Unofficial E2guardian package for pfSense
-
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
i cant upgrade it on the latest pfsense release due to ipsec being broken
?!
Check https://forum.netgate.com/category/17/ipsec
There is like no one complaining about IPSEC being broken in 2.4.4-p2-Rico
-
@Rico we have IPSEC connecting to AWS VPN. We tried the latest release using clean install.
IPSec cant connect.
We tried 2.4.1 then upgrade to 2.4.4, still can not connect to AWS VPN.
I'll try to boot the backup pfsense and upgrade it to get the logs.
Maybe someone could help if i posted the logs..
Will update the thread. -
I have a weird to me problem. Got the filtering all setup, blocking adult site works, going to playboydotcom, I get the denied page saying its block by category:adult. But if I remove the Enable checkbox from all ACL's (Site, URL, etc), the site is still blocked. If I remove the adult domains from all ACL's, the site is also still blocked by category:adult. Only way I can get to playboydotcom (for example) is to disable the E2guardian service.
The reason this came about is, I am trying to get Software update to work on ipads on the network, i see in the real time log that a really long url starting with updates-http.cdn-apple.com is be denied. When I to the jsut that site, it works, but when I input the actual long url, I get denied by category:/Regular Expression URLs, and for the life of me, can't seem to get around it/unblock it.
It seems whatever config change I put in the pfsense is .ot making to the actual e2guardian config.
-
@arch113 said in Unofficial E2guardian package for pfSense:
I have a weird to me problem. Got the filtering all setup, blocking adult site works, going to playboydotcom, I get the denied page saying its block by category:adult. But if I remove the Enable checkbox from all ACL's (Site, URL, etc), the site is still blocked. If I remove the adult domains from all ACL's, the site is also still blocked by category:adult. Only way I can get to playboydotcom (for example) is to disable the E2guardian service.
The reason this came about is, I am trying to get Software update to work on ipads on the network, i see in the real time log that a really long url starting with updates-http.cdn-apple.com is be denied. When I to the jsut that site, it works, but when I input the actual long url, I get denied by category:/Regular Expression URLs, and for the life of me, can't seem to get around it/unblock it.
It seems whatever config change I put in the pfsense is .ot making to the actual e2guardian config.
Sounds like you have things misconfigured. E2 Guardian has a lot of blocking methods, it's up to you to modify the configs and adapt to your needs and enable it.
My guess is you have something enabled even when you disable the site list. E2G now has a few main blocking methods, Site URL, Phrase weights, Regex and Pics (although not in use much). If you make sure they're all disabled, your blocked site will work.
-
@pfsensation
They all appear to be off -
@arch113 said in Unofficial E2guardian package for pfSense:
I have a weird to me problem. Got the filtering all setup, blocking adult site works, going to playboydotcom, I get the denied page saying its block by category:adult. But if I remove the Enable checkbox from all ACL's (Site, URL, etc), the site is still blocked. If I remove the adult domains from all ACL's, the site is also still blocked by category:adult. Only way I can get to playboydotcom (for example) is to disable the E2guardian service.
The reason this came about is, I am trying to get Software update to work on ipads on the network, i see in the real time log that a really long url starting with updates-http.cdn-apple.com is be denied. When I to the jsut that site, it works, but when I input the actual long url, I get denied by category:/Regular Expression URLs, and for the life of me, can't seem to get around it/unblock it.
It seems whatever config change I put in the pfsense is .ot making to the actual e2guardian config.
I solved it by putting "updates-http.cdn-apple.com" (without quotes) in the Exception Config box in the URL lists ACL.
-
@User43617
I did that too
Its like the config the GUI is 'changing' is not the same config E2guardian is using, although I can turn the daemon off, that part works.
-
@arch113 said in Unofficial E2guardian package for pfSense:
@User43617
I did that too
Its like the config the GUI is 'changing' is not the same config E2guardian is using, although I can turn the daemon off, that part works.
