Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unofficial E2guardian package for pfSense

    Scheduled Pinned Locked Moved Cache/Proxy
    1.2k Posts 71 Posters 1.5m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfsensation
      last edited by

      So I was looking through the source code of the smoothwall block page at my college, hoping that I could play around with it and tinker it a bit to work with E2Guardian at home just for the lulz or just see how modified it is from the Dansguardian it started from.

      I ended up finding a lot of interesting stuff such as how they optimise loading using base64 stuff, RegEx like code, and some interesting javascript implementations to load up a CA cert popup. In addition to that, adding code to increase compatibility with browsers and as such.
      Could you have a look through it Marcello, and see if anything useful could be extracted from this and used in E2Guardian? I've already managed to try things like base64 encoding with E2G logo, it does seem slightly quicker. For organisations where many devices and block pages are presented, this may help a tonne and speed things up while reducing load on the server.

      Link to source: https://ybin.me/p/f3e93b53881d53d1#wDDjXNWK8ThA//iIuYtOOJLkxDRPWN3ygvRSrVJgQbo=

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        @pfsensation:

        @marcelloc:

        @pfsensation:

        Have you already updated the package? Would love to get Chrome working with MITM.

        yes.  :)

        I'll start testing on my vm soon.

        Awesome!

        Is there a way to exclude URL's and IP's?

        You mean a do way to do not connect to e2guardian based on ip or hosts? If so, as package do not has a transparent proxy configuration implemented yet, you can do it on proxy configuration tab on your browser.
        If you create more then one group on e2guardian, you can do an ip based authentication, and allow some source ips to do not be filtered by your proxy rules.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          @pfsensation:

          Could you have a look through it Marcello, and see if anything useful could be extracted from this and used in E2Guardian?

          Sure. I'll se it as soon as possible. Thank's for the contribution.  :)

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • P
            pfsensation
            last edited by

            @marcelloc:

            @pfsensation:

            @marcelloc:

            @pfsensation:

            Have you already updated the package? Would love to get Chrome working with MITM.

            yes.  :)

            I'll start testing on my vm soon.

            Awesome!

            Is there a way to exclude URL's and IP's?

            You mean a do way to do not connect to e2guardian based on ip or hosts? If so, as package do not has a transparent proxy configuration implemented yet, you can do it on proxy configuration tab on your browser.
            If you create more then one group on e2guardian, you can do an ip based authentication, and allow some source ips to do not be filtered by your proxy rules.

            I meant the destination IP's. For example, dropbox has SSL pinning, therefore it needs to completely bypass E2Guardian, and it's inspection. It won't accept nor work with a mimicked certificate. There's a couple more examples of certain programs I can give that won't work with SSL decryption or any type of inspection, such as Discord, Skype etc. Therefore if you can make an option to do this, that would be very helpful so those programs can connect directly to the internet.

            Hope that made sense.

            Thanks a lot for the continued work! :)

            EDIT: Not sure if you've had a chance to take a look. But Fred B, has replied to your issue report on GitHub.

            1 Reply Last reply Reply Quote 0
            • J
              jetberrocal
              last edited by

              I am getting an error on the logs:

              Error reading file /usr/local/usr/local/etc/e2guardian/lists/sslsiteregexplist.g_Default: No such file or directory
              Error opening sslsiteregexplist

              usr/local/etc/e2guardian/lists/sslsiteregexplist.g_Default do exist but /usr/local/usr/local does not exist.

              What should I do?

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                @jetberrocal:

                What should I do?

                It's an error on config file. I've fixed it. Thanks for the feedback

                To get the fixed file, under console exec this:

                
                fetch -o /usr/local/pkg/e2guardianfx.conf.template  https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardianfx.conf.template
                
                

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • J
                  jetberrocal
                  last edited by

                  Instead of getting the denied access page I am getting "The proxy server is refusing connections".
                  I loaded shallalist.  Default ACL I selected all categories to be denied.  I have must off the settings in defaults including to use the html template.

                  I added Google as an exception.

                  I search for pfsense and loaded pfsense web page successfully.  Search for "porn" and selected the first item, then get the error expressed above.

                  I am using squid.

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    @jetberrocal:

                    Instead of getting the denied access page I am getting "The proxy server is refusing connections".

                    this is the message you see when squid is the front end that denies and ssl page without interception enabled.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • J
                      jetberrocal
                      last edited by

                      @marcelloc:

                      @jetberrocal:

                      What should I do?

