default-action drop description "FILTER TRAFFIC FROM public ZONE TO studenti ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name public_to_vpn { default-action drop description "FILTER TRAFFIC FROM PUBLIC ZONE TO VPN ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name public_to_vyatta { default-action drop description "FILTER TRAFFIC FROM PUBLIC ZONE TO VYATTA ZONE" rule 20 { action accept protocol vrrp } rule 21 { action accept destination { } protocol icmp } rule 100 { action drop description "Drop traffic from blacklisted networks" source { group { network-group ng-Blacklist } } } rule 101 { action drop description "Drop traffic from blacklisted addresses" source { group { address-group ag-Blacklist } } } rule 199 { action drop protocol all source { group { network-group blokirani-subneti } } } rule 200 { action accept description "PPTPD Port 1723" destination { address xxx.xxx.244.249 port 1723 } protocol tcp state { established enable invalid disable new enable related enable } } rule 201 { action accept description "PPTPD GRE" destination { address xxx.xxx.244.249 } protocol gre state { established enable invalid disable new enable related enable } } rule 202 { action accept description ssh destination { address xxx.xxx.244.249 port 22 } protocol tcp source { group { network-group Hrvatski-IP } } } rule 203 { action accept destination { port openvpn } protocol udp source { group { network-group Hrvatski-IP } } } rule 204 { action accept destination { port 4500 } protocol udp source { group { network-group Hrvatski-IP } } } rule 205 { action accept destination { port 500 } protocol udp source { group { network-group Hrvatski-IP } } } rule 206 { action accept destination { port 1195 } protocol udp source { group { network-group Hrvatski-IP } } } rule 502 { action drop destination { port 21,22,23,25,80,443,873 } protocol tcp_udp source { address xxx.xxx.0.0/0 } } rule 5001 { action accept protocol all source { address xxx.xxx.244.0/24 } } } name public_to_wzvu { default-action drop description "FILTER TRAFFIC FROM PUBLIC ZONE TO wzvu ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name sluzbe_to_dvorane { default-action drop description "FILTER TRAFFIC FROM sluzbe ZONE TO dvorane ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.11.0/24 } } } name sluzbe_to_it { default-action drop description "FILTER TRAFFIC FROM sluzbe ZONE TO IT ZONE" rule 500 { action accept protocol all source { address xxx.xxx.11.0/24 } } } name sluzbe_to_mgmt { default-action drop description "FILTER TRAFFIC FROM sluzbe ZONE TO MANAGEMENT ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.11.0/24 } } } name sluzbe_to_nastavnici { default-action drop description "FILTER TRAFFIC FROM sluzbe ZONE TO nastavnici ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.11.0/24 } } } name sluzbe_to_posluzitelji { default-action drop description "FILTER TRAFFIC FROM sluzbe ZONE TO POSLUZITELJI ZONE" rule 30 { action drop destination { port smtp } protocol tcp } rule 31 { action drop protocol tcp source { port smtp } } rule 500 { action accept protocol all source { address xxx.xxx.11.0/24 } } } name sluzbe_to_printeri { default-action drop description "FILTER TRAFFIC FROM sluzbe ZONE TO printeri ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.11.0/24 } } } name sluzbe_to_public { default-action drop description "FILTER TRAFFIC FROM sluzbe ZONE TO PUBLIC ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 199 { action accept destination { address xxx.xxx.34.28 port smtp } protocol tcp } rule 200 { action drop destination { port smtp } protocol tcp } rule 201 { action drop protocol tcp source { port smtp } } rule 500 { action accept protocol all source { address xxx.xxx.11.0/24 } } } name sluzbe_to_studenti { default-action drop description "FILTER TRAFFIC FROM sluzbe ZONE TO studenti ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name sluzbe_to_vpn { default-action drop description "FILTER TRAFFIC FROM sluzbe ZONE TO VPN ZONE" rule 500 { action accept protocol all source { address xxx.xxx.11.0/24 } } } name sluzbe_to_vyatta { default-action drop description "FILTER TRAFFIC FROM sluzbe ZONE TO VYATTA ZONE" rule 20 { action accept protocol vrrp } rule 500 { action accept protocol all source { address xxx.xxx.11.0/24 } } } name sluzbe_to_wzvu { default-action drop description "FILTER TRAFFIC FROM sluzbe ZONE TO wzvu ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.11.0/24 } } } name studenti_to_dvorane { default-action drop description "FILTER TRAFFIC FROM studenti ZONE TO dvorane ZONE" rule 80 { action drop protocol tcp } } name studenti_to_it { default-action drop description "FILTER TRAFFIC FROM studenti ZONE TO IT ZONE" rule 500 { action accept protocol all source { address xxx.xxx.16.1-xxx.xxx.16.40 } } } name studenti_to_mgmt { default-action drop description "FILTER TRAFFIC FROM studenti ZONE TO MANAGEMENT ZONE" } name studenti_to_nastavnici { default-action drop description "FILTER TRAFFIC FROM studenti ZONE TO nastavnici ZONE" } name studenti_to_posluzitelji { default-action drop description "FILTER TRAFFIC FROM studenti ZONE TO POSLUZITELJI ZONE" rule 30 { action drop destination { port smtp } protocol tcp } rule 31 { action drop protocol tcp source { port smtp } } rule 50 { action accept description "allow icmp" icmp { type-name ping } protocol icmp source { address xxx.xxx.16.0/20 } } rule 101 { action accept destination { port 53,80,443,515,8014,8080,8000,8880 } protocol tcp source { address xxx.xxx.16.0/20 } } rule 102 { action accept destination { port 53,67,68 } protocol udp source { address xxx.xxx.16.0/20 } } rule 103 { action accept destination { address xxx.xxx.10.99 port 445 } protocol tcp source { address xxx.xxx.16.0/20 } } rule 104 { action accept destination { address xxx.xxx.10.34 } protocol tcp source { address xxx.xxx.16.0/20 } } rule 105 { action accept destination { address xxx.xxx.10.19 } protocol all source { address xxx.xxx.16.10/20 } } rule 500 { action drop protocol all source { address xxx.xxx.16.0/20 } } } name studenti_to_printeri { default-action drop description "FILTER TRAFFIC FROM studenti ZONE TO printeri ZONE" } name studenti_to_public { default-action drop description "FILTER TRAFFIC FROM studenti ZONE TO PUBLIC ZONE" rule 104 { action accept protocol all source { address xxx.xxx.16.1-xxx.xxx.16.39 } } rule 105 { action accept destination { port 80,443,465,587,993,995,37777,1000-10000 } protocol tcp source { address xxx.xxx.16.0/20 } } rule 200 { action drop destination { port smtp } protocol tcp } rule 201 { action drop protocol tcp source { port smtp } } rule 500 { action drop protocol all source { address xxx.xxx.16.0/20 } } } name studenti_to_sluzbe { default-action drop description "FILTER TRAFFIC FROM studenti ZONE TO sluzbe ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name studenti_to_vpn { default-action drop description "FILTER TRAFFIC FROM studenti ZONE TO VPN ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name studenti_to_vyatta { default-action drop description "FILTER TRAFFIC FROM studenti ZONE TO VYATTA ZONE" rule 20 { action accept protocol vrrp } rule 500 { action accept protocol all source { address xxx.xxx.16.0/20 } } } name studenti_to_wzvu { default-action drop description "FILTER TRAFFIC FROM studenti ZONE TO wzvu ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 81 { action accept destination { port 8880 } protocol tcp source { } } } name vpn_to_dvorane { default-action drop description "FILTER TRAFFIC FROM VPN ZONE TO dvorane ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.4.0/24 } } } name vpn_to_it { default-action drop description "FILTER TRAFFIC FROM VPN ZONE TO IT ZONE" rule 500 { action accept protocol all source { address xxx.xxx.4.0/24 } } rule 501 { action accept protocol all source { address xxx.xxx.12.0/24 } } } name vpn_to_mgmt { default-action drop description "FILTER TRAFFIC FROM VPN ZONE TO MGMT ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 200 { action accept protocol all source { address xxx.xxx.14.0/24 } } rule 500 { action accept protocol all source { address xxx.xxx.4.0/24 } } rule 501 { action accept protocol all source { address xxx.xxx.12.0/24 } } } name vpn_to_nastavnici { default-action drop description "FILTER TRAFFIC FROM VPN ZONE TO nastavnici ZONE" rule 500 { action accept protocol all source { address xxx.xxx.4.0/24 } } rule 501 { action accept protocol all source { address xxx.xxx.12.0/24 } } } name vpn_to_posluzitelji { default-action drop description "FILTER TRAFFIC FROM VPN ZONE TO POSLUZITELJI ZONE" rule 30 { action drop destination { port smtp } protocol tcp } rule 31 { action drop protocol tcp source { port smtp } } rule 200 { action accept protocol all source { address xxx.xxx.14.0/24 } } rule 500 { action accept protocol all source { address xxx.xxx.4.0/24 } } rule 501 { action accept protocol all source { address xxx.xxx.12.0/24 } } rule 502 { action accept protocol all source { address xxx.xxx.1.2 } } rule 503 { action accept protocol all source { address xxx.xxx.50.0/24 } } } name vpn_to_printeri { default-action drop description "FILTER TRAFFIC FROM VPN ZONE TO printeri ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.4.0/24 } } rule 501 { action accept protocol all source { address xxx.xxx.12.0/24 } } } name vpn_to_public { default-action drop description "FILTER TRAFFIC FROM VPN ZONE TO PUBLIC ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.4.0/24 } } } name vpn_to_sluzbe { default-action drop description "FILTER TRAFFIC FROM VPN ZONE TO sluzbe ZONE" rule 500 { action accept protocol all source { address xxx.xxx.4.0/24 } } rule 501 { action accept protocol all source { address xxx.xxx.12.0/24 } } } name vpn_to_studenti { default-action drop description "FILTER TRAFFIC FROM vpn ZONE TO studenti ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } } name vpn_to_vyatta { default-action drop description "FILTER TRAFFIC FROM VPN ZONE TO VYATTA ZONE" rule 20 { action accept protocol vrrp } rule 200 { action drop destination { port 21,23,25,80,443 } protocol tcp_udp source { address xxx.xxx.4.0/24 } } rule 500 { action accept protocol all source { address xxx.xxx.4.0/24 } } rule 501 { action accept protocol all source { address xxx.xxx.12.0/24 } } } name vpn_to_wzvu { default-action drop description "FILTER TRAFFIC FROM VPN ZONE TO wzvu ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.4.0/24 } } } name vrrp_to_vyatta { default-action drop description "FILTER TRAFFIC FROM VRRP ZONE TO VYATTA ZONE" rule 20 { action accept protocol vrrp } rule 21 { action accept protocol all } rule 500 { action accept protocol all source { address xxx.xxx.12.0/30 } } } name vyatta_to_mgmt { default-action accept } name wzvu_to_dvorane { default-action drop description "FILTER TRAFFIC FROM wzvu ZONE TO dvorane ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.14.0/23 } } } name wzvu_to_it { default-action drop description "FILTER TRAFFIC FROM wzvu ZONE TO IT ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.14.0/23 } } } name wzvu_to_mgmt { default-action drop description "FILTER TRAFFIC FROM wzvu ZONE TO MANAGEMENT ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.14.0/23 } } } name wzvu_to_nastavnici { default-action drop description "FILTER TRAFFIC FROM wzvu ZONE TO nastavnici ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.14.0/23 } } } name wzvu_to_posluzitelji { default-action drop description "FILTER TRAFFIC FROM wzvu ZONE TO POSLUZITELJI ZONE" rule 500 { action accept protocol all source { address xxx.xxx.14.0/23 } } } name wzvu_to_printeri { default-action drop description "FILTER TRAFFIC FROM wzvu ZONE TO printeri ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.14.0/23 } } } name wzvu_to_public { default-action drop description "FILTER TRAFFIC FROM wzvu ZONE TO PUBLIC ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 200 { action drop destination { port smtp } protocol tcp } rule 201 { action drop protocol tcp source { port smtp } } rule 500 { action accept protocol all source { address xxx.xxx.14.0/23 } } } name wzvu_to_sluzbe { default-action drop description "FILTER TRAFFIC FROM wzvu ZONE TO sluzbe ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.14.0/23 } } } name wzvu_to_studenti { default-action drop description "FILTER TRAFFIC FROM wzvu ZONE TO studenti ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 81 { action accept protocol all } } name wzvu_to_vpn { default-action drop description "FILTER TRAFFIC FROM wzvu ZONE TO VPN ZONE" rule 80 { action drop protocol tcp source { port 139,445 } } rule 500 { action accept protocol all source { address xxx.xxx.14.0/23 } } } name wzvu_to_vyatta { default-action drop description "FILTER TRAFFIC FROM wzvu ZONE TO VYATTA ZONE" rule 20 { action accept protocol vrrp } rule 500 { action accept protocol all source { address xxx.xxx.14.0/23 } } } receive-redirects disable send-redirects enable source-validation disable state-policy { established { action accept } related { action accept } } syn-cookies enable twa-hazards-protection disable } high-availability { vrrp { group eth0-10 { advertise-interval 1 authentication { password xxxxxx type plaintext-password } hello-source-address xxx.xxx.12.1 interface eth0 no-preempt priority 150 virtual-address xxx.xxx.244.3/24 virtual-address xxx.xxx.244.4/24 virtual-address xxx.xxx.244.5/24 virtual-address xxx.xxx.244.6/24 virtual-address xxx.xxx.244.7/24 virtual-address xxx.xxx.244.8/24 virtual-address xxx.xxx.244.9/24 virtual-address xxx.xxx.244.10/24 virtual-address xxx.xxx.244.11/24 virtual-address xxx.xxx.244.12/24 virtual-address xxx.xxx.244.13/24 virtual-address xxx.xxx.244.14/24 virtual-address xxx.xxx.244.15/24 virtual-address xxx.xxx.244.27/24 virtual-address xxx.xxx.244.2/24 vrid 10 } group eth0-11 { advertise-interval 1 authentication { password xxxxxx type plaintext-password } hello-source-address xxx.xxx.12.1 interface eth0 no-preempt priority 150 virtual-address xxx.xxx.244.100/24 virtual-address xxx.xxx.244.101/24 virtual-address xxx.xxx.244.102/24 virtual-address xxx.xxx.244.103/24 virtual-address xxx.xxx.244.104/24 virtual-address xxx.xxx.244.105/24 virtual-address xxx.xxx.244.106/24 virtual-address xxx.xxx.244.110/24 virtual-address xxx.xxx.244.111/24 virtual-address xxx.xxx.244.250/24 virtual-address xxx.xxx.244.251/24 vrid 11 } group eth1.100-100 { advertise-interval 1 authentication { password xxxxxx type plaintext-password } hello-source-address xxx.xxx.12.1 interface eth1.100 no-preempt priority 250 virtual-address xxx.xxx.32.1/22 vrid 100 } group eth1.101-101 { advertise-interval 1 authentication { password xxxxxx type plaintext-password } hello-source-address xxx.xxx.12.1 interface eth1.101 no-preempt priority 250 virtual-address xxx.xxx.8.1/24 vrid 101 } group eth1.102-102 { advertise-interval 1 authentication { password xxxxxx type plaintext-password } hello-source-address xxx.xxx.12.1 interface eth1.102 no-preempt priority 250 virtual-address xxx.xxx.9.1/24 vrid 102 } group eth1.103-103 { advertise-interval 1 authentication { password xxxxxx type plaintext-password } hello-source-address xxx.xxx.12.1 interface eth1.103 no-preempt priority 250 virtual-address xxx.xxx.12.1/23 vrid 103 } group eth1.104-104 { advertise-interval 1 authentication { password xxxxxx type plaintext-password } hello-source-address xxx.xxx.12.1 interface eth1.104 no-preempt priority 250 virtual-address xxx.xxx.11.1/24 vrid 104 } group eth1.105-105 { advertise-interval 1 authentication { password xxxxxx type plaintext-password } hello-source-address xxx.xxx.12.1 interface eth1.105 no-preempt priority 250 virtual-address xxx.xxx.14.1/23 vrid 105 } group eth1.106-106 { advertise-interval 1 authentication { password xxxxxx type plaintext-password } hello-source-address xxx.xxx.12.1 interface eth1.106 no-preempt priority 250 virtual-address xxx.xxx.16.1/20 vrid 106 } group eth1.1000-50 { advertise-interval 1 authentication { password xxxxxx type plaintext-password } hello-source-address xxx.xxx.12.1 interface eth1.1000 no-preempt priority 250 virtual-address xxx.xxx.10.1/24 vrid 50 } group eth1.4000-51 { advertise-interval 1 authentication { password xxxxxx type plaintext-password } hello-source-address xxx.xxx.12.1 interface eth1.4000 no-preempt priority 250 virtual-address xxx.xxx.11.1/24 vrid 51 } sync-group VRRP-SYNC { member eth0-10 member eth0-11 member eth1.100-100 member eth1.101-101 member eth1.102-102 member eth1.103-103 member eth1.104-104 member eth1.105-105 member eth1.106-106 member eth1.1000-50 member eth1.4000-51 } } } interfaces { ethernet eth0 { duplex auto hw-id XX:XX:XX:a5:3b:a8 smp-affinity auto speed auto } ethernet eth1 { duplex auto hw-id XX:XX:XX:a5:f4:bc smp-affinity auto speed auto vif 100 { description "dvorane PRIMARY INTERFACE" } vif 101 { description "printeri PRIMARY INTERFACE" } vif 102 { description "IT PRIMARY INTERFACE" } vif 103 { description "nastavnici PRIMARY INTERFACE" } vif 104 { description "sluzbe PRIMARY INTERFACE" } vif 105 { description "wzvu PRIMARY INTERFACE" } vif 106 { description "studenti PRIMARY INTERFACE" } vif 1000 { description "posluzitelji PRIMARY INTERFACE" } vif 4000 { description "MGMT PRIMARY INTERFACE" } vif 4002 { address xxx.xxx.13.1/30 description "Clustering Interface" } vif 4003 { address xxx.xxx.14.1/24 description OSPF } } ethernet eth2 { address xxx.xxx.12.1/30 description "VRRP SYNC" duplex auto hw-id XX:XX:XX:a5:c1:c3 smp-affinity auto speed auto } loopback lo { } openvpn vtun0 { encryption aes256 hash sha256 local-port 1194 mode server openvpn-option "--plugin /usr/lib/openvpn/openvpn-auth-ldap.so /config/auth/ldap-auth.config" openvpn-option "--script-security 2" openvpn-option --duplicate-cn openvpn-option "--tls-version-min 1.2" protocol udp server { domain-name xxxxxx name-server xxx.xxx.10.2 push-route xxx.xxx.10.0/24 push-route xxx.xxx.9.0/24 push-route xxx.xxx.8.0/24 push-route xxx.xxx.11.0/24 push-route xxx.xxx.12.0/23 subnet xxx.xxx.12.0/24 } tls { ca-cert-file xxxxxx cert-file xxxxxx dh-file xxxxxx key-file xxxxxx } } openvpn vtun10 { encryption aes256 hash sha256 local-address xxx.xxx.1.1 { } local-port 1195 mode site-to-site openvpn-option "--tls-version-min 1.2" persistent-tunnel protocol udp remote-address xxx.xxx.1.2 remote-port 1195 shared-secret-key-file xxxxxx } } nat { destination { rule 999 { description "SESTRA udp" destination { address xxx.xxx.244.3 port 22,25,53,80,443,389,873,1812,1813,1443 } inbound-interface eth0 protocol udp translation { address xxx.xxx.10.3 } } rule 1000 { description SESTRA destination { address xxx.xxx.244.3 port 22,25,53,80,443,389,873,587,1812,1813,1443 } inbound-interface eth0 protocol tcp translation { address xxx.xxx.10.3 } } rule 1001 { description NEPTUN destination { address xxx.xxx.244.4 port 80,443 } inbound-interface eth0 protocol tcp translation { address xxx.xxx.10.4 } } rule 1003 { description "exchange 2013" destination { address xxx.xxx.244.6 port 80,443 } inbound-interface eth0 protocol tcp translation { address xxx.xxx.10.6 } } rule 1004 { description "zvu-mail sestra" destination { address xxx.xxx.244.7 port 22,25,53,80,443,389,873,1812,1813,1443 } inbound-interface eth0 protocol tcp_udp translation { address xxx.xxx.10.7 } } rule 1005 { description MOODLE destination { address xxx.xxx.244.8 port 80,443 } inbound-interface eth0 protocol tcp translation { address xxx.xxx.10.8 } } rule 1006 { description SUN destination { address xxx.xxx.244.9 port 80,443,9102 } inbound-interface eth0 protocol tcp translation { address xxx.xxx.10.9 } } rule 1007 { description "big blue" destination { address xxx.xxx.244.10 port 80,443,1935,5060,7443 } inbound-interface eth0 protocol tcp translation { address xxx.xxx.10.10 } } rule 1008 { description big_blue_udp destination { address xxx.xxx.244.10 port 16384-32768 } inbound-interface eth0 protocol udp translation { address xxx.xxx.10.10 } } rule 1009 { description ticketx.zvu.hr destination { address xxx.xxx.244.12 port 80,443 } inbound-interface eth0 protocol tcp translation { address xxx.xxx.10.15 } } rule 1010 { description WWW destination { address xxx.xxx.244.13 port 80,443 } inbound-interface eth0 protocol tcp translation { address xxx.xxx.10.13 } } rule 1011 { description KNJIZARA destination { address xxx.xxx.244.14 port 80,443 } inbound-interface eth0 protocol tcp translation { address xxx.xxx.10.59 } } rule 1012 { description STAR destination { address xxx.xxx.244.15 port 80,443 } inbound-interface eth0 protocol tcp translation { address xxx.xxx.10.74 } } rule 1013 { description X destination { address xxx.xxx.244.10 port 25 } inbound-interface eth0 protocol tcp source { address xxx.xxx.10.3 } translation { address xxx.xxx.10.10 } } rule 1014 { description remark destination { address xxx.xxx.244.27 port 2020,21811,20202 } inbound-interface eth0 protocol tcp_udp source { address xxx.xxx.1.192/27 } translation { address xxx.xxx.10.27 } } rule 1015 { description torrent destination { address xxx.xxx.244.102 port 51413 } inbound-interface eth0 protocol tcp_udp translation { address xxx.xxx.9.10 } } rule 1016 { description "Syamntec SGM" destination { address xxx.xxx.244.250 port 25,587 } inbound-interface eth0 protocol tcp translation { address xxx.xxx.10.250 } } rule 1017 { description "Syamntec SGM" destination { address xxx.xxx.244.250 port 25,587 } inbound-interface eth0 protocol tcp translation { address xxx.xxx.10.250 } } } source { rule 5 { destination { address xxx.xxx.50.0/24 } exclude outbound-interface eth0 source { address xxx.xxx.10.0/24 } } rule 6 { destination { address xxx.xxx.1.0/24 } exclude outbound-interface eth0 source { address xxx.xxx.10.0/24 } } rule 7 { destination { address xxx.xxx.1.0/24 } exclude outbound-interface eth0 source { address xxx.xxx.9.0/24 } } rule 8 { destination { address xxx.xxx.50.0/24 } exclude outbound-interface eth0 source { address xxx.xxx.9.0/24 } } rule 100 { description "INTERNAL NETWORK TO INTERNAL NETWORK - NO NAT!!!" destination { address xxx.xxx.0.0/8 } exclude outbound-interface eth0 source { address xxx.xxx.0.0/8 } } rule 400 { description "sestra TO INTERNET" outbound-interface eth0 source { address xxx.xxx.10.3/32 } translation { address xxx.xxx.244.3 } } rule 401 { description "zvu-mail TO INTERNET" outbound-interface eth0 source { address xxx.xxx.10.7/32 } translation { address xxx.xxx.244.7 } } rule 1000 { description "IT NETWORKS TO INTERNET" outbound-interface eth0 source { address xxx.xxx.9.0/24 } translation { address xxx.xxx.244.102 } } rule 1001 { description "sluzbe TO INTERNET" outbound-interface eth0 source { address xxx.xxx.11.0/24 } translation { address xxx.xxx.244.104 } } rule 1002 { description "nastavnici TO INTERNET" outbound-interface eth0 source { address xxx.xxx.12.0/23 } translation { address xxx.xxx.244.103 } } rule 1003 { description "wzvu TO INTERNET" outbound-interface eth0 source { address xxx.xxx.14.0/23 } translation { address xxx.xxx.244.105 } } rule 1004 { description "studenti TO INTERNET" outbound-interface eth0 source { address xxx.xxx.16.0/20 } translation { address xxx.xxx.244.106 } } rule 1005 { description "dvorane TO INTERNET" outbound-interface eth0 source { address xxx.xxx.32.0/22 } translation { address xxx.xxx.244.100 } } rule 1008 { description "remark TO INTERNET" outbound-interface eth0 source { address xxx.xxx.10.27/32 } translation { address xxx.xxx.244.27 } } rule 1009 { description "sun TO INTERNET" outbound-interface eth0 source { address xxx.xxx.10.9/32 } translation { address xxx.xxx.244.9 } } rule 1010 { description "bigbluebutton TO INTERNET" outbound-interface eth0 source { address xxx.xxx.10.10/32 } translation { address xxx.xxx.244.10 } } rule 1011 { description "SYMANTEC SMG TO INTERNET" outbound-interface eth0 source { address xxx.xxx.10.251/32 } translation { address xxx.xxx.244.251 } } rule 1012 { description "SYMANTEC SMG TO INTERNET" outbound-interface eth0 source { address xxx.xxx.10.250/32 } translation { address xxx.xxx.244.250 } } rule 5000 { description "INTERNAL NETWORKS TO INTERNET" outbound-interface eth0 source { address xxx.xxx.0.0/8 } translation { address xxx.xxx.244.111 } } } } policy { prefix-list RFC1918PREFIXES { rule 1 { action permit le 32 prefix xxx.xxx.0.0/8 } rule 2 { action permit le 32 prefix xxx.xxx.0.0/12 } rule 3 { action permit le 32 prefix xxx.xxx.0.0/16 } } route-map ONLYRFC1918PREFIXES { rule 10 { action permit match { ip { address { prefix-list RFC1918PREFIXES } } } } rule 90 { action deny } } } protocols { ospf { area 1 { network xxx.xxx.0.0/8 } area xxx.xxx.0.0 { authentication md5 network xxx.xxx.4.0/30 } neighbor xxx.xxx.14.2 { poll-interval 60 priority 0 } parameters { abr-type cisco router-id xxx.xxx.14.1 } passive-interface eth0 passive-interface eth1 passive-interface eth1.100 passive-interface eth1.101 passive-interface eth1.102 passive-interface eth1.103 passive-interface eth1.104 passive-interface eth1.105 passive-interface eth1.106 passive-interface eth1.1000 passive-interface eth1.4000 passive-interface eth1.4002 passive-interface eth1.4003 passive-interface vtun0 redistribute { connected { metric-type 2 route-map ONLYRFC1918PREFIXES } kernel { metric-type 2 } } } static { interface-route xxx.xxx.50.0/24 { next-hop-interface vtun10 { } } interface-route xxx.xxx.0.0/24 { next-hop-interface vtun10 { } } route xxx.xxx.0.0/0 { next-hop xxx.xxx.244.1 { } } } } service { conntrack-sync { event-listen-queue-size 8 expect-sync all failover-mechanism { vrrp { sync-group VRRP-SYNC } } interface eth2 { } mcast-group xxx.xxx.0.50 sync-queue-size 1 } ssh { disable-host-validation listen-address xxx.xxx.12.1 listen-address xxx.xxx.13.1 port 22 } } system { config-management { commit-revisions 20 } conntrack { expect-table-size 2048 hash-size 131070 modules { ftp { disable } gre { } h323 { } nfs { disable } pptp { } sip { disable enable-indirect-media enable-indirect-signalling } sqlnet { disable } tftp { disable } } table-size 1048567 tcp { half-open-connections 512 loose disable max-retrans 3 } } domain-search xxxxxx domain zvu.hr domain health.zvu.hr } host-name xxxxxx ip { arp { table-size 32768 } } ipv6 { disable } login { user xxxxxx { authentication { encrypted-password xxxxxx plaintext-password xxxxxx } level admin } } name-server xxx.xxx.10.2 name-server xxx.xxx.10.36 ntp { server xxxxx.tld { } server xxxxx.tld { } server xxxxx.tld { } } options { ctrl-alt-del-action ignore reboot-on-panic true } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone Europe/Zagreb } vpn { pptp { remote-access { authentication { mode radius radius { server xxxxx.tld { key xxxxxx } } require mschap-v2 } client-ip-pool { start xxx.xxx.4.10 stop xxx.xxx.4.100 } dns-servers { server-1 xxx.xxx.10.2 server-2 xxx.xxx.10.36 } outside-address xxx.xxx.244.249 } } } zone-policy { zone cluster { default-action drop description CLUSTERING from ospf { firewall { name allow_all } } from vyatta { firewall { name allow_all } } interface eth1.4002 } zone dvorane { default-action drop description "ZVU dvorane ZONE" from it { firewall { name it_to_dvorane } } from nastavnici { firewall { name nastavnici_to_dvorane } } from ospf { firewall { name allow_all } } from posluzitelji { firewall { name posluzitelji_to_dvorane } } from printeri { firewall { name printeri_to_dvorane } } from public { firewall { name public_to_dvorane } } from sluzbe { firewall { name sluzbe_to_dvorane } } from studenti { firewall { name studenti_to_dvorane } } from vrrp { firewall { name allow_all } } from vyatta { firewall { name allow_all } } from wzvu { firewall { name