Unofficial E2guardian package for pfSense
-
Leave it open without redirect on a ssh console.
When it crashes, latest info on ssh console will be the relevant information to send to e2guardian dev team.
Got it, thanks bro! I'll keep a SSH session open with this on my ESXi VM :)
EDIT:
GOTCHA!! Found the problem, it's the HOSTS in the block page. Removing that broken feature right away.
hw2390: Start of request header:in hw2390: header:in before getLine - timeout:55000 Line: 1938 Function: in hw2390: firstime: header:in after getLine Line: 1942 Function: in hw2390: header:size = 7 hw2390: first line = POST /vpninfo/servers HTTP/1.1 Line: 981 Function: checkheader: Host: www.privateinternetaccess.com Line: 981 Function: checkheader: Accept-Encoding: identity,gzip,deflate Line: 981 Function: checkheader: Accept: */* Line: 981 Function: checkheader: User-Agent: Ruby hw2390: tp =Content-Length: 49 hw2390: tp =49 Contentlen.int =49 Line: 981 Function: checkheader: Content-Length: 49 hw2390: Header value from client: Content-Type: application/x-www-form-urlencode Line: 981 Function: checkheader hw2390: CheckHeader: HTTP/1.1 detected Line: 990 Function: checkheader hw2390: CheckHeader flags before normalisation: AP=1 PPC=0 1.1=1 connectionclose=1 CL=1 Line: 1051 Function: checkheader hw2390: CheckHeader flags after normalisation: AP=0 WP=0 Line: 1074 Function: checkheader hw2390: CheckHeader: Adding our own Proxy-Connection: Close Line: 1093 Function: checkheader hw2390: HTTPHeader size: 8 hw2390: from header url:http://www.privateinternetaccess.com/vpninfo/servers Line: 1235 Function: getUrl hw2390: setURL: header.front() changed from: POST http://www.privateinternetacce Line: 540 Function: setURL/1.1 Line: 548 Function: setURLw.privateinternetaccess.com/vpninfo/servers HTTP/1.1 Line: 553 Function: setURLne changed from: Host: www.privateinternetaccess.com Line: 562 Function: setURLteinternetaccess.com hw2390: isProxyRequest is 0 hw2390: firsttime =1ismitm =0 clientuser = group = 1 hw2390: Compiling ,*[a-z|A-Z].* hw2390: ...with PCRE hw2390: HTTPHeader size: 8 hw2390: from header url:http://www.privateinternetaccess.com/vpninfo/servers Line: 1235 Function: getUrl hw2390: decoding url Line: 1519 Function: decode hw2390: 38420Start URL http://www.privateinternetaccess.com/vpninfo/serversis_ssl=0ismitm=0 hw2390: inIPList no match for 172.16.1.17 hw2390: inIPList no match for 172.16.1.17 hw2390: inURLList: www.privateinternetaccess.com/vpninfo/servers hw2390: inURLList (processed): www.privateinternetaccess.com/vpninfo/servers After StoryA pre-authcheck0 mess_no 0 hw2390: isProxyRequest is 0 only_ip_auth is 1 hw2390: -Not got persistent credentials for this connection - querying auth plugins hw2390: -Querying next auth plugin... hw2390: -Auth plugin found username 172.16.1.17 (), now determining group hw2390: Matched IP 172.16.1.17 to straight IP list hw2390: Auth plugin found username & group; not querying remaining plugins hw2390: -Identity found; caching username & group Auth plugin is for a connection-based auth method - keeping credentials for entire connection hw2390: -username: 172.16.1.17 hw2390: -filtergroup: 1 hw2390: -About to check for bypass... hw2390: Found cookie: Line: 1309 Function: getCookie hw2390: No bypass cookie Line: 1337 Function: isBypassCookie hw2390: -Finished bypass checks. hw2390: inURLList: www.privateinternetaccess.com/vpninfo/servers hw2390: inURLList (processed): www.privateinternetaccess.com/vpninfo/servers hw2390: inURLList: www.privateinternetaccess.com/vpninfo/servers hw2390: inURLList (processed): www.privateinternetaccess.com/vpninfo/servers hw2390: After StoryB checkrequest isexception 0 gomitm 0 mess_no 500 hw2390: -Forwarding body to client : Upfailure is 0 hw2390: -reporting level is 3 hw2390: -Enabling filter bypass hash generation hw2390: mime type: - Line: 217 Function: isContentType hw2390: mimes result : false Line: 244 Function: isContentType hw2390: Displaying TEMPLATE hw2390: -HOST- placeholder encountered but hostname currently unknown; lookup forced. Segmentation fault -
Happened and fixed on 4.1. maybe not merged on 5.0
I'll se if I find the issue number on 4.1 branch and post on #375
-
Happened and fixed on 4.1. maybe not merged on 5.0
I'll se if I find the issue number on 4.1 branch and post on #375
Face palm even without the -HOSTS- place holder in my block page. E2 Guardian still crashes after sometime, I guess I'll have to do more debugging tomorrow.
-
Happened and fixed on 4.1. maybe not merged on 5.0
I'll se if I find the issue number on 4.1 branch and post on #375
Face palm even without the -HOSTS- place holder in my block page. E2 Guardian still crashes after sometime, I guess I'll have to do more debugging tomorrow.