                      It's an error on config file. I've fixed it. Thanks for the feedback

                      To get the fixed file, under console exec this:

                      
                      fetch -o /usr/local/pkg/e2guardianfx.conf.template  https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardianfx.conf.template
                      
                      

                      I already did the fetch, but maybe I am doing something wrong because still giving me the same erroro.  I restarted the service and did a click save on general tab, but still had the error.

                      Should I have to do the fetch in a particular folder? I am doing it in the /root folder.

                      1 Reply Last reply Reply Quote 0
                      • J
                        jetberrocal
                        last edited by

                        @marcelloc:

                        @jetberrocal:

                        Instead of getting the denied access page I am getting "The proxy server is refusing connections".

                        this is the message you see when squid is the front end that denies and ssl page without interception enabled.

                        Thanks.  Do you know a non ssl web site that should be block by shalla list?

                        Edit:
                        I added my web site to the Banned Config and test it (my site is not ssl).

                        It work correctly.

                        1 Reply Last reply Reply Quote 0
                        • marcellocM
                          marcelloc
                          last edited by

                          @jetberrocal:

                          still had the error.

                          It needs a fix on inc file too. I forgot to update on repo

                          fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
                          

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          • M
                            Mr. Jingles
                            last edited by

                            A fresh first time install on 2.3.4 gives scary errors  :o

                            [2.3.4-RELEASE][admin@woof]/root: cd /root
                            [2.3.4-RELEASE][admin@woof]/root: fetch https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/                                                                                      files/install_e2guardian_23.sh
                            install_e2guardian_23.sh                      100% of 3075  B  16 MBps 00m00s
                            [2.3.4-RELEASE][admin@woof]/root: sh ./install_e2guardian_23.sh
                            fetching  /usr/local/pkg/e2guardian.xml from github
                            fetching  /usr/local/pkg/e2guardian_antivirus_acl.xml from github
                            fetching  /usr/local/pkg/e2guardian_blacklist.xml from github
                            fetching  /usr/local/pkg/e2guardian_config.xml from github
                            fetching  /usr/local/pkg/e2guardian_content_acl.xml from github
                            fetching  /usr/local/pkg/e2guardian_file_acl.xml from github
                            fetching  /usr/local/pkg/e2guardian_groups.xml from github
                            fetching  /usr/local/pkg/e2guardian_header_acl.xml from github
                            fetching  /usr/local/pkg/e2guardian_ldap.xml from github
                            fetching  /usr/local/pkg/e2guardian_limits.xml from github
                            fetching  /usr/local/pkg/e2guardian_log.xml from github
                            fetching  /usr/local/pkg/e2guardian_phrase_acl.xml from github
                            fetching  /usr/local/pkg/e2guardian_search_acl.xml from github
                            fetching  /usr/local/pkg/e2guardian_pics_acl.xml from github
                            fetching  /usr/local/pkg/e2guardian_sync.xml from github
                            fetching  /usr/local/pkg/e2guardian_site_acl.xml from github
                            fetching  /usr/local/pkg/e2guardian_url_acl.xml from github
                            fetching  /usr/local/pkg/e2guardian.inc from github
                            fetching  /usr/local/pkg/pkg_e2guardian.inc from github
                            fetching  /usr/local/pkg/e2guardian.conf.template from github
                            fetching  /usr/local/pkg/e2guardian_ips_header.template from github
                            fetching  /usr/local/pkg/e2guardian_rc.template from github
                            fetching  /usr/local/pkg/e2guardian_users_footer.template from github
                            fetching  /usr/local/pkg/e2guardian_users_header.template from github
                            fetching  /usr/local/pkg/e2guardianfx.conf.template from github
                            fetching  /usr/local/www/e2guardian.php from github
                            fetching  /usr/local/www/e2guardian_about.php from github
                            fetching  /usr/local/www/e2guardian_ldap.php from github
                            fetching  /usr/local/www/shortcuts/pkg_e2guardian.inc from github
                            fetching  /usr/local/pkg/tinyproxy.inc from github
                            Locking pkg-1.10.1_1
                            Updating FreeBSD repository catalogue…
                            pkg: Repository FreeBSD load error: access repo file(/var/db/pkg/repo-FreeBSD.sqlite) failed: No such file or directory
                            Fetching meta.txz: 100%    944 B  0.9kB/s    00:01
                            Fetching packagesite.txz: 100%    6 MiB  6.0MB/s    00:01
                            Processing entries: 100%
                            FreeBSD repository update completed. 26276 packages processed.
                            Updating pfSense-core repository catalogue...
                            pfSense-core repository is up to date.
                            Updating pfSense repository catalogue...
                            pfSense repository is up to date.
                            All repositories are up to date.

