• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Unofficial E2guardian package for pfSense

Scheduled Pinned Locked Moved Cache/Proxy
1.2k Posts 70 Posters 1.4m Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    marcelloc
    last edited by May 26, 2017, 1:42 AM

    @jetberrocal:

    So still web browsers pass without asking user/pass.

    I'm installing squid to do some authentication tests

    Treinamentos de Elite: http://sys-squad.com

    Help a community developer! ;D

    1 Reply Last reply Reply Quote 0
    • J
      jetberrocal
      last edited by May 26, 2017, 1:46 AM

      @marcelloc:

      @jetberrocal:

      So still web browsers pass without asking user/pass.

      I'm installing squid to do some authentication tests

      Thanks.  Without authentication the Groups are not really used.

      1 Reply Last reply Reply Quote 0
      • M
        marcelloc
        last edited by May 26, 2017, 2:46 AM May 26, 2017, 2:07 AM

        @jetberrocal:

        Thanks.  Without authentication the Groups are not really used.

        METHOD 1(sandwich mode)

        on e2guardian,

        • select tinyproxy as parent proxy (127.0.0.1:8888)

        • create a second group and include a user on it

        • on general tab, Selected proxy-basic and proxy digest

        • save, apply

        on squid,

        • configured local authentication

        • create a test/lab user

        • configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only

        • save

        METHOD 2

        on e2guardian,

        • select squid not on loopback as parent proxy (192.168.0.38:3128)

        • create a second group and include a user on it

        • on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest

        • save, apply

        on squid,

        • listen squid on lan interface

        • configure local authentication

        • create a test/lab user

        • save

        with these setups, I have users under e2guardian logs

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • J
          jetberrocal
          last edited by May 26, 2017, 2:39 AM May 26, 2017, 2:35 AM

          @marcelloc:

          @jetberrocal:

          Thanks.  Without authentication the Groups are not really used.

          METHOD 1(sandwich mode)

          on e2guardian,

          • select tinyproxy as parent proxy (127.0.0.1:8888)

          • created a second group and included lab user on it

          • on general tab, Selected proxy-basic and proxy digest

          • save, apply

          on squid,

          • configured local authentication

          • created a lab user

          • configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only

          METHOD 2

          on e2guardian,

          • select squid not on loopback as parent proxy (192.168.0.38:3128)

          • created a second group and included lab user on it

          • on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest

          • save, apply

          on squid,

          • configured local authentication

          • created a lab user

          with these setups, I have users under e2guardian logs

          I tried method two, but selecting only proxy-basic.  Set the ip of the squid/proxy which is 192.168.1.1 (the same as e2g and pfsense - they are on same server/box).

          But did not work.  e2g could not connect to squid for some weird reason.

          Tried again, but now I set both IP and port of squid even if port was default value.  This time worked.

          1 Reply Last reply Reply Quote 0
          • M
            marcelloc
            last edited by May 26, 2017, 2:45 AM May 26, 2017, 2:38 AM

            Try a service stop/start and try to watch the traffic with tcpdump.

            You can also test on console if a telnet in squid port connects.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • J
              jetberrocal
              last edited by May 26, 2017, 2:49 AM

              I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

              I think the error is some missing code for the ssl regex section, because looking the folder the other *.g_Authenticated files are being created.

              I guess I can create the file manually as a work around, but I prefer that this is solved in the code.

              1 Reply Last reply Reply Quote 0
              • M
                marcelloc
                last edited by May 26, 2017, 2:53 AM

                I'll test again with the ssl inspection enabled to see if still has something to fix.

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • M
                  marcelloc
                  last edited by May 26, 2017, 3:05 AM

                  @jetberrocal:

                  I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

                  Got the same error with the subsequent groups. I'll check the code to see what is wrong and tell you when it's fixed.

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • M
                    marcelloc
                    last edited by May 26, 2017, 3:20 AM

                    @jetberrocal:

                    I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

                    fetch the e2guardian.inc file again via ssh, edit and save config and see if it's finally fixed

                    
                    fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
                    
                    

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • J
                      jetberrocal
                      last edited by May 26, 2017, 3:21 AM

                      @marcelloc:

                      @jetberrocal:

                      I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

                      Got the same error with the subsequent groups. I'll check the code to see what is wrong and tell you when it's fixed.

