Unofficial E2guardian package for pfSense
-
You can remove packages under console using pkg binary. (pkg info, pkg delete, etc…)
I'm changing the package structure to be able to install, remove, update it easier.
-
I installed E2Guardian from the unnoficial repo AMD64. Now I have two entries for E2Guardian in the web config. How can I remove the old manual one? Or any, as they are basically the same instance with two entries in the tab.
Another question is, why isn't E2Guardian decrypting/phrase matching content properly? If you go to Youtube and type in "porn x" inappropriate images appear, and there seem to be more than enough bad words on the search results for it to be blocked. But it doesn't get blocked even though I have all the phraselists enabled for pornography. However, when I refresh then it blocks. Why isn't it blocking on the first search? Is it just checking URL and ignoring?
Also having the same issues on Yandex, when you search for "porn" in images, it loads up. If you refresh then it blocks.I guess this is a pretty big bug. I don't think my configuration or setup is wrong because after refresh it is blocking the site just fine, maybe someone can confirm? I remember it working fine before the latest update. Not sure what could be wrong.
EDIT: wow this is weird… Searching "Porn x" from YouTube homepage right now blocks it. If you search something else then porn x. It bypasses the proxy, if you refresh the page it blocks it again. Why would it behave this way? I'm fully confused and tearing my hair out.
EDIT2: Now it seems to block searching that term from any page. If you try searching it 2/3x it eventually loads up. And bypasses block page.
Oh just to clarify. E2G is correctly decrypting HTTPS. I can see the internal CA in my browser when going to YouTube.
-
Maybe a firewall/antivirus conflict? I personally doubt it but in the tech universe, I prefer to not rule out any possibilities…
-
OMG!! Now everything is working perfectly! Certificates are forged and have the required SAN (Subject Alternative Name) for Google Chrome, Firefox etc to work.
Here's my sexy page at home :P – 'KorTeX' is just what I call my network.
@pfsensation Can you share your block page code? please?
-
4.1 retryfix branch seems to be working now on BSD, I'll start GUI changes for e2guardian 4.1
https://github.com/e2guardian/e2guardian/issues/222
-
4.1 retryfix branch seems to be working now on BSD, I'll start GUI changes for e2guardian 4.1
https://github.com/e2guardian/e2guardian/issues/222
Great to hear that, it seems some of the issues I'm facing is already fixed in 4.1. Also, I did realise you got rid of the GUI duplicate. So thanks a lot for that with the 0.9.2 update. :)
Will you be regularly maintaining your repo? Will it cause any problems with updating pfsense of default packages from pfsense repo? This seems like a really good way to get good quality unofficial packages and keep them up to date.
-
OMG!! Now everything is working perfectly! Certificates are forged and have the required SAN (Subject Alternative Name) for Google Chrome, Firefox etc to work.
Here's my sexy page at home :P – 'KorTeX' is just what I call my network.
@pfsensation Can you share your block page code? please?
Sure, although it's in no way perfect. It's much, much better looking than all other block pages I've seen and works perfectly for me. If you make any changes or make it better, let me know. :)
https://ybin.me/p/3b12275edc779552#Z9PkW1Vve44x83LQz9+XZd63bigXiWuUrJXr8lM4/Iw=
-
4.1 retryfix branch seems to be working now on BSD, I'll start GUI changes for e2guardian 4.1
https://github.com/e2guardian/e2guardian/issues/222
Great to hear that, it seems some of the issues I'm facing is already fixed in 4.1.
False positive. I got the testing repo from e2guardian but compiled a 3.5.1 version instead of 4.1. :(
I've include the dump of the crash on e2guardian git
-
You can remove packages under console using pkg binary. (pkg info, pkg delete, etc…)
I'm changing the package structure to be able to install, remove, update it easier.
Thank you Marcello ;D
Is it meant to deinstall Squid so I have to start all over again with that too?
-
Is there any way to turn off Tiny proxy once and for all? It's really frustrating because I use Squid and it keeps starting up when I change any configurations on E2Guardian.
-
Is there any way to turn off Tiny proxy once and for all? It's really frustrating because I use Squid and it keeps starting up when I change any configurations on E2Guardian.
