Unofficial E2guardian package for pfSense
-
I have a Captive Portal with no authentication that does not have a submit button. The CP page shows the instructions how to configure the proxy and where to get the certificate. Without the submit button the device cant be registered as authorized in CP.
Then I have a folder with the CA certificates served by the web server for download. I add the certificates extension to the exceptions so they can do the download without being block by e2g.
The problem that I see now is that for Android devices the certificates are a special kind used only in the Android. Instead of just one crt according to this link: http://wiki.cacert.org/FAQ/ImportRootCert#Android_Phones_.26_Tablets are two ('root.crt' and 'class3.crt').
Maybe someone with Android experience can shed some light.
AFAIK Android does not require special certificates. Just the one root CA to be installed. That's how it is with smoothwall also, you can just install one certificate for both Android and ios devices and have it working.
But you keep missing my point. On android the proxy needs to be set explicitly in settings so that https works through the proxy. You can't just NAT it but it seems somehow it can be done… Smoothwall just works without any extra settings needed at all. No explicit proxy setup. This is really what I want. I want all clients to go through the proxy.
I'm really not sure what trickery they use, but it just works. End users don't need to fumble around in proxy settings on android.
-
pfsensation:
How do you load the CA certificate to the Android devices?
Just wandering how "easy" or complicated it is.
Well… I used to use a captive portal that I edited and made people install from. But then with WPAD and squid not having a patch for captive portal. It semi worked. So now for all the devices in the home I've installed the CA. Guest devices rely on splice all filtering (Basically only blacklist based filtering) and I use open dns. So DNS filtering too.
Ideally I'm hoping we can get the E2 Guardian devs to add a captive portal feature where clients are asked to install it before they are able to browse and use the Internet.
How exactly did you installed the CA to the Android devices? Can you provide me a detail procedure?
I found this to be a useful App : https://play.google.com/store/apps/details?id=at.bitfire.cadroid
Can you test it?I just threw the certificates into the WWW folder of the pfsense box. So then using the android devices I just navigated to my pfsense url and downloaded and installed via usual certificate installer in android.
I tested the app. It's useless for me. It requires you to input the url anyways, so why not just install it from the browser? Then you don't need another apk to be installed on all devices.
-
Without HTTPS MITM I've had E2Guardian working fine for a day. I've enabled it again and straight away I'm getting errors and crashes. How can I fix this once and for all? I still also somehow have tiny proxy showing in service status, despite not installing it. Perhaps some script needs to be added to wipe out all old files.
Here's the logs I got :
Jun 29 14:22:02 php-fpm 32691 /pkg.php: Restarting e2g by sending -Q action to e2g binaries Jun 29 14:22:03 php-fpm 37116 /pkg.php: Restarting e2g by sending -Q action to e2g binaries Jun 29 14:22:08 e2guardian 36929 I seem to be running already! Jun 29 14:22:19 check_reload_status Syncing firewall Jun 29 14:22:19 php-fpm 37907 /pkg_edit.php: [E2guardian] - Save settings package call pr:1 bp: rpc:no Jun 29 14:22:19 check_reload_status Syncing firewall Jun 29 14:22:20 check_reload_status Syncing firewall Jun 29 14:22:24 php-fpm 43118 /pkg.php: Restarting e2g by sending -Q action to e2g binaries Jun 29 14:22:30 e2guardian 53036 I seem to be running already! Jun 29 14:22:34 e2guardian 56913 I seem to be running already! Jun 29 14:22:34 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 14:22:36 e2guardian 57016 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:22:36 check_reload_status Syncing firewall Jun 29 14:22:36 php-fpm 55051 /pkg_edit.php: [E2guardian] - Save settings package call pr: bp: rpc:no Jun 29 14:22:36 check_reload_status Syncing firewall Jun 29 14:22:37 check_reload_status Syncing firewall Jun 29 14:22:39 php-fpm 66155 /pkg.php: Starting E2guardian Jun 29 14:22:40 php-fpm 73552 /pkg.php: Restarting e2g by sending -Q action to e2g binaries Jun 29 14:22:45 