Try a reinstall, see if that corrects the issue. I've been using it for a long time now and it seems to be working perfectly.
-
Hi anyone facing issues with ip ranges? I have tried to configure 10.16.0.10-10.16.0.15 but it does not take it :(
-
Hello everyone, this is my first post at the Netgate forums, so please forgive any and all ignorance! I was hoping I could get some assistance with this awesome plugin.
First of all, I'd like to give my sincerest thanks to @marcelloc for all his work in making this available to pfsense. I followed the videos on YouTube best I could-- even turned on subtitles to auto-translate into English, which helped.
I believe I have the majority of my E2G setup configured correctly. After creating a new set of ACLs separate from the defaults, I'm definitely able to block both "sites" and "URL" based on categories and blacklists. Moreover, I can look in the real-time logging and see the ACL getting applied accordingly when I attempt to navigate to various addresses which I know should be getting blocked.
My issues are related to the phrase filtering options, which I cannot seem to get working no matter what I do. For troubleshooting, here's what I've done:
-Completely disabled all of the Site and URL filtering
-Under "General," I ensured:
--"Filter Mode" is set to "Filtered (default)"
--"Weighted phrase mode" is set to "Singular...(default)"
--"Phrase filter mode" is set to "use both (default)"
-The Phrase List ACL I created:
--Is enabled at all times
--Has Banned Lists enabled for all categories
--Has Weighted Lists enabled for all categories
--Has Exception Lists disabled / uncheckedWhen I apply these ACLs to the correct subnet, I can immediately browse to porn sites, and nothing seems to be happening in the real-time logs. If I then modify the ACL to re-enable Site and URL lists & re-apply it, porn sites are blocked, and I can see this happening in the real-time logs. As such, I'm fairly certain I at least have the filter group and IP settings configured correctly.
Am I just mistaken about what the Phrase filtering can do? I thought it was able to read webpage content and block any page with naughty words on it, but maybe I'm wrong?
If it helps, I am not using Squid -- E2G Daemon is set to "Direct Connect," and I also have https interception enabled with a self-signed certificate.
If anyone could be of assistance, I would be extremely grateful. I'm happy to provide any information that might help-- I would even be willing to pay you for help if you were able to fix it for me, after which I would post the findings here so others could use it.
My thanks in advance to any and all who might reply to this!
-
@La6er how are you configuring them? Are you adding them in exactly how you typed?
If so, you need to change the way you've added them. There should be just one IP or subnet per line, but you can't do a 'range' typed in the way you did. So if you wanted those 6 IPs only, the simplest way would be to do one per line, like this:
10.16.0.10
10.16.0.11
10.16.0.12
10.16.0.13
10.16.0.14
10.16.0.15If you already added them this way and it's still not working, you should also check under:
General -> Auth plugins, and ensure that "Ip Address" is selected. -
@amorimpermissus To anyone having this issue as I did, I solved my own problem (yay!). I determined the cause was in the "Groups" settings tab. Even though I had Transparent Proxy and SSL support enabled under the Daemon section, I didn't have MITM properly enabled for the ACL group.
By going to Groups -> <name of the ACL group> -> Group Options, I ensured these were selected:
"Scan clean cache"
"Hex decode content" (this shouldn't be necessary, but I have it enabled anyway)
"Infection/Scan Error Bypass on Scan Errors Only"
"Filter SSL sites forging SSL certificates" (previously not selected)
"Auto-switch to MITM to deliver block page"After this, I needed to simply install the CA cert in the proper locations on my client machines, and all phrase filtering and greylisting worked as designed.
-
Hello. Thanks for this fork.
I want to configure e2guardian with antivirus scanning functionality, but I don't know how to do it without installing squid and enable squid antivirus. If I don't do this, I have not clamav daemon and e2guardian give me error of connection to clamv daemon.
There are the possibility to install clamd service without installing squid?