I'll split it in two packages when I have time.
-
Is there any way to turn off Tiny proxy once and for all? It's really frustrating because I use Squid and it keeps starting up when I change any configurations on E2Guardian.
I'll split it in two packages when I have time.
Thanks Marcello! Or you could create a off switch? :P
-
Is there any way to turn off Tiny proxy once and for all? It's really frustrating because I use Squid and it keeps starting up when I change any configurations on E2Guardian.
I'll split it in two packages when I have time.
Thanks Marcello! Or you could create a off switch? :P
I can't remember what I did but I think I commented out a few lines in /usr/local/etc/rc.d/tinyproxy so it wouldnt started
#!/bin/sh # $FreeBSD: branches/2017Q1/www/tinyproxy/files/tinyproxy.in 340872 2014-01-24 00:14:07Z mat $ # # PROVIDE: tinyproxy # REQUIRE: LOGIN # # Add the following lines to /etc/rc.conf.local or /etc/rc.conf to enable tinyproxy: # tinyproxy_enable (bool): Set to "NO" by default. # Set it to "YES" to enable tinyproxy # tinyproxy_config (path): Set to "/usr/local/etc/tinyproxy.conf" by default. . /etc/rc.subr name="tinyproxy" rcvar=tinyproxy_enable load_rc_config $name # Make sure the pidfile matches what's in the config file. : ${tinyproxy_enable="NO"} : ${tinyproxy_pidfile="/var/run/tinyproxy.pid"} : ${tinyproxy_config="/usr/local/etc/tinyproxy.conf"} # pidfile=${tinyproxy_pidfile} # command=/usr/local/sbin/tinyproxy # command_args="-c $tinyproxy_config 2> /dev/null" # run_rc_command "$1"Thank you for sharing your block page!
-
False positive. I got the testing repo from e2guardian but compiled a 3.5.1 version instead of 4.1. :(
I've include the dump of the crash on e2guardian git
I could stop it from crashing but did not had time to see why this 4.1.1 BSD amd64 e2g binaries is not intercepting ssl.
Not sure if all http workers from 4.1.1 needs to be running or it's something that will happen with traffic.
https://github.com/e2guardian/e2guardian/pulls
-
False positive. I got the testing repo from e2guardian but compiled a 3.5.1 version instead of 4.1. :(
I've include the dump of the crash on e2guardian git
I could stop it from crashing but did not had time to see why this 4.1.1 BSD amd64 e2g binaries is not intercepting ssl.
Not sure if all http workers from 4.1.1 needs to be running or it's something that will happen with traffic.
https://github.com/e2guardian/e2guardian/pulls
Great we're making progress. Your pull was merged. :)
Don't worry, look at it when you have time. I'm very happy to see so much interest in E2Guardian now. Even at the stage it's in, it's way surpassed what SquidGuard could even hope to achieve.
That being said. On 4.1.1 the 'error too many redirects' issue was fixed and Philip Pearce, blamed the time out for Squid etc. I've tried messing with it, but still get the message from time to time although less so now after increasing time out to 60 secs.
-
I can't remember what I did but I think I commented out a few lines in /usr/local/etc/rc.d/tinyproxy so it wouldnt started
#!/bin/sh # $FreeBSD: branches/2017Q1/www/tinyproxy/files/tinyproxy.in 340872 2014-01-24 00:14:07Z mat $ # # PROVIDE: tinyproxy # REQUIRE: LOGIN # # Add the following lines to /etc/rc.conf.local or /etc/rc.conf to enable tinyproxy: # tinyproxy_enable (bool): Set to "NO" by default. # Set it to "YES" to enable tinyproxy # tinyproxy_config (path): Set to "/usr/local/etc/tinyproxy.conf" by default. . /etc/rc.subr name="tinyproxy" rcvar=tinyproxy_enable load_rc_config $name # Make sure the pidfile matches what's in the config file. : ${tinyproxy_enable="NO"} : ${tinyproxy_pidfile="/var/run/tinyproxy.pid"} : ${tinyproxy_config="/usr/local/etc/tinyproxy.conf"} # pidfile=${tinyproxy_pidfile} # command=/usr/local/sbin/tinyproxy # command_args="-c $tinyproxy_config 2> /dev/null" # run_rc_command "$1"Thank you for sharing your block page!