SB list name banned checking type 3 Looking for banned type 3 in listmeta Found banned type 3 in listmeta list reference 196 'banned' found for banned SB list name banned checking type 2 Looking for banned type 2 in listmeta Found banned type 2 in listmeta list reference 206 'banned' found for banned SB list name banned checking type 6 Looking for banned type 6 in listmeta Found banned type 6 in listmeta list reference 223 'banned' found for banned banned matches 3 types Line 218 state is 2 actionid 5003 listname banned Compiling .*[a-z|A-Z].* ...with PCRE Setting magic key to 'PWYDSKLILPOTMCAK' read filter group: 4 /usr/local/etc/e2guardian/e2guardianf5.conf return is 1 I seem to be running already! In deleteFilterGroups loop In deleteFilterGroups loop In deleteFilterGroups loop In deleteFilterGroups loop In deleteFilterGroups loopJust got this @Marcelloc and then E2G crashed. Weird… Not sure what return is 1 means.
Also getting the below with E2G Debug binaries:
Apr 16 14:49:22 e2guardian 83603 Tunnel status not 200 ok aborting Apr 16 14:49:24 e2guardian 83603 Tunnel status not 200 ok aborting Apr 16 14:49:30 e2guardian 83603 Tunnel status not 200 ok aborting Apr 16 14:49:33 e2guardian 83603 Tunnel status not 200 ok aborting -
I seem to be running already! Is the error when there is another process running (apply whike reloading, watchdog, etc…)
-
I seem to be running already! Is the error when there is another process running (apply whike reloading, watchdog, etc…)
I think the watchdog may need to be re-designed, because that shouldn't happen. My E2G is set to kill a running instances and start new ones on config change.
-
Hi Marcelloc,
Could you please update the binaries, the E2G developers have pushed out some patches which should help with these segmentation faults. Funnily enough the debug version seems to work more stable for me than the one in the repo.
Thanks
-
hi marcello
There are 2 responsibilities
1. exe zip vs download blocking
When we try to enter some prohibited sites, such as the second picture, it reacts differently
one says that this site can not be reached and the other page comes Block.
-
Hi Marcelloc,
Could you please update the binaries, the E2G developers have pushed out some patches which should help with these segmentation faults. Funnily enough the debug version seems to work more stable for me than the one in the repo.
Thanks
Binaries updated on repo.
-
hi marcello
There are 2 responsibilities
1. exe zip vs download blocking
When we try to enter some prohibited sites, such as the second picture, it reacts differently
one says that this site can not be reached and the other page comes Block.Have you got Forge SSL certificates turned on? If you enable that and install the CA on all your devices, you will then get the block page on all banned sites.
Weird that you're getting a DNS error though. Are you sure you don't have any DNS blocking that site?
-
Hi Marcelloc,
Could you please update the binaries, the E2G developers have pushed out some patches which should help with these segmentation faults. Funnily enough the debug version seems to work more stable for me than the one in the repo.
Thanks
Binaries updated on repo.
Awesome, updating right away!
-
hi pfsensation
I'm in Turkey we have many sites forbidden we have many sites forbidden
operator bans telecom with DNS -
Last build I forgot to remove DEBUG compile option, so I've pushed binaries version e2guardian-5.0.2_5.txz without debug to the repo.
If you need current debug version, fetch from :
pkg add -f https://e-sac.websiteseguro.com/e2g/e2guardian-5.0.2_5.txz -
hi pfsensation
I'm in Turkey we have many sites forbidden we have many sites forbidden
operator bans telecom with DNSThat's your problem in the screenshot. Turkey already bans most bad sites due to religious reasons. I recently came back from Turkey (Antalya), went on holiday it was amazing! I'm guessing you're using Turkce Telekom?
I'm not too sure how it'll work in your instance as I haven't tested it. E2 Guardian can't do any phrase checking if the DNS is being null routed. However it should still be detect the URL from ShallaList. Turn on Forge SSL Certificates, and install the CA and give it a shot. Remember, on HTTPS sites you will not get a block page of you do not have MITM enabled.
-
Is anybody else receiving ERR_SSL_BAS_RECORD_MAC_ALERT on chrome and firefox after latest updated with MITM?
-
Is anybody else receiving ERR_SSL_BAS_RECORD_MAC_ALERT on chrome and firefox after latest updated with MITM?
I don't seem to be getting it, just gave it a quick try. What setup are you using? And did you try clearing the cache?
-
@Marcelloc when I use E2 Guardian in MITM mode with pfBlocker. I'm getting NGINX errors, E2G seems to be forwarding the traffic to the NGINX server rather that directly to pfBlocker.
I've tried setting the options to make all traffic going to pfBlocker IP bypass the proxy but it hasn't helped. How have you got it setup and are you having this issue? I am using DNSBL on pfBlocker.
-
did you try clearing the cache?
Yes. After cleaning and restarting, few sites goes fine then all get mac error.
-
I'm getting NGINX errors, E2G seems to be forwarding the traffic to the NGINX server rather that directly to pfBlocker.
Does pfblockerNG package started redirecting or showing error pages on latest versions? The pfblocker versions I've used was just a deny rules creator, with any redirect.
-
I'm getting NGINX errors, E2G seems to be forwarding the traffic to the NGINX server rather that directly to pfBlocker.
Does pfblockerNG package started redirecting or showing error pages on latest versions? The pfblocker versions I've used was just a deny rules creator, with any redirect.
Nope, this was an ongoing problem since I enabled transparent proxy. pfBlocker has an option for blocking hosts - I have adblocking hosts files. The way it works is, it redirects those domains to pfBlocker's own internal web server in order to block them. They are getting intercepted by the proxy.
EDIT:
I have made a discovery Marcello. On normal non-debug E2Guardian which is setup with Squid. If Squid restarts, or needs to log rotate etc, it crashes E2Guardian. This doesn't seem to be the case with the debug version of E2Guardian, I have tried to replicate the issue but have been unsuccessful. Have you got any ideas?
