Unofficial E2guardian package for pfSense
-
So I got this setup at basic level, and have got a phrase list up. However, how do I get it to scan HTTPS sites? I have a phrase list up for pornography, and it seems to be working for http sites but not HTTPS. And now it seems more and more websites are moving to HTTPS.
I am purely trying to test the phrase matching system, and make sure that this system is able to block those sites.
-
Create the CA on pfSense
apply it on e2guardian config
Install ca certificate on browser -
Create the CA on pfSense
apply it on e2guardian config
Install ca certificate on browserI thought it could be done transparently in e2Guardian. Is that not so?
-
Create the CA on pfSense
apply it on e2guardian config
Install ca certificate on browserGot it working by setting "Filter SSL sites forging SSL certificates" on group settings. However I am getting a error saying common name invalid on chrome, its working on Edge and Internet Explorer. Also, is there anyway to modify the block page? The standard DansGuardian one looks pretty terrible.
-
I thought it could be done transparently in e2Guardian. Is that not so?
I don't think so. To anylize the page content, it needs to be in the middle. The splice all feature on squid, if I'm not worng, extracts sites included on remote ip certificate and check against acls, no interception at all is done this way.
-
is there anyway to modify the block page? The standard DansGuardian one looks pretty terrible.
Sure, just need to edit template file on gui. Try to not include any javascript on it. At least on previous package version, pfSense GUI was including some extra code from active session.
-
What browser is everyone else using for HTTPS inspection? Chrome just doesn't seem to want to accept the self signed certificate. Even though I have it installed on my system as a trusted root CA.
-
I use chrome. What chrome complains about the site? Is the generated certificate different from the site your are trying to access?
-
I use chrome. What chrome complains about the site? Is the generated certificate different from the site your are trying to access?
Chrome complains about a missing alternative name, seems like it could be an issue relating to the way Squid forges certificates.
Here's a link to what I found regarding this issue, seems it's related to browsers upping security. I know you can get around this for sure since they do it at my school using smoothwall.
http://stackoverflow.com/questions/43665243/chrome-invalid-self-signed-ssl-cert-subject-alternative-name-missing
-
Found a small issue, when you block a category of domains using black list. When you try to visit any domain in that category it shows categories as : N/A, instead of showing the actual category.
-
Found a small issue, when you block a category of domains using black list. When you try to visit any domain in that category it shows categories as : N/A, instead of showing the actual category.
Saw this while using Dansguardian in the past. Do you think it's an old bug or something with report template file?
-
Found a small issue, when you block a category of domains using black list. When you try to visit any domain in that category it shows categories as : N/A, instead of showing the actual category.
Saw this while using Dansguardian in the past. Do you think it's an old bug or something with report template file?
Maybe an old bug, because it does seem to show the category if you use phrase lists.
-
e2guardian v 4.1 is stable now. I'll start updating the package for this new version.
Looks like it will not need anymore changes on SO to allow more then 1024 clients. On current compiled version I've set it to 4096 IIRC.
https://github.com/e2guardian/e2guardian/releases
-
Thanks marcelloc for your effort, if possible, please provide us exact steps to install and configure for e2guardian. guide will be highly appreciated.
-
Thanks marcelloc for your effort, if possible, please provide us exact steps to install and configure for e2guardian. guide will be highly appreciated.
Basic setup is explained in OP and on Github.
@Marcelloc, the search engine tab is still broken in the GUI D: However, wanted to say hats off to you man! Just got this setup in my home environment, no longer in VM. I've only got it setup basically with domain blocking now. I know phrase lists work since I tested in a virtual environment, I will set that up too when I understand how it properly works. As the algorithm of how the system decides a website is good or bad + the options available is slightly overwhelming.
-
e2guardian v 4.1 is stable now. I'll start updating the package for this new version.
Looks like it will not need anymore changes on SO to allow more then 1024 clients. On current compiled version I've set it to 4096 IIRC.
https://github.com/e2guardian/e2guardian/releases
Thank you again for all your hard work, I look very forward to the update! Could you have a look at the issue with the search engine tab also? According to this : https://github.com/e2guardian/e2guardian/issues/216 issues with E2Guardian and Google Chrome should be fixed so which means I can finally enable MITM and get full protection! YAY ;) ;)
Edit: Can't seem to update PfSense after installing this. Is it something to do with the repo? PfSense says it's up to date and on the latest version (2.3.3_1) when 2.3.4 is out.
-
Hello,
Regarding the missed up search engine tab, in pkg_e2guardian_search_acl.xml around line 100 ~ 104, the <field>is miss spilled as <felid>or something like that.
Easily fixed but have no idea how to push back the fix :(
Thanks.</felid></field> -
Hello,
Regarding the missed up search engine tab, in pkg_e2guardian_search_acl.xml around line 100 ~ 104, the <field>is miss spilled as <felid>or something like that.
Easily fixed but have no idea how to push back the fix :(
Thanks.</felid></field>Thanks, I'll push that fix. :)
https://github.com/marcelloc/Unofficial-pfSense-packages/commit/dc5984bf0d04ead4cb1ea1afcbd325cd2c0098f4
-
Thank you again for all your hard work, I look very forward to the update! Could you have a look at the issue with the search engine tab also? According to this : https://github.com/e2guardian/e2guardian/issues/216 issues with E2Guardian and Google Chrome should be fixed so which means I can finally enable MITM and get full protection! YAY ;) ;)
The code is not running that stable on FreeBSD. I've opened a ticket on e2guardian project and sending them information to get it stable on freebsd too.
-
Hello Again
I thought to post this as well.
Since a lot of people are interested in getting MITM working with Chrome 58, I copied the CertificateAuthority.cpp & CertificateAuthority.hpp from version 4.1 to e2guardian v3.5.1 and compiled again (replace the v3.5.1 files with the ones from V4.1)so far it is working nicely and Chrome does not complain anymore.
NOTE: While compiling on FreeBSD, I had to fix the '-lresolv' library not found problem since FreeBSD does not have this library. This is only valid when you want DNSAuthentication.
BR
