Unofficial E2guardian package for pfSense

marcelloc · May 26, 2017, 2:46 AM

@jetberrocal:

Thanks. Without authentication the Groups are not really used.

METHOD 1(sandwich mode)

on e2guardian,

select tinyproxy as parent proxy (127.0.0.1:8888)
create a second group and include a user on it
on general tab, Selected proxy-basic and proxy digest
save, apply

on squid,

configured local authentication
create a test/lab user
configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only
save

METHOD 2

on e2guardian,

select squid not on loopback as parent proxy (192.168.0.38:3128)
create a second group and include a user on it
on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest
save, apply

on squid,

listen squid on lan interface
configure local authentication
create a test/lab user
save

with these setups, I have users under e2guardian logs

jetberrocal · May 26, 2017, 2:39 AM

@marcelloc:

@jetberrocal:

Thanks. Without authentication the Groups are not really used.

METHOD 1(sandwich mode)

on e2guardian,

select tinyproxy as parent proxy (127.0.0.1:8888)

created a second group and included lab user on it

on general tab, Selected proxy-basic and proxy digest

save, apply

on squid,

configured local authentication

created a lab user

configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only

METHOD 2

on e2guardian,

select squid not on loopback as parent proxy (192.168.0.38:3128)

created a second group and included lab user on it

on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest

save, apply

on squid,

configured local authentication

created a lab user

with these setups, I have users under e2guardian logs

I tried method two, but selecting only proxy-basic. Set the ip of the squid/proxy which is 192.168.1.1 (the same as e2g and pfsense - they are on same server/box).

But did not work. e2g could not connect to squid for some weird reason.

Tried again, but now I set both IP and port of squid even if port was default value. This time worked.

marcelloc · May 26, 2017, 2:45 AM

Try a service stop/start and try to watch the traffic with tcpdump.

You can also test on console if a telnet in squid port connects.

jetberrocal · May 26, 2017, 2:49 AM

I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

I think the error is some missing code for the ssl regex section, because looking the folder the other *.g_Authenticated files are being created.

I guess I can create the file manually as a work around, but I prefer that this is solved in the code.

marcelloc · May 26, 2017, 2:53 AM

I'll test again with the ssl inspection enabled to see if still has something to fix.

marcelloc · May 26, 2017, 3:05 AM

@jetberrocal:

I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

Got the same error with the subsequent groups. I'll check the code to see what is wrong and tell you when it's fixed.

marcelloc · May 26, 2017, 3:20 AM

@jetberrocal:

I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

fetch the e2guardian.inc file again via ssh, edit and save config and see if it's finally fixed


fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc

jetberrocal · May 26, 2017, 3:21 AM

@marcelloc:

@jetberrocal:

I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

Got the same error with the subsequent groups. I'll check the code to see what is wrong and tell you when it's fixed.

Is good that you could replicate the problem.

Thank you for your efforts.

jetberrocal · May 26, 2017, 3:28 AM

@marcelloc:

@jetberrocal:

I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

fetch the e2guardian.inc file again via ssh, edit and save config and see if it's finally fixed
fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc

Done.

It worked. File was created in the folder and was found.

Thank you again.

This was a minor error but I guess the pfsense people are being critical and that is why it is still not on the pfsense repo.

marcelloc · May 26, 2017, 3:29 AM

@jetberrocal:

Thank you for your efforts.

Except for the clamav integration and coexistence with squid setup(I did not had time to test yet), I'm running e2Guardian with ssl interception(facebook, youtube videos), authentication and non-sandwich mode.

E2guardian 3.5.1 with 4.1 backport cert fix is working really nice. 8)

jetberrocal · May 26, 2017, 3:43 AM

@marcelloc:

@jetberrocal:

Thank you for your efforts.

Except for the clamav integration and coexistence with squid setup(I did not had time to test yet), I'm running e2Guardian with ssl interception(facebook, youtube videos), authentication and non-sandwich mode.

E2guardian 3.5.1 with 4.1 backport cert fix is working really nice. 8)

In my opinion is ready for a version 1.0 in the pfsense repo. In my case I feel already have the features I need for production.

marcelloc · May 26, 2017, 3:48 AM

If you need wpad or planning to test, I've finished a package for it on my repo.

jetberrocal · May 26, 2017, 4:01 AM

@marcelloc:

If you need wpad or planning to test, I've finished a package for it on my repo.

I use wpad but do not use it for "Auto detect" proxy, because Windows OS machines have a bug that fail to auto detect successfully. They do download the wpad file but they do not update the file correctly. They have a registry key/value that is set the first time with the wpad file if any found, but latter if the wpad changes or is found, the registry key fails to be updated. It is easier to create a Domain gpo setting the wpad.

It would be nice to be able to download directly from pfsense box instead to have other web server to serve it.

marcelloc · May 26, 2017, 4:12 AM

@jetberrocal:

It would be nice to be able to download directly from pfsense box instead to have other web server to serve it.