wzvu_to_dvorane } } interface eth1.100 } zone it { default-action drop description "ZVU IT ZONE" from dvorane { firewall { name dvorane_to_it } } from mgmt { firewall { name allow_all } } from nastavnici { firewall { name nastavnici_to_it } } from ospf { firewall { name allow_all } } from posluzitelji { firewall { name posluzitelji_to_it } } from printeri { firewall { name printeri_to_it } } from public { firewall { name public_to_it } } from sluzbe { firewall { name sluzbe_to_it } } from studenti { firewall { name studenti_to_it } } from vpn { firewall { name vpn_to_it } } from vrrp { firewall { name allow_all } } from vyatta { firewall { name allow_all } } from wzvu { firewall { name wzvu_to_it } } interface eth1.102 } zone mgmt { default-action drop description "MGMT ZONA" from dvorane { firewall { name dvorane_to_mgmt } } from it { firewall { name it_to_mgmt } } from nastavnici { firewall { name nastavnici_to_mgmt } } from ospf { firewall { name allow_all } } from posluzitelji { firewall { name posluzitelji_to_mgmt } } from printeri { firewall { name printeri_to_mgmt } } from public { firewall { name public_to_mgmt } } from sluzbe { firewall { name sluzbe_to_mgmt } } from studenti { firewall { name studenti_to_mgmt } } from vyatta { firewall { name allow_all } } from wzvu { firewall { name wzvu_to_mgmt } } interface eth1.4000 } zone nastavnici { default-action drop description "ZVU nastavnici ZONE" from dvorane { firewall { name dvorane_to_nastavnici } } from it { firewall { name it_to_nastavnici } } from ospf { firewall { name allow_all } } from posluzitelji { firewall { name posluzitelji_to_nastavnici } } from printeri { firewall { name printeri_to_nastavnici } } from public { firewall { name public_to_nastavnici } } from sluzbe { firewall { name sluzbe_to_nastavnici } } from studenti { firewall { name studenti_to_nastavnici } } from vpn { firewall { name vpn_to_nastavnici } } from vrrp { firewall { name allow_all } } from vyatta { firewall { name allow_all } } from wzvu { firewall { name wzvu_to_nastavnici } } interface eth1.103 } zone ospf { default-action drop description "OSPF ROUTING" from it { firewall { name allow_all } } from posluzitelji { firewall { name allow_all } } from vyatta { firewall { name allow_all } } interface eth1.4003 } zone posluzitelji { default-action drop description "ZVU POSLUZITELJI ZONE" from dvorane { firewall { name dvorane_to_posluzitelji } } from it { firewall { name it_to_posluzitelji } } from mgmt { firewall { name mgmt_to_posluzitelji } } from nastavnici { firewall { name nastavnici_to_posluzitelji } } from ospf { firewall { name allow_all } } from printeri { firewall { name printeri_to_posluzitelji } } from public { firewall { name public_to_posluzitelji } } from sluzbe { firewall { name sluzbe_to_posluzitelji } } from studenti { firewall { name studenti_to_posluzitelji } } from vpn { firewall { name vpn_to_posluzitelji } } from vrrp { firewall { name allow_all } } from vyatta { firewall { name allow_all } } from wzvu { firewall { name wzvu_to_posluzitelji } } interface eth1.1000 } zone printeri { default-action drop description "ZVU printeri ZONE" from dvorane { firewall { name dvorane_to_printeri } } from it { firewall { name it_to_printeri } } from nastavnici { firewall { name nastavnici_to_printeri } } from ospf { firewall { name allow_all } } from posluzitelji { firewall { name posluzitelji_to_printeri } } from public { firewall { name public_to_printeri } } from sluzbe { firewall { name sluzbe_to_printeri } } from studenti { firewall { name studenti_to_printeri } } from vpn { firewall { name vpn_to_printeri } } from vrrp { firewall { name allow_all } } from vyatta { firewall { name allow_all } } from wzvu { firewall { name wzvu_to_printeri } } interface eth1.101 } zone public { default-action drop description "PUBLIC ZONE - ie REST OF THE WORLD" from dvorane { firewall { name dvorane_to_public } } from it { firewall { name it_to_public } } from mgmt { firewall { name mgmt_to_posluzitelji } } from nastavnici { firewall { name nastavnici_to_public } } from ospf { firewall { name allow_all } } from posluzitelji { firewall { name posluzitelji_to_public } } from printeri { firewall { name printeri_to_public } } from sluzbe { firewall { name sluzbe_to_public } } from studenti { firewall { name studenti_to_public } } from vpn { firewall { name vpn_to_public } } from vyatta { firewall { name allow_all } } from wzvu { firewall { name wzvu_to_public } } interface eth0 } zone sluzbe { default-action drop description "ZVU sluzbe ZONE" from dvorane { firewall { name dvorane_to_sluzbe } } from it { firewall { name it_to_sluzbe } } from nastavnici { firewall { name nastavnici_to_sluzbe } } from ospf { firewall { name allow_all } } from posluzitelji { firewall { name posluzitelji_to_sluzbe } } from printeri { firewall { name printeri_to_sluzbe } } from public { firewall { name public_to_sluzbe } } from studenti { firewall { name studenti_to_sluzbe } } from vpn { firewall { name vpn_to_studenti } } from vrrp { firewall { name allow_all } } from vyatta { firewall { name allow_all } } from wzvu { firewall { name wzvu_to_sluzbe } } interface eth1.104 } zone studenti { default-action drop description "ZVU studenti ZONE" from dvorane { firewall { name dvorane_to_studenti } } from it { firewall { name it_to_studenti } } from nastavnici { firewall { name nastavnici_to_studenti } } from ospf { firewall { name allow_all } } from posluzitelji { firewall { name posluzitelji_to_studenti } } from printeri { firewall { name printeri_to_studenti } } from public { firewall { name public_to_studenti } } from sluzbe { firewall { name sluzbe_to_studenti } } from vyatta { firewall { name allow_all } } from wzvu { firewall { name wzvu_to_studenti } } interface eth1.106 } zone vpn { default-action drop description "ZVU vpn ZONE" from it { firewall { name allow_all } } from nastavnici { firewall { name nastavnici_to_vpn } } from ospf { firewall { name allow_all } } from posluzitelji { firewall { name posluzitelji_to_vpn } } from printeri { firewall { name printeri_to_vpn } } from public { firewall { name public_to_vpn } } from sluzbe { firewall { name sluzbe_to_vpn } } from studenti { firewall { name studenti_to_vpn } } from vyatta { firewall { name allow_all } } interface pptp+ interface vtun0 interface vtun10 } zone vrrp { default-action drop description "VRRP ZONA" from dvorane { firewall { name allow_all } } from it { firewall { name allow_all } } from nastavnici { firewall { name allow_all } } from ospf { firewall { name allow_all } } from posluzitelji { firewall { name allow_all } } from printeri { firewall { name allow_all } } from public { firewall { name allow_all } } from sluzbe { firewall { name allow_all } } from studenti { firewall { name allow_all } } from vyatta { firewall { name allow_all } } interface eth2 } zone vyatta { default-action drop from cluster { firewall { name allow_all } } from dvorane { firewall { name dvorane_to_vyatta } } from it { firewall { name it_to_vyatta } } from mgmt { firewall { name mgmt_to_vyatta } } from nastavnici { firewall { name nastavnici_to_vyatta } } from ospf { firewall { name allow_all } } from posluzitelji { firewall { name posluzitelji_to_vyatta } } from printeri { firewall { name printeri_to_vyatta } } from sluzbe { firewall { name sluzbe_to_vyatta } } from studenti { firewall { name studenti_to_vyatta } } from vpn { firewall { name allow_all } } from vrrp { firewall { name vrrp_to_vyatta } } from wzvu { firewall { name wzvu_to_vyatta } } local-zone } zone wzvu { default-action drop description "ZVU wzvu ZONE" from dvorane { firewall { name dvorane_to_wzvu } } from it { firewall { name it_to_wzvu } } from nastavnici { firewall { name nastavnici_to_wzvu } } from ospf { firewall { name allow_all } } from posluzitelji { firewall { name posluzitelji_to_wzvu } } from printeri { firewall { name printeri_to_wzvu } } from public { firewall { name public_to_wzvu } } from sluzbe { firewall { name sluzbe_to_wzvu } } from studenti { firewall { name studenti_to_wzvu } } from vrrp { firewall { name allow_all } } from vyatta { firewall { name allow_all } } interface eth1.105 } } ---------------- INTERFACES ---------------- ---------------- Interfaces ---------------- Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 xxx.xxx.244.100/24 u/u xxx.xxx.244.101/24 xxx.xxx.244.102/24 xxx.xxx.244.103/24 xxx.xxx.244.104/24 xxx.xxx.244.105/24 xxx.xxx.244.106/24 xxx.xxx.244.110/24 xxx.xxx.244.111/24 xxx.xxx.244.250/24 xxx.xxx.244.251/24 xxx.xxx.244.3/24 xxx.xxx.244.4/24 xxx.xxx.244.5/24 xxx.xxx.244.6/24 xxx.xxx.244.7/24 xxx.xxx.244.8/24 xxx.xxx.244.9/24 xxx.xxx.244.10/24 xxx.xxx.244.11/24 xxx.xxx.244.12/24 xxx.xxx.244.13/24 xxx.xxx.244.14/24 xxx.xxx.244.15/24 xxx.xxx.244.27/24 xxx.xxx.244.2/24 xxx.xxx.244.249/24 eth1 - u/u eth1.100 xxx.xxx.32.1/22 u/u dvorane PRIMARY INTERFACE eth1.101 xxx.xxx.8.1/24 u/u printeri PRIMARY INTERFACE eth1.102 xxx.xxx.9.1/24 u/u IT PRIMARY INTERFACE eth1.103 xxx.xxx.12.1/23 u/u nastavnici PRIMARY INTERFACE eth1.104 xxx.xxx.11.1/24 u/u sluzbe PRIMARY INTERFACE eth1.105 xxx.xxx.14.1/23 u/u wzvu PRIMARY INTERFACE eth1.106 xxx.xxx.16.1/20 u/u studenti PRIMARY INTERFACE eth1.1000 xxx.xxx.10.1/24 u/u posluzitelji PRIMARY INTERFACE eth1.4000 xxx.xxx.11.1/24 u/u MGMT PRIMARY INTERFACE eth1.4002 xxx.xxx.13.1/30 u/u Clustering Interface eth1.4003 xxx.xxx.14.1/24 u/u OSPF eth2 xxx.xxx.12.1/30 u/u VRRP SYNC lo xxx.xxx.0.1/8 u/u ::1/128 vtun0 xxx.xxx.12.1/24 u/u vtun10 xxx.xxx.1.1 u/u ---------------- ROUTING ---------------- ---------------- show ip route connected (total 44) ---------------- Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route C>* xxx.xxx.8.0/24 is directly connected, eth1.101, xxxx:xxxx:42 C>* xxx.xxx.9.0/24 is directly connected, eth1.102, xxxx:xxxx:42 C>* xxx.xxx.10.0/24 is directly connected, eth1.1000, xxxx:xxxx:42 C>* xxx.xxx.11.0/24 is directly connected, eth1.104, xxxx:xxxx:42 C>* xxx.xxx.12.0/23 is directly connected, eth1.103, xxxx:xxxx:42 C>* xxx.xxx.14.0/23 is directly connected, eth1.105, xxxx:xxxx:42 C>* xxx.xxx.16.0/20 is directly connected, eth1.106, xxxx:xxxx:42 C>* xxx.xxx.32.0/22 is directly connected, eth1.100, xxxx:xxxx:42 C>* xxx.xxx.11.0/24 is directly connected, eth1.4000, xxxx:xxxx:42 C>* xxx.xxx.12.0/30 is directly connected, eth2, xxxx:xxxx:42 C>* xxx.xxx.13.0/30 is directly connected, eth1.4002, xxxx:xxxx:42 C>* xxx.xxx.14.0/24 is directly connected, eth1.4003, xxxx:xxxx:41 C>* xxx.xxx.12.0/24 is directly connected, vtun0, xxxx:xxxx:43 C>* xxx.xxx.1.2/32 is directly connected, vtun10, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:01 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 C>* xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:42 ---------------- show ip route static (total 6) ---------------- Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route S>* xxx.xxx.0.0/0 [1/0] via xxx.xxx.244.1, eth0, xxxx:xxxx:42 S>* xxx.xxx.50.0/24 [1/0] is directly connected, vtun10, xxxx:xxxx:42 S>* xxx.xxx.0.0/24 [1/0] is directly connected, vtun10, xxxx:xxxx:42 ---------------- show ip route rip (total 0)- limit 500 ---------------- ---------------- show ip route ospf (total 17)- limit 500 ---------------- Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route O xxx.xxx.8.0/24 [110/10] is directly connected, eth1.101, xxxx:xxxx:42 O xxx.xxx.9.0/24 [110/10] is directly connected, eth1.102, xxxx:xxxx:42 O xxx.xxx.10.0/24 [110/10] is directly connected, eth1.1000, xxxx:xxxx:42 O xxx.xxx.11.0/24 [110/10] is directly connected, eth1.104, xxxx:xxxx:42 O xxx.xxx.12.0/23 [110/10] is directly connected, eth1.103, xxxx:xxxx:42 O xxx.xxx.14.0/23 [110/10] is directly connected, eth1.105, xxxx:xxxx:42 O xxx.xxx.16.0/20 [110/10] is directly connected, eth1.106, xxxx:xxxx:42 O xxx.xxx.32.0/22 [110/10] is directly connected, eth1.100, xxxx:xxxx:42 O xxx.xxx.11.0/24 [110/10] is directly connected, eth1.4000, xxxx:xxxx:42 O xxx.xxx.12.0/30 [110/10] is directly connected, eth2, xxxx:xxxx:16 O xxx.xxx.13.0/30 [110/10] is directly connected, eth1.4002, xxxx:xxxx:37 O xxx.xxx.14.0/24 [110/10] is directly connected, eth1.4003, xxxx:xxxx:37 O xxx.xxx.12.0/24 [110/10000] is directly connected, vtun0, xxxx:xxxx:43 O * xxx.xxx.1.2/32 [110/20] via xxx.xxx.12.2, eth2, xxxx:xxxx:08 ---------------- show ip route bgp (total 0)- limit 500 ---------------- ---------------- show ip route (total 61)- limit 500 ---------------- Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route S>* xxx.xxx.0.0/0 [1/0] via xxx.xxx.244.1, eth0, xxxx:xxxx:43 O xxx.xxx.8.0/24 [110/10] is directly connected, eth1.101, xxxx:xxxx:43 C>* xxx.xxx.8.0/24 is directly connected, eth1.101, xxxx:xxxx:43 O xxx.xxx.9.0/24 [110/10] is directly connected, eth1.102, xxxx:xxxx:43 C>* xxx.xxx.9.0/24 is directly connected, eth1.102, xxxx:xxxx:43 O xxx.xxx.10.0/24 [110/10] is directly connected, eth1.1000, xxxx:xxxx:43 C>* xxx.xxx.10.0/24 is directly connected, eth1.1000, xxxx:xxxx:43 O xxx.xxx.11.0/24 [110/10] is directly connected, eth1.104, xxxx:xxxx:43 C>* xxx.xxx.11.0/24 is directly connected, eth1.104, xxxx:xxxx:43 O xxx.xxx.12.0/23 [110/10] is directly connected, eth1.103, xxxx:xxxx:43 C>* xxx.xxx.12.0/23 is directly connected, eth1.103, xxxx:xxxx:43 O xxx.xxx.14.0/23 [110/10] is directly connected, eth1.105, xxxx:xxxx:43 C>* xxx.xxx.14.0/23 is directly connected, eth1.105, xxxx:xxxx:43 O xxx.xxx.16.0/20 [110/10] is directly connected, eth1.106, xxxx:xxxx:43 C>* xxx.xxx.16.0/20 is directly connected, eth1.106, xxxx:xxxx:43 O xxx.xxx.32.0/22 [110/10] is directly connected, eth1.100, xxxx:xxxx:43 C>* xxx.xxx.32.0/22 is directly connected, eth1.100, xxxx:xxxx:43 S>* xxx.xxx.50.0/24 [1/0] is directly connected, vtun10, xxxx:xxxx:43 O xxx.xxx.11.0/24 [110/10] is directly connected, eth1.4000, xxxx:xxxx:43 