diff --git a/roles/base/files/profile b/roles/base/files/profile
index b153f2f..995c549 100644
--- a/roles/base/files/profile
+++ b/roles/base/files/profile
@@ -1,8 +1,8 @@
-# $OpenBSD: dot.profile,v 1.9 2010/12/13 12:54:31 millert Exp $
+# $OpenBSD: dot.profile,v 1.5 2018/02/02 02:29:54 yasuoka Exp $
 #
 # sh/ksh initialization
 
-PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin
+PATH=$HOME/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:/usr/games
 export PATH HOME TERM
 export PS1="\u@\h:\w\\$ "
 HISTFILE=$HOME/.histfile
@@ -25,3 +25,32 @@ case "$-" in
 	fi
 	;;
 esac
+
+PKG_LIST=$(ls -1 /var/db/pkg)
+
+set -A complete_kill_1 -- -9 -HUP -INFO -KILL -TERM
+pgrep -q vmd
+if [ $? = 0 ]; then
+        set -A complete_vmctl -- console load reload start stop reset status
+        set -A complete_vmctl_2 -- $(vmctl status | awk '!/NAME/{print $NF}')
+fi
+if [ -d ~/.password-store ]; then
+        PASS_LIST=$(
+                cd ~/.password-store
+                find . -type f -name \*.gpg | sed 's/^\.\///' | sed 's/\.gpg$//g'
+        )
+
+        set -A complete_pass -- $PASS_LIST -c generate edit insert git
+        set -A complete_pass_2 -- $PASS_LIST push
+fi
+set -A complete_pkg_delete -- $PKG_LIST
+set -A complete_pkg_info -- $PKG_LIST
+set -A complete_rcctl_1 -- disable enable get ls order set reload check restart stop start
+set -A complete_rcctl_2 -- $(ls /etc/rc.d)
+set -A complete_signify_1 -- -C -G -S -V
+set -A complete_signify_2 -- -q -p -x -c -m -t -z
+set -A complete_signify_3 -- -p -x -c -m -t -z
+set -A complete_make_1 -- install clean repackage reinstall
+set -A complete_gpg2 -- --refresh --receive-keys --armor --clearsign --sign --list-key --decrypt --verify --detach-sig
+set -A complete_git -- pull push mpull mpush status clone branch add rm checkout fetch show tag commit
+set -A complete_ifconfig_1 -- $(ifconfig | grep ^[a-z] | cut -d: -f1)
diff --git a/roles/base/tasks/evobackup.yml b/roles/base/tasks/evobackup.yml
index 669c86f..ba5a24a 100644
--- a/roles/base/tasks/evobackup.yml
+++ b/roles/base/tasks/evobackup.yml
@@ -16,5 +16,6 @@
     line: '#sh /usr/share/scripts/zzz_evobackup'
     owner: root
     mode: "0644"
+    create: yes
   tags:
     - evobackup
diff --git a/roles/base/tasks/packages.yml b/roles/base/tasks/packages.yml
index 6c78d9c..d205e19 100644
--- a/roles/base/tasks/packages.yml
+++ b/roles/base/tasks/packages.yml
@@ -17,15 +17,15 @@
     - rsync--
     - mtr--
     - iftop
+    - sudo--
     - postgresql-client
   tags:
     - pkg
 
-- name: Install sudo
-  openbsd_pkg:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - sudo--
+- name: Disable sndiod
+  service:
+    name: sndiod
+    enabled: no
+    state: stopped
   tags:
     - pkg
diff --git a/roles/base/templates/doas.conf.j2 b/roles/base/templates/doas.conf.j2
index 52db062..ccae65d 100644
--- a/roles/base/templates/doas.conf.j2
+++ b/roles/base/templates/doas.conf.j2
@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} :wheel
+permit setenv {SSH_AUTH_SOCK SSH_TTY PKG_PATH HOME=/root ENV=/root/.profile} :wheel
 permit nopass root
 permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :wheel as root cmd /usr/share/scripts/evomaintenance.sh
 permit nopass _nrpe cmd /usr/local/libexec/nagios/check_ipsecctl.sh
@@ -10,3 +10,4 @@ permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd
 permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospf6d
 permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_pf_states
 permit nopass _nrpe as root cmd /usr/local/libexec/nagios/check_dhcp
+permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_connections_state.sh
diff --git a/roles/etc-git/tasks/main.yml b/roles/etc-git/tasks/main.yml
index 1068842..e81c2f5 100644
--- a/roles/etc-git/tasks/main.yml
+++ b/roles/etc-git/tasks/main.yml
@@ -79,13 +79,16 @@
 - name: cron job for /etc/.git status is installed
   lineinfile:
     path: /etc/daily.local
-    line: '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short'
+    line: "{{ item }}"
     owner: root
     mode: "0644"
     create: yes
   when: etc_git_monitor_status
   tags:
     - etc-git
+  with_items:
+    - 'next_part "Checking /etc git status:"'
+    - '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short'
 
