Unofficial E2guardian package for pfSense
-
I found an workaround util 4.1.1 gets fixed 8)
-
Configure squid to intercept SSL connections with splice all mode (this checks only remote certificate)
-
Configure e2guardian Parent proxy Settings with your squid ssl interface configured.
Testing with steps I know that crashes the daemon but it's still alive with and without MITM.
-
-
I found an workaround util 4.1.1 gets fixed 8)
-
Configure squid to intercept SSL connections with splice all mode (this checks only remote certificate)
-
Configure e2guardian Parent proxy Settings with your squid ssl interface configured.
Testing with steps I know that crashes the daemon but it's still alive with and without MITM.
Won't squid and E2Guardian conflict with each other if I configure squid to intercept traffic? Since it creates a NAT rule and I already have a NAT rule for port 80 > 8080 for E2guardian.
Remember squid is completely unrestricted in terms of allowing Web access without E2 Guardian. I also realised you updated the package, what's new in the newer version?Got the error below on the latest version available in the repo.
PHP ERROR: Type: 1, File: /etc/inc/util.inc, Line: 1731, Message: Allowed memory size of 262144000 bytes exhausted (tried to allocate 47625514 bytes) @ 2017-06-11 11:16:25Then got this crash report…
Crash report begins. Anonymous machine information: amd64 10.3-RELEASE-p19 FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May 3 16:09:14 CDT 2017 root@ce23-amd64-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense Crash report details: PHP Errors: [11-Jun-2017 11:16:25 Europe/London] PHP Fatal error: Allowed memory size of 262144000 bytes exhausted (tried to allocate 47625514 bytes) in /etc/inc/util.inc on line 1731 [11-Jun-2017 11:16:25 Europe/London] PHP Stack trace: [11-Jun-2017 11:16:25 Europe/London] PHP 1\. {main}() /usr/local/www/pkg_edit.php:0 [11-Jun-2017 11:16:25 Europe/London] PHP 2\. eval() /usr/local/www/pkg_edit.php:141 [11-Jun-2017 11:16:25 Europe/London] PHP 3\. e2guardian_check_config() /usr/local/www/pkg_edit.php(141) : eval()'d code:1 [11-Jun-2017 11:16:25 Europe/London] PHP 4\. e2guardian_start() /usr/local/pkg/e2guardian.inc:1309 [11-Jun-2017 11:16:25 Europe/London] PHP 5\. mwexec() /usr/local/pkg/e2guardian.inc:1357 [11-Jun-2017 11:16:25 Europe/London] PHP 6\. sprintf() /etc/inc/util.inc:1731 No FreeBSD crash data found. -
-
Did you tried the debug version package I've posted before?
There is a new config option (banner site with bypass key) on new binaries, you need to save config and apply in order to get correct config files.
-
Did you tried the debug version package I've posted before?
There is a new config option (banner site with bypass key) on new binaries, you need to save config and apply in order to get correct config files.
I updated via the console, and it might have automatically gone to the debug version. Where is that option? :o
-
No, debug version needs a manual intervention.
To be sure you're not on a debug version, just try to run run /usr/local/sbin/e2guardian on console -
No, debug version needs a manual intervention.
To be sure you're not on a debug version, just try to run run /usr/local/sbin/e2guardian on consoleWhen I run the command I am getting an output. Does that mean I'm on the debug version? I'm confused.
-
When I run the command I am getting an output. Does that mean I'm on the debug version? I'm confused.
big output with a lot of information means debug mode, if it backs to console then you're on normal version.
-
Try to delete the crash alert and see if it happens again. I have no alerts or crashes on gui here.
-
When I run the command I am getting an output. Does that mean I'm on the debug version? I'm confused.
big output with a lot of information means debug mode, if it backs to console then you're on normal version.
Yep I am getting a lot of information. I ended up on the debug version just by updating through the console, how do I return back to normal version? Or do you recommend I stay on the debug version for now.
-
Uninstall then Install the package using the gui. And see if it will install the debug version.
-
Uninstall then Install the package using the gui. And see if it will install the debug version.
Yep, after re-installation running "/usr/local/sbin/e2guardian" again I'm still getting back a lot of information.
