Unofficial E2guardian package for pfSense
-
Instead of getting the denied access page I am getting "The proxy server is refusing connections".
this is the message you see when squid is the front end that denies and ssl page without interception enabled.
Thanks. Do you know a non ssl web site that should be block by shalla list?
Edit:
I added my web site to the Banned Config and test it (my site is not ssl).It work correctly.
-
still had the error.
It needs a fix on inc file too. I forgot to update on repo
fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
-
A fresh first time install on 2.3.4 gives scary errors :o
[2.3.4-RELEASE][admin@woof]/root: cd /root
[2.3.4-RELEASE][admin@woof]/root: fetch https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/ files/install_e2guardian_23.sh
install_e2guardian_23.sh 100% of 3075 B 16 MBps 00m00s
[2.3.4-RELEASE][admin@woof]/root: sh ./install_e2guardian_23.sh
fetching /usr/local/pkg/e2guardian.xml from github
fetching /usr/local/pkg/e2guardian_antivirus_acl.xml from github
fetching /usr/local/pkg/e2guardian_blacklist.xml from github
fetching /usr/local/pkg/e2guardian_config.xml from github
fetching /usr/local/pkg/e2guardian_content_acl.xml from github
fetching /usr/local/pkg/e2guardian_file_acl.xml from github
fetching /usr/local/pkg/e2guardian_groups.xml from github
fetching /usr/local/pkg/e2guardian_header_acl.xml from github
fetching /usr/local/pkg/e2guardian_ldap.xml from github
fetching /usr/local/pkg/e2guardian_limits.xml from github
fetching /usr/local/pkg/e2guardian_log.xml from github
fetching /usr/local/pkg/e2guardian_phrase_acl.xml from github
fetching /usr/local/pkg/e2guardian_search_acl.xml from github
fetching /usr/local/pkg/e2guardian_pics_acl.xml from github
fetching /usr/local/pkg/e2guardian_sync.xml from github
fetching /usr/local/pkg/e2guardian_site_acl.xml from github
fetching /usr/local/pkg/e2guardian_url_acl.xml from github
fetching /usr/local/pkg/e2guardian.inc from github
fetching /usr/local/pkg/pkg_e2guardian.inc from github
fetching /usr/local/pkg/e2guardian.conf.template from github
fetching /usr/local/pkg/e2guardian_ips_header.template from github
fetching /usr/local/pkg/e2guardian_rc.template from github
fetching /usr/local/pkg/e2guardian_users_footer.template from github
fetching /usr/local/pkg/e2guardian_users_header.template from github
fetching /usr/local/pkg/e2guardianfx.conf.template from github
fetching /usr/local/www/e2guardian.php from github
fetching /usr/local/www/e2guardian_about.php from github
fetching /usr/local/www/e2guardian_ldap.php from github
fetching /usr/local/www/shortcuts/pkg_e2guardian.inc from github
fetching /usr/local/pkg/tinyproxy.inc from github
Locking pkg-1.10.1_1
Updating FreeBSD repository catalogue…
pkg: Repository FreeBSD load error: access repo file(/var/db/pkg/repo-FreeBSD.sqlite) failed: No such file or directory
Fetching meta.txz: 100% 944 B 0.9kB/s 00:01
Fetching packagesite.txz: 100% 6 MiB 6.0MB/s 00:01
Processing entries: 100%
FreeBSD repository update completed. 26276 packages processed.
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.pkg-1.10.1_1 is locked and may not be modified
pkg-1.10.1_1 is locked and may not be modified
pkg-1.10.1_1 is locked and may not be modified
The following 8 package(s) will be affected (of 0 checked):New packages to be INSTALLED:
e2guardian: 3.5.1 [FreeBSD]
tinyproxy: 1.8.4,1 [FreeBSD]
xproto: 7.0.31 [FreeBSD]
fontconfig: 2.12.1,1 [FreeBSD]
pkg-devel: 1.10.99.4 [FreeBSD]
libfontenc: 1.1.3_1 [FreeBSD]
pixman: 0.34.0 [FreeBSD]
cyrus-sasl: 2.1.26_12 [FreeBSD]Number of packages to be installed: 8
The process will require 28 MiB more space.
