Thank you for replying me , i`m already use "SSL/TLS + Uther-Auth" on OpenVPN server, but simultaneous check is not working.

Openvpn was configured with Road-Warrior Tutorial that i found on https://doc.pfsense.org/index.php/Tutorials.

no but i test it now with making a view

Recursion=no
Match-clients: any
Allow-recursion: any

but still not working.

can you post some pictures of your frontend so that i can see what ist wrong. if there is any critical you can cut it out or make it black.
that would be very nice, i think i am not the only one with this start problems  ::)

@BujangLapok:

Had the same issue today with squidguard3-squid. The issue was the path being used for squidguard.conf was not correct. A workaround:

ln -s  /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf /usr/pbi/squidguard-squid3-amd64/etc/squid/squidGuard.conf

Then rebuild blocklist DB manually with:

squidGuard -db -C all

I had had ineffective squidGuard set up for a while. Investigating today and this fixed it. I'm not sure if I had some config sitting around from messing with different combinations of squid 2 and 3 and their respective squidguards over time and something hanging around. But anyway, I also had a messed up squidGuard.conf path and the ln -s fixed it.

Solution: Changed the eMail address to my "local" mailserver (on the other side of VPN tunnel) at the same time.

It takes 3-4 minutes to re-establish the tunnel (although DynDNS service is up to date the open VPN client repeatedly tries with the old IP…) and in this time the eMail gets lost somewhere...

@irj972:

thanks for the prompt response. I'll grab some beers and start setting up then….second thoughts, might be best to lay off the beer whilst setting up snort rules  :o

As long as you are still drinking beers when you turn Snort back on ….  :)

@G.D.:

Is there some other configuration option I am missing to make disabling HTTP_INSPECT alerts work?

From the following link, there are some recommendations to add some suppress actions to certain Sids leaving the HTTP_Pre-processer enabled.

https://forum.pfsense.org/index.php?topic=64674.90

You should review them before applying. But generally they are ok to suppress.

Here are the suppressions that I am using:

#(http_inspect) SIMPLE REQUEST
suppress gen_id 119, sig_id 32
#(http_inspect) UNKNOWN METHOD
suppress gen_id 119, sig_id 31
#(http_inspect) INVALID CONTENT-LENGTH OR CHUNK SIZE
suppress gen_id 120, sig_id 8
#(http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE
suppress gen_id 120, sig_id 3
#(http_inspect) DOUBLE DECODING ATTACK
suppress gen_id 119, sig_id 2
#(http_inspect) HTTP RESPONSE GZIP DECOMPRESSION FAILED
suppress gen_id 120, sig_id 6
#(http_inspect) IIS UNICODE CODEPOINT ENCODING
suppress gen_id 119, sig_id 7
#(http_inspect) BARE BYTE UNICODE ENCODING
suppress gen_id 119, sig_id 4
#(http_inspect) JAVASCRIPT OBFUSCATION LEVELS EXCEEDS 1
suppress gen_id 120, sig_id 9
#(http_inspect) JAVASCRIPT WHITESPACES EXCEEDS MAX ALLOWED
suppress gen_id 120, sig_id 10
#(http_inspect) UNESCAPED SPACE IN HTTP URI
suppress gen_id 119, sig_id 33
#(http_inspect) U ENCODING
suppress gen_id 119, sig_id 3

Or find the rule  #427  /usr/pbi/snort-amd64/etc/snort/snort_28491_igb3/rules/snort.rules(427)  and disable this rule as it depends on the HTTP_Preprocessor. There may be others.

The link below has details on how to do that.
https://forum.pfsense.org/index.php?topic=74930.msg410285#msg410285

When the HTTP_Pre-Processor is disabled, I don't think that Snort can Automatically Disable rules that are "Enabled" and require the HTTP_Processor to be Enabled.

What are you trying to do?

my situation is so,
i dont have have any write storeage on my pfsense (embedded) , and i dont want any additional storage on the pfsense,
so everytime when pfSense is booting up, and connected successfully to "WAN" ,  pfSense is downloading the "ads" file, called "unbound_ad_servers"(aka /tmp/mydnsfile), from an additional host.

