Dansguardian package for 2.0
-
Your symlinks are probably not working. You should have in the /etc/ssl/certs folder about 180 symlinks that look like similar to these:
f060240e.0
f081611a.0
f15719eb.0
f3377b1b.0
f387163d.0
f39fc864.0
f4996e82.0If you cat one of them you should see a certificate pem file.
This has nothing to do with the generated pfsense CA certificate. This is for dansguardian to verify the CA's on the genuine certs it's receiving from websites. It uses the symlinks to quickly locate the correct CA cert.
That's what cert checking does it checks the website cert against a repository of vaild public CA certs. What's interesting is that dansguardian apparently always does the cert checking if mitm is ON.I wonder how we can get that cgi, from the source code it appears to be doing some cookie work. The file mitm.cgi does not appear in the dansguardian-2.12.0.0.tar.gz tarball is that what you're working with?
-
I could not reproduce this file call, just errors or ssl sites normal access.
Try to copy error template to this cgi script.
The base folder is /usr/local/www
I'll commit latest package code with some fixes I did.
-
dumb question…but how do i install this package? i am on 2.0.1 amd64 iso
-
It's on system -> packages :)
-
Version 0.1.5 is out with some fixes and LDAP group based access lists.
-
Create group acl based on LDAP group name you want to filter
-
Define userlist frequency update
-
Apply ldap config
-
-
How do I see the logs and reports of whats blocked and what was searched from my network?
-
The dansguardian log file is /var/log/dansguardian/access.log
The sarg package will do it on gui but only when dansguardian report is set to squid format.
-
I just came across this and this is great news! I've been hoping for this to be added so I can give pfsense a full try. Is this compatible with squid-reverse? If so, would I load squid-reverse first or vice versa?
-
I just came across this and this is great news! I've been hoping for this to be added so I can give pfsense a full try. Is this compatible with squid-reverse? If so, would I load squid-reverse first or vice versa?
I'ts compatible with any squid version on pfsense.
Install squid package first and then dansguardian.
-
I originally got a little install-happy when I saw it and just started loading stuff. For some reason the dansguardian menu never showed up so I removed all packages and started again - this time slower. So I installed the squid-reverse package and made sure I could use the proxy first. That was working after I added the firewall rule to allow 3128. Then I loaded the dansguardian package (menu showed up this time) and added firewall rule to allow 8080 (I removed the 3128 rule). I can telnet into port 8080 but it isn't passing web pages back. Is there another firewall rule I am missing or something else I need to get basic default functionality up?
Also, how do you donate towards a package?
-
Did you configured squid ip and port on dansguardian daemon settings?
-
yea, 127.0.0.1 and port 3128. I tried to keep a lot of defaults just to get it working and then I'll tweak the things I want afterwards. Still no go though.
-
try to run it on console/ssh
/usr/local/etc/rc.d/dansguardian start
-
I think it is already started. Both squid and dansguardian services show as being started. I can open a connection to port 8080 so I know it is listening. Perhaps dansguardian and squid just aren't talking yet? I have squid listening on loopback. Do I need a firewall rule to allow loopback traffic?
-
No, loopback traffic is Allowed by default.
What do you see in dansguardian logs?
-
Hmm… I restarted the services and now squid won't start. This is actually what I had happening the first time I set it up. I get the following when I try to start it from the command line:
2012/03/26 20:52:00| parseConfigFile: squid.conf:18 unrecognized: 'sslcrtd_children'
2012/03/26 20:52:00| ACL name 'all' not defined!
FATAL: Bungled (null) line 182: http_reply_access allow all
Squid Cache (Version 2.7.STABLE9): Terminated abnormally. -
Dansguardian package does not force a squid install if you have squid already installed. Try to reinstall squid package.
-
I fixed it! ;D I guess somehow a line got removed from the squid conf. I just added
acl all src 0.0.0.0/0.0.0.0
to the custom options and now both squid and dans is working.
-
Is it possible to have Active Directory pass-through authentication so that users don't have to enter a user name and password to browse through squid/dans?
-
I did it last week with squid + samba + Kerberos but dansguardian ntlm plugin could not detect squid ntlm responses.
The way I got it working was squid with ntlm or negociate then dansguardian then another squid in cache mode.
I did a smal post in portugueses forum with steps I did. Try to google translate it :)
http://forum.pfsense.org/index.php/topic,47532.msg250366.html#msg250366