EDIT: got the error again
PHP ERROR: Type: 1, File: /etc/inc/util.inc, Line: 1729, Message: Allowed memory size of 262144000 bytes exhausted (tried to allocate 72 bytes) @ 2017-06-11 14:33:38Crash report begins. Anonymous machine information: amd64 10.3-RELEASE-p19 FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May 3 16:09:14 CDT 2017 root@ce23-amd64-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense Crash report details: PHP Errors: [11-Jun-2017 14:33:38 Europe/London] PHP Fatal error: Allowed memory size of 262144000 bytes exhausted (tried to allocate 72 bytes) in /etc/inc/util.inc on line 1729 [11-Jun-2017 14:33:38 Europe/London] PHP Stack trace: [11-Jun-2017 14:33:38 Europe/London] PHP 1\. {main}() /usr/local/www/pkg_edit.php:0 [11-Jun-2017 14:33:38 Europe/London] PHP 2\. eval() /usr/local/www/pkg_edit.php:141 [11-Jun-2017 14:33:38 Europe/London] PHP 3\. e2guardian_check_config() /usr/local/www/pkg_edit.php(141) : eval()'d code:1 [11-Jun-2017 14:33:38 Europe/London] PHP 4\. e2guardian_start() /usr/local/pkg/e2guardian.inc:1309 [11-Jun-2017 14:33:38 Europe/London] PHP 5\. mwexec() /usr/local/pkg/e2guardian.inc:1357 [11-Jun-2017 14:33:38 Europe/London] PHP 6\. exec() /etc/inc/util.inc:1729 -
I'll remove the debug version from repo. Are you on 2.3 amd64?
EDIT
done. No debug version on repo. An uninstall and reinstall should fix.
-
After 12hs, still no crashes. This week I'll push more clients to e2g and see how it goes.
good memory usage and performance. results from top -n -o res
-
@Mr.:
To remove tinyproxy, install it from Unofficial repo and then uninstall. The same with e2guardian.
The c-icap is a package from squid
Sorry to ask, Marcello, but how do install from unofficial repo? pkg install and then…?
Pfsensation above this reply says uninstalling isn't going to work(?)
-
@Mr.:
Sorry to ask, Marcello, but how do install from unofficial repo? pkg install and then…?
Just enabled the Unofficial repo following instructions from the first post and then go to GUI under system -> package manager
-
I'll remove the debug version from repo. Are you on 2.3 amd64?
EDIT
done. No debug version on repo. An uninstall and reinstall should fix.
Yes I am on 2.3 amd64. Reinstalled again, this time I got a new option in the GUI.
However when I type "/usr/local/sbin/e2guardian" I still get the output below.
EDIT: Ran update via console, and got a new E2Guardian update. I guess this is it?
EDIT2:
Updated from the console, now it's not giving me a tonne of information. Why the inconsistency when updating from the webgui or the console?? The annoying thing is, when updating from the console, usually it forces a reboot. You may not want your internet at your work, or whatever organisation you deployed it to go down for a minute or two. -
There is no binary update on upgrade. You need to uninstall it to remove e2guardian bsd package.
And after installing, you need to save config and apply to be sure you are not using default bsd package conf files.
The menu on console is for a system upgrade, to update packages on console, use pkg update, pkg install, etc…
-
There is no binary update on upgrade. You need to uninstall it to remove e2guardian bsd package.
And after installing, you need to save config and apply to be sure you are not using default bsd package conf files.
The menu on console is for a system upgrade, to update packages on console, use pkg update, pkg install, etc…
Uninstalling and reinstalling didn't work for me, but updating via console just by hitting "13" did the trick, although restarting the entire system. I'll try pkg update next time. But what I meant was, why couldn't I return to normal version via GUI? Why was it necessary to upgrade via console to get E2Guardian on non-debug version?
Sorry for the questions, it's becoming a bit confusing. The latest E2Guardian seems to be behaving better so far. Lets see how it goes.
-
I have no idea why it doesn't work for you. Here every time I remove the package, the binaries, services and menus goes too.
-
I have no idea why it doesn't work for you. Here every time I remove the package, the binaries, services and menus goes too.
I guess it doesn't matter anymore, I've managed to get on the latest version of E2Guardian. Can you add a script to make sure when upgrading via the WebGUI, that the old binaries are always deleted or removed? This would remove the need to have to completely uninstall E2Guardian, then install it again.
Also what kind of hardware do you use Marcelloc? Have you tweaked around with any extra settings on E2Guardian for perhaps even better performance?
How many HTTP workers do you use? Have you tweaked anything in the limits tab?
