Unofficial E2guardian package for pfSense
-
@plusbil said in Unofficial E2guardian package for pfSense:
Not update. New access.log zero byte. But when I restard pfsense system, e2guard log working.
Clear the logs file manually, restart E2 Guardian and let me know what you've got your log rotate settings set as. It's been brilliant for me and working without any issues.
-
@sei-pine said in Unofficial E2guardian package for pfSense:
so far so good, the only problem i encounter is each day when sarg stops logging, i need to change time format to American or European then force refresh for sarg to continue logging. its a little hassle but still it works.
btw, till now i still can't figure out how to use the Users tab on E2Guardian or do i need to use LDAP?, need help with this one thanks.
what I've tried so far is to use PFSENSE\(Group name)
(Group Name)\(Account Name)
PFSENSE\(Group Name)\(Account Name)^ Doesn't work
Although I personally haven't used that specific configuration, and I just use groups. You may need to enable a different authentication method to be able to use the users tab. What authentication method have you currently got enabled?
-
@pfsensation ah i see! I was only using local users lmao. I'll try to configure freeradius first, thanks for the info!
-
@pfsensation said in Unofficial E2guardian package for pfSense:
Clear the logs file manually, restart E2 Guardian and let me know what you've got your log rotate settings set as. It's been brilliant for me and working without any issues.
It's been five day. It working for now. I'il try when there's a problem. Thanks...
-
@ravegen said in Unofficial E2guardian package for pfSense:
Is there a progress on the content scanner fix ?
What is our update on this ?
-
@ravegen said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
Is there a progress on the content scanner fix ?
What is our update on this ?
Nothing yet unfortunately. @marcelloc Have you had a chance now to take a look at this problem?
-
UPDATE
Hello folks,
I´ve been testing E2Guardian+SQUID with SSO NTLM and it is working REALLY fine.
There are some small/cosmetic issues, but at all, it's working fine.
Issues that I could get so far:
*The LDAP search group/users mechanism has some issues. It seems the script created by the package (see crontab) doesn't have the proper env setting. I tested it assing "sh -c" in front of it, and it resolved the issue.
*The e2guardian service sometimes got stuck.the GUI start/stop/restart icons doesn't work and you have to kill the PID from shell console. It seems it's something related to the "save/apply" process after the LDAP update script runs. I am still investigating.The e2guardian is "really" better than "squidguard" - There is no comparison! Forget about squidguard,
Hope that helps,
Fabricio. -
@fabricioguzzy said in Unofficial E2guardian package for pfSense:
UPDATE
Hello folks,
I´ve been testing E2Guardian+SQUID with SSO NTLM and it is working REALLY fine.
There are some small/cosmetic issues, but at all, it's working fine.
Issues that I could get so far:
*The LDAP search group/users mechanism has some issues. It seems the script created by the package (see crontab) doesn't have the proper env setting. I tested it assing "sh -c" in front of it, and it resolved the issue.
*The e2guardian service sometimes got stuck.the GUI start/stop/restart icons doesn't work and you have to kill the PID from shell console. It seems it's something related to the "save/apply" process after the LDAP update script runs. I am still investigating.The e2guardian is "really" better than "squidguard" - There is no comparison! Forget about squidguard,
Hope that helps,
Fabricio.Most of us have known or have come to know how much of a broken mess SquidGuard is. E2 Guardian filtering is much more advanced and granular.
I suggest you report the issues on the E2 Guardian Github page for quicker response/fixes. Thank you for the update, and I'm glad you've got it working with LDAP!
-
@pfsensation hi there!
It seems the issue is related to the pfsense package only (Web GUI -PHP code). There is nothing wrong with the E2guardian binary package at all, so, I could not report it at the e2guardian forum I guess.
Anyway, YES, people should simply forget about squidguard... I am very happy and excited with the results of E2guardian as a Content Filter and etc.
Still investigating the issues with the service/ldap package.Thanks!