 - name: cron job for /etc/.git status is removed
   lineinfile:
diff --git a/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh b/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh
new file mode 100755
index 0000000..ac73313
--- /dev/null
+++ b/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+STATE=0
+MAIN_CONNECTION_PINGABLE_IP="31.170.8.95"
+MAIN_CONNECTION_GATEWAY="IP"
+MAIN_CONNECTION_IP="IP"
+SECOND_CONNECTION_PINGABLE_IP="31.170.8.243"
+INFO_MAIN_CONNECTION="IP - Description"
+INFO_SECOND_CONNECTION="IP - Description"
+CURRENT_GATEWAY=$(/usr/bin/netstat -nr | /usr/bin/grep "default" | /usr/bin/awk '{print $2}')
+
+IS_GATEWAY_IN_FILE=1            # Check whether /etc/mygate has the IP of main connection
+IS_VPN_USING_MAIN_CONNECTION=1  # Check whether ipsecctl use the main connection
+IS_PF_USING_MAIN_CONNECTION=1   # Check whether PacketFilter has route-to using the main connection
+IS_MISCELLANEOUS=1              # Check miscellaneous things
+CHECK_CARP=0                    # No check if host is backup
+
+# No check if host is backup
+if [ "${CHECK_CARP}" = 1 ]; then
+    CARP_STATUS=$(/sbin/ifconfig carp0 | /usr/bin/grep "status" | /usr/bin/awk '{print $2}')
+    if [ "$CARP_STATUS" = "backup" ]; then
+            echo "No check, I'm a backup"
+            exit 0
+    fi
+fi
+
+# If main connection is UP but not used => critical and continue
+# If main connection is DOWN (used or not) => warning and exit
+/sbin/ping -c1 -w1 ${MAIN_CONNECTION_PINGABLE_IP} >/dev/null 2>&1
+if [ $? = 0 ]; then
+    if [ "${CURRENT_GATEWAY}" != "${MAIN_CONNECTION_GATEWAY}" ]; then
+        echo "Main connection is UP but not used as gateway !"
+        STATE=2
+    fi
+else
+    echo "Main connection (${INFO_MAIN_CONNECTION}) is down"
+    STATE=1
+    IS_GATEWAY_IN_FILE=0
+    IS_VPN_USING_MAIN_CONNECTION=0
+    IS_PF_USING_MAIN_CONNECTION=0
+    IS_MISCELLANEOUS=0
+fi
+
+# If second connection is DOWN => critical and continue
+/sbin/ping -c1 -w1 ${SECOND_CONNECTION_PINGABLE_IP} >/dev/null 2>&1
+if [ $? != 0 ]; then
+    echo "Second connection (${INFO_SECOND_CONNECTION}) is down"
+    STATE=2
+fi
+
+# Check whether /etc/mygate has the IP of main connection
+if [ "${IS_GATEWAY_IN_FILE}" = 1 ]; then
+    /usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}" /etc/mygate
+    if [ $? != 0 ]; then
+        echo "Main connection is not set in /etc/mygate"
+        STATE=2
+    fi
+fi
+
+# Check whether ipsecctl use the main connection
+if [ "${IS_VPN_USING_MAIN_CONNECTION}" = 1 ]; then
+    /sbin/ipsecctl -sa | /usr/bin/grep -q "${MAIN_CONNECTION_IP}"
+    if [ $? != 0 ]; then
+        echo "VPN is not using the main connection !"
+        STATE=2
+    fi
+fi
+
+# Check whether PacketFilter has route-to using the main connection
+if [ "${IS_PF_USING_MAIN_CONNECTION}" = 1 ]; then
+    /sbin/pfctl -sr | /usr/bin/grep "route-to" | /usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}"
+    if [ $? != 0 ]; then
+        echo "PF is not using the main connection !"
+        STATE=2
+    fi
+fi
+
+# Check miscellaneous things
+if [ "${IS_MISCELLANEOUS}" = 1 ]; then
+    echo
+fi
+
+if [ "${STATE}" = 0 ]; then
+    echo "OK - Main connection is UP and used, second connection is UP"
+fi
+
+exit ${STATE}
diff --git a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
index f853d4f..9e93007 100644
--- a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
+++ b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
@@ -2,6 +2,8 @@
 # Custom NRPE configuration file.
 # Part of the EvoBSD distribution.
 #
+# This is an Ansible managed file !
+# For local modifications use the /etc/nrpe.d/zzz-evolix.cfg file instead
 
 # Allowed IPs
 allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}
@@ -36,3 +38,4 @@ command[check_smb]=/usr/local/libexec/nagios/check_tcp -H IPLOCALE -p 445
 #command[check_ospf6d]=doas /usr/local/libexec/nagios/plugins/check_ospf6d
 command[check_ospfd_simple]=sudo /usr/local/libexec/nagios/plugins/check_ospfd_simple
 command[check_mysql]=/usr/local/libexec/nagios/check_mysql -H 127.0.0.1 -f /etc/nrpe.d/.my.cnf
+command[check_connections_state]=doas /usr/local/libexec/nagios/check_connections_state.sh
diff --git a/roles/nagios-nrpe/templates/plugins_bsd/check_pf_states.j2 b/roles/nagios-nrpe/templates/plugins_bsd/check_pf_states.j2
index c32e305..670ea1b 100755
--- a/roles/nagios-nrpe/templates/plugins_bsd/check_pf_states.j2
+++ b/roles/nagios-nrpe/templates/plugins_bsd/check_pf_states.j2
@@ -3,8 +3,8 @@
 # Script writen by Evolix
 
 _MAX_STATES_LIMIT=$(/sbin/pfctl -sm | /usr/bin/grep states | awk '{print $4}')
-_WARNING_STATES_LIMIT=$((_MAX_STATES_LIMIT*10/100))
-_CRTICAL_STATES_LIMIT=$((_MAX_STATES_LIMIT*15/100))
+_WARNING_STATES_LIMIT=$((_MAX_STATES_LIMIT*50/100))
+_CRTICAL_STATES_LIMIT=$((_MAX_STATES_LIMIT*65/100))
 
 . /usr/local/libexec/nagios/utils.sh