No problem, happy to give back to the community! :)
I'm not an expert with this, so I went with the safest method and set the bool tinyproxy_enable "NO" at the end of the script. Now Tinyproxy doesn't start up anymore! :D
-
No problem, happy to give back to the community! :)
I'm not an expert with this, so I went with the safest method and set the bool tinyproxy_enable "NO" at the end of the script. Now Tinyproxy doesn't start up anymore! :D
That works too =D, and a lot cleaner/safer
-
Added e2guardian4 to Unofficial repo 8)
tinyproxy may not install by default.
Also testing on 2.4(looks faster)
But I'm seeing only one e2guardian process. I'm not sure if it's the correct behavior or still has things to fix to run correctly under Freebsd
-
Added e2guardian4 to Unofficial repo 8)
tinyproxy may not install by default.
Also testing on 2.4(looks faster)
But I'm seeing only one e2guardian process. I'm not sure if it's the correct behavior or still has things to fix to run correctly under Freebsd
Does SSL interception and all work? Are the bugs you found squashed? Is the dependencies in the package manager meant to be e2guardian_35-3.5.1? It seems exactly the same as the old 3.5.1 version, but I haven't installed it yet.
Also it's threaded now right? Maybe that's why you're seeing only one process.
EDIT: So I ended updating E2Guardian via SSH by typing "13". Now it won't even start up. I am getting this error in logs
/pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Shared object "libssl.so.9" not found, required by "e2guardian" /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian'Also pfsense doesn't seem to be able to load the repo anymore. :(
Error:
>>> Updating repositories metadata... Updating Unofficial repository catalogue... Fetching meta.txz: . done Fetching packagesite.txz: . done Processing entries: . done Unofficial repository update completed. 8 packages processed. Updating pfSense-core repository catalogue... pkg: Repository pfSense-core load error: access repo file(/var/db/pkg/repo-pfSense-core.sqlite) failed: No such file or directory pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-core/meta.txz: No route to host repository pfSense-core has no meta file, using default settings pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-core/packagesite.txz: No route to host Unable to update repository pfSense-core Updating pfSense repository catalogue... pkg: Repository pfSense load error: access repo file(/var/db/pkg/repo-pfSense.sqlite) failed: No such file or directory pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-pfSense_v2_3_4/meta.txz: No route to host repository pfSense has no meta file, using default settings pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-pfSense_v2_3_4/packagesite.txz: No route to host Unable to update repository pfSense Error updating repositories!Being kinda screwed and out of choices… I changed Squid's port to 8080. Otherwise I get no connection at all, due to WPAD and settings on devices.
-
Does SSL interception and all work?
Yes.
Are the bugs you found squashed?
Not sure yet. youtube looks like was working better with 3.5 but it's to early to make a conclusion about it. I've tested only few minutes
Is the dependencies in the package manager meant to be e2guardian_35-3.5.1? It seems exactly the same as the old 3.5.1 version, but I haven't installed it yet.
Maybe because both are e2guardian packages. To change it on ports to a e2guardian4 takes some time
Also it's threaded now right? Maybe that's why you're seeing only one process.
Yes, I need to test it to see how far it can go with processing multiple cores, memory and throughput
EDIT: So I ended updating E2Guardian via SSH by typing "13". Now it won't even start up. I am getting this error in logs
/pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Shared object "libssl.so.9" not found, required by "e2guardian" /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian'e2guardian4 needs openssl. On my 2.4 test vm it installed as a dependence. I'll test again on a clean 2.3
you can try pkg install openssl from consoleAlso pfsense doesn't seem to be able to load the repo anymore. :(
Error:
pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-core/meta.txz: No route to host pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-core/packagesite.txz: No route to host pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-pfSense_v2_3_4/meta.txz: No route to host pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-pfSense_v2_3_4/packagesite.txz: No route to hostI've removed the previous package and then installed the e2guardian4 package
I have no idea why you are getting no route to host.