Fabricio. -
@fabricioguzzy said in Unofficial E2guardian package for pfSense:
@pfsensation hi there!
It seems the issue is related to the pfsense package only (Web GUI -PHP code). There is nothing wrong with the E2guardian binary package at all, so, I could not report it at the e2guardian forum I guess.
Anyway, YES, people should simply forget about squidguard... I am very happy and excited with the results of E2guardian as a Content Filter and etc.
Still investigating the issues with the service/ldap package.Thanks!
Fabricio.Sorry, I meant @marcelloc has his own Github page for E2 Guardian on pfSense issues.
-
@fabricioguzzy said in Unofficial E2guardian package for pfSense:
UPDATE
Hello folks,
I´ve been testing E2Guardian+SQUID with SSO NTLM and it is working REALLY fine.
There are some small/cosmetic issues, but at all, it's working fine.
Issues that I could get so far:
*The LDAP search group/users mechanism has some issues. It seems the script created by the package (see crontab) doesn't have the proper env setting. I tested it assing "sh -c" in front of it, and it resolved the issue.
*The e2guardian service sometimes got stuck.the GUI start/stop/restart icons doesn't work and you have to kill the PID from shell console. It seems it's something related to the "save/apply" process after the LDAP update script runs. I am still investigating.The e2guardian is "really" better than "squidguard" - There is no comparison! Forget about squidguard,
Hope that helps,
Fabricio.Can you share a screenshot of sso ntlm settings?
-
@susamlicubuk
Sure. Here it goes.Keep in mind that I have it like: USER --> E2Guardian --> SQUID --> INTERNET
I have SAMBA in the background (for NTLM)Here E2Guardian Config:
Here SQUID Config:
-
@pfsensation -
I will contact him for sure. I thought he was writing here to the forum only.
Thanks for the heads up!! -
@fabricioguzzy said in Unofficial E2guardian package for pfSense:
@susamlicubuk
Sure. Here it goes.Keep in mind that I have it like: USER --> E2Guardian --> SQUID --> INTERNET
I have SAMBA in the background (for NTLM)Here E2Guardian Config:
Here SQUID Config:
How are your groups section and your users partition settings?
Please display the screenshot
Can you share the samba settings? -
-
PfSense 2.4.4p2+E2Guardian5 system. Wifi network, whatsapp voice call or video call not working. Realtime log, Tcp_dump/403 https://127.0.0.1
But E5Guardian SSL support disable; smoothly working.
Why?
-
@plusbil said in Unofficial E2guardian package for pfSense:
PfSense 2.4.4p2+E2Guardian5 system. Wifi network, whatsapp voice call or video call not working. Realtime log, Tcp_dump/403 https://127.0.0.1
But E5Guardian SSL support disable; smoothly working.
Why?
Age old issue of SSL pinning, apps reject any certs other than the one baked in by the app dev when they built the app. This is to try mitigate the MITM attacks, which is what E2 Guardian does.
Just make an alias to let Whatsapp bypass E2 Guardian altogether.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
Just make an alias to let Whatsapp bypass E2 Guardian altogether.
Hmmm, thank you.
https://github.com/ukanth/afwall/wiki/HOWTO-blocking-WhatsApp
Is the list up to date?
-
@plusbil said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Just make an alias to let Whatsapp bypass E2 Guardian altogether.
Hmmm, thank you.
https://github.com/ukanth/afwall/wiki/HOWTO-blocking-WhatsApp
Is the list up to date?
It's from 2015 so no, just do a packet capture and find the domains it uses. That's what I did to get it working, I tried to post a few of them for you here but it got detected as spam.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
It's from 2015 so no, just do a packet capture and find the domains it uses. That's what I did to get it working, I tried to post a few of them for you here but it got detected as spam.
I did. Just one address, 54.93.x.x. I opened it for now, it works. I'm gonna have to try, occasionally. :) Thanks...