                      Is good that you could replicate the problem.

                      Thank you for your efforts.

                      1 Reply Last reply Reply Quote 0
                      • J
                        jetberrocal
                        last edited by May 26, 2017, 3:28 AM

                        @marcelloc:

                        @jetberrocal:

                        I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

                        fetch the e2guardian.inc file again via ssh, edit and save config and see if it's finally fixed

                        
                        fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
                        
                        

                        Done.

                        It worked.  File was created in the folder and was found.

                        Thank you again.

                        This was a minor error but I guess the pfsense people are being critical and that is why it is still not on the pfsense repo.

                        1 Reply Last reply Reply Quote 0
                        • M
                          marcelloc
                          last edited by May 26, 2017, 3:29 AM

                          @jetberrocal:

                          Thank you for your efforts.

                          Except for the clamav integration and coexistence with squid setup(I did not had time to test yet), I'm running e2Guardian with ssl interception(facebook, youtube videos), authentication and non-sandwich mode.

                          E2guardian 3.5.1 with 4.1 backport cert fix is working really nice.  8)

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          • J
                            jetberrocal
                            last edited by May 26, 2017, 3:43 AM

                            @marcelloc:

                            @jetberrocal:

                            Thank you for your efforts.

                            Except for the clamav integration and coexistence with squid setup(I did not had time to test yet), I'm running e2Guardian with ssl interception(facebook, youtube videos), authentication and non-sandwich mode.

                            E2guardian 3.5.1 with 4.1 backport cert fix is working really nice.  8)

                            In my opinion is ready for a version 1.0 in the pfsense repo.  In my case I feel already have the features I need for production.

                            1 Reply Last reply Reply Quote 0
                            • M
                              marcelloc
                              last edited by May 26, 2017, 3:48 AM

                              If you need wpad or planning to test, I've finished a package for it on my repo.

                              Treinamentos de Elite: http://sys-squad.com

                              Help a community developer! ;D

                              1 Reply Last reply Reply Quote 0
                              • J
                                jetberrocal
                                last edited by May 26, 2017, 4:01 AM

                                @marcelloc:

                                If you need wpad or planning to test, I've finished a package for it on my repo.

                                I use wpad but do not use it for "Auto detect" proxy, because Windows OS machines have a bug that fail to auto detect successfully.  They do download the wpad file but they do not update the file correctly.  They have a registry key/value that is set the first time with the wpad file if any found, but latter if the wpad changes or is found, the registry key fails to be updated.  It is easier to create a Domain gpo setting the wpad.

                                It would be nice to be able to download directly from pfsense box instead to have other web server to serve it.

                                1 Reply Last reply Reply Quote 0
                                • M
                                  marcelloc
                                  last edited by May 26, 2017, 4:12 AM

                                  @jetberrocal:

                                  It would be nice to be able to download directly from pfsense box instead to have other web server to serve it.

                                  Take a look when you have time.

                                  https://forum.pfsense.org/index.php?topic=131169.0

                                  Treinamentos de Elite: http://sys-squad.com

                                  Help a community developer! ;D

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    Mr. Jingles
                                    last edited by May 26, 2017, 2:19 PM

                                    Cron was already installed. I installed Aquid next to it.

                                    I did the complete reinstall as per my previous post of yesterday, now no errors during install, yet same errors in status/system logs after enabling e2guardian,  and e2guardian nor tiny start in Status/Services.

                                    May 26 16:16:52

                                    |
                                    | root |
                                    |

                                    /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian [/q][/t][/t]

                                    | May 26 16:16:52 | e2guardian | 69964 |

                                    Error parsing the e2guardian.conf file or other e2guardian configuration files [/t]

                                    | May 26 16:16:52 | e2guardian | 69964 |

                                    Error reading filter group conf file(s). [/t]

                                    | May 26 16:16:52 | e2guardian | 69964 |

                                    Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf [/t]

                                    | May 26 16:16:52 | e2guardian | 69964 |

                                    Error opening bannedsitelist [/t]

                                    | May 26 16:16:52 | e2guardian | 69964 |

                                    Error reading file: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default [/t]

                                    | May 26 16:16:52 | e2guardian | 69964 |

                                    Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains [/t]

                                    | May 26 16:16:52 | e2guardian | 69964 |

                                    Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory [/t]

                                    | May 26 16:16:34 | php-fpm | 58737 |

                                    /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian' [/t]

                                    | May 26 16:16:34 | root |
                                    |

                                    /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian [/t]

                                    | May 26 16:16:34 | e2guardian | 61336 |

                                    Error parsing the e2guardian.conf file or other e2guardian configuration files [/t]

                                    | May 26 16:16:34 | e2guardian | 61336 |

                                    Error reading filter group conf file(s). [/t]

                                    | May 26 16:16:34 | e2guardian | 61336 |

                                    Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf [/t]

                                    | May 26 16:16:34 | e2guardian | 61336 |

                                    Error opening bannedsitelist [/t]

                                    | May 26 16:16:34 | e2guardian | 61336 |

                                    Error reading file: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default [/t]

                                    | May 26 16:16:34 | e2guardian | 61336 |

                                    Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains [/t]

                                    | May 26 16:16:34 | e2guardian | 61336 |

                                    Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory [/t]

                                    | May 26 16:16:34 | php-fpm | 58737 |

                                    /pkg_edit.php: Starting E2guardian [/t]

                                    | May 26 16:16:29 | php-fpm | 89842 |

                                    /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian'

                                    [/t]

                                    6 and a half billion people know that they are stupid, agressive, lower life forms.

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      marcelloc
                                      last edited by May 26, 2017, 9:07 PM May 26, 2017, 6:05 PM

                                      @Mr.:

                                      yet same errors in status/system logs after enabling e2guardian

                                      Looks like you did not configured all the tabs or did not installed any blacklist(shallalist for example).

                                      Treinamentos de Elite: http://sys-squad.com

                                      Help a community developer! ;D

                                      1 Reply Last reply Reply Quote 0
                                      • P
                                        pfsensation
                                        last edited by May 26, 2017, 8:56 PM May 26, 2017, 8:49 PM

                                        OMG!! Now everything is working perfectly! Certificates are forged and have the required SAN (Subject Alternative Name) for Google Chrome, Firefox etc to work.
                                        Here's my sexy page at home :P – 'KorTeX' is just what I call my network.

                                        I only have one issue still. When a page is blocked by ShallaList, or by banned expressions / phraselists. On the report page (block page) it does not correctly tell you what the page was categorised as (it says N/A as you can see on my screenshot) . For example, using the Smoothwall I have at my College, if you try to go to a blocked site, it will tell you why it was blocked and the correct category. When using E2G, currently it just says "Blocked site : whatever.com". If that was fixed it would be even more AMAZING!

                                        Another issue is FALSE POSITIVES. I guess it's my configuration related but why is Yandex images, or Bing Images link being classified as portugese pornography? Without anything being typed in or searched? Are the phraselists up to date?

                                        Also… On Smoothwall blocking... I realised, when you block advertises using their Guardian Proxy, it doesn't show the block page. Instead it says "advert blocked". Which makes sense, because say for example you're on a website and it's trying to load an ad in a DIV, the block page will show in a small tiny box and be useless. If possible, I'd much rather have it become a white box, or just say advert blocked. Let me know if you want a screenshot or an example of what I mean. But essentially, advertises on websites get replaced by the block page, but because the ads are small, it doesn't display the block page properly and it won't make sense. Since the text would be too small anyways.

                                        Once again, thanks for your fantastic work Marcello! Absolutely love the amazing work you do for the community! <3

                                        1 Reply Last reply Reply Quote 0
                                        • J
                                          jetberrocal
                                          last edited by May 28, 2017, 12:59 AM

                                          Pfsensation

                                          Maybe the category problem is a e2g v 3.5.1 bug.

                                          Perhaps you can post a question on the e2g forum how to work this problem.

                                          I also have the problem here with this e2g.

                                          1 Reply Last reply Reply Quote 0
                                          140 out of 1213
                                          • First post
                                            140/1213
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received