Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unofficial E2guardian package for pfSense

    Scheduled Pinned Locked Moved Cache/Proxy
    1.2k Posts 71 Posters 1.7m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfsensation
      last edited by

      @Cino:

      Its not -BYPASS- (it's working pretty good). So far I've found  -FILTERGROUP- and -REASONLOGGED- will crash the daemon. And possibly the combo of using -USER- -HOST- -IP-.

      -REASONGIVEN-, -CATEGORIES-, -USER- so far seem to working for me using the attach page with -BYPASS-.

      I am using IP Address as my only Auth plugin if makes a difference.

      Confirmed! I can get -bypass- working fine without crashes, adding any of those place holders above causes E2Guardian to quit. xD

      I am also using IP address as my only auth, just to confirm. This is a weird bug, because it did work for couple authenticated users, if they had certain IP's it seemed. But I really don't know for sure why it was behaving so weird before, but now we know those particular place holders are causing the crashes. This is just a heads up if you have trouble re-creating the crashes Marcello. Also try to use my exact same block page source code, with everything intact, including -bypass-.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        @pfsensation:

        Also try to use my exact same block page source code, with everything intact, including -bypass-.

        That's the way I use, just included htl tags before and after.

        I'll start testing the 720 hosts network tomorrow. I'll use your template changing the image and will test it with and without those problematic fields.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • P
          pfsensation
          last edited by

          @marcelloc:

          @pfsensation:

          Also try to use my exact same block page source code, with everything intact, including -bypass-.

          That's the way I use, just included htl tags before and after.

          I'll start testing the 720 hosts network tomorrow. I'll use your template changing the image and will test it with and without those problematic fields.

          Alrighty, let us know how it goes. Where will you test this by the way? In a business?

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            @pfsensation:

            Alrighty, let us know how it goes. Where will you test this by the way? In a business?

            Yes, on a network I'll help to migrate.

            I've also pushed to 2.3 and 2.4 repo a 0.2 pkg version without tinyproxy(it has it's own pkg on Unofficial repo now) and with an apply action to daemon. This fixes the save apply restart issue.

            About the http workers. With more then 4000 it aborts. It should accept 20k. I'll build a debug version to see if it's a big or a limitation with current 4.1.1 code and BSD.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • P
              pfsensation
              last edited by

              @marcelloc:

              @pfsensation:

              Alrighty, let us know how it goes. Where will you test this by the way? In a business?

              Yes, on a network I'll help to migrate.

              I've also pushed to 2.3 and 2.4 repo a 0.2 pkg version without tinyproxy(it has it's own pkg on Unofficial repo now) and with an apply action to daemon. This fixes the save apply restart issue.

              About the http workers. With more then 4000 it aborts. It should accept 20k. I'll build a debug version to see if it's a big or a limitation with current 4.1.1 code and BSD.

              Just a heads up. Updating didn't remove Tiny Proxy automatically. I had to install Tiny Proxy from the repository and then uninstall to get it off my box.

              Hmm the http workers issue could be a big issue in bigger environments. I'm lucky I'm not noticing any degradation at home yet.

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                @pfsensation:

                Hmm the http workers issue could be a big issue in bigger environments. I'm lucky I'm not noticing any degradation at home yet.

                yes. I'll have a chance to test it this week and try to identify what needs a fix.

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • C
                  Cino
                  last edited by

                  @marcelloc:

                  I'll have a change to test it this week and try to identify what needs a fix.

                  'change' I've come to really dislike that word (and RFC, MOP, CAB) the past few months. Our entire Change/RFC process has changed at work and not for the better

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    @Cino:

                    @marcelloc:

                    I'll have a change to test it this week and try to identify what needs a fix.

                    'change' I've come to really dislike that word (and RFC, MOP, CAB) the past few months. Our entire Change/RFC process has changed at work and not for the better

                    Sorry, typo  :) I'll have a chance test

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • C
                      Cino
                      last edited by

                      ;D I figured, I was just being funny

                      1 Reply Last reply Reply Quote 0
                      • M
                        Mr. Jingles
                        last edited by

                        Hi Marcello,

                        I pkg delete c-icap, and that removed some other files.