Take a look when you have time.

https://forum.pfsense.org/index.php?topic=131169.0

Mr. Jingles · May 26, 2017, 2:19 PM

Cron was already installed. I installed Aquid next to it.

I did the complete reinstall as per my previous post of yesterday, now no errors during install, yet same errors in status/system logs after enabling e2guardian, and e2guardian nor tiny start in Status/Services.

May 26 16:16:52

|
| root |
|

/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian [/q][/t][/t]

| May 26 16:16:52 | e2guardian | 69964 |

Error parsing the e2guardian.conf file or other e2guardian configuration files [/t]

| May 26 16:16:52 | e2guardian | 69964 |

Error reading filter group conf file(s). [/t]

| May 26 16:16:52 | e2guardian | 69964 |

Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf [/t]

| May 26 16:16:52 | e2guardian | 69964 |

Error opening bannedsitelist [/t]

| May 26 16:16:52 | e2guardian | 69964 |

Error reading file: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default [/t]

| May 26 16:16:52 | e2guardian | 69964 |

Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains [/t]

| May 26 16:16:52 | e2guardian | 69964 |

Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory [/t]

| May 26 16:16:34 | php-fpm | 58737 |

/pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian' [/t]

| May 26 16:16:34 | root |
|

/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian [/t]

| May 26 16:16:34 | e2guardian | 61336 |

Error parsing the e2guardian.conf file or other e2guardian configuration files [/t]

| May 26 16:16:34 | e2guardian | 61336 |

Error reading filter group conf file(s). [/t]

| May 26 16:16:34 | e2guardian | 61336 |

Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf [/t]

| May 26 16:16:34 | e2guardian | 61336 |

Error opening bannedsitelist [/t]

| May 26 16:16:34 | e2guardian | 61336 |

Error reading file: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default [/t]

| May 26 16:16:34 | e2guardian | 61336 |

Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains [/t]

| May 26 16:16:34 | e2guardian | 61336 |

Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory [/t]

| May 26 16:16:34 | php-fpm | 58737 |

/pkg_edit.php: Starting E2guardian [/t]

| May 26 16:16:29 | php-fpm | 89842 |

/pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian'

[/t]

marcelloc · May 26, 2017, 9:07 PM

@Mr.:

yet same errors in status/system logs after enabling e2guardian

Looks like you did not configured all the tabs or did not installed any blacklist(shallalist for example).

pfsensation · May 26, 2017, 8:56 PM

OMG!! Now everything is working perfectly! Certificates are forged and have the required SAN (Subject Alternative Name) for Google Chrome, Firefox etc to work.
Here's my sexy page at home :P – 'KorTeX' is just what I call my network.

I only have one issue still. When a page is blocked by ShallaList, or by banned expressions / phraselists. On the report page (block page) it does not correctly tell you what the page was categorised as (it says N/A as you can see on my screenshot) . For example, using the Smoothwall I have at my College, if you try to go to a blocked site, it will tell you why it was blocked and the correct category. When using E2G, currently it just says "Blocked site : whatever.com". If that was fixed it would be even more AMAZING!

Another issue is FALSE POSITIVES. I guess it's my configuration related but why is Yandex images, or Bing Images link being classified as portugese pornography? Without anything being typed in or searched? Are the phraselists up to date?

Also… On Smoothwall blocking... I realised, when you block advertises using their Guardian Proxy, it doesn't show the block page. Instead it says "advert blocked". Which makes sense, because say for example you're on a website and it's trying to load an ad in a DIV, the block page will show in a small tiny box and be useless. If possible, I'd much rather have it become a white box, or just say advert blocked. Let me know if you want a screenshot or an example of what I mean. But essentially, advertises on websites get replaced by the block page, but because the ads are small, it doesn't display the block page properly and it won't make sense. Since the text would be too small anyways.

Once again, thanks for your fantastic work Marcello! Absolutely love the amazing work you do for the community! <3

jetberrocal · May 28, 2017, 12:59 AM

Pfsensation

Maybe the category problem is a e2g v 3.5.1 bug.

Perhaps you can post a question on the e2g forum how to work this problem.

I also have the problem here with this e2g.

jkrueger2020 · May 28, 2017, 2:39 AM

So I hate to be the guy who probably missed a step somewhere and has no idea what he did wrong, but here's my issue. I installed e2Guardian, installed the shallalist and got URL blocking working, but I cannot get the phrase list working at all. Zero. Nada. I've tried going to keywords that are listed in the files for the categories I selected. No blocking. I even edited the config section under ACLs > Phrase List > Banned List > Config file and added the following to it: <jonathan> Then I tried to pull up a website with the name Jonathan on it - no blocking whatsoever.

I'm pulling my hair out on this. Can anyone tell me what step I might have missed that is causing the phrase blocking to not work? Again, I'm really sorry to be the guy who is probably asking a really dumb question.

Thanks in advance,

Jonathan</jonathan>

marcelloc · May 28, 2017, 2:44 AM

The site you're testing has Jonathan on the url or on page content?