NordVpn /Squid and safeguarding
-
Dear All,
I have a setup which I have been unable to set up the way I would like. Perhaps someone can let me know what I am doing right/wrong? Perhaps I am doing something the wrong way?I am a techie (software) , but with very little pfsense and network experience.
I have a small network at home using pfsense. I use nord vpn with Open vpn which is working (work requirements).I have youg children, and whilst I don't wish to stop them accessing sites, I would like to understand what sites they are going to with a view to educating them if/when they go to sites which I deem inappropriate (i.e porn, torrent etc)
I would like a setup that (prefereably) does not require me/them to do anything on their machines (we have iOS phones, tablets and pcs).
I have setup squid, which is working but obviously only works with http requests.
What is the easiest way to set something up to monitor the sites they are going ? Is it man in the middle with a certificate etc? Is there another away? if so how do I give certificates on their phones?i may need to restrict content, but don't want to go there for obvious reasons.
Many thanks
Suki -
I think you should use pfBlockerNG-devel for this purpose. With targeted block lists, such as for adult content or whatever you want, there are plenty of such lists or maybe use Snort + OpenAppID.
First, just observe how the lists work and who visited that page, domain, etc. and then you can activate the block, if you find the content problematic
-
@DaddyGo Thank you for getting back to me. I did have a look at this, but it does not appear to track which sites have been visited (unless I am missing something).
I would prefer allow access, but educate them if they visit sites that are not appropriate.
Kind Regards
Suki -
In pfSense, if your settings are good, everything is logged, it doesn’t really mean it’s pure parental control, it’s your job to filter the logs.
PfBlockerNG and Snort / Suricata logs can also be sent to external log management applications.
These applications allow for accurate filtering and allow discipline.Zabbix is part of the official pfSense package system:
https://share.zabbix.com/network-appliances/pfsense-2-4Squid is considered obsolete for your purpose, as there are plenty of https instead of http.
Purely parental control does not exist in pfSense, you should always be a bit IT guy.
-
Wow, thank you for getting straight back to me.
I dont mind reviewing logs etc. (I am sure I could write something to sumamrise it for me.) Do you know the location of the log that highlights the sites visited?Understandably I recognise that pure parental control does not exist in pfsense. It was nevere designed for that purpose.
I suppose I am trying to get a list of all sites visited.
Thank you for recommending 'Zabbix'. I will have a look to see how it can do this.
Kind Regards
Suki -
@DaddyGo .
Sorry to be a pain, but I can't see how zabbix can log which sites are accessed. Have I misunderstood/missed the feature?
Suki -
Zabbix needs to be configured on an external unit and sensors set up for what we want to see and filter.
You need to spend time by installing and fine-tuning it.Here is another alternative:
https://elijahpaul.co.uk/monitoring-pfsense-2-1-logs-using-elk-logstash-kibana-elasticsearch/
https://www.elastic.co/kibanaor this:
https://gist.github.com/Tokugero/f013c0a97dc1982074b94d05b7bb8d1e -
these can also be useful:
https://docs.netgate.com/pfsense/en/latest/book/monitoring/system-logs.html
https://www.reddit.com/r/pfBlockerNG/comments/bu0ms0/pfblockerngtelegrafinfluxdb_ip_block_list/ -
Great, I will have a look at these, and see if anyone of the suit my requirements.
Thank you for giving me some pointers.
Suki -
I'm glad, if you found my help helpful send me like this:
