Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unofficial E2guardian package for pfSense

    Scheduled Pinned Locked Moved Cache/Proxy
    1.2k Posts 71 Posters 1.7m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcellocM
      marcelloc
      last edited by

      Leave it open without redirect on a ssh console.

      When it crashes, latest info on ssh console will be the relevant information to send to e2guardian dev team.

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • P
        pfsensation
        last edited by

        @marcelloc:

        Leave it open without redirect on a ssh console.

        When it crashes, latest info on ssh console will be the relevant information to send to e2guardian dev team.

        Got it, thanks bro! I'll keep a SSH session open with this on my ESXi VM :)

        EDIT:

        GOTCHA!! Found the problem, it's the HOSTS in the block page. Removing that broken feature right away.

        hw2390: Start of request header:in
        hw2390: header:in before getLine - timeout:55000 Line: 1938 Function: in
        hw2390: firstime: header:in after getLine  Line: 1942 Function: in
        hw2390: header:size =  7
        hw2390: first line =  POST /vpninfo/servers HTTP/1.1
         Line: 981 Function: checkheader: Host: www.privateinternetaccess.com
         Line: 981 Function: checkheader: Accept-Encoding: identity,gzip,deflate
         Line: 981 Function: checkheader: Accept: */*
         Line: 981 Function: checkheader: User-Agent: Ruby
        hw2390: tp =Content-Length: 49
        hw2390: tp =49 Contentlen.int =49
         Line: 981 Function: checkheader: Content-Length: 49
        hw2390: Header value from client: Content-Type: application/x-www-form-urlencode Line: 981 Function: checkheader
        hw2390: CheckHeader: HTTP/1.1 detected Line: 990 Function: checkheader
        hw2390: CheckHeader flags before normalisation: AP=1 PPC=0 1.1=1 connectionclose=1 CL=1 Line: 1051 Function: checkheader
        hw2390: CheckHeader flags after normalisation: AP=0 WP=0 Line: 1074 Function: checkheader
        hw2390: CheckHeader: Adding our own Proxy-Connection: Close Line: 1093 Function: checkheader
        hw2390: HTTPHeader size: 8
        hw2390: from header url:http://www.privateinternetaccess.com/vpninfo/servers Line: 1235 Function: getUrl
        hw2390: setURL: header.front() changed from: POST http://www.privateinternetacce Line: 540 Function: setURL/1.1
         Line: 548 Function: setURLw.privateinternetaccess.com/vpninfo/servers HTTP/1.1
         Line: 553 Function: setURLne changed from: Host: www.privateinternetaccess.com
         Line: 562 Function: setURLteinternetaccess.com
        hw2390: isProxyRequest is 0
        hw2390:  firsttime =1ismitm =0 clientuser = group = 1
        hw2390: Compiling ,*[a-z|A-Z].*
        hw2390: ...with PCRE
        hw2390: HTTPHeader size: 8
        hw2390: from header url:http://www.privateinternetaccess.com/vpninfo/servers Line: 1235 Function: getUrl
        hw2390: decoding url Line: 1519 Function: decode
        hw2390: 38420Start URL http://www.privateinternetaccess.com/vpninfo/serversis_ssl=0ismitm=0
        hw2390: inIPList no match for 172.16.1.17
        hw2390: inIPList no match for 172.16.1.17
        hw2390: inURLList: www.privateinternetaccess.com/vpninfo/servers
        hw2390: inURLList (processed): www.privateinternetaccess.com/vpninfo/servers
        After StoryA pre-authcheck0 mess_no 0
        hw2390: isProxyRequest is 0 only_ip_auth is 1
        hw2390:  -Not got persistent credentials for this connection - querying auth plugins
        hw2390:  -Querying next auth plugin...
        hw2390:  -Auth plugin found username 172.16.1.17 (), now determining group
        hw2390: Matched IP 172.16.1.17 to straight IP list
        hw2390: Auth plugin found username & group; not querying remaining plugins
        hw2390:  -Identity found; caching username & group
        Auth plugin is for a connection-based auth method - keeping credentials for entire connection
        hw2390:  -username: 172.16.1.17
        hw2390:  -filtergroup: 1
        hw2390:  -About to check for bypass...
        hw2390: Found cookie: Line: 1309 Function: getCookie
        hw2390: No bypass cookie Line: 1337 Function: isBypassCookie
        hw2390:  -Finished bypass checks.
        hw2390: inURLList: www.privateinternetaccess.com/vpninfo/servers
        hw2390: inURLList (processed): www.privateinternetaccess.com/vpninfo/servers
        hw2390: inURLList: www.privateinternetaccess.com/vpninfo/servers
        hw2390: inURLList (processed): www.privateinternetaccess.com/vpninfo/servers
        hw2390: After StoryB checkrequest isexception 0 gomitm 0 mess_no 500
        hw2390:  -Forwarding body to client : Upfailure is 0
        hw2390:  -reporting level is 3
        hw2390:  -Enabling filter bypass hash generation
        hw2390: mime type: - Line: 217 Function: isContentType
        hw2390: mimes result : false Line: 244 Function: isContentType
        hw2390: Displaying TEMPLATE
        hw2390: -HOST- placeholder encountered but hostname currently unknown; lookup forced.
        Segmentation fault
        
