Unofficial E2guardian package for pfSense
-
@fabricioguzzy said in Unofficial E2guardian package for pfSense:
UPDATE
Hello folks,
I´ve been testing E2Guardian+SQUID with SSO NTLM and it is working REALLY fine.
There are some small/cosmetic issues, but at all, it's working fine.
Issues that I could get so far:
*The LDAP search group/users mechanism has some issues. It seems the script created by the package (see crontab) doesn't have the proper env setting. I tested it assing "sh -c" in front of it, and it resolved the issue.
*The e2guardian service sometimes got stuck.the GUI start/stop/restart icons doesn't work and you have to kill the PID from shell console. It seems it's something related to the "save/apply" process after the LDAP update script runs. I am still investigating.The e2guardian is "really" better than "squidguard" - There is no comparison! Forget about squidguard,
Hope that helps,
Fabricio.Can you share a screenshot of sso ntlm settings?
-
@susamlicubuk
Sure. Here it goes.Keep in mind that I have it like: USER --> E2Guardian --> SQUID --> INTERNET
I have SAMBA in the background (for NTLM)Here E2Guardian Config:
Here SQUID Config:
-
@pfsensation -
I will contact him for sure. I thought he was writing here to the forum only.
Thanks for the heads up!! -
@fabricioguzzy said in Unofficial E2guardian package for pfSense:
@susamlicubuk
Sure. Here it goes.Keep in mind that I have it like: USER --> E2Guardian --> SQUID --> INTERNET
I have SAMBA in the background (for NTLM)Here E2Guardian Config:
Here SQUID Config:
How are your groups section and your users partition settings?
Please display the screenshot
Can you share the samba settings? -
there you go:
USERS:
SAMBA smb.conf file (replace DOMAIN and DOMAIN.CORP by your actual DOMAIN name)
GROUPS: (in the "masked" LDAP line, you add your Active Directory Server hostname)
-
PfSense 2.4.4p2+E2Guardian5 system. Wifi network, whatsapp voice call or video call not working. Realtime log, Tcp_dump/403 https://127.0.0.1
But E5Guardian SSL support disable; smoothly working.
Why?
-
@plusbil said in Unofficial E2guardian package for pfSense:
PfSense 2.4.4p2+E2Guardian5 system. Wifi network, whatsapp voice call or video call not working. Realtime log, Tcp_dump/403 https://127.0.0.1
But E5Guardian SSL support disable; smoothly working.
Why?
Age old issue of SSL pinning, apps reject any certs other than the one baked in by the app dev when they built the app. This is to try mitigate the MITM attacks, which is what E2 Guardian does.
Just make an alias to let Whatsapp bypass E2 Guardian altogether.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
Just make an alias to let Whatsapp bypass E2 Guardian altogether.
Hmmm, thank you.
https://github.com/ukanth/afwall/wiki/HOWTO-blocking-WhatsApp
Is the list up to date?
-
@plusbil said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Just make an alias to let Whatsapp bypass E2 Guardian altogether.
Hmmm, thank you.
https://github.com/ukanth/afwall/wiki/HOWTO-blocking-WhatsApp
Is the list up to date?
It's from 2015 so no, just do a packet capture and find the domains it uses. That's what I did to get it working, I tried to post a few of them for you here but it got detected as spam.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
It's from 2015 so no, just do a packet capture and find the domains it uses. That's what I did to get it working, I tried to post a few of them for you here but it got detected as spam.
I did. Just one address, 54.93.x.x. I opened it for now, it works. I'm gonna have to try, occasionally. :) Thanks...
-
I just spun up a new pfSense machine using E2guardian. I was using squid/squidguard in the old firewall. There are quite a few nuances that I don't understand. It was pretty simple to block or allow sites as needed. I think I've figured out how to add new sites to block but am not having success getting them to bypass the filter. I have a camera system that keeps getting blocked with NETERROR as the reason. I've tried adding the source IP to the exceptions in the IP config and the site to ACL/site lists but no change. How does one enter a site to be bypassed?
*edit: It looks like it tries to connect then I see a log entry like this:
192.168.1.x https://127.0.0.1 403 Default NETERROR - -
If you are using transparent proxy and you want any addresses to completely bypass e2guardian, there are places under the Daemon tab in the transparent section to enter bypass ip's.
-
@user43617 said in Unofficial E2guardian package for pfSense:
I just spun up a new pfSense machine using E2guardian. I was using squid/squidguard in the old firewall. There are quite a few nuances that I don't understand. It was pretty simple to block or allow sites as needed. I think I've figured out how to add new sites to block but am not having success getting them to bypass the filter. I have a camera system that keeps getting blocked with NETERROR as the reason. I've tried adding the source IP to the exceptions in the IP config and the site to ACL/site lists but no change. How does one enter a site to be bypassed?
*edit: It looks like it tries to connect then I see a log entry like this:
192.168.1.x https://127.0.0.1 403 Default NETERROR -As @kenrutt mentioned, add the camera IP to the source bypass box under the daemon tab. Then it'll bypass e2guardian completely. Not quite sure why you're getting a NETERROR though.
-
I tried the source bypass and that didn't seem to work. Turning the E2guardian off for a while allowed it to do whatever and worked for that particular problem. There are other sites that are behaving the same (gocomics.com).
I used the instructions at this link to set up E2guardian:
https://lifeoverlinux.com/how-to-block-http-and-https-websites-with-e2guardian/It does not mention using WPAD for setup. I noticed that the instructions on the E2guardian github has a section on using it for ssl filtering. I had WPAd setup for squid/squidguard. Is that the part I'm missing here?
Anyone have a better set of instructions for configuring E2guardian on pfSense that's up to date?
-
@user43617 said in Unofficial E2guardian package for pfSense:
I tried the source bypass and that didn't seem to work. Turning the E2guardian off for a while allowed it to do whatever and worked for that particular problem. There are other sites that are behaving the same (gocomics.com).
I used the instructions at this link to set up E2guardian:
https://lifeoverlinux.com/how-to-block-http-and-https-websites-with-e2guardian/It does not mention using WPAD for setup. I noticed that the instructions on the E2guardian github has a section on using it for ssl filtering. I had WPAd setup for squid/squidguard. Is that the part I'm missing here?
Anyone have a better set of instructions for configuring E2guardian on pfSense that's up to date?
Source bypass will only work if you're using the transparent filtering option. I've personally stopped using WPAD, transparent filtering can force the traffic through E2 Guardian quite seamlessly.
-
So, does grey and exception listing work in transparent mode?
-
@user43617 said in Unofficial E2guardian package for pfSense:
So, does grey and exception listing work in transparent mode?
Yes, no problem at all. I'm running pretty much everything through transparent proxy. This also allows me to completely bypass the proxy for certain things like Windows updates, or WhatsApp to save resources and keep things efficient.
-
Which list are you using. Shallalalist seems to be missing some things. It is unclear if it, or the french one, is still maintained.
Squidblacklist is interesting. Can anyone attest to its efficacy? Or, in other words, is it worth the price of the subscription?
-
I'm running pfsense 2.4.4-RELEASE-p2, after running the command on page 1, I am still not able to see E2guardian package as an option for install, even after a reboot, what am i missing?
-
@arch113 said in Unofficial E2guardian package for pfSense:
I'm running pfsense 2.4.4-RELEASE-p2, after running the command on page 1, I am still not able to see E2guardian package as an option for install, even after a reboot, what am i missing?
You're missing the patch that enables packages from unofficial sources to be shown.
