Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unofficial E2guardian package for pfSense

    Scheduled Pinned Locked Moved Cache/Proxy
    1.2k Posts 70 Posters 1.4m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jetberrocal
      last edited by

      @marcelloc:

      @jetberrocal:

      Can you place the file in a more user friendly folder name?

      You can also reinstall the package. On my test vm I have no erros on this file.

      Reinstall you mean to execute install_e2guardian_23.sh again?  That should overwrite all the files? Or should I remove e2g from /usr/local/pkg?

      1 Reply Last reply Reply Quote 0
      • J
        jetberrocal
        last edited by

        After I created another Group I see this errors:

        May 25 19:17:16 e2guardian 70838 Error opening sslsiteregexplist
        May 25 19:17:16 e2guardian 70838 Error reading file /usr/local/etc/e2guardian/lists/sslsiteregexplist.g_Authenticated: No such file or directory

        The file in fact does not exist.
        The Group use the "Default" ACL which has SSL Regex disabled, so why is looking for the file?

        Looking in the lists folder I see that the other *.g_Authenticated files were created maybe all of them except the sslsiteregexplist.

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          @jetberrocal:

          stall_e2guardian_23.sh again?  That should overwrite all the files?

          Yes

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • J
            jetberrocal
            last edited by

            @jetberrocal:

            @jetberrocal:

            I have something missing between e2g and squid. 
            I activated squid authentication against local table and enabled Proxy-Basic in e2g, but web browsers are not asking for user/pass.

            What can I provide to get help?

            Just to add some info:

            I added a second Group ("Authenticated") (copy of Default group but different name).  Added 1 user to the new group ("test").
            Default Group has no users assigned.

            Trying to solve the problem by myself made squid listen on LAN interface only and set e2g to parent proxy 192.168.1.1 (pfsense/squid LAN IP) to see if Authentication happen to be on LAN interface.

            Did nmap -p3128 192.168.1.1 and it found the port open and squid as service.

            Squid refused the e2g connection.  Set back squid to listen on loopback and e2g to parent proxy default (empty / 127.0.0.1), then connection was successful.

            So still web browsers pass without asking user/pass.

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              @marcelloc:

              but I'll test on a fresh 2.3.4 install too.

              I did a fresh install, installed cron package from gui and then e2guardian from console, configured shalist and waited short time until it was downloaded and applied, after it, configured some gui options, saved and applied config. Service is running fine.

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                @jetberrocal:

                So still web browsers pass without asking user/pass.

                I'm installing squid to do some authentication tests

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • J
                  jetberrocal
                  last edited by

                  @marcelloc:

                  @jetberrocal:

                  So still web browsers pass without asking user/pass.

                  I'm installing squid to do some authentication tests

                  Thanks.  Without authentication the Groups are not really used.

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    @jetberrocal:

                    Thanks.  Without authentication the Groups are not really used.

                    METHOD 1(sandwich mode)

                    on e2guardian,

                    • select tinyproxy as parent proxy (127.0.0.1:8888)

                    • create a second group and include a user on it

                    • on general tab, Selected proxy-basic and proxy digest

                    • save, apply

                    on squid,

                    • configured local authentication

                    • create a test/lab user

                    • configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only

                    • save

                    METHOD 2

                    on e2guardian,

                    • select squid not on loopback as parent proxy (192.168.0.38:3128)

                    • create a second group and include a user on it

                    • on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest

                    • save, apply

                    on squid,

                    • listen squid on lan interface

                    • configure local authentication

                    • create a test/lab user

                    • save

                    with these setups, I have users under e2guardian logs

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • J
                      jetberrocal
                      last edited by

                      @marcelloc:

                      @jetberrocal:

                      Thanks.  Without authentication the Groups are not really used.

                      METHOD 1(sandwich mode)

                      on e2guardian,

                      • select tinyproxy as parent proxy (127.0.0.1:8888)

                      • created a second group and included lab user on it

                      • on general tab, Selected proxy-basic and proxy digest

                      • save, apply

                      on squid,

                      • configured local authentication

                      • created a lab user

                      • configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only

                      METHOD 2

                      on e2guardian,

                      • select squid not on loopback as parent proxy (192.168.0.38:3128)

                      • created a second group and included lab user on it

                      • on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest

                      • save, apply

                      on squid,

                      • configured local authentication

                      • created a lab user

                      with these setups, I have users under e2guardian logs

                      I tried method two, but selecting only proxy-basic.  Set the ip of the squid/proxy which is 192.168.1.1 (the same as e2g and pfsense - they are on same server/box).