        
        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          Happened and fixed on 4.1. maybe not merged on 5.0

          I'll se if I find the issue number on 4.1 branch and post on #375

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • P
            pfsensation
            last edited by

            @marcelloc:

            Happened and fixed on 4.1. maybe not merged on 5.0

            I'll se if I find the issue number on 4.1 branch and post on #375

            Face palm even without the -HOSTS- place holder in my block page. E2 Guardian still crashes after sometime, I guess I'll have to do more debugging tomorrow.

            1 Reply Last reply Reply Quote 0
            • P
              pfsensation
              last edited by

              @pfsensation:

              @marcelloc:

              Happened and fixed on 4.1. maybe not merged on 5.0

              I'll se if I find the issue number on 4.1 branch and post on #375

              Face palm even without the -HOSTS- place holder in my block page. E2 Guardian still crashes after sometime, I guess I'll have to do more debugging tomorrow.

              
              SB  list name banned checking type  3
              Looking for banned type 3 in listmeta
              Found banned type 3 in listmeta
              list reference 196 'banned' found for banned
              SB  list name banned checking type  2
              Looking for banned type 2 in listmeta
              Found banned type 2 in listmeta
              list reference 206 'banned' found for banned
              SB  list name banned checking type  6
              Looking for banned type 6 in listmeta
              Found banned type 6 in listmeta
              list reference 223 'banned' found for banned
              banned matches 3 types
              Line 218 state is 2 actionid 5003 listname banned
              Compiling .*[a-z|A-Z].*
              ...with PCRE
              Setting magic key to 'PWYDSKLILPOTMCAK'
              read filter group: 4 /usr/local/etc/e2guardian/e2guardianf5.conf return is 1
              I seem to be running already!
              In deleteFilterGroups loop
              In deleteFilterGroups loop
              In deleteFilterGroups loop
              In deleteFilterGroups loop
              In deleteFilterGroups loop
              

              Just got this @Marcelloc and then E2G crashed. Weird… Not sure what return is 1 means.

              Also getting the below with E2G Debug binaries:

              Apr 16 14:49:22	e2guardian	83603	Tunnel status not 200 ok aborting
              Apr 16 14:49:24	e2guardian	83603	Tunnel status not 200 ok aborting
              Apr 16 14:49:30	e2guardian	83603	Tunnel status not 200 ok aborting
              Apr 16 14:49:33	e2guardian	83603	Tunnel status not 200 ok aborting
              
              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                I seem to be running already! Is the error when there is another process running (apply whike reloading, watchdog, etc…)

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • P
                  pfsensation
                  last edited by

                  @marcelloc:

                  I seem to be running already! Is the error when there is another process running (apply whike reloading, watchdog, etc…)

                  I think the watchdog may need to be re-designed, because that shouldn't happen. My E2G is set to kill a running instances and start new ones on config change.

                  1 Reply Last reply Reply Quote 0
                  • P
                    pfsensation
                    last edited by

                    Hi Marcelloc,

                    Could you please update the binaries, the E2G developers have pushed out some patches which should help with these segmentation faults. Funnily enough the debug version seems to work more stable for me than the one in the repo.

                    Thanks

                    1 Reply Last reply Reply Quote 0
                    • L
                      landforces
                      last edited by

                      hi marcello

                      There are 2 responsibilities

                      1. exe zip vs download blocking

                      When we try to enter some prohibited sites, such as the second picture, it reacts differently
                      one says that this site can not be reached and the other page comes Block.

                      e2guard.PNG
                      e2guard.PNG_thumb

                      1 Reply Last reply Reply Quote 0
                      • marcellocM
                        marcelloc
                        last edited by

                        @pfsensation:

                        Hi Marcelloc,

                        Could you please update the binaries, the E2G developers have pushed out some patches which should help with these segmentation faults. Funnily enough the debug version seems to work more stable for me than the one in the repo.

                        Thanks

                        Binaries updated on repo.