                            pkg-1.10.1_1 is locked and may not be modified

                            pkg-1.10.1_1 is locked and may not be modified

                            pkg-1.10.1_1 is locked and may not be modified
                            The following 8 package(s) will be affected (of 0 checked):

                            New packages to be INSTALLED:
                                    e2guardian: 3.5.1 [FreeBSD]
                                    tinyproxy: 1.8.4,1 [FreeBSD]
                                    xproto: 7.0.31 [FreeBSD]
                                    fontconfig: 2.12.1,1 [FreeBSD]
                                    pkg-devel: 1.10.99.4 [FreeBSD]
                                    libfontenc: 1.1.3_1 [FreeBSD]
                                    pixman: 0.34.0 [FreeBSD]
                                    cyrus-sasl: 2.1.26_12 [FreeBSD]

                            Number of packages to be installed: 8

                            The process will require 28 MiB more space.
                            6 MiB to be downloaded.
                            [1/8] Fetching e2guardian-3.5.1.txz: 100%  398 KiB 407.6kB/s    00:01
                            [2/8] Fetching tinyproxy-1.8.4,1.txz: 100%  45 KiB  46.4kB/s    00:01
                            [3/8] Fetching xproto-7.0.31.txz: 100%  59 KiB  60.2kB/s    00:01
                            [4/8] Fetching fontconfig-2.12.1,1.txz: 100%  345 KiB 353.5kB/s    00:01
                            [5/8] Fetching pkg-devel-1.10.99.4.txz: 100%    4 MiB  4.4MB/s    00:01
                            [6/8] Fetching libfontenc-1.1.3_1.txz: 100%  18 KiB  18.2kB/s    00:01
                            [7/8] Fetching pixman-0.34.0.txz: 100%  256 KiB 262.6kB/s    00:01
                            [8/8] Fetching cyrus-sasl-2.1.26_12.txz: 100%  467 KiB 478.5kB/s    00:01
                            Checking integrity…
                            pkg-1.10.1_1 is locked and may not be modified
                            Assertion failed: (cun != NULL), function pkg_conflicts_check_chain_conflict, file pkg_jobs_conflicts.c, line 481.
                            Child process pid=52839 terminated abnormally: Abort trap
                            No packages matched for pattern 'e2guardian'

                            Checking integrity... done (0 conflicting)
                            Package(s) not found!
                            Fetching e2guardian-3.5.1.txz: 100%  424 KiB 434.2kB/s    00:01
                            Installing e2guardian-3.5.1...
                            Extracting e2guardian-3.5.1: 100%
                            Message from e2guardian-3.5.1:
                            ===>  Please Note:


                            This port has created a log file named e2guardian.log that can get
                                  quite large.  Please read the newsyslog(8) man page for instructions
                                  on configuring log rotation and compression.

                            This port has been converted using old dansguardian-devel port
                                  Let me know how it works (or not). (Patches always welcome.)


                            3creating menu and services...
                            Hmm...  Looks like a unified diff to me...
                            The text leading up to this was:

                            -- /usr/local/www/pkg_edit.orig.php  2017-04-05 17:12:56.478730000 -0300

                            +++ /usr/local/www/pkg_edit.php        2017-04-05 17:13:51.614222000 -0300
                            Patching file /usr/local/www/pkg_edit.php using Plan A...
                            Hunk #1 succeeded at 656 (offset 5 lines).
                            done
                            Hmm...  Looks like a unified diff to me...
                            The text leading up to this was:

                            -- /usr/local/www/pkg.orig.php        2017-04-05 17:18:25.349676000 -0300

                            +++ /usr/local/www/pkg.php    2017-04-05 17:20:49.204578000 -0300
                            Patching file /usr/local/www/pkg.php using Plan A...
                            Hunk #1 succeeded at 329 (offset 5 lines).
                            done
                            Unlocking pkg-1.10.1_1
                            [2.3.4-RELEASE][admin@woof]

                            6 and a half billion people know that they are stupid, agressive, lower life forms.