                        I also deleted everything e2guardian and tinyproxy in /usr/local/pkg

                        However, in Status/Services, I still have both tinyproxy and e2guardian, as stopped. They are not listed in pkg info, they seem not to exist there.

                        As you wrote on page 3:

                        @marcelloc:

                        @Mr.:

                        tinyproxy and e2guardian both refuse to start.

                        As the pkg process failed on your box, there is no e2guardian or tinyproxy binaires installed.

                        That is probably the cause, so how can I now remove these 2 orphans from Status/Services?

                        Thank you :)

                        6 and a half billion people know that they are stupid, agressive, lower life forms.

                        1 Reply Last reply Reply Quote 0
                        • marcellocM
                          marcelloc
                          last edited by

                          To remove tinyproxy, install it from Unofficial repo and then uninstall. The same with e2guardian.

                          The c-icap is a package from squid

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          • P
                            pfsensation
                            last edited by

                            Tiny Proxy that pesky thing seems to keep coming back even through I installed it from the repo again and uninstalled it. D:

                            Any news on the tests Marcello? Did you manage to reproduce the crashes using those filter group, and hostname place holders/tags ?

                            1 Reply Last reply Reply Quote 0
                            • M
                              Mr. Jingles
                              last edited by

                              @marcelloc:

                              To remove tinyproxy, install it from Unofficial repo and then uninstall. The same with e2guardian.

                              The c-icap is a package from squid

                              Sorry to ask, Marcello, but how do install from unofficial repo? pkg install and then…?

                              Pfsensation above this reply says uninstalling isn't going to work(?)

                              6 and a half billion people know that they are stupid, agressive, lower life forms.

                              1 Reply Last reply Reply Quote 0
                              • P
                                pfsensation
                                last edited by

                                @Mr.:

                                @marcelloc:

                                To remove tinyproxy, install it from Unofficial repo and then uninstall. The same with e2guardian.

                                The c-icap is a package from squid

                                Sorry to ask, Marcello, but how do install from unofficial repo? pkg install and then…?

                                Pfsensation above this reply says uninstalling isn't going to work(?)

                                Well the method described above stops Tiny Proxy from starting but it still appears in service status / dash board.

                                1 Reply Last reply Reply Quote 0
                                • J
                                  jkrueger2020
                                  last edited by

                                  @jkrueger2020:

                                  @jetberrocal:

                                  The error is happening to me.

                                  I checked the config files and it is being generated correctly. 
                                  I also disable Exceptions box in case the word falls in the exceptions.

                                  So it seems to be an e2g 3.5.1 problem.

                                  I guess this has to be checked on the e2g forum.

                                  By the way I used the word <jet>. Search on Google and selected the link
                                  https://www.google.com.pr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&uact=8&ved=0ahUKEwjq5qXotpbUAhUE6yYKHTncD78QFghvMAw&url=https%3A%2F%2Fjetprogramusa.org%2F&usg=AFQjCNGFZZgNdXX2OXYga7BOLHmLFjdZ_g</jet>

                                  Thanks for helping to check this! At least I know I'm not the only one now.

                                  I've logged the issue on the E2Guardian Google Groups: https://groups.google.com/forum/#!topic/e2guardian/NfBZ1Ux_lEY

                                  If no one replies within a day or so, I'm going to log it as an issue on GitHub.

                                  Thanks again!

                                  Jonathan

                                  Marcelloc, would you please weigh in on this? I need to know, is this a bug I should log with E2G? I've taken this as far as I possibly know how.

                                  https://groups.google.com/forum/#!topic/e2guardian/NfBZ1Ux_lEY

                                  Thanks,

                                  Jonathan

                                  1 Reply Last reply Reply Quote 0
                                  • P
                                    pfsensation
                                    last edited by

                                    Found another issue with 4.1…

                                    I use the unofficial WPAD package, using the E2 Guardian proxy I'm unable to obtain the proxy.pac file via the pfsense machines IP address. However using the host name seems to work fine. When trying to download that pac file via IP when on the E2 Guardian proxy. I get "e2guardian 504 gateway time out. Unable to connect to upstream proxy".