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • P
                          pfsensation
                          last edited by

                          @landforces:

                          hi marcello

                          There are 2 responsibilities

                          1. exe zip vs download blocking

                          When we try to enter some prohibited sites, such as the second picture, it reacts differently
                          one says that this site can not be reached and the other page comes Block.

                          Have you got Forge SSL certificates turned on? If you enable that and install the CA on all your devices, you will then get the block page on all banned sites.

                          Weird that you're getting a DNS error though. Are you sure you don't have any DNS blocking that site?

                          1 Reply Last reply Reply Quote 0
                          • P
                            pfsensation
                            last edited by

                            @marcelloc:

                            @pfsensation:

                            Hi Marcelloc,

                            Could you please update the binaries, the E2G developers have pushed out some patches which should help with these segmentation faults. Funnily enough the debug version seems to work more stable for me than the one in the repo.

                            Thanks

                            Binaries updated on repo.

                            Awesome, updating right away!

                            1 Reply Last reply Reply Quote 0
                            • L
                              landforces
                              last edited by

                              hi pfsensation

                              I'm in Turkey we have many sites forbidden we have many sites forbidden
                              operator bans telecom with DNS

                              1 Reply Last reply Reply Quote 0
                              • marcellocM
                                marcelloc
                                last edited by

                                Last build I forgot to remove DEBUG compile option, so I've pushed binaries version e2guardian-5.0.2_5.txz without debug to the repo.

                                If you need current debug version, fetch from :

                                pkg add -f https://e-sac.websiteseguro.com/e2g/e2guardian-5.0.2_5.txz
                                

                                Treinamentos de Elite: http://sys-squad.com

                                Help a community developer! ;D

                                1 Reply Last reply Reply Quote 0
                                • P
                                  pfsensation
                                  last edited by

                                  @landforces:

                                  hi pfsensation

                                  I'm in Turkey we have many sites forbidden we have many sites forbidden
                                  operator bans telecom with DNS

                                  That's your problem in the screenshot. Turkey already bans most bad sites due to religious reasons. I recently came back from Turkey (Antalya), went on holiday it was amazing! I'm guessing you're using Turkce Telekom?

                                  I'm not too sure how it'll work in your instance as I haven't tested it. E2 Guardian can't do any phrase  checking if the DNS is being null routed. However it should still be detect the URL from ShallaList. Turn on Forge SSL Certificates, and install the CA and give it a shot. Remember, on HTTPS sites you will not get a block page of you do not have MITM enabled.

                                  1 Reply Last reply Reply Quote 0
                                  • marcellocM
                                    marcelloc
                                    last edited by

                                    Is anybody else receiving ERR_SSL_BAS_RECORD_MAC_ALERT on chrome and firefox after latest updated with MITM?

                                    Treinamentos de Elite: http://sys-squad.com

                                    Help a community developer! ;D

                                    1 Reply Last reply Reply Quote 0
                                    • P
                                      pfsensation
                                      last edited by

                                      @marcelloc:

                                      Is anybody else receiving ERR_SSL_BAS_RECORD_MAC_ALERT on chrome and firefox after latest updated with MITM?

                                      I don't seem to be getting it, just gave it a quick try. What setup are you using? And did you try clearing the cache?

                                      1 Reply Last reply Reply Quote 0
                                      • P
                                        pfsensation
                                        last edited by

                                        @Marcelloc when I use E2 Guardian in MITM mode with pfBlocker. I'm getting NGINX errors, E2G seems to be forwarding the traffic to the NGINX server rather that directly to pfBlocker.

                                        I've tried setting the options to make all traffic going to pfBlocker IP bypass the proxy but it hasn't helped. How have you got it setup and are you having this issue? I am using DNSBL on pfBlocker.

                                        1 Reply Last reply Reply Quote 0
                                        • marcellocM
                                          marcelloc
                                          last edited by

                                          @pfsensation:

                                          did you try clearing the cache?

                                          Yes. After cleaning and restarting, few sites goes fine then all get mac error.

                                          Treinamentos de Elite: http://sys-squad.com

                                          Help a community developer! ;D

                                          1 Reply Last reply Reply Quote 0
                                          • marcellocM
                                            marcelloc
                                            last edited by

                                            @pfsensation:

                                            I'm getting NGINX errors, E2G seems to be forwarding the traffic to the NGINX server rather that directly to pfBlocker.

                                            Does pfblockerNG package started redirecting or showing error pages on latest versions? The pfblocker versions I've used was just a  deny rules creator, with any redirect.

                                            Treinamentos de Elite: http://sys-squad.com

                                            Help a community developer! ;D

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.