e2guardian 73840 I seem to be running already! Jun 29 14:22:47 e2guardian 80263 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/E7/68/28/ Jun 29 14:22:55 e2guardian 12393 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:23:00 e2guardian 15840 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:23:10 e2guardian 23274 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:23:19 e2guardian 28640 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/24/23/4C/ Jun 29 14:23:25 e2guardian 35412 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:23:30 e2guardian 37220 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/24/23/4C/ Jun 29 14:23:39 e2guardian 43103 I seem to be running already! Jun 29 14:23:40 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 14:23:41 e2guardian 43759 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/24/23/4C/ Jun 29 14:23:50 e2guardian 74335 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/24/23/4C/ Jun 29 14:24:02 e2guardian 79051 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:24:03 check_reload_status Syncing firewall Jun 29 14:24:03 php-fpm 74469 /pkg_edit.php: [E2guardian] - Save settings package call pr: bp: rpc:no Jun 29 14:24:03 check_reload_status Syncing firewall Jun 29 14:24:04 check_reload_status Syncing firewall Jun 29 14:24:06 php-fpm 89221 /pkg.php: Restarting e2g by sending -Q action to e2g binaries Jun 29 14:24:06 php-fpm 84621 /pkg.php: Restarting e2g by sending -Q action to e2g binaries Jun 29 14:24:16 e2guardian 97443 I seem to be running already! Jun 29 14:24:16 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 14:24:16 check_reload_status Syncing firewall Jun 29 14:24:16 php-fpm 97885 /pkg_edit.php: [E2guardian] - Save settings package call pr:1 bp: rpc:no Jun 29 14:24:17 check_reload_status Syncing firewall Jun 29 14:24:17 e2guardian 97688 I seem to be running already! Jun 29 14:24:17 e2guardian 98266 I seem to be running already! Jun 29 14:24:18 e2guardian 99780 I seem to be running already! Jun 29 14:24:18 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 14:24:18 check_reload_status Syncing firewall Jun 29 14:24:19 php-fpm 97885 /pkg.php: Restarting e2g by sending -Q action to e2g binaries Jun 29 14:24:20 php-fpm 12405 /pkg.php: Restarting e2g by sending -Q action to e2g binaries Jun 29 14:24:25 e2guardian 12333 I seem to be running already!
Maybe this is some permission issue? Shouldn't be the case since E2 Guardian runs as root.
-
Every time you see a -Q on logs, means that you applied the configuration and e2guardian.inc is executing what you defined on daemon tab
Jun 29 14:22:19 check_reload_status Syncing firewall Jun 29 14:22:03 php-fpm 37116 /pkg.php: Restarting e2g by sending -Q action to e2g binaries Jun 29 14:22:08 e2guardian 36929 I seem to be running already!
When this occurs, means that watchdog script started e2guardian while e2guardian.inc was executing the apply config. Not exactly an error because e2guardian is up and running but creates these alerts on logs.
Jun 29 14:22:47 e2guardian 80263 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/E7/68/28/ Jun 29 14:22:55 e2guardian 12393 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:23:00 e2guardian 15840 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:23:10 e2guardian 23274 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:23:19 e2guardian 28640 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/24/23/4C/ Jun 29 14:23:25 e2guardian 35412 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:23:30 e2guardian 37220 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/24/23/4C/ Jun 29 14:23:41 e2guardian 43759 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/24/23/4C/ Jun 29 14:23:50 e2guardian 74335 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/24/23/4C/ Jun 29 14:24:02 e2guardian 79051 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/
Check if /usr/local/etc/e2guardian/ssl/generatedcerts exists and what permissions it has
This is the dir MITM save the generated certs. Few versions behind I was removing it on uninstall. -
Every time you see a -Q on logs, means that you applied the configuration and e2guardian.inc is executing what you defined on daemon tab
Jun 29 14:22:19 check_reload_status Syncing firewall Jun 29 14:22:03 php-fpm 37116 /pkg.php: Restarting e2g by sending -Q action to e2g binaries Jun 29 14:22:08 e2guardian 36929 I seem to be running already!
