Unofficial E2guardian package for pfSense
-
I've updated the install process to use freebsd package style instead of manual fetch from script. you can also enable the unofficial repository to install it using GUI.
See the updated install instructions on the first post of this topic.
Unfortunately, this package is still available only for AMD64 architecture.
-
When using Mitm I'm getting "Error too many redirects" from time to time. It can become quite frustrating when you're trying to browse, and you have to keep refreshing and going back on the page until it finally works.
Anyone else experiencing this? I vaguely remember seeing this being reported before to the E2G team, I assume it's fixed in 4.1 If it has, maybe we can back port?
Also marcelloc, have you been able to test newer versions of E2G on pfsense? Hoping it can be stable enough soon for us to update.
I found this link related to your problem
https://github.com/e2guardian/e2guardian/issues/92I think you need to add the particular site to a ssl cert exception conf file.
-
Was this answer:
I'm changing the packages under unofficial repo to have uninstall and update under system -> Package manger. E2guardian will take some time as it needs a manual compiled binaries. But packages like wpad and filer are already updated.
Meant as a reply to me:
@Mr.:
How can I safely remove icap, clam, e2guardian, tinyproxy, and all others?
So I can start fresh again, and can you give me the exact install commands?
If so, it means I can't completely remove it now?
-
You can remove packages under console using pkg binary. (pkg info, pkg delete, etc…)
I'm changing the package structure to be able to install, remove, update it easier.
-
I installed E2Guardian from the unnoficial repo AMD64. Now I have two entries for E2Guardian in the web config. How can I remove the old manual one? Or any, as they are basically the same instance with two entries in the tab.
Another question is, why isn't E2Guardian decrypting/phrase matching content properly? If you go to Youtube and type in "porn x" inappropriate images appear, and there seem to be more than enough bad words on the search results for it to be blocked. But it doesn't get blocked even though I have all the phraselists enabled for pornography. However, when I refresh then it blocks. Why isn't it blocking on the first search? Is it just checking URL and ignoring?
Also having the same issues on Yandex, when you search for "porn" in images, it loads up. If you refresh then it blocks.I guess this is a pretty big bug. I don't think my configuration or setup is wrong because after refresh it is blocking the site just fine, maybe someone can confirm? I remember it working fine before the latest update. Not sure what could be wrong.
EDIT: wow this is weird… Searching "Porn x" from YouTube homepage right now blocks it. If you search something else then porn x. It bypasses the proxy, if you refresh the page it blocks it again. Why would it behave this way? I'm fully confused and tearing my hair out.
EDIT2: Now it seems to block searching that term from any page. If you try searching it 2/3x it eventually loads up. And bypasses block page.
Oh just to clarify. E2G is correctly decrypting HTTPS. I can see the internal CA in my browser when going to YouTube.
-
Maybe a firewall/antivirus conflict? I personally doubt it but in the tech universe, I prefer to not rule out any possibilities…
-
OMG!! Now everything is working perfectly! Certificates are forged and have the required SAN (Subject Alternative Name) for Google Chrome, Firefox etc to work.
Here's my sexy page at home :P – 'KorTeX' is just what I call my network.
@pfsensation Can you share your block page code? please?
-
4.1 retryfix branch seems to be working now on BSD, I'll start GUI changes for e2guardian 4.1
https://github.com/e2guardian/e2guardian/issues/222
-
4.1 retryfix branch seems to be working now on BSD, I'll start GUI changes for e2guardian 4.1
https://github.com/e2guardian/e2guardian/issues/222
Great to hear that, it seems some of the issues I'm facing is already fixed in 4.1. Also, I did realise you got rid of the GUI duplicate. So thanks a lot for that with the 0.9.2 update. :)
Will you be regularly maintaining your repo? Will it cause any problems with updating pfsense of default packages from pfsense repo? This seems like a really good way to get good quality unofficial packages and keep them up to date.
-
OMG!! Now everything is working perfectly! Certificates are forged and have the required SAN (Subject Alternative Name) for Google Chrome, Firefox etc to work.
Here's my sexy page at home :P – 'KorTeX' is just what I call my network.
@pfsensation Can you share your block page code? please?
Sure, although it's in no way perfect. It's much, much better looking than all other block pages I've seen and works perfectly for me. If you make any changes or make it better, let me know. :)
https://ybin.me/p/3b12275edc779552#Z9PkW1Vve44x83LQz9+XZd63bigXiWuUrJXr8lM4/Iw=
-
4.1 retryfix branch seems to be working now on BSD, I'll start GUI changes for e2guardian 4.1
https://github.com/e2guardian/e2guardian/issues/222
Great to hear that, it seems some of the issues I'm facing is already fixed in 4.1.
False positive. I got the testing repo from e2guardian but compiled a 3.5.1 version instead of 4.1. :(
I've include the dump of the crash on e2guardian git
-
You can remove packages under console using pkg binary. (pkg info, pkg delete, etc…)
I'm changing the package structure to be able to install, remove, update it easier.
Thank you Marcello ;D
Is it meant to deinstall Squid so I have to start all over again with that too?
