Unofficial E2guardian package for pfSense
-
@Marcelloc, I have a NAT rule to redirect port 80 to my pfsense box IP and port 8080. Should I do the same for 443? Or will that completely break it? I don't mind being having to install the certificate, but is there a way to just force all the traffic through E2Guardian. In some cases, such as Android, it seems other methods such as WPAD etc, don't work.
That rule will brake wpad retrival. Did you add that before testing Androids?
Hmm how can I get that setup with WPAD still working? Somehow WPAD seems to be working. My pc is set to automatically detect proxy settings and it does, however it didn't work on IOS maybe this is it.
I tested with this rule on android, works for http traffic. It'll successfully go to the block page if the website isn't allowed.
-
Create the rule and try to fetch the wpad file. If it fetches, the is no conflict.
-
Create the rule and try to fetch the wpad file. If it fetches, the is no conflict.
Able to fetch it no problems, as long as I type http, since web config is on https.
-
Create a file on filesystem with the script and then call the file on cron.
Didn't work at first, but added "Done" at the end of the script. Now it seems to be working fine.
-
Create a file on filesystem with the script and then call the file on cron.
Didn't work at first, but added "Done" at the end of the script. Now it seems to be working fine.
Bad copy and paste. Sorry. I've fixed the post
-
Can you test if a full MITM e2guardian setup with no exceptions crashes? current binaries from package are not on the latest version but it's close to it. If you can confirm a crash, I'LL build with current latest code.
-
I found an workaround util 4.1.1 gets fixed 8)
-
Configure squid to intercept SSL connections with splice all mode (this checks only remote certificate)
-
Configure e2guardian Parent proxy Settings with your squid ssl interface configured.
Testing with steps I know that crashes the daemon but it's still alive with and without MITM.
-
-
I found an workaround util 4.1.1 gets fixed 8)
-
Configure squid to intercept SSL connections with splice all mode (this checks only remote certificate)
-
Configure e2guardian Parent proxy Settings with your squid ssl interface configured.
Testing with steps I know that crashes the daemon but it's still alive with and without MITM.
Won't squid and E2Guardian conflict with each other if I configure squid to intercept traffic? Since it creates a NAT rule and I already have a NAT rule for port 80 > 8080 for E2guardian.
Remember squid is completely unrestricted in terms of allowing Web access without E2 Guardian. I also realised you updated the package, what's new in the newer version?Got the error below on the latest version available in the repo.
PHP ERROR: Type: 1, File: /etc/inc/util.inc, Line: 1731, Message: Allowed memory size of 262144000 bytes exhausted (tried to allocate 47625514 bytes) @ 2017-06-11 11:16:25
Then got this crash report…
Crash report begins. Anonymous machine information: amd64 10.3-RELEASE-p19 FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May 3 16:09:14 CDT 2017 root@ce23-amd64-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense Crash report details: PHP Errors: [11-Jun-2017 11:16:25 Europe/London] PHP Fatal error: Allowed memory size of 262144000 bytes exhausted (tried to allocate 47625514 bytes) in /etc/inc/util.inc on line 1731 [11-Jun-2017 11:16:25 Europe/London] PHP Stack trace: [11-Jun-2017 11:16:25 Europe/London] PHP 1\. {main}() /usr/local/www/pkg_edit.php:0 [11-Jun-2017 11:16:25 Europe/London] PHP 2\. eval() /usr/local/www/pkg_edit.php:141 [11-Jun-2017 11:16:25 Europe/London] PHP 3\. e2guardian_check_config() /usr/local/www/pkg_edit.php(141) : eval()'d code:1 [11-Jun-2017 11:16:25 Europe/London] PHP 4\. e2guardian_start() /usr/local/pkg/e2guardian.inc:1309 [11-Jun-2017 11:16:25 Europe/London] PHP 5\. mwexec() /usr/local/pkg/e2guardian.inc:1357 [11-Jun-2017 11:16:25 Europe/London] PHP 6\. sprintf() /etc/inc/util.inc:1731 No FreeBSD crash data found.
-
-
Did you tried the debug version package I've posted before?
There is a new config option (banner site with bypass key) on new binaries, you need to save config and apply in order to get correct config files.
-
Did you tried the debug version package I've posted before?
There is a new config option (banner site with bypass key) on new binaries, you need to save config and apply in order to get correct config files.
I updated via the console, and it might have automatically gone to the debug version. Where is that option? :o
-
No, debug version needs a manual intervention.
To be sure you're not on a debug version, just try to run run /usr/local/sbin/e2guardian on console -
No, debug version needs a manual intervention.
To be sure you're not on a debug version, just try to run run /usr/local/sbin/e2guardian on consoleWhen I run the command I am getting an output. Does that mean I'm on the debug version? I'm confused.
-
When I run the command I am getting an output. Does that mean I'm on the debug version? I'm confused.
big output with a lot of information means debug mode, if it backs to console then you're on normal version.
-
Try to delete the crash alert and see if it happens again. I have no alerts or crashes on gui here.
-
When I run the command I am getting an output. Does that mean I'm on the debug version? I'm confused.
big output with a lot of information means debug mode, if it backs to console then you're on normal version.
Yep I am getting a lot of information. I ended up on the debug version just by updating through the console, how do I return back to normal version? Or do you recommend I stay on the debug version for now.
-
Uninstall then Install the package using the gui. And see if it will install the debug version.
-
Uninstall then Install the package using the gui. And see if it will install the debug version.
Yep, after re-installation running "/usr/local/sbin/e2guardian" again I'm still getting back a lot of information.
EDIT: got the error again
PHP ERROR: Type: 1, File: /etc/inc/util.inc, Line: 1729, Message: Allowed memory size of 262144000 bytes exhausted (tried to allocate 72 bytes) @ 2017-06-11 14:33:38
Crash report begins. Anonymous machine information: amd64 10.3-RELEASE-p19 FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May 3 16:09:14 CDT 2017 root@ce23-amd64-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense Crash report details: PHP Errors: [11-Jun-2017 14:33:38 Europe/London] PHP Fatal error: Allowed memory size of 262144000 bytes exhausted (tried to allocate 72 bytes) in /etc/inc/util.inc on line 1729 [11-Jun-2017 14:33:38 Europe/London] PHP Stack trace: [11-Jun-2017 14:33:38 Europe/London] PHP 1\. {main}() /usr/local/www/pkg_edit.php:0 [11-Jun-2017 14:33:38 Europe/London] PHP 2\. eval() /usr/local/www/pkg_edit.php:141 [11-Jun-2017 14:33:38 Europe/London] PHP 3\. e2guardian_check_config() /usr/local/www/pkg_edit.php(141) : eval()'d code:1 [11-Jun-2017 14:33:38 Europe/London] PHP 4\. e2guardian_start() /usr/local/pkg/e2guardian.inc:1309 [11-Jun-2017 14:33:38 Europe/London] PHP 5\. mwexec() /usr/local/pkg/e2guardian.inc:1357 [11-Jun-2017 14:33:38 Europe/London] PHP 6\. exec() /etc/inc/util.inc:1729
-
I'll remove the debug version from repo. Are you on 2.3 amd64?
EDIT
done. No debug version on repo. An uninstall and reinstall should fix.
-
After 12hs, still no crashes. This week I'll push more clients to e2g and see how it goes.
good memory usage and performance. results from top -n -o res
-
@Mr.:
To remove tinyproxy, install it from Unofficial repo and then uninstall. The same with e2guardian.
The c-icap is a package from squid
Sorry to ask, Marcello, but how do install from unofficial repo? pkg install and then…?
Pfsensation above this reply says uninstalling isn't going to work(?)