How would "/tmp/mydnsfile" be created?

only working with the workaround which i posted before

What is in that file that cant be placed in the custom options section?

inside the file i have over 40000 "ads" domains (not static, no static IP's or HOST's)which id like to redirect to 127.0.0.1 some like this:

local-zone: “adserver.yahoo.com” redirect local-data: “adserver.yahoo.com A 127.0.0.1″

after the "ads" file has been downloaded to his place like "/tmp/unbound_ad_servers" , unbound automaticly uses the new domains thats nice :)

so i hope you understand now what id like to do.

and some additional thinking:
but even if you have a something else/different inside the "ads" file, can be also used as configuration file instead of holding hosts to block, like a home network configuration … and if you have as example 3 different configuration files for 3 different scenarios , 3 include custom options are then needed, but you like to use only 1 of these 3(1file filled with information the 2 others are 0bytes files and unbound can run,  for your home office and everytime to like to change/switch the configuration you can do this by a file which unbounds reads and is setting the configuration.
this should be a really flexible way to use unbound to set up configuration for different host, depending if the file has information inside or not.

best regards

Hi RJ,

In private emails to Marcello (using this forum), Marcello suspected ClamD support was also not being compiled and requested that i contact the coreteam directly. I have not been successful in contacting them. I have tried contacting them via the the forum - but the forum does not recognise the address coreteam or coreteam@pfsense.org. I have also tried emailing coreteam@pfsense.org from my gmail account.

I know fully understand your previous posts expressing your frustration about the coreteam / package building. I much preferred it when Marcello was building these packages - but obviously i understand that he cant do everything!

Would you know how i can contact the coreteam and asked them to compile DG with ClamD support?

It's been 10 months since the last activity on this thread. Just checking that:

1. This is still the correct procedure, on 2.1.2 with the current Dansguardian, to fix the banned uploads?

2. The huge difference in the size of the replacement binary (971K) vs the original one (11.1K) is of no concern?

(actually, I replaced the file in /usr/pbi/dansguardian-amd64/.sbin)

[just noticed, this is my first post, though I've been a member here a long time]

I rolled back from 2.1.3 to 2.1.2 and it fixed the issue I was having, then updated to 2.1.3 again and it works!

There isn't support for that in the GUI, but it can be done manually.

If you have the option, and the know how, it's best to run the proxy outside of the firewall on a dedicated machine.

You need to export the CA cert from pfSense and import it to the Trusted Root Certificate repository on all your clients.

…throughout the last days sometimes not all interfaces come up after the update (one box had that yesterday and today). Trying to restart the respective interface manually results in lengthy procedures (build new sig-msg.map for ALL interfaces, re-start of ALL interfaces) on the embedded system and in the end, another interface might be down...

@Ramosel:

@bmeeks:

I'm surprised.  I have not retested since my last post, though.  The gentleman I corresponded with is quite high up in the ET management hierarchy, and he acknowledged the problem with the pcre in the rule.  He did say he was, at that time, on the road.  He may still be out of the office.

Bill

Bill, he's either on a real long trip or forgot your conversation.  It's still broken. :(

Rick

Sorry.  I don't know if he forgot or if they decided that since the rule was default disabled anyway, to let it slide.  I think there is a link for support on the Emerging Threats web site.  You can give that a try if you like.  Maybe you will have better luck than I did.

Bill

how do i call squid_reconfigure().php through cron?
i didn't find any files:

find / -name "*squid*.php"

searching for proxy only gives me these files:
/usr/local/www/services_igmpproxy_edit.php
/usr/local/www/services_igmpproxy.php

woohoo! :) I changed xmlparse.inc at line 65 and it working!

line 65: file xmlparse.inc

before:
array_push($curpath, strtolower($name));

after:
array_push($curpath, utf8_encode(strtolower($name)));

I also want to do this.

any one can help?