Unofficial E2guardian package for pfSense
-
but I'll test on a fresh 2.3.4 install too.
I did a fresh install, installed cron package from gui and then e2guardian from console, configured shalist and waited short time until it was downloaded and applied, after it, configured some gui options, saved and applied config. Service is running fine.
-
So still web browsers pass without asking user/pass.
I'm installing squid to do some authentication tests
-
So still web browsers pass without asking user/pass.
I'm installing squid to do some authentication tests
Thanks. Without authentication the Groups are not really used.
-
Thanks. Without authentication the Groups are not really used.
METHOD 1(sandwich mode)
on e2guardian,
-
select tinyproxy as parent proxy (127.0.0.1:8888)
-
create a second group and include a user on it
-
on general tab, Selected proxy-basic and proxy digest
-
save, apply
on squid,
-
configured local authentication
-
create a test/lab user
-
configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only
-
save
METHOD 2
on e2guardian,
-
select squid not on loopback as parent proxy (192.168.0.38:3128)
-
create a second group and include a user on it
-
on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest
-
save, apply
on squid,
-
listen squid on lan interface
-
configure local authentication
-
create a test/lab user
-
save
with these setups, I have users under e2guardian logs
-
-
Thanks. Without authentication the Groups are not really used.
METHOD 1(sandwich mode)
on e2guardian,
-
select tinyproxy as parent proxy (127.0.0.1:8888)
-
created a second group and included lab user on it
-
on general tab, Selected proxy-basic and proxy digest
-
save, apply
on squid,
-
configured local authentication
-
created a lab user
-
configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only
METHOD 2
on e2guardian,
-
select squid not on loopback as parent proxy (192.168.0.38:3128)
-
created a second group and included lab user on it
-
on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest
-
save, apply
on squid,
-
configured local authentication
-
created a lab user
with these setups, I have users under e2guardian logs
I tried method two, but selecting only proxy-basic. Set the ip of the squid/proxy which is 192.168.1.1 (the same as e2g and pfsense - they are on same server/box).
But did not work. e2g could not connect to squid for some weird reason.
Tried again, but now I set both IP and port of squid even if port was default value. This time worked.
-
-
Try a service stop/start and try to watch the traffic with tcpdump.
You can also test on console if a telnet in squid port connects.
-
I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.
I think the error is some missing code for the ssl regex section, because looking the folder the other *.g_Authenticated files are being created.
I guess I can create the file manually as a work around, but I prefer that this is solved in the code.
-
I'll test again with the ssl inspection enabled to see if still has something to fix.
-
I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.
Got the same error with the subsequent groups. I'll check the code to see what is wrong and tell you when it's fixed.
-
I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.
fetch the e2guardian.inc file again via ssh, edit and save config and see if it's finally fixed
fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
-
I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.
Got the same error with the subsequent groups. I'll check the code to see what is wrong and tell you when it's fixed.
Is good that you could replicate the problem.
Thank you for your efforts.
-
I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.
fetch the e2guardian.inc file again via ssh, edit and save config and see if it's finally fixed
fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
Done.
It worked. File was created in the folder and was found.
Thank you again.
This was a minor error but I guess the pfsense people are being critical and that is why it is still not on the pfsense repo.
-
Thank you for your efforts.
Except for the clamav integration and coexistence with squid setup(I did not had time to test yet), I'm running e2Guardian with ssl interception(facebook, youtube videos), authentication and non-sandwich mode.
E2guardian 3.5.1 with 4.1 backport cert fix is working really nice. 8)
-
Thank you for your efforts.
Except for the clamav integration and coexistence with squid setup(I did not had time to test yet), I'm running e2Guardian with ssl interception(facebook, youtube videos), authentication and non-sandwich mode.
E2guardian 3.5.1 with 4.1 backport cert fix is working really nice. 8)
In my opinion is ready for a version 1.0 in the pfsense repo. In my case I feel already have the features I need for production.
-
If you need wpad or planning to test, I've finished a package for it on my repo.
-
If you need wpad or planning to test, I've finished a package for it on my repo.