6 MiB to be downloaded.
[1/8] Fetching e2guardian-3.5.1.txz: 100% 398 KiB 407.6kB/s 00:01
[2/8] Fetching tinyproxy-1.8.4,1.txz: 100% 45 KiB 46.4kB/s 00:01
[3/8] Fetching xproto-7.0.31.txz: 100% 59 KiB 60.2kB/s 00:01
[4/8] Fetching fontconfig-2.12.1,1.txz: 100% 345 KiB 353.5kB/s 00:01
[5/8] Fetching pkg-devel-1.10.99.4.txz: 100% 4 MiB 4.4MB/s 00:01
[6/8] Fetching libfontenc-1.1.3_1.txz: 100% 18 KiB 18.2kB/s 00:01
[7/8] Fetching pixman-0.34.0.txz: 100% 256 KiB 262.6kB/s 00:01
[8/8] Fetching cyrus-sasl-2.1.26_12.txz: 100% 467 KiB 478.5kB/s 00:01
Checking integrity…
pkg-1.10.1_1 is locked and may not be modified
Assertion failed: (cun != NULL), function pkg_conflicts_check_chain_conflict, file pkg_jobs_conflicts.c, line 481.
Child process pid=52839 terminated abnormally: Abort trap
No packages matched for pattern 'e2guardian'Checking integrity... done (0 conflicting)
Package(s) not found!
Fetching e2guardian-3.5.1.txz: 100% 424 KiB 434.2kB/s 00:01
Installing e2guardian-3.5.1...
Extracting e2guardian-3.5.1: 100%
Message from e2guardian-3.5.1:
===> Please Note:
This port has created a log file named e2guardian.log that can get
quite large. Please read the newsyslog(8) man page for instructions
on configuring log rotation and compression.This port has been converted using old dansguardian-devel port
Let me know how it works (or not). (Patches always welcome.)
3creating menu and services...
Hmm... Looks like a unified diff to me...
The text leading up to this was:-- /usr/local/www/pkg_edit.orig.php 2017-04-05 17:12:56.478730000 -0300
+++ /usr/local/www/pkg_edit.php 2017-04-05 17:13:51.614222000 -0300 Patching file /usr/local/www/pkg_edit.php using Plan A... Hunk #1 succeeded at 656 (offset 5 lines). done Hmm... Looks like a unified diff to me... The text leading up to this was:
-- /usr/local/www/pkg.orig.php 2017-04-05 17:18:25.349676000 -0300
+++ /usr/local/www/pkg.php 2017-04-05 17:20:49.204578000 -0300 Patching file /usr/local/www/pkg.php using Plan A... Hunk #1 succeeded at 329 (offset 5 lines). done Unlocking pkg-1.10.1_1 [2.3.4-RELEASE][admin@woof] -
I did the last command you posted:
fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/b3bfccd0335b30fc9b9f56856e215daabd3a6b9d/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
I went into the Daemon tab, added 8888 at the bottom, did not enable e2guardian, only pressed 'save'.
And now I'm waiting for some minutes to see the tab in my browser change from 'connecting…' to something more useful.
-
still had the error.
It needs a fix on inc file too. I forgot to update on repo
fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/b3bfccd0335b30fc9b9f56856e215daabd3a6b9d/pkg-e2guardian/files/usr/local/pkg/e2guardian.incIt was partially fixed by fetching the new template:
May 25 15:44:42 e2guardian 67568 Error opening sslsiteregexplist
May 25 15:44:42 e2guardian 67568 Error reading file /usr/local/etc/e2guardian/lists/sslsiteregexplist.g_Default: No such file or directoryNow it is looking into /usr/local/etc, but still is not finding the file. I guess the fix will be to do also the fetch of the new .inc?
Can you place the file in a more user friendly folder name?
I connected by ssh to the console and could do a copy/paste of the fetch.
Still getting:
May 25 16:06:47 e2guardian 70630 Error opening sslsiteregexplist
May 25 16:06:47 e2guardian 70630 Error reading file /usr/local/etc/e2guardian/lists/sslsiteregexplist.g_Default: No such file or directory -
I have something missing between e2g and squid.
I activated squid authentication against local table and enabled Proxy-Basic in e2g, but web browsers are not asking for user/pass.What can I provide to get help?
-
@Mr.:
I did the last command you posted:
fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/b3bfccd0335b30fc9b9f56856e215daabd3a6b9d/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
I went into the Daemon tab, added 8888 at the bottom, did not enable e2guardian, only pressed 'save'.
And now I'm waiting for some minutes to see the tab in my browser change from 'connecting…' to something more useful.
When I enabled the Daemon, it didn't work.
tinyproxy and e2guardian both refuse to start.
Screenshot of system log I attached.
-
How can I remove this? It is not in 'installed packages'.
Is there a very safe stable removal script?
-
I have something missing between e2g and squid.
