Unofficial E2guardian package for pfSense
-
Marcelloc,
I applied the patch thru system patches package but the E2Guardian package is still not available on the package list. How can I reinstall E2Guardian package. What will we do now !
-
Same here. The patch does not work. Can’t see e2 or wpad packages.
-
The patch works perfectly fine. I'm using it at the moment.
Make sure you run the command in the first post again after the update to make sure that the unofficial repo is still added to pfsense.
Steps : run the command in the first post to add the unofficial repo
Install system patches
Copy the code from the patch Marcello posted (the entire thing) give the patch a description and save it. Click test and then apply. Now when you go to the package manager, you will see E2 Guardian and WPAD.
-
pfsensation,
yes, I have run the command of the unofficial repo ,installed the system patches and placed the url https://github.com/marcelloc/Unofficial-pfSense-packages/blob/master/244_unofficial_packages_list.patch on the URL/COMMIT ID and then applied it. but nothing happened, no e2guardian package on the package list.
I used base directory : /usr/local/etc/pkg/repos/
all other options are defaultsI have also tried base directory : / but still no progress.
-
@ravegen said in Unofficial E2guardian package for pfSense:
pfsensation,
yes, I have run the command of the unofficial repo ,installed the system patches and placed the url https://github.com/marcelloc/Unofficial-pfSense-packages/blob/master/244_unofficial_packages_list.patch on the URL/COMMIT ID and then applied it. but nothing happened, no e2guardian package on the package list.
I used base directory : /usr/local/etc/pkg/repos/
all other options are defaultsI have also tried base directory : / but still no progress.
Don't place the URL. Copy the contents of the script and paste it into the patch box. Remember to remove the URL... Leave base directory as default "/"
-
you mean this content below,
--- /etc/inc/pkg-utils.orig 2018-09-24 17:51:32.458825000 -0300
+++ /etc/inc/pkg-utils.inc 2018-09-24 17:51:54.387033000 -0300
@@ -388,7 +388,7 @@
if ($base_packages) {
$repo_param = "";
} else {-
$repo_param = "-r {$g['product_name']}";
-
$repo_param = "";
}
/*
@@ -485,7 +485,7 @@
$err);
if (!$base_packages &&
rtrim($out) != $g['product_name']) {
-
continue;
-
//continue; } $pkg_info['installed'] = true;
-
-
pfsensation
thanks so much, it went ok.
-
@ravegen said in Unofficial E2guardian package for pfSense:
pfsensation
thanks so much, it went ok.
Awesome, glad it worked!
-
@pfsensation I just tried over again over and over but damn it. I didn't understand while I was reading your instructions. I'm just confused, could you please tell me the steps one by one that I need to do for install e2guardian in 2.4.4 version of pfsense.)
Thank you.
-
Getting this PHP error.. in crash reports.
PHP ERROR: Type: 1, File: /etc/inc/service-utils.inc, Line: 668, Message: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
Stack trace:
#0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
#1 {main} -
@ucribrahim said in Unofficial E2guardian package for pfSense:
@pfsensation I just tried over again over and over but damn it. I didn't understand while I was reading your instructions. I'm just confused, could you please tell me the steps one by one that I need to do for install e2guardian in 2.4.4 version of pfsense.)
Thank you.
Copy and paste the patch in, as I've done in the screenshot below
Then save it, press test and then apply the patch. Now if you go to the package manager. You will see E2 Guardian!
-
@asterix said in Unofficial E2guardian package for pfSense:
Getting this PHP error.. in crash reports.
PHP ERROR: Type: 1, File: /etc/inc/service-utils.inc, Line: 668, Message: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
Stack trace:
#0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
#1 {main}I haven't experienced that at all, is this after upgrading to 2.4.4?
Go ahead and start by re-installing E2 Guardian and see if that removes the error.
-
Again crashed,. Did a reinstall yesterday. Looks like the log rotation script is killing it.
amd64
11.2-RELEASE-p3
FreeBSD 11.2-RELEASE-p3 #17 e6b497fa0a3(RELENG_2_4_4): Thu Sep 20 09:04:45 EDT 2018 root@buildbot3:/crossbuild/ce-244/obj/amd64/WvDslnYb/crossbuild/ce-244/pfSense/tmp/FreeBSD-src/sys/pfSenseCrash report details:
PHP Errors:
[27-Sep-2018 00:00:00 America/New_York] PHP Fatal error: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
Stack trace:
#0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
#1 {main}
thrown in /etc/inc/service-utils.inc on line 668No FreeBSD crash data found.
-
@asterix said in Unofficial E2guardian package for pfSense:
Again crashed,. Did a reinstall yesterday. Looks like the log rotation script is killing it.
amd64
11.2-RELEASE-p3
FreeBSD 11.2-RELEASE-p3 #17 e6b497fa0a3(RELENG_2_4_4): Thu Sep 20 09:04:45 EDT 2018 root@buildbot3:/crossbuild/ce-244/obj/amd64/WvDslnYb/crossbuild/ce-244/pfSense/tmp/FreeBSD-src/sys/pfSenseCrash report details:
PHP Errors:
[27-Sep-2018 00:00:00 America/New_York] PHP Fatal error: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
Stack trace:
#0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
#1 {main}
thrown in /etc/inc/service-utils.inc on line 668No FreeBSD crash data found.
I experienced it today. Yeah it looks like the log rotate script is what's causing the crash. Which means logs won't be rotated. I'll have a look at it when I have a chance.
-
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
-
Is there an option to edit first post in topic how to get e2guardian to show up atlest in list?
-
I have FQDN in one Firewall Alias that I created and used on Bypass Proxy for These Source IPs and Bypass Proxy for These Destination IPs. The problem is, I guess it is not working on alias because it is not bypassing on those FQDN but when I put it direct, it bypasses it properly.
I am on Pfsense 2.4.4
-
Mesma situação aqui, acompanhando e aguardando a resposta do Marcello.
-
@ravegen said in Unofficial E2guardian package for pfSense:
I have FQDN in one Firewall Alias that I created and used on Bypass Proxy for These Source IPs and Bypass Proxy for These Destination IPs. The problem is, I guess it is not working on alias because it is not bypassing on those FQDN but when I put it direct, it bypasses it properly.
I am on Pfsense 2.4.4
I'm doing something very similar to allow certain websites to bypass E2 Guardian. What's your alias type? You may have got that set incorrectly, because it works fine for me.
-
My alias type is HOST.
Yes, I have this configuration work. But now I have so many aliases at ip addresses placed there. I do not know if there is a limitation on how many aliases or ip addresses to place on that bypass list.
I noticed that when I placed sites, aliases and ip address on the bypass list, those will not appear on the realtime log. However, since the sites on the aliases I made shows on the realtime log, then i believe it is not working.
-
@ravegen said in Unofficial E2guardian package for pfSense:
My alias type is HOST.
Yes, I have this configuration work. But now I have so many aliases at ip addresses placed there. I do not know if there is a limitation on how many aliases or ip addresses to place on that bypass list.
I noticed that when I placed sites, aliases and ip address on the bypass list, those will not appear on the realtime log. However, since the sites on the aliases I made shows on the realtime log, then i believe it is not working.
After placing new entries in your alias, are you going back to E2 Guardian and pressing save then apply? You need to actually restart the E2 Guardian daemon for the changes to take effect right away. It's just how it works unfortunately, E2 Guardian will only resolve the hosts in your alias when it starts up. That process seems to work for me, and allows me to keep it E2 Guardian GUI cleaner without having too many bypasses directly in there.
-
I have another question about bypass list in e2guardian.
Why is there some sites that even you put it in the exception list in the ACL, it still does not work or inaccessible that you need to put it to the bypass list.
Why is that? What is wrong with those sites ?
-
@ravegen said in Unofficial E2guardian package for pfSense:
I have another question about bypass list in e2guardian.
Why is there some sites that even you put it in the exception list in the ACL, it still does not work or inaccessible that you need to put it to the bypass list.