                                    I don't it's an issue with squid as I haven't changed its configuration and I don't remember having this problem on 3.5.1.

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      jetberrocal
                                      last edited by

                                      @pfsensation:

                                      Found another issue with 4.1…

                                      I use the unofficial WPAD package, using the E2 Guardian proxy I'm unable to obtain the proxy.pac file via the pfsense machines IP address. However using the host name seems to work fine. When trying to download that pac file via IP when on the E2 Guardian proxy. I get "e2guardian 504 gateway time out. Unable to connect to upstream proxy".

                                      I don't it's an issue with squid as I haven't changed its configuration and I don't remember having this problem on 3.5.1.

                                      Why are you retrieving the wpad file through the proxy?  The wpad or proxy.pac are downloaded through the http port 80.  I think your "Internet Options" if in Windows should tell to connect to the pfsense bypassing the proxy.  I do not recall how is done in Linux or MAC. Your wpad file should also have a rule to go DIRECT when connecting to local network IPs.

                                      1 Reply Last reply Reply Quote 0
                                      • P
                                        pfsensation
                                        last edited by

                                        @jetberrocal:

                                        @pfsensation:

                                        Found another issue with 4.1…

                                        I use the unofficial WPAD package, using the E2 Guardian proxy I'm unable to obtain the proxy.pac file via the pfsense machines IP address. However using the host name seems to work fine. When trying to download that pac file via IP when on the E2 Guardian proxy. I get "e2guardian 504 gateway time out. Unable to connect to upstream proxy".

                                        I don't it's an issue with squid as I haven't changed its configuration and I don't remember having this problem on 3.5.1.

                                        Why are you retrieving the wpad file through the proxy?  The wpad or proxy.pac are downloaded through the http port 80.  I think your "Internet Options" if in Windows should tell to connect to the pfsense bypassing the proxy.  I do not recall how is done in Linux or MAC. Your wpad file should also have a rule to go DIRECT when connecting to local network IPs.

                                        I was troubleshooting some issues with IOS devices on my network then manually tried typing it in to test. In dhcp I am advertising it using the IP, but it gave that error through it proxy. I changed the dhcp to use the host name to connect and download the pac file, but this still seems like a bug nevertheless.

                                        1 Reply Last reply Reply Quote 0
                                        • J
                                          jetberrocal
                                          last edited by

                                          @pfsensation:

                                          I was troubleshooting some issues with IOS devices on my network then manually tried typing it in to test. In dhcp I am advertising it using the IP, but it gave that error through it proxy. I changed the dhcp to use the host name to connect and download the pac file, but this still seems like a bug nevertheless.

                                          E2g and squid has a setting to block urls with IPs.  Verify that is turn off. If on the pfsense IP should be explicitly allowed, I think.

                                          1 Reply Last reply Reply Quote 0
                                          • marcellocM
                                            marcelloc
                                            last edited by

                                            @pfsensation:

                                            but now we know those particular place holders are causing the crashes. This is just a heads up if you have trouble re-creating the crashes Marcello. Also try to use my exact same block page source code, with everything intact, including -bypass-.

                                            Even without report, just "access denied" the daemon crashes. I've started a watchdog script to keep e2guardian running but I'll need to run a debug version to try to identify where it's still getting segmentation fault errors.  :(

                                            also getting high values on e2guardian processes but low cpu load

                                            last pid: 83609;  load averages:  1.51,  8.54,  8.55                                                                                              up 1+20:43:27  11:35:36
                                            192 processes: 2 running, 189 sleeping, 1 zombie
                                            CPU:  1.5% user,  0.0% nice,  0.2% system,  0.6% interrupt, 97.6% idle
                                            Mem: 470M Active, 463M Inact, 863M Wired, 1060M Buf, 14G Free
                                            Swap:
                                            
                                              PID USERNAME  THR PRI NICE   SIZE    RES STATE   C   TIME    WCPU COMMAND
                                            81597 root      259  21    0   392M   127M accept  6   0:02 2795.70% e2guardian
                                            
                                            

                                            Treinamentos de Elite: http://sys-squad.com

                                            Help a community developer! ;D

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.