I activated squid authentication against local table and enabled Proxy-Basic in e2g, but web browsers are not asking for user/pass.What can I provide to get help?
Just to add some info:
I added a second Group ("Authenticated") (copy of Default group but different name). Added 1 user to the new group ("test").
Default Group has no users assigned. -
Can you place the file in a more user friendly folder name?
You can also reinstall the package. On my test vm I have no erros on this file.
-
@Mr.:
A fresh first time install on 2.3.4 gives scary errors :o
Try to install squid or cron package first. I'm not seeing these pkg erros here but I'll test on a fresh 2.3.4 install too.
@Mr.:
tinyproxy and e2guardian both refuse to start.
As the pkg process failed on your box, there is no e2guardian or tinyproxy binaires installed.
@Mr.:
Is there a very safe stable removal script?
You can remove all e2guardian files under /usr/local/pkg dir.
-
Can you place the file in a more user friendly folder name?
You can also reinstall the package. On my test vm I have no erros on this file.
Reinstall you mean to execute install_e2guardian_23.sh again? That should overwrite all the files? Or should I remove e2g from /usr/local/pkg?
-
After I created another Group I see this errors:
May 25 19:17:16 e2guardian 70838 Error opening sslsiteregexplist
May 25 19:17:16 e2guardian 70838 Error reading file /usr/local/etc/e2guardian/lists/sslsiteregexplist.g_Authenticated: No such file or directoryThe file in fact does not exist.
The Group use the "Default" ACL which has SSL Regex disabled, so why is looking for the file?Looking in the lists folder I see that the other *.g_Authenticated files were created maybe all of them except the sslsiteregexplist.
-
-
I have something missing between e2g and squid.
I activated squid authentication against local table and enabled Proxy-Basic in e2g, but web browsers are not asking for user/pass.What can I provide to get help?
Just to add some info:
I added a second Group ("Authenticated") (copy of Default group but different name). Added 1 user to the new group ("test").
Default Group has no users assigned.Trying to solve the problem by myself made squid listen on LAN interface only and set e2g to parent proxy 192.168.1.1 (pfsense/squid LAN IP) to see if Authentication happen to be on LAN interface.
Did nmap -p3128 192.168.1.1 and it found the port open and squid as service.
Squid refused the e2g connection. Set back squid to listen on loopback and e2g to parent proxy default (empty / 127.0.0.1), then connection was successful.
So still web browsers pass without asking user/pass.
-
but I'll test on a fresh 2.3.4 install too.
I did a fresh install, installed cron package from gui and then e2guardian from console, configured shalist and waited short time until it was downloaded and applied, after it, configured some gui options, saved and applied config. Service is running fine.
-
So still web browsers pass without asking user/pass.
I'm installing squid to do some authentication tests
-
So still web browsers pass without asking user/pass.
I'm installing squid to do some authentication tests
Thanks. Without authentication the Groups are not really used.
-
Thanks. Without authentication the Groups are not really used.
METHOD 1(sandwich mode)
on e2guardian,
-
select tinyproxy as parent proxy (127.0.0.1:8888)
-
create a second group and include a user on it
-
on general tab, Selected proxy-basic and proxy digest
-
save, apply
on squid,
-
configured local authentication
-
create a test/lab user
-
configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only
-
save
METHOD 2
on e2guardian,
-
select squid not on loopback as parent proxy (192.168.0.38:3128)
-
create a second group and include a user on it
-
on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest
-
save, apply
on squid,
-
listen squid on lan interface
-
configure local authentication
-
create a test/lab user
-
save
with these setups, I have users under e2guardian logs
-
-
Thanks. Without authentication the Groups are not really used.
METHOD 1(sandwich mode)
on e2guardian,
-
select tinyproxy as parent proxy (127.0.0.1:8888)
-
created a second group and included lab user on it
-
on general tab, Selected proxy-basic and proxy digest
-
save, apply
on squid,
-
configured local authentication
-
created a lab user
-
configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only
METHOD 2
on e2guardian,
-
select squid not on loopback as parent proxy (192.168.0.38:3128)
-
created a second group and included lab user on it
-
on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest
-
save, apply
on squid,
-
configured local authentication
-
created a lab user
with these setups, I have users under e2guardian logs
I tried method two, but selecting only proxy-basic. Set the ip of the squid/proxy which is 192.168.1.1 (the same as e2g and pfsense - they are on same server/box).
But did not work. e2g could not connect to squid for some weird reason.
Tried again, but now I set both IP and port of squid even if port was default value. This time worked.
-