Unofficial E2guardian package for pfSense
-
Its not -BYPASS- (it's working pretty good). So far I've found -FILTERGROUP- and -REASONLOGGED- will crash the daemon. And possibly the combo of using -USER- -HOST- -IP-.
-REASONGIVEN-, -CATEGORIES-, -USER- so far seem to working for me using the attach page with -BYPASS-.
I am using IP Address as my only Auth plugin if makes a difference.
Confirmed! I can get -bypass- working fine without crashes, adding any of those place holders above causes E2Guardian to quit. xD
I am also using IP address as my only auth, just to confirm. This is a weird bug, because it did work for couple authenticated users, if they had certain IP's it seemed. But I really don't know for sure why it was behaving so weird before, but now we know those particular place holders are causing the crashes. This is just a heads up if you have trouble re-creating the crashes Marcello. Also try to use my exact same block page source code, with everything intact, including -bypass-.
-
Also try to use my exact same block page source code, with everything intact, including -bypass-.
That's the way I use, just included htl tags before and after.
I'll start testing the 720 hosts network tomorrow. I'll use your template changing the image and will test it with and without those problematic fields.
-
Also try to use my exact same block page source code, with everything intact, including -bypass-.
That's the way I use, just included htl tags before and after.
I'll start testing the 720 hosts network tomorrow. I'll use your template changing the image and will test it with and without those problematic fields.
Alrighty, let us know how it goes. Where will you test this by the way? In a business?
-
Alrighty, let us know how it goes. Where will you test this by the way? In a business?
Yes, on a network I'll help to migrate.
I've also pushed to 2.3 and 2.4 repo a 0.2 pkg version without tinyproxy(it has it's own pkg on Unofficial repo now) and with an apply action to daemon. This fixes the save apply restart issue.
About the http workers. With more then 4000 it aborts. It should accept 20k. I'll build a debug version to see if it's a big or a limitation with current 4.1.1 code and BSD.
-
Alrighty, let us know how it goes. Where will you test this by the way? In a business?
Yes, on a network I'll help to migrate.
I've also pushed to 2.3 and 2.4 repo a 0.2 pkg version without tinyproxy(it has it's own pkg on Unofficial repo now) and with an apply action to daemon. This fixes the save apply restart issue.
About the http workers. With more then 4000 it aborts. It should accept 20k. I'll build a debug version to see if it's a big or a limitation with current 4.1.1 code and BSD.
Just a heads up. Updating didn't remove Tiny Proxy automatically. I had to install Tiny Proxy from the repository and then uninstall to get it off my box.
Hmm the http workers issue could be a big issue in bigger environments. I'm lucky I'm not noticing any degradation at home yet.
-
Hmm the http workers issue could be a big issue in bigger environments. I'm lucky I'm not noticing any degradation at home yet.
yes. I'll have a chance to test it this week and try to identify what needs a fix.
-
I'll have a change to test it this week and try to identify what needs a fix.
'change' I've come to really dislike that word (and RFC, MOP, CAB) the past few months. Our entire Change/RFC process has changed at work and not for the better
-
I'll have a change to test it this week and try to identify what needs a fix.
'change' I've come to really dislike that word (and RFC, MOP, CAB) the past few months. Our entire Change/RFC process has changed at work and not for the better
Sorry, typo :) I'll have a chance test
-
;D I figured, I was just being funny
-
Hi Marcello,
I pkg delete c-icap, and that removed some other files.
I also deleted everything e2guardian and tinyproxy in /usr/local/pkg
However, in Status/Services, I still have both tinyproxy and e2guardian, as stopped. They are not listed in pkg info, they seem not to exist there.
As you wrote on page 3:
@Mr.:
tinyproxy and e2guardian both refuse to start.
As the pkg process failed on your box, there is no e2guardian or tinyproxy binaires installed.
That is probably the cause, so how can I now remove these 2 orphans from Status/Services?
Thank you :)
-
To remove tinyproxy, install it from Unofficial repo and then uninstall. The same with e2guardian.
The c-icap is a package from squid
-
Tiny Proxy that pesky thing seems to keep coming back even through I installed it from the repo again and uninstalled it. D:
Any news on the tests Marcello? Did you manage to reproduce the crashes using those filter group, and hostname place holders/tags ?
-
To remove tinyproxy, install it from Unofficial repo and then uninstall. The same with e2guardian.
The c-icap is a package from squid
Sorry to ask, Marcello, but how do install from unofficial repo? pkg install and then…?
Pfsensation above this reply says uninstalling isn't going to work(?)
-
@Mr.:
To remove tinyproxy, install it from Unofficial repo and then uninstall. The same with e2guardian.
The c-icap is a package from squid
Sorry to ask, Marcello, but how do install from unofficial repo? pkg install and then…?