Why is that? What is wrong with those sites ?
What sites? How are you accessing those sites? What's the error log?
-
Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.
-
@ravegen said in Unofficial E2guardian package for pfSense:
Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.
Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.
Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?
what do you mean about config issue?
the real time log does not show any block on a particular site or url . -
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.
Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?
what do you mean about config issue?
the real time log does not show any block on a particular site or url .So you mean the sites that don't work for you, don't show up on the access log (real time log) at all? If E2 Guardian is blocking it, it will always show up on there. If it's not, your issue is definitely elsewhere.
But if possible provide those URL's so I can test from my side. As far as I'm aware, all sites should work through browser as long as your ACL allows it
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.
Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?
what do you mean about config issue?
the real time log does not show any block on a particular site or url .So you mean the sites that don't work for you, don't show up on the access log (real time log) at all? If E2 Guardian is blocking it, it will always show up on there. If it's not, your issue is definitely elsewhere.
But if possible provide those URL's so I can test from my side. As far as I'm aware, all sites should work through browser as long as your ACL allows it
Yes, the website doesnt load, doesnt show any e2guardian block error page, doesnt show any error on realtime access log.
But my user says that when she access the website on her house with her own internet connection, she can access the site without problem.
So what I just did was make an alias for it and put that on bypass and that solved the problem.
Although it solves the problem, I still want to know why it is not accessible with pfsense firewall but access from her house. I already checked the firewall rules and no rules particularly blocks such websites.
I have snort running but my snorts purpose is for blocking malwares and the snort block report does not show any ip address related to those sites that failed to load or had error loading.
I ONLY have firewall, e2guardian and snort running on my pfsense. I dont use pfblocker or any other.
I have do use googledns, cloudflaredns and opendns for my firewall dns where my lan and guest use.
-
@ravegen Have you ever tried enter the website that you try to access into the "Bypass for these destination" ips in E2guardian Daemon menu." field. If yes, that means something else blocks (maybe squid if there is). Let me know after you do that.
-
And nothing is showing up in snort?
Snort needs tweaking to work as you get a lot of false/positive alerts. -
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
Were you able to fix this. I have had crashes at least twice daily and pfSense stops all internet even though its connected and has a valid WAN IP. Only fix is to reboot the box.
I shut down e2 and wpad till there is a permanent fix to this.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
@pfsensation is this resolve already? I will be deploying e2g tomorrow i dont want to have issue on pfsense crashing
-
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
@pfsensation is this resolve already? I will be deploying e2g tomorrow i dont want to have issue on pfsense crashing
On your production system, don't upgrade to 2.4.4 yet. I still haven't been able to resolve that log rotation issue. For me it just crashes E2 Guardian once a day and it restarts itself. Barely even notice it but nevertheless its still an issue.
Going to have to wait for @marcelloc to have a look at this. I tried some fixes but my knowledge of the inner workings of pfsense packages isn't great.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
-
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
Snort. Its unlikely that E2 Guardian is blocking anything here as you get nothing appearing on the log.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
Snort. Its unlikely that E2 Guardian is blocking anything here as you get nothing appearing on the log.
I have short knowledge of snort however I have configured it against malware and vpn and proxies pretty well but I am not sure what config do I need to tweak or config to check that made those problem i encountered.
-
Snort inspect http/https traffic thats why you will see (http_inspect) some kind of alert in your snort log. And if it get in the log without supressing the rule it blocks access depending of source/destination. This is called tweaking if you read about snort, (http_inspect) has no rules
-
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
Snort. Its unlikely that E2 Guardian is blocking anything here as you get nothing appearing on the log.
I have short knowledge of snort however I have configured it against malware and vpn and proxies pretty well but I am not sure what config do I need to tweak or config to check that made those problem i encountered.
Just do is all a favour, disable snort temporarily. Test if the sites work and you'll have your answer. But I'm telling you now, if it's e2guardian blocking it'll always show up on the log.
-
any kind hearted soul have pfsense 2.4.1 memstick ISO installer?
i haven't found any download for that specific version. can someone share it? :)