Unofficial E2guardian package for pfSense
-
I did the last command you posted:
fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/b3bfccd0335b30fc9b9f56856e215daabd3a6b9d/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
I went into the Daemon tab, added 8888 at the bottom, did not enable e2guardian, only pressed 'save'.
And now I'm waiting for some minutes to see the tab in my browser change from 'connecting…' to something more useful.
-
still had the error.
It needs a fix on inc file too. I forgot to update on repo
fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/b3bfccd0335b30fc9b9f56856e215daabd3a6b9d/pkg-e2guardian/files/usr/local/pkg/e2guardian.incIt was partially fixed by fetching the new template:
May 25 15:44:42 e2guardian 67568 Error opening sslsiteregexplist
May 25 15:44:42 e2guardian 67568 Error reading file /usr/local/etc/e2guardian/lists/sslsiteregexplist.g_Default: No such file or directoryNow it is looking into /usr/local/etc, but still is not finding the file. I guess the fix will be to do also the fetch of the new .inc?
Can you place the file in a more user friendly folder name?
I connected by ssh to the console and could do a copy/paste of the fetch.
Still getting:
May 25 16:06:47 e2guardian 70630 Error opening sslsiteregexplist
May 25 16:06:47 e2guardian 70630 Error reading file /usr/local/etc/e2guardian/lists/sslsiteregexplist.g_Default: No such file or directory -
I have something missing between e2g and squid.
I activated squid authentication against local table and enabled Proxy-Basic in e2g, but web browsers are not asking for user/pass.What can I provide to get help?
-
@Mr.:
I did the last command you posted:
fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/b3bfccd0335b30fc9b9f56856e215daabd3a6b9d/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
I went into the Daemon tab, added 8888 at the bottom, did not enable e2guardian, only pressed 'save'.
And now I'm waiting for some minutes to see the tab in my browser change from 'connecting…' to something more useful.
When I enabled the Daemon, it didn't work.
tinyproxy and e2guardian both refuse to start.
Screenshot of system log I attached.
-
How can I remove this? It is not in 'installed packages'.
Is there a very safe stable removal script?
-
I have something missing between e2g and squid.
I activated squid authentication against local table and enabled Proxy-Basic in e2g, but web browsers are not asking for user/pass.What can I provide to get help?
Just to add some info:
I added a second Group ("Authenticated") (copy of Default group but different name). Added 1 user to the new group ("test").
Default Group has no users assigned. -
Can you place the file in a more user friendly folder name?
You can also reinstall the package. On my test vm I have no erros on this file.
-
@Mr.:
A fresh first time install on 2.3.4 gives scary errors :o
Try to install squid or cron package first. I'm not seeing these pkg erros here but I'll test on a fresh 2.3.4 install too.
@Mr.:
tinyproxy and e2guardian both refuse to start.
As the pkg process failed on your box, there is no e2guardian or tinyproxy binaires installed.
@Mr.:
Is there a very safe stable removal script?
You can remove all e2guardian files under /usr/local/pkg dir.
-
Can you place the file in a more user friendly folder name?
You can also reinstall the package. On my test vm I have no erros on this file.
Reinstall you mean to execute install_e2guardian_23.sh again? That should overwrite all the files? Or should I remove e2g from /usr/local/pkg?
-
After I created another Group I see this errors:
May 25 19:17:16 e2guardian 70838 Error opening sslsiteregexplist
May 25 19:17:16 e2guardian 70838 Error reading file /usr/local/etc/e2guardian/lists/sslsiteregexplist.g_Authenticated: No such file or directoryThe file in fact does not exist.
The Group use the "Default" ACL which has SSL Regex disabled, so why is looking for the file?Looking in the lists folder I see that the other *.g_Authenticated files were created maybe all of them except the sslsiteregexplist.
-
-
I have something missing between e2g and squid.
I activated squid authentication against local table and enabled Proxy-Basic in e2g, but web browsers are not asking for user/pass.What can I provide to get help?
Just to add some info:
I added a second Group ("Authenticated") (copy of Default group but different name). Added 1 user to the new group ("test").
Default Group has no users assigned.Trying to solve the problem by myself made squid listen on LAN interface only and set e2g to parent proxy 192.168.1.1 (pfsense/squid LAN IP) to see if Authentication happen to be on LAN interface.
Did nmap -p3128 192.168.1.1 and it found the port open and squid as service.
Squid refused the e2g connection. Set back squid to listen on loopback and e2g to parent proxy default (empty / 127.0.0.1), then connection was successful.
So still web browsers pass without asking user/pass.
-
but I'll test on a fresh 2.3.4 install too.
I did a fresh install, installed cron package from gui and then e2guardian from console, configured shalist and waited short time until it was downloaded and applied, after it, configured some gui options, saved and applied config. Service is running fine.
-
So still web browsers pass without asking user/pass.
I'm installing squid to do some authentication tests
-
So still web browsers pass without asking user/pass.
I'm installing squid to do some authentication tests
Thanks. Without authentication the Groups are not really used.
-
Thanks. Without authentication the Groups are not really used.
METHOD 1(sandwich mode)
on e2guardian,
-
select tinyproxy as parent proxy (127.0.0.1:8888)
-
create a second group and include a user on it
-
on general tab, Selected proxy-basic and proxy digest
-
save, apply
on squid,
-
configured local authentication
-
create a test/lab user
-
configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only
-
save
METHOD 2
on e2guardian,
-
select squid not on loopback as parent proxy (192.168.0.38:3128)
-
create a second group and include a user on it
-
on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest
-
save, apply
on squid,
-
listen squid on lan interface
-
configure local authentication
-
create a test/lab user
-
save
with these setups, I have users under e2guardian logs
-
-
Thanks. Without authentication the Groups are not really used.
METHOD 1(sandwich mode)
on e2guardian,
-
select tinyproxy as parent proxy (127.0.0.1:8888)
-
created a second group and included lab user on it
-
on general tab, Selected proxy-basic and proxy digest
-
save, apply
on squid,
-
configured local authentication
-
created a lab user
-
configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only
METHOD 2
on e2guardian,
-
select squid not on loopback as parent proxy (192.168.0.38:3128)
-
created a second group and included lab user on it
-
on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest
-
save, apply
on squid,
-
configured local authentication
-
created a lab user
with these setups, I have users under e2guardian logs
I tried method two, but selecting only proxy-basic. Set the ip of the squid/proxy which is 192.168.1.1 (the same as e2g and pfsense - they are on same server/box).
But did not work. e2g could not connect to squid for some weird reason.
Tried again, but now I set both IP and port of squid even if port was default value. This time worked.
-
-
Try a service stop/start and try to watch the traffic with tcpdump.
You can also test on console if a telnet in squid port connects.
-
I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.
I think the error is some missing code for the ssl regex section, because looking the folder the other *.g_Authenticated files are being created.
I guess I can create the file manually as a work around, but I prefer that this is solved in the code.
-
I'll test again with the ssl inspection enabled to see if still has something to fix.