When this occurs, means that watchdog script started e2guardian while e2guardian.inc was executing the apply config. Not exactly an error because e2guardian is up and running but creates these alerts on logs.
Jun 29 14:22:47 e2guardian 80263 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/E7/68/28/ Jun 29 14:22:55 e2guardian 12393 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:23:00 e2guardian 15840 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:23:10 e2guardian 23274 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:23:19 e2guardian 28640 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/24/23/4C/ Jun 29 14:23:25 e2guardian 35412 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/ Jun 29 14:23:30 e2guardian 37220 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/24/23/4C/ Jun 29 14:23:41 e2guardian 43759 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/24/23/4C/ Jun 29 14:23:50 e2guardian 74335 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/24/23/4C/ Jun 29 14:24:02 e2guardian 79051 error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/
Check if /usr/local/etc/e2guardian/ssl/generatedcerts exists and what permissions it has
This is the dir MITM save the generated certs. Few versions behind I was removing it on uninstall.The permissions the folder "/usr/local/etc/e2guardian/ssl/generatedcerts" has is 644. However since I have MITM off right now, the directory is empty inside. Do you want me to delete this folder and let everything reinstall and regenerate?
EDIT: Enabled MITM for my group again and it seems the certs folder is empty. Which means it isn't generating the certs at all.
-
EDIT: Enabled MITM for my group again and it seems the certs folder is empty. Which means it isn't generating the certs at all.
check or set it to clamav:nobody
chown -R clamav:nobody /usr/local/etc/e2guardian/ssl/
my permissions on these dirs are 755
-
All can be fixed via gui by reapplying blacklist under blacklist tab and then saving config then apply button.
I'm afraid not, Marcello :-[
I tried both a reinstall, and an uninstall + install.
Go to blacklist tab: save, download list, reapply list, save.
Go to daemon tab: save, apply.Please see attached pics.
Thank you :)
-
EDIT: Enabled MITM for my group again and it seems the certs folder is empty. Which means it isn't generating the certs at all.
check or set it to clamav:nobody
chown -R clamav:nobody /usr/local/etc/e2guardian/ssl/
my permissions on these dirs are 755
Run those commands, now no SSL certs are being created at all. Let me try a reinstall, these issues are getting very annoying.
EDIT: Reinstalled now I got MITM back!! :D E2Guardian is correctly creating the certs again. Strangely enough : /usr/local/etc/e2guardian/ssl/generatedcerts still comes up as empty on FTP. Even though I connect as root.
The above issue is something I'm getting with HTTPS connections and it stops some services working. For now I have excluded some URL's in order to make some services such as Instagram work. Why is it failing to negotiate SSL connections? Is this due to SSL pinning?The URL in the screenshot is just an example, I have ads already blocked.
-
@Mr.:
All can be fixed via gui by reapplying blacklist under blacklist tab and then saving config then apply button.
I'm afraid not, Marcello :-[
I tried both a reinstall, and an uninstall + install.
Go to blacklist tab: save, download list, reapply list, save.
Go to daemon tab: save, apply.Please see attached pics.
Thank you :)
[/quote]I had the same issues, try setting permissions to 777. And see if it works, I'm glad that I'm not the only one facing issues. However I am a bit curious as to how everyone else doesn't have these problems.
-
@Mr.:
All can be fixed via gui by reapplying blacklist under blacklist tab and then saving config then apply button.
I'm afraid not, Marcello :-[
I tried both a reinstall, and an uninstall + install.
Go to blacklist tab: save, download list, reapply list, save.
Go to daemon tab: save, apply.Please see attached pics.
Thank you :)
[/quote]I had the same issues, try setting permissions to 777. And see if it works, I'm glad that I'm not the only one facing issues. However I am a bit curious as to how everyone else doesn't have these problems.
Thank you, pfsensation :)
Of course, by now I have no clue which directories ;D
Would you know?
Thank you.
-
EDIT: Enabled MITM for my group again and it seems the certs folder is empty. Which means it isn't generating the certs at all.
check or set it to clamav:nobody
chown -R clamav:nobody /usr/local/etc/e2guardian/ssl/
my permissions on these dirs are 755
Run those commands, now no SSL certs are being created at all. Let me try a reinstall, these issues are getting very annoying.
EDIT: Reinstalled now I got MITM back!! :D E2Guardian is correctly creating the certs again. Strangely enough : /usr/local/etc/e2guardian/ssl/generatedcerts still comes up as empty on FTP. Even though I connect as root.
The above issue is something I'm getting with HTTPS connections and it stops some services working. For now I have excluded some URL's in order to make some services such as Instagram work. Why is it failing to negotiate SSL connections? Is this due to SSL pinning?The URL in the screenshot is just an example, I have ads already blocked.
Is e2g blocking the connection? Sometimes ads are seen by e2g as bad stuff? Do you see a corresponding line in the e2g log to the logs your showing? If there is a corresponding line maybe the e2g log gives you the reason to the block and you can refine the e2g config.
-
Is e2g blocking the connection? Sometimes ads are seen by e2g as bad stuff? Do you see a corresponding line in the e2g log to the logs your showing? If there is a corresponding line maybe the e2g log gives you the reason to the block and you can refine the e2g config.
It's failing to negotiate ssl to the client and consequently denying access to a page it can't connect. It show a green icon because the html return code is 200 instead a 50x. But that error was specifically related to a cert dir permission.
-
The latest e2guardian code updates fixed most crashed with ssl connections. I've pushed it to Unofficial repo right now.
If you want to update bsd package under console exec on console:
pkg install -f e2guardian
This will update binaries to 4.1.1_12 version. check with
pkg info | grep -i e2g
After that, save and apply config on GUI.
-
Is e2g blocking the connection? Sometimes ads are seen by e2g as bad stuff? Do you see a corresponding line in the e2g log to the logs your showing? If there is a corresponding line maybe the e2g log gives you the reason to the block and you can refine the e2g config.
It's failing to negotiate ssl to the client and consequently denying access to a page it can't connect. It show a green icon because the html return code is 200 instead a 50x. But that error was specifically related to a cert dir permission.
Are you sure Marcello?
Everything was going good for an hour or two, then I had my entire pfSense box crash on me. I am literally out of answers and don't see how I can get this to work properly again…
Crash report begins. Anonymous machine information: amd64 10.3-RELEASE-p19 FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May 3 16:09:14 CDT 2017 root@ce23-amd64-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense Crash report details: No PHP errors found. Filename: /var/crash/bounds 1 Filename: /var/crash/info.0 Dump header from device /dev/label/swap0 Architecture: amd64 Architecture Version: 1 Dump Length: 72192B (0 MB) Blocksize: 512 Dumptime: Thu Jun 29 17:14:38 2017 Hostname: pfSense.kortex Magic: FreeBSD Text Dump Version String: FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May 3 16:09:14 CDT 2017 