                      But did not work.  e2g could not connect to squid for some weird reason.

                      Tried again, but now I set both IP and port of squid even if port was default value.  This time worked.

                      1 Reply Last reply Reply Quote 0
                      • marcellocM
                        marcelloc
                        last edited by

                        Try a service stop/start and try to watch the traffic with tcpdump.

                        You can also test on console if a telnet in squid port connects.

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • J
                          jetberrocal
                          last edited by

                          I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

                          I think the error is some missing code for the ssl regex section, because looking the folder the other *.g_Authenticated files are being created.

                          I guess I can create the file manually as a work around, but I prefer that this is solved in the code.

                          1 Reply Last reply Reply Quote 0
                          • marcellocM
                            marcelloc
                            last edited by

                            I'll test again with the ssl inspection enabled to see if still has something to fix.

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • marcellocM
                              marcelloc
                              last edited by

                              @jetberrocal:

                              I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

                              Got the same error with the subsequent groups. I'll check the code to see what is wrong and tell you when it's fixed.

                              Treinamentos de Elite: http://sys-squad.com

                              Help a community developer! ;D

                              1 Reply Last reply Reply Quote 0
                              • marcellocM
                                marcelloc
                                last edited by

                                @jetberrocal:

                                I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

                                fetch the e2guardian.inc file again via ssh, edit and save config and see if it's finally fixed

                                
                                fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
                                
                                

                                Treinamentos de Elite: http://sys-squad.com

                                Help a community developer! ;D

                                1 Reply Last reply Reply Quote 0
                                • J
                                  jetberrocal
                                  last edited by

                                  @marcelloc:

                                  @jetberrocal:

                                  I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

                                  Got the same error with the subsequent groups. I'll check the code to see what is wrong and tell you when it's fixed.

                                  Is good that you could replicate the problem.

                                  Thank you for your efforts.

                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    jetberrocal
                                    last edited by

                                    @marcelloc:

                                    @jetberrocal:

                                    I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

                                    fetch the e2guardian.inc file again via ssh, edit and save config and see if it's finally fixed

                                    
                                    fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
                                    
                                    

                                    Done.

                                    It worked.  File was created in the folder and was found.

                                    Thank you again.

                                    This was a minor error but I guess the pfsense people are being critical and that is why it is still not on the pfsense repo.

                                    1 Reply Last reply Reply Quote 0
                                    • marcellocM
                                      marcelloc
                                      last edited by

                                      @jetberrocal:

                                      Thank you for your efforts.

                                      Except for the clamav integration and coexistence with squid setup(I did not had time to test yet), I'm running e2Guardian with ssl interception(facebook, youtube videos), authentication and non-sandwich mode.

                                      E2guardian 3.5.1 with 4.1 backport cert fix is working really nice.  8)

                                      Treinamentos de Elite: http://sys-squad.com

                                      Help a community developer! ;D

                                      1 Reply Last reply Reply Quote 0
                                      • J
                                        jetberrocal
                                        last edited by

                                        @marcelloc:

                                        @jetberrocal:

                                        Thank you for your efforts.

                                        Except for the clamav integration and coexistence with squid setup(I did not had time to test yet), I'm running e2Guardian with ssl interception(facebook, youtube videos), authentication and non-sandwich mode.

                                        E2guardian 3.5.1 with 4.1 backport cert fix is working really nice.  8)

                                        In my opinion is ready for a version 1.0 in the pfsense repo.  In my case I feel already have the features I need for production.

                                        1 Reply Last reply Reply Quote 0
                                        • marcellocM
                                          marcelloc
                                          last edited by

                                          If you need wpad or planning to test, I've finished a package for it on my repo.

                                          Treinamentos de Elite: http://sys-squad.com

                                          Help a community developer! ;D

                                          1 Reply Last reply Reply Quote 0
                                          • J
                                            jetberrocal
                                            last edited by

                                            @marcelloc:

                                            If you need wpad or planning to test, I've finished a package for it on my repo.

                                            I use wpad but do not use it for "Auto detect" proxy, because Windows OS machines have a bug that fail to auto detect successfully.  They do download the wpad file but they do not update the file correctly.  They have a registry key/value that is set the first time with the wpad file if any found, but latter if the wpad changes or is found, the registry key fails to be updated.  It is easier to create a Domain gpo setting the wpad.

                                            It would be nice to be able to download directly from pfsense box instead to have other web server to serve it.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.