E2guardian package for pfsense - $??
-
Look I get it… I'm a privacy advocate myself, but not in this case... First off Caching is way higher then 5% for my use case, because 90% of the sites they are visiting will have a ton of static images and the sites are visited by multiple classes because they are education related. Second these are kids under the age of 15 using school provided computers for school related activities. They get no privacy because the computers are not to be used for private use. Teachers are present, but no one teacher can watch all computers all the time. There are reasons for having to man in the middle ssl connections. MITM hacks are not good, I get that and I don't like it either. But until they come up with a standard that allows for voluntary interception of secured communication (such as an https proxy where the man in the middle is expected and requested), MITM "hacks" will have to do.
Oh and https://www.fcc.gov/guides/childrens-internet-protection-act
-
have you considered ip blacklists? the paid subscriptions generally filter out most of the crap.
afaik squid3 can be made to work with ssl … once you get the falsified certs deployed to every client, it might work.
then you'll have to go around and install the certs on every cellphone/tablet/laptop of every student ... good luck with that.governments are allways wrong.
-
have you considered ip blacklists? the paid subscriptions generally filter out most of the crap.
afaik squid3 can be made to work with ssl … once you get the falsified certs deployed to every client, it might work.
then you'll have to go around and install the certs on every cellphone/tablet/laptop of every student ... good luck with that.governments are always wrong.
Governments are often wrong I agree :) The network is locked down to only authorized devices so no problems with the certs either… Google itself is another reason I have to do this, wish they had a better method... https://support.google.com/a/answer/1668854?hl=en
I have Squid working with SSL, but does anyone know if it will be an issue having the ssl traffic running encrypted through E2Guardian first? Not sure if squid will still be able to deal with the SSL traffic correctly if it's second in the chain (first E2guardian doing a basic URL filter, then Squid for caching)... I thought about pushing ssl traffic directly to squid through a PAC script, but then I lose URL filtering... I could add Squid guard for that, but that just sounds like a mess of stuff to go wrong...
-
can't a wpad be used here? Not having an issue filtering https sites with it (only google/other search engines images is a pain to filter).
-
can't a wpad be used here? Not having an issue filtering https sites with it (only google/other search engines images is a pain to filter).
I was thinking along those lines, but I would be skipping the URL filter completely for any HTTPS sites… Such as Anonymous proxy https sites etc... I'll play some more with it, it's possible that I can go through E2Guardian encrypted then have Squid decrypt for caching... Unless i'm misunderstanding your intended use of wpad...
Google is taken care of by using the DNS redirect, and I registered our school's IP address with bing so both are locked to safe search. All other search engines are just blocked...
-
Such as Anonymous proxy https sites etc
I block Anonymous proxy websites in squidguard to solve that.
Google is taken care of by using the DNS redirect
What method did you use to redirect all google domains? see https://forum.pfsense.org/index.php?topic=97948.0
and I registered our school's IP address with bing so both are locked to safe search
Home users are out of luck here :(
search engines are just blocked
How is this achieved? must be a big list as there are many search engines (each search engine could have many domains), what if new ones come up?
-
I block Anonymous proxy websites in squidguard to solve that.
Thats what i'm using E2Guardian for. But i'm worried I won't be able to use both SSL interception on Squid, and keep it running through E2Guardian first… I'll let you know how it goes.
What method did you use to redirect all google domains? see https://forum.pfsense.org/index.php?topic=97948.0
I used the method I described back a couple of pages on this thread. DNS override
How is this achieved? must be a big list as there are many search engines (each search engine could have many domains), what if new ones come up?
Again since i'm using E2Guardian, I just added search engines to the site block list. I made specific exceptions for google and bing since they are set to safe search.
-
When/How does this package make it to the 'menu' of available packages?
-
Will this still be E2guardian 2.2 or will it be a later version? as they are up to version 3.2.0 now
-
Will this still be E2guardian 2.2 or will it be a later version? as they are up to version 3.2.0 now
For now, e2guardian 3.0.4
-
When/How does this package make it to the 'menu' of available packages?
Am I being dense? Do we wait for a new version of pfsense to be released before we see this on the menu of Install-able Apps?
-
How is the performance of E2guardian vs dansguardian in pfsense?
-
How do you want to compare performance between two packages out of which one does not work any more (without tons of manual hack) and the other does not work yet (without tons of manual hacks)? Cannot see how's that even a factor here ATM. Not to mention, DG is dead code upstream.
-
well, I got dansguardian somewhat working (stopped using though), found it very slow and not very effective. Was looking forward to a faster more affective filter in E2guardian. I guest I was just looking for some reassurance that this will be the case. Anyway keep up the good work :)
-
well, I got dansguardian somewhat working (stopped using though), found it very slow and not very effective. Was looking forward to a faster more affective filter in E2guardian. I guest I was just looking for some reassurance that this will be the case. Anyway keep up the good work :)
I did the manual install and it seems to work quite well. I don't know how to compare the speed, but it is serving our small school quite well and doesn't seem to be slowing anyone's connections down. The filter itself is working well and I have had no major issues with it.
-
The filter itself is working well and I have had no major issues with it.
How well does it work with things like google\bing\yahoo images? is E2guardian able to filter the images? because currently squidguard cannot filter google images and I have to use a dns override to force safe search.
-
The filter itself is working well and I have had no major issues with it.
How well does it work with things like google\bing\yahoo images? is E2guardian able to filter the images? because currently squidguard cannot filter google images and I have to use a dns override to force safe search.
I'm not sure that it does… I'm using the DNS override myself since that is the suggested method...
-
Can anybody provide instructions on how to manually install E2Guardian on PFSense 2.2.4? I attempted to use the instructions from the link here: http://knes1.github.io/blog/2015/2015-07-18-manually-installing-e2guardian-to-pfsense.html.
However, I was unable to successfully install Squid3. So I tried with just Squid instead. However, when I look at Status > Services, E2Guardian shows as stopped and I can't get it to start. Also, after installing E2Guarding, now Squid shows as stopped and won't stay running either. Does anybody have this working with 2.2.4 or do I need to rollback to 2.2.3?
-
Can anybody provide instructions on how to manually install E2Guardian on PFSense 2.2.4? I attempted to use the instructions from the link here: http://knes1.github.io/blog/2015/2015-07-18-manually-installing-e2guardian-to-pfsense.html.
However, I was unable to successfully install Squid3. So I tried with just Squid instead. However, when I look at Status > Services, E2Guardian shows as stopped and I can't get it to start. Also, after installing E2Guarding, now Squid shows as stopped and won't stay running either. Does anybody have this working with 2.2.4 or do I need to rollback to 2.2.3?
Hi,
are you getting any error messages in the logs? Go to status -> system logs and filter (at the bottom page) for e2guardian and/or squid. I remember that I got it working in a VM with 2.2.4 back when 2.2.4 was published so I think it should be possible.
PS.
It seems that some progress was made in the pull request on github and Renato built the PBIs and requires testers… So it seems we may have a package for e2guardian soon. -
I'm starting to have these errors in my logs…
e2guardian[6896]: No free children from getfreechild(): numchildren = 160, busychildren = 159, waitingfor = 0
e2guardian[57821]: Error forking preforkchildren extra processes.My Max Age Children is set for 500
My Min/Max Children is set to 10/160I know my numbers are high, but I raised them trying to fight off this problem… It seems that the children processes are not being killed like they are supposed to.
I have rebooted PFSense and restarted service already...