                            1 Reply Last reply Reply Quote 0
                            • M
                              Mr. Jingles
                              last edited by

                              I did the last command you posted:

                              fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/b3bfccd0335b30fc9b9f56856e215daabd3a6b9d/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
                              

                              I went into the Daemon tab, added 8888 at the bottom, did not enable e2guardian, only pressed 'save'.

                              And now I'm waiting for some minutes to see the tab in my browser change from 'connecting…' to something more useful.

                              6 and a half billion people know that they are stupid, agressive, lower life forms.

                              1 Reply Last reply Reply Quote 0
                              • J
                                jetberrocal
                                last edited by

                                @marcelloc:

                                @jetberrocal:

                                still had the error.

                                It needs a fix on inc file too. I forgot to update on repo
                                fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/b3bfccd0335b30fc9b9f56856e215daabd3a6b9d/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc

                                It was partially fixed by fetching the new template:
                                May 25 15:44:42 e2guardian 67568 Error opening sslsiteregexplist
                                May 25 15:44:42 e2guardian 67568 Error reading file /usr/local/etc/e2guardian/lists/sslsiteregexplist.g_Default: No such file or directory

                                Now it is looking into /usr/local/etc, but still is not finding the file.  I guess the fix will be to do also the fetch of the new .inc?

                                Can you place the file in a more user friendly folder name?

                                I connected by ssh to the console and could do a copy/paste of the fetch.

                                Still getting:
                                May 25 16:06:47 e2guardian 70630 Error opening sslsiteregexplist
                                May 25 16:06:47 e2guardian 70630 Error reading file /usr/local/etc/e2guardian/lists/sslsiteregexplist.g_Default: No such file or directory

                                1 Reply Last reply Reply Quote 0
                                • J
                                  jetberrocal
                                  last edited by

                                  I have something missing between e2g and squid. 
                                  I activated squid authentication against local table and enabled Proxy-Basic in e2g, but web browsers are not asking for user/pass.

                                  What can I provide to get help?

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    Mr. Jingles
                                    last edited by

                                    @Mr.:

                                    I did the last command you posted:

                                    fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/b3bfccd0335b30fc9b9f56856e215daabd3a6b9d/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
                                    

                                    I went into the Daemon tab, added 8888 at the bottom, did not enable e2guardian, only pressed 'save'.

                                    And now I'm waiting for some minutes to see the tab in my browser change from 'connecting…' to something more useful.

                                    When I enabled the Daemon, it didn't work.

                                    tinyproxy and e2guardian both refuse to start.

                                    Screenshot of system log I attached.

                                    e2guardian01.jpg
                                    e2guardian01.jpg_thumb

                                    6 and a half billion people know that they are stupid, agressive, lower life forms.

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      Mr. Jingles
                                      last edited by

                                      How can I remove this? It is not in 'installed packages'.

                                      Is there a very safe stable removal script?

                                      6 and a half billion people know that they are stupid, agressive, lower life forms.

                                      1 Reply Last reply Reply Quote 0
                                      • J
                                        jetberrocal
                                        last edited by

                                        @jetberrocal:

                                        I have something missing between e2g and squid. 
                                        I activated squid authentication against local table and enabled Proxy-Basic in e2g, but web browsers are not asking for user/pass.

                                        What can I provide to get help?

                                        Just to add some info:

                                        I added a second Group ("Authenticated") (copy of Default group but different name).  Added 1 user to the new group ("test").
                                        Default Group has no users assigned.

                                        1 Reply Last reply Reply Quote 0
                                        • marcellocM
                                          marcelloc
                                          last edited by

                                          @jetberrocal:

                                          Can you place the file in a more user friendly folder name?

                                          You can also reinstall the package. On my test vm I have no erros on this file.

                                          Treinamentos de Elite: http://sys-squad.com

                                          Help a community developer! ;D

                                          1 Reply Last reply Reply Quote 0
                                          • marcellocM
                                            marcelloc
                                            last edited by

                                            @Mr.:

                                            A fresh first time install on 2.3.4 gives scary errors  :o

                                            Try to install squid or cron package first. I'm not seeing these pkg erros here but I'll test on a fresh 2.3.4 install too.

                                            @Mr.:

                                            tinyproxy and e2guardian both refuse to start.

                                            As the pkg process failed on your box, there is no e2guardian or tinyproxy binaires installed.

                                            @Mr.:

                                            Is there a very safe stable removal script?

                                            You can remove all e2guardian files under /usr/local/pkg dir.

                                            Treinamentos de Elite: http://sys-squad.com

                                            Help a community developer! ;D

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.