root@ce23-amd64-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense Panic String: Dump Parity: 225053250 Bounds: 0 Dump Status: good Filename: /var/crash/info.last Dump header from device /dev/label/swap0 Architecture: amd64 Architecture Version: 1 Dump Length: 72192B (0 MB) Blocksize: 512 Dumptime: Thu Jun 29 17:14:38 2017 Hostname: pfSense.kortex Magic: FreeBSD Text Dump Version String: FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May 3 16:09:14 CDT 2017 root@ce23-amd64-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense Panic String: Dump Parity: 225053250 Bounds: 0 Dump Status: good Filename: /var/crash/textdump.tar.0 ddb.txt06000014000013125223556 7076 ustarrootwheeldb:0:kdb.enter.default> run lockinfo db:1:lockinfo> show locks No such command db:1:locks> show alllocks No such command db:1:alllocks> show lockedvnods Locked vnodes db:0:kdb.enter.default> show pcpu cpuid = 1 dynamic pcpu = 0xfffffe010fd49100 curthread = 0xfffff80003520960: pid 12 "swi4: clock" curpcb = 0xfffffe0091ca2c80 fpcurthread = none idlethread = 0xfffff80003521960: tid 100004 "idle: cpu1" curpmap = 0xffffffff820f89a0 tssp = 0xffffffff821138f8 commontssp = 0xffffffff821138f8 rsp0 = 0xfffffe0091ca2c80 gs32p = 0xffffffff82115350 ldt = 0xffffffff82115390 tss = 0xffffffff82115380 db:0:kdb.enter.default> bt Tracing pid 12 tid 100007 td 0xfffff80003520960 carp_detach() at carp_detach+0x16/frame 0xfffffe0091ca2820 in6_purgeaddr() at in6_purgeaddr+0x3e/frame 0xfffffe0091ca29c0 nd6_timer() at nd6_timer+0x102/frame 0xfffffe0091ca29f0 softclock_call_cc() at softclock_call_cc+0x17b/frame 0xfffffe0091ca2ab0 softclock() at softclock+0x94/frame 0xfffffe0091ca2ae0 intr_event_execute_handlers() at intr_event_execute_handlers+0xab/frame 0xfffffe0091ca2b20 ithread_loop() at ithread_loop+0x96/frame 0xfffffe0091ca2b70 fork_exit() at fork_exit+0x9a/frame 0xfffffe0091ca2bb0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0091ca2bb0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- db:0:kdb.enter.default> ps pid ppid pgrp uid state wmesg wchan cmd 36223 95194 95194 0 S nanslp 0xffffffff82001571 sleep 34170 94904 94904 0 S nanslp 0xffffffff82001570 sleep 32840 60661 285 0 S nanslp 0xffffffff82001570 sleep 22515 41737 21 0 S nanslp 0xffffffff82001571 sleep 95194 94686 95194 0 Ss wait 0xfffff8000f64c000 sh 94904 94580 94904 0 Ss wait 0xfffff8006e91b9e0 sh 94686 28113 28113 0 S piperd 0xfffff80003c14ba0 cron 94580 28113 28113 0 S piperd 0xfffff8000f5898b8 cron 93294 285 285 0 S accept 0xfffff80003e5b88e php-fpm 78970 1 78970 0 Ss (threaded) e2guardian 101477 S accept 0xfffff80047ca5b46 e2guardian 101474 S accept 0xfffff8004799b88e e2guardian 101473 S uwait 0xfffff8000f225580 e2guardian 101450 S uwait 0xfffff80040781c80 e2guardian 101446 S uwait 0xfffff80040782100 e2guardian 101445 S sbwait 0xfffff8004515096c e2guardian 101436 S uwait 0xfffff8000f226600 e2guardian 101434 S uwait 0xfffff8000f1e1d00 e2guardian 101432 S uwait 0xfffff8000f2c1780 e2guardian 101431 S uwait 0xfffff800136d5500 e2guardian 101410 S uwait 0xfffff80047d31380 e2guardian 101406 S uwait 0xfffff80013808b00 e2guardian 101405 S uwait 0xfffff800403bfb80 e2guardian 101403 S uwait 0xfffff80013807280 e2guardian 101401 S uwait 0xfffff80047f85800 e2guardian 101400 S uwait 0xfffff80040782200 e2guardian 101398 S uwait 0xfffff8000f2c1680 e2guardian 101397 S uwait 0xfffff80003b49e80 e2guardian 101396 S uwait 0xfffff80047f86480 e2guardian 101391 S uwait 0xfffff8000f2c0e00 e2guardian 101182 S uwait 0xfffff8000f227780 e2guardian 101013 S uwait 0xfffff80003b49c00