-
Is there any way to turn off Tiny proxy once and for all? It's really frustrating because I use Squid and it keeps starting up when I change any configurations on E2Guardian.
-
Is there any way to turn off Tiny proxy once and for all? It's really frustrating because I use Squid and it keeps starting up when I change any configurations on E2Guardian.
I'll split it in two packages when I have time.
-
Is there any way to turn off Tiny proxy once and for all? It's really frustrating because I use Squid and it keeps starting up when I change any configurations on E2Guardian.
I'll split it in two packages when I have time.
Thanks Marcello! Or you could create a off switch? :P
-
Is there any way to turn off Tiny proxy once and for all? It's really frustrating because I use Squid and it keeps starting up when I change any configurations on E2Guardian.
I'll split it in two packages when I have time.
Thanks Marcello! Or you could create a off switch? :P
I can't remember what I did but I think I commented out a few lines in /usr/local/etc/rc.d/tinyproxy so it wouldnt started
#!/bin/sh # $FreeBSD: branches/2017Q1/www/tinyproxy/files/tinyproxy.in 340872 2014-01-24 00:14:07Z mat $ # # PROVIDE: tinyproxy # REQUIRE: LOGIN # # Add the following lines to /etc/rc.conf.local or /etc/rc.conf to enable tinyproxy: # tinyproxy_enable (bool): Set to "NO" by default. # Set it to "YES" to enable tinyproxy # tinyproxy_config (path): Set to "/usr/local/etc/tinyproxy.conf" by default. . /etc/rc.subr name="tinyproxy" rcvar=tinyproxy_enable load_rc_config $name # Make sure the pidfile matches what's in the config file. : ${tinyproxy_enable="NO"} : ${tinyproxy_pidfile="/var/run/tinyproxy.pid"} : ${tinyproxy_config="/usr/local/etc/tinyproxy.conf"} # pidfile=${tinyproxy_pidfile} # command=/usr/local/sbin/tinyproxy # command_args="-c $tinyproxy_config 2> /dev/null" # run_rc_command "$1"Thank you for sharing your block page!
-
False positive. I got the testing repo from e2guardian but compiled a 3.5.1 version instead of 4.1. :(
I've include the dump of the crash on e2guardian git
I could stop it from crashing but did not had time to see why this 4.1.1 BSD amd64 e2g binaries is not intercepting ssl.
Not sure if all http workers from 4.1.1 needs to be running or it's something that will happen with traffic.
https://github.com/e2guardian/e2guardian/pulls
-
False positive. I got the testing repo from e2guardian but compiled a 3.5.1 version instead of 4.1. :(
I've include the dump of the crash on e2guardian git
I could stop it from crashing but did not had time to see why this 4.1.1 BSD amd64 e2g binaries is not intercepting ssl.
Not sure if all http workers from 4.1.1 needs to be running or it's something that will happen with traffic.
https://github.com/e2guardian/e2guardian/pulls
Great we're making progress. Your pull was merged. :)
Don't worry, look at it when you have time. I'm very happy to see so much interest in E2Guardian now. Even at the stage it's in, it's way surpassed what SquidGuard could even hope to achieve.
That being said. On 4.1.1 the 'error too many redirects' issue was fixed and Philip Pearce, blamed the time out for Squid etc. I've tried messing with it, but still get the message from time to time although less so now after increasing time out to 60 secs.
-
I can't remember what I did but I think I commented out a few lines in /usr/local/etc/rc.d/tinyproxy so it wouldnt started
#!/bin/sh # $FreeBSD: branches/2017Q1/www/tinyproxy/files/tinyproxy.in 340872 2014-01-24 00:14:07Z mat $ # # PROVIDE: tinyproxy # REQUIRE: LOGIN # # Add the following lines to /etc/rc.conf.local or /etc/rc.conf to enable tinyproxy: # tinyproxy_enable (bool): Set to "NO" by default. # Set it to "YES" to enable tinyproxy # tinyproxy_config (path): Set to "/usr/local/etc/tinyproxy.conf" by default. . /etc/rc.subr name="tinyproxy" rcvar=tinyproxy_enable load_rc_config $name # Make sure the pidfile matches what's in the config file. : ${tinyproxy_enable="NO"} : ${tinyproxy_pidfile="/var/run/tinyproxy.pid"} : ${tinyproxy_config="/usr/local/etc/tinyproxy.conf"} # pidfile=${tinyproxy_pidfile} # command=/usr/local/sbin/tinyproxy # command_args="-c $tinyproxy_config 2> /dev/null" # run_rc_command "$1"Thank you for sharing your block page!
No problem, happy to give back to the community! :)
I'm not an expert with this, so I went with the safest method and set the bool tinyproxy_enable "NO" at the end of the script. Now Tinyproxy doesn't start up anymore! :D
-
No problem, happy to give back to the community! :)
I'm not an expert with this, so I went with the safest method and set the bool tinyproxy_enable "NO" at the end of the script. Now Tinyproxy doesn't start up anymore! :D
That works too =D, and a lot cleaner/safer