C>* xxx.xxx.11.0/24 is directly connected, eth1.4000, xxxx:xxxx:43 O xxx.xxx.12.0/30 [110/10] is directly connected, eth2, xxxx:xxxx:17 C>* xxx.xxx.12.0/30 is directly connected, eth2, xxxx:xxxx:43 O xxx.xxx.13.0/30 [110/10] is directly connected, eth1.4002, xxxx:xxxx:38 C>* xxx.xxx.13.0/30 is directly connected, eth1.4002, xxxx:xxxx:43 O xxx.xxx.14.0/24 [110/10] is directly connected, eth1.4003, xxxx:xxxx:38 C>* xxx.xxx.14.0/24 is directly connected, eth1.4003, xxxx:xxxx:42 O xxx.xxx.12.0/24 [110/10000] is directly connected, vtun0, xxxx:xxxx:44 C>* xxx.xxx.12.0/24 is directly connected, vtun0, xxxx:xxxx:44 C>* xxx.xxx.1.2/32 is directly connected, vtun10, xxxx:xxxx:43 O * xxx.xxx.1.2/32 [110/20] via xxx.xxx.12.2, eth2, xxxx:xxxx:09 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:02 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C * xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 C>* xxx.xxx.244.0/24 is directly connected, eth0, xxxx:xxxx:43 S>* xxx.xxx.0.0/24 [1/0] is directly connected, vtun10, xxxx:xxxx:43 ---------------- show ipv6 route connected (total 19) ---------------- Codes: K - kernel route, C - connected, S - static, R - RIPng, O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route C * fe80::/64 is directly connected, vtun10, xxxx:xxxx:43 C * fe80::/64 is directly connected, vtun0, xxxx:xxxx:44 C * fe80::/64 is directly connected, eth1.4003, xxxx:xxxx:40 C * fe80::/64 is directly connected, eth1.1000, xxxx:xxxx:41 C * fe80::/64 is directly connected, eth1.104, xxxx:xxxx:41 C * fe80::/64 is directly connected, eth1.103, xxxx:xxxx:41 C * fe80::/64 is directly connected, eth1.106, xxxx:xxxx:41 C * fe80::/64 is directly connected, eth1.4002, xxxx:xxxx:41 C * fe80::/64 is directly connected, eth1.4000, xxxx:xxxx:41 C * fe80::/64 is directly connected, eth1.105, xxxx:xxxx:41 C * fe80::/64 is directly connected, eth1.100, xxxx:xxxx:41 C * fe80::/64 is directly connected, eth1, xxxx:xxxx:41 C * fe80::/64 is directly connected, eth1.101, xxxx:xxxx:41 C * fe80::/64 is directly connected, eth1.102, xxxx:xxxx:41 C * fe80::/64 is directly connected, eth2, xxxx:xxxx:42 C>* fe80::/64 is directly connected, eth0, xxxx:xxxx:42 ---------------- show ipv6 route static (total 0) ---------------- ---------------- show ipv6 route ripng (total 0)- limit 500 ---------------- ---------------- show ipv6 route ospf6 (total 0)- limit 500 ---------------- ---------------- show ipv6 route bgp (total 0)- limit 500 ---------------- ---------------- show ipv6 route (total 19)- limit 500 ---------------- Codes: K - kernel route, C - connected, S - static, R - RIPng, O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route C * fe80::/64 is directly connected, vtun10, xxxx:xxxx:44 C * fe80::/64 is directly connected, vtun0, xxxx:xxxx:45 C * fe80::/64 is directly connected, eth1.4003, xxxx:xxxx:41 C * fe80::/64 is directly connected, eth1.1000, xxxx:xxxx:42 C * fe80::/64 is directly connected, eth1.104, xxxx:xxxx:42 C * fe80::/64 is directly connected, eth1.103, xxxx:xxxx:42 C * fe80::/64 is directly connected, eth1.106, xxxx:xxxx:42 C * fe80::/64 is directly connected, eth1.4002, xxxx:xxxx:42 C * fe80::/64 is directly connected, eth1.4000, xxxx:xxxx:42 C * fe80::/64 is directly connected, eth1.105, xxxx:xxxx:42 C * fe80::/64 is directly connected, eth1.100, xxxx:xxxx:42 C * fe80::/64 is directly connected, eth1, xxxx:xxxx:42 C * fe80::/64 is directly connected, eth1.101, xxxx:xxxx:42 C * fe80::/64 is directly connected, eth1.102, xxxx:xxxx:42 C * fe80::/64 is directly connected, eth2, xxxx:xxxx:43 C>* fe80::/64 is directly connected, eth0, xxxx:xxxx:43 ---------------- Recent 100 Log Messages ---------------- Mar 29 xxxx:xxxx:28 vyos-pri openvpn-vtun10[27272]: WARNING: file '/config/auth/openvpnML.key' is group or others accessible Mar 29 xxxx:xxxx:28 vyos-pri openvpn-vtun10[27272]: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mar 29 xxxx:xxxx:28 vyos-pri openvpn-vtun10[27272]: Static Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mar 29 xxxx:xxxx:28 vyos-pri openvpn-vtun10[27272]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mar 29 xxxx:xxxx:28 vyos-pri openvpn-vtun10[27272]: Static Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mar 29 xxxx:xxxx:28 vyos-pri openvpn-vtun10[27272]: Socket Buffers: R=[212992->131072] S=[212992->131072] Mar 29 xxxx:xxxx:28 vyos-pri openvpn-vtun10[27272]: Preserving previous TUN/TAP instance: vtun10 Mar 29 xxxx:xxxx:28 vyos-pri openvpn-vtun10[27272]: UDPv4 link local (bound): [undef] Mar 29 xxxx:xxxx:28 vyos-pri openvpn-vtun10[27272]: UDPv4 link remote: [undef] Mar 29 xxxx:xxxx:46 vyos-pri openvpn-vtun0[27143]: event_wait : Interrupted system call (code=4) Mar 29 xxxx:xxxx:46 vyos-pri openvpn-vtun0[27143]: Closing TUN/TAP interface Mar 29 xxxx:xxxx:46 vyos-pri openvpn-vtun0[27143]: /sbin/ip addr del dev vtun0 xxx.xxx.12.1/24 Mar 29 xxxx:xxxx:46 vyos-pri openvpn-vtun0[27143]: PLUGIN_CLOSE: /usr/lib/openvpn/openvpn-auth-ldap.so Mar 29 xxxx:xxxx:46 vyos-pri openvpn-vtun0[27143]: SIGTERM[hard,] received, process exiting Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27606]: OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017 Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27606]: library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08 Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27606]: MANAGEMENT: unix domain socket listening on /tmp/openvpn-mgmt-intf Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27606]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27606]: PLUGIN_INIT: POST /usr/lib/openvpn/openvpn-auth-ldap.so '[/usr/lib/openvpn/openvpn-auth-ldap.so] [/config/auth/ldap-auth.config]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27606]: Diffie-Hellman initialized with 2048 bit key Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27606]: WARNING: file '/config/auth/vyosserver.key' is group or others accessible Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27606]: Socket Buffers: R=[212992->131072] S=[212992->131072] Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27606]: TUN/TAP device vtun0 opened Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27606]: TUN/TAP TX queue length set to 100 Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27606]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27606]: /sbin/ip link set dev vtun0 up mtu 1500 Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27606]: /sbin/ip addr add dev vtun0 xxx.xxx.12.1/24 broadcast xxx.xxx.12.255 Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27615]: UDPv4 link local (bound): [undef] Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27615]: UDPv4 link remote: [undef] Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27615]: MULTI: multi_init called, r=256 v=256 Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27615]: IFCONFIG POOL: base=xxx.xxx.12.2 size=252, ipv6=0 Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun0[27615]: Initialization Sequence Completed Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun10[27272]: event_wait : Interrupted system call (code=4) Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun10[27272]: Closing TUN/TAP interface Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun10[27272]: /sbin/ip addr del dev vtun10 local xxx.xxx.1.1 peer xxxxx.tld Mar 29 xxxx:xxxx:47 vyos-pri openvpn-vtun10[27272]: SIGTERM[hard,] received, process exiting Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27631]: OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017 Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27631]: library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08 Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27631]: WARNING: file '/config/auth/openvpnML.key' is group or others accessible Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27631]: Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27631]: Static Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27631]: Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27631]: Static Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27631]: Socket Buffers: R=[212992->131072] S=[212992->131072] Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27631]: TUN/TAP device vtun10 opened Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27631]: TUN/TAP TX queue length set to 100 Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27631]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27631]: /sbin/ip link set dev vtun10 up mtu 1500 Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27631]: /sbin/ip addr add dev vtun10 local xxx.xxx.1.1 peer xxxxx.tld Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27640]: UDPv4 link local (bound): [undef] Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27640]: UDPv4 link remote: [undef] Mar 29 xxxx:xxxx:53 vyos-pri commit: Successful change to active configuration by user xxxxxx on /dev/pts/0 Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27640]: Inactivity timeout (--ping-restart), restarting Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27640]: SIGUSR1[soft,ping-restart] received, process restarting Mar 29 xxxx:xxxx:48 vyos-pri openvpn-vtun10[27640]: Restart pause, 2 second(s) Mar 29 xxxx:xxxx:50 vyos-pri openvpn-vtun10[27640]: WARNING: file '/config/auth/openvpnML.key' is group or others accessible Mar 29 xxxx:xxxx:50 vyos-pri openvpn-vtun10[27640]: Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 29 xxxx:xxxx:50 vyos-pri openvpn-vtun10[27640]: Static Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mar 29 xxxx:xxxx:50 vyos-pri openvpn-vtun10[27640]: Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 29 xxxx:xxxx:50 vyos-pri openvpn-vtun10[27640]: Static Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mar 29 xxxx:xxxx:50 vyos-pri openvpn-vtun10[27640]: Socket Buffers: R=[212992->131072] S=[212992->131072] Mar 29 xxxx:xxxx:50 vyos-pri openvpn-vtun10[27640]: Preserving previous TUN/TAP instance: vtun10 Mar 29 xxxx:xxxx:50 vyos-pri openvpn-vtun10[27640]: UDPv4 link local (bound): [undef] Mar 29 xxxx:xxxx:50 vyos-pri openvpn-vtun10[27640]: UDPv4 link remote: [undef] Mar 29 xxxx:xxxx:50 vyos-pri openvpn-vtun10[27640]: Inactivity timeout (--ping-restart), restarting Mar 29 xxxx:xxxx:50 vyos-pri openvpn-vtun10[27640]: SIGUSR1[soft,ping-restart] received, process restarting Mar 29 xxxx:xxxx:50 vyos-pri openvpn-vtun10[27640]: Restart pause, 2 second(s) Mar 29 xxxx:xxxx:52 vyos-pri openvpn-vtun10[27640]: WARNING: file '/config/auth/openvpnML.key' is group or others accessible Mar 29 xxxx:xxxx:52 vyos-pri openvpn-vtun10[27640]: Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 29 xxxx:xxxx:52 vyos-pri openvpn-vtun10[27640]: Static Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mar 29 xxxx:xxxx:52 vyos-pri openvpn-vtun10[27640]: Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 29 xxxx:xxxx:52 vyos-pri openvpn-vtun10[27640]: Static Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mar 29 xxxx:xxxx:52 vyos-pri openvpn-vtun10[27640]: Socket Buffers: R=[212992->131072] S=[212992->131072] Mar 29 xxxx:xxxx:52 vyos-pri openvpn-vtun10[27640]: Preserving previous TUN/TAP instance: vtun10 Mar 29 xxxx:xxxx:52 vyos-pri openvpn-vtun10[27640]: UDPv4 link local (bound): [undef] Mar 29 xxxx:xxxx:52 vyos-pri openvpn-vtun10[27640]: UDPv4 link remote: [undef] Mar 29 xxxx:xxxx:52 vyos-pri openvpn-vtun10[27640]: Inactivity timeout (--ping-restart), restarting Mar 29 xxxx:xxxx:52 vyos-pri openvpn-vtun10[27640]: SIGUSR1[soft,ping-restart] received, process restarting Mar 29 xxxx:xxxx:52 vyos-pri openvpn-vtun10[27640]: Restart pause, 2 second(s) Mar 29 xxxx:xxxx:54 vyos-pri openvpn-vtun10[27640]: WARNING: file '/config/auth/openvpnML.key' is group or others accessible Mar 29 xxxx:xxxx:54 vyos-pri openvpn-vtun10[27640]: Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 29 xxxx:xxxx:54 vyos-pri openvpn-vtun10[27640]: Static Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mar 29 xxxx:xxxx:54 vyos-pri openvpn-vtun10[27640]: Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 29 xxxx:xxxx:54 vyos-pri openvpn-vtun10[27640]: Static Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mar 29 xxxx:xxxx:54 vyos-pri openvpn-vtun10[27640]: Socket Buffers: R=[212992->131072] S=[212992->131072] Mar 29 xxxx:xxxx:54 vyos-pri openvpn-vtun10[27640]: Preserving previous TUN/TAP instance: vtun10 Mar 29 xxxx:xxxx:54 vyos-pri openvpn-vtun10[27640]: UDPv4 link local (bound): [undef] Mar 29 xxxx:xxxx:54 vyos-pri openvpn-vtun10[27640]: UDPv4 link remote: [undef] Mar 29 xxxx:xxxx:55 vyos-pri openvpn-vtun10[27640]: Inactivity timeout (--ping-restart), restarting Mar 29 xxxx:xxxx:55 vyos-pri openvpn-vtun10[27640]: SIGUSR1[soft,ping-restart] received, process restarting Mar 29 xxxx:xxxx:55 vyos-pri openvpn-vtun10[27640]: Restart pause, 2 second(s) Mar 29 xxxx:xxxx:57 vyos-pri openvpn-vtun10[27640]: WARNING: file '/config/auth/openvpnML.key' is group or others accessible Mar 29 xxxx:xxxx:57 vyos-pri openvpn-vtun10[27640]: Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 29 xxxx:xxxx:57 vyos-pri openvpn-vtun10[27640]: Static Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mar 29 xxxx:xxxx:57 vyos-pri openvpn-vtun10[27640]: Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 29 xxxx:xxxx:57 vyos-pri openvpn-vtun10[27640]: Static Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mar 29 xxxx:xxxx:57 vyos-pri openvpn-vtun10[27640]: Socket Buffers: R=[212992->131072] S=[212992->131072] Mar 29 xxxx:xxxx:57 vyos-pri openvpn-vtun10[27640]: Preserving previous TUN/TAP instance: vtun10 Mar 29 xxxx:xxxx:57 vyos-pri openvpn-vtun10[27640]: UDPv4 link local (bound): [undef] Mar 29 xxxx:xxxx:57 vyos-pri openvpn-vtun10[27640]: UDPv4 link remote: [undef] ---------------- END OF TECH-SUPPORT BRIEF FILE ----------------