Pfsensation above this reply says uninstalling isn't going to work(?)
Well the method described above stops Tiny Proxy from starting but it still appears in service status / dash board.
-
The error is happening to me.
I checked the config files and it is being generated correctly.
I also disable Exceptions box in case the word falls in the exceptions.So it seems to be an e2g 3.5.1 problem.
I guess this has to be checked on the e2g forum.
By the way I used the word <jet>. Search on Google and selected the link
https://www.google.com.pr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&uact=8&ved=0ahUKEwjq5qXotpbUAhUE6yYKHTncD78QFghvMAw&url=https%3A%2F%2Fjetprogramusa.org%2F&usg=AFQjCNGFZZgNdXX2OXYga7BOLHmLFjdZ_g</jet>Thanks for helping to check this! At least I know I'm not the only one now.
I've logged the issue on the E2Guardian Google Groups: https://groups.google.com/forum/#!topic/e2guardian/NfBZ1Ux_lEY
If no one replies within a day or so, I'm going to log it as an issue on GitHub.
Thanks again!
Jonathan
Marcelloc, would you please weigh in on this? I need to know, is this a bug I should log with E2G? I've taken this as far as I possibly know how.
https://groups.google.com/forum/#!topic/e2guardian/NfBZ1Ux_lEY
Thanks,
Jonathan
-
Found another issue with 4.1…
I use the unofficial WPAD package, using the E2 Guardian proxy I'm unable to obtain the proxy.pac file via the pfsense machines IP address. However using the host name seems to work fine. When trying to download that pac file via IP when on the E2 Guardian proxy. I get "e2guardian 504 gateway time out. Unable to connect to upstream proxy".
I don't it's an issue with squid as I haven't changed its configuration and I don't remember having this problem on 3.5.1.
-
Found another issue with 4.1…
I use the unofficial WPAD package, using the E2 Guardian proxy I'm unable to obtain the proxy.pac file via the pfsense machines IP address. However using the host name seems to work fine. When trying to download that pac file via IP when on the E2 Guardian proxy. I get "e2guardian 504 gateway time out. Unable to connect to upstream proxy".
I don't it's an issue with squid as I haven't changed its configuration and I don't remember having this problem on 3.5.1.
Why are you retrieving the wpad file through the proxy? The wpad or proxy.pac are downloaded through the http port 80. I think your "Internet Options" if in Windows should tell to connect to the pfsense bypassing the proxy. I do not recall how is done in Linux or MAC. Your wpad file should also have a rule to go DIRECT when connecting to local network IPs.
-
Found another issue with 4.1…
I use the unofficial WPAD package, using the E2 Guardian proxy I'm unable to obtain the proxy.pac file via the pfsense machines IP address. However using the host name seems to work fine. When trying to download that pac file via IP when on the E2 Guardian proxy. I get "e2guardian 504 gateway time out. Unable to connect to upstream proxy".
I don't it's an issue with squid as I haven't changed its configuration and I don't remember having this problem on 3.5.1.
Why are you retrieving the wpad file through the proxy? The wpad or proxy.pac are downloaded through the http port 80. I think your "Internet Options" if in Windows should tell to connect to the pfsense bypassing the proxy. I do not recall how is done in Linux or MAC. Your wpad file should also have a rule to go DIRECT when connecting to local network IPs.
I was troubleshooting some issues with IOS devices on my network then manually tried typing it in to test. In dhcp I am advertising it using the IP, but it gave that error through it proxy. I changed the dhcp to use the host name to connect and download the pac file, but this still seems like a bug nevertheless.
-
I was troubleshooting some issues with IOS devices on my network then manually tried typing it in to test. In dhcp I am advertising it using the IP, but it gave that error through it proxy. I changed the dhcp to use the host name to connect and download the pac file, but this still seems like a bug nevertheless.
E2g and squid has a setting to block urls with IPs. Verify that is turn off. If on the pfsense IP should be explicitly allowed, I think.
-
but now we know those particular place holders are causing the crashes. This is just a heads up if you have trouble re-creating the crashes Marcello. Also try to use my exact same block page source code, with everything intact, including -bypass-.
Even without report, just "access denied" the daemon crashes. I've started a watchdog script to keep e2guardian running but I'll need to run a debug version to try to identify where it's still getting segmentation fault errors. :(
also getting high values on e2guardian processes but low cpu load
last pid: 83609; load averages: 1.51, 8.54, 8.55 up 1+20:43:27 11:35:36 192 processes: 2 running, 189 sleeping, 1 zombie CPU: 1.5% user, 0.0% nice, 0.2% system, 0.6% interrupt, 97.6% idle Mem: 470M Active, 463M Inact, 863M Wired, 1060M Buf, 14G Free Swap: PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 81597 root 259 21 0 392M 127M accept 6 0:02 2795.70% e2guardian