I use wpad but do not use it for "Auto detect" proxy, because Windows OS machines have a bug that fail to auto detect successfully. They do download the wpad file but they do not update the file correctly. They have a registry key/value that is set the first time with the wpad file if any found, but latter if the wpad changes or is found, the registry key fails to be updated. It is easier to create a Domain gpo setting the wpad.
It would be nice to be able to download directly from pfsense box instead to have other web server to serve it.
-
It would be nice to be able to download directly from pfsense box instead to have other web server to serve it.
Take a look when you have time.
https://forum.pfsense.org/index.php?topic=131169.0
-
Cron was already installed. I installed Aquid next to it.
I did the complete reinstall as per my previous post of yesterday, now no errors during install, yet same errors in status/system logs after enabling e2guardian, and e2guardian nor tiny start in Status/Services.
May 26 16:16:52
|
| root |
|/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian [/q][/t][/t]
| May 26 16:16:52 | e2guardian | 69964 |
Error parsing the e2guardian.conf file or other e2guardian configuration files [/t]
| May 26 16:16:52 | e2guardian | 69964 |
Error reading filter group conf file(s). [/t]
| May 26 16:16:52 | e2guardian | 69964 |
Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf [/t]
| May 26 16:16:52 | e2guardian | 69964 |
Error opening bannedsitelist [/t]
| May 26 16:16:52 | e2guardian | 69964 |
Error reading file: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default [/t]
| May 26 16:16:52 | e2guardian | 69964 |
Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains [/t]
| May 26 16:16:52 | e2guardian | 69964 |
Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory [/t]
| May 26 16:16:34 | php-fpm | 58737 |
/pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian' [/t]
| May 26 16:16:34 | root |
|/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian [/t]
| May 26 16:16:34 | e2guardian | 61336 |
Error parsing the e2guardian.conf file or other e2guardian configuration files [/t]
| May 26 16:16:34 | e2guardian | 61336 |
Error reading filter group conf file(s). [/t]
| May 26 16:16:34 | e2guardian | 61336 |
Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf [/t]
| May 26 16:16:34 | e2guardian | 61336 |
Error opening bannedsitelist [/t]
| May 26 16:16:34 | e2guardian | 61336 |
Error reading file: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default [/t]
| May 26 16:16:34 | e2guardian | 61336 |
Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains [/t]
| May 26 16:16:34 | e2guardian | 61336 |
Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory [/t]
| May 26 16:16:34 | php-fpm | 58737 |
/pkg_edit.php: Starting E2guardian [/t]
| May 26 16:16:29 | php-fpm | 89842 |
/pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian'
[/t]
-
@Mr.:
yet same errors in status/system logs after enabling e2guardian
Looks like you did not configured all the tabs or did not installed any blacklist(shallalist for example).
-
OMG!! Now everything is working perfectly! Certificates are forged and have the required SAN (Subject Alternative Name) for Google Chrome, Firefox etc to work.
Here's my sexy page at home :P – 'KorTeX' is just what I call my network.
I only have one issue still. When a page is blocked by ShallaList, or by banned expressions / phraselists. On the report page (block page) it does not correctly tell you what the page was categorised as (it says N/A as you can see on my screenshot) . For example, using the Smoothwall I have at my College, if you try to go to a blocked site, it will tell you why it was blocked and the correct category. When using E2G, currently it just says "Blocked site : whatever.com". If that was fixed it would be even more AMAZING!
Another issue is FALSE POSITIVES. I guess it's my configuration related but why is Yandex images, or Bing Images link being classified as portugese pornography? Without anything being typed in or searched? Are the phraselists up to date?
Also… On Smoothwall blocking... I realised, when you block advertises using their Guardian Proxy, it doesn't show the block page. Instead it says "advert blocked". Which makes sense, because say for example you're on a website and it's trying to load an ad in a DIV, the block page will show in a small tiny box and be useless. If possible, I'd much rather have it become a white box, or just say advert blocked. Let me know if you want a screenshot or an example of what I mean. But essentially, advertises on websites get replaced by the block page, but because the ads are small, it doesn't display the block page properly and it won't make sense. Since the text would be too small anyways.
Once again, thanks for your fantastic work Marcello! Absolutely love the amazing work you do for the community! <3