Thanks a lot -
Does anyone use the bypass feature in E2guardian? It does not seem to work for me. What am I doing wrong?
-
@kenrutt said in Unofficial E2guardian package for pfSense:
Does anyone use the bypass feature in E2guardian? It does not seem to work for me. What am I doing wrong?
I use both source and destination bypass. All work perfectly fine for me. I'm using it through Alias to keep things clean.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
I use both source and destination bypass. All work perfectly fine for me. I'm using it through Alias to keep things clean.
I guess I am not not sure how to use through Alias.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
I use both source and destination bypass. All work perfectly fine for me. I'm using it through Alias to keep things clean.
Do are you talking about the bypass ip's? I was asking about the bypass on the block page when pressing the "Acknowledge".
-
@kenrutt said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
I use both source and destination bypass. All work perfectly fine for me. I'm using it through Alias to keep things clean.
Do are you talking about the bypass ip's? I was asking about the bypass on the block page when pressing the "Acknowledge".
Ohh, I was referring to the IP's bit. I couldn't get that working either and didn't have time to investigate. Naturally, forgot. :(
I did go as far as to debugging my own code on the block page and making sure that the "Acknowledge" does generate a bypass key. But the key doesn't appear to work when used. Strange. It will need more digging.
Definitely an issue with the back end bypass code.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
Ohh, I was referring to the IP's bit. I couldn't get that working either and didn't have time to investigate. Naturally, forgot. :(
I did go as far as to debugging my own code on the block page and making sure that the "Acknowledge" does generate a bypass key. But the key doesn't appear to work when used. Strange. It will need more digging.
Definitely an issue with the back end bypass code.Ok. Hey if you figure something out keep me posted.
Thanks a bunch. -
How to configure mitm with pfsense please help me
-
@abhijitmore007 Under "Daemon" tab make sure "Check to enable E2guardian SSL interception" is checked and make sure Cert is selected. Then under the groups tab in group options select and highlight "Filter ssl sites forging SSL Certificates (off)".
-
Can you provide step by step configuration
-
@kenrutt I am using pfsens 2.4.4 and squid with e2d for filtering but squid not integrated with e2d for ssl cert. there is no need of squid for ssl filtering
-
I've updated the install code to use version 3.5.1 and ssl interception.
Motivational Quotes in Hindi -
@kenrutt thank you problem resloved
now https filter is working -
@kenrutt some site get error
-
@abhijitmore007
The error maybe this site requires a secure connection. mitm is a man in the middle attack and will fail with such sites. Yo may need to create an exception rule with a list for those sites to not use mitm. You still can filter the sites but not filter/read the content. -
@abhijitmore007 said in Unofficial E2guardian package for pfSense:
@kenrutt some site get error
I stopped using squid due to problems, try with direct mode without squid. I pretty much have no problems with any site via the browser. The apps I have issues with I have made exceptions for.
-
@pfsensation My experience has been the same. With e2guardian in direct mode things work fairly well. Only a few things I needed to bypass.
-
@kenrutt said in Unofficial E2guardian package for pfSense:
@pfsensation My experience has been the same. With e2guardian in direct mode things work fairly well. Only a few things I needed to bypass.
Yeah, I gave up trying to use Squid. The current implementation wasn't worth my time anyways, since HTTPS content that E2 Guardian decrypts and sees wasn't being added to Squid cache. Furthermore, I noticed a speed improvement when bypassing squid in the setup, the Squid in pfsense is an older version (although I think Marcelloc has a newer one in his repo).
I also had other issues with Squid, such as not generating fake certs properly (when using the SSL intercept feature). The certs didn't have a Subject alternative name which caused a tonne of sites and stuff to fail.
On top of that, nowadays browsers do a really good job of caching things locally. The benefits have become quite minimal, unless your bandwidth is completely trash and you have users visiting the same content over and over.
If @marcelloc has a newer version of Squid, that doesn't have the certs issue and slow down issue. I may give it a shot when I have time. But so far I'm pretty content with E2 Guardian, I'm using it at home with no issues. Only thing missing is an updated word list and a good blacklist that's maintained well.
-
There is one more issue when how to configure e2g for ad authentication??
i am configure squid for that but when we allow in e2g transparent proxy there is error occurs Proxy authentication error...... -
Good day Marcelloc,
E2Guardian has antivirus feature. I just want to ask, how do you know or check that the antivirus is running and if the antivirus is up to date ?
In E2Guardian, you can setup the frequency on updating blacklist url.
Can you possibly add feature to check if the antivirus service is running and can be started or restarted and updated. I don't know if it make sense because I dont know how you program how it works.
I just really want to know if the antivirus service is running and if it is up to date.
-
I found out that clamd is not starting when e2guardian is stopped and restarted.
What can be done about this ? Can we do our own adjustment somewhere ?
-
after implantation https filter I want to filter search keyword filter but Google search keyword filter not working
Add keyword in phases but client not block by keyword -
hello,
i cant block youtube mobile (android or ios applications). e2guardian blocks youtube at pc but on the phones it cant block. any ideas?
-
@ugurk Hi. In squidguard I made a category that I called videos, there I put all these domains that contain videos, so I block almost everything and every day I add other domains:
dailymotion.com googlevideo.com i.ytimg.com m.youtube.com metacafe.com netflix.com nflxvideo.net screen.yahoo.com skype.com vimeo.com vine.co 3r2---sn-j5caxupj5-nwvl.googlevideo.com r1---sn-5hoxuj5cax-wv6.googlevideo.com r1---sn-hp57kn6l.googlevideo.com r1---sn-hp57knsl.googlevideo.com r1---sn-hp57yn7y.googlevideo.com r1---sn-hp57yne7.googlevideo.com r1---sn-hp57ynes.googlevideo.com r1---sn-j5caxupj5-nwve.googlevideo.com r1---sn-j5caxupj5-nwvl.googlevideo.com r2---sn-5hoxuj5cax-nwv6.googlevideo.com r2---sn-hp57kn7z.googlevideo.com r2---sn-hp57knlr.googlevideo.com r2---sn-hp57knzz.googlevideo.com r2---sn-hp57yne6.googlevideo.com r2---sn-hp57ynee.googlevideo.com r2---sn-hp57ynez.googlevideo.com r2---sn-j5caxupj5-nwve.googlevideo.com r2---sn-q4f7sn7k.googlevideo.com r3---sn-5hoxuj5cax-nwv6.googlevideo.com r3---sn-hp57kn7s.googlevideo.com r3---sn-j5caxupj5-nwve.googlevideo.com r3---sn-j5caxupj5-nwvl.googlevideo.com r4---sn-5hoxuj5cax-nwv6.googlevideo.com r4---sn-j5caxupj5-nwve.googlevideo.com r4---sn-j5caxupj5-nwvl.googlevideo.com r5---sn-hp57knls.googlevideo.com r5---sn-hp57ynez.googlevideo.com r5---sn-j5caxupj5-nwve.googlevideo.com r5---sn-j5caxupj5-nwvl.googlevideo.com r6---sn-hp57kn7l.googlevideo.com r6---sn-hp57knz6.googlevideo.com
Buena suerte -
@cova16 ty for response. ill try it asap
-
@ugurk Hello, I think mobile youtube app uses different port number. Not sure which port. Use packet capture and then export to wire shark to find out.
-
good morning marcello
i have execute fetch in pfsense 2.4.4 actual ver
but now i dont view any program for install ( many info in attach image)
how can i do ?
Thanks Alberto -
@pfsensation @marcelloc
does anyone had a success in setting up e2g in multiwan environment?
currently having latest pfsense + latest e2g...when i enable e2g all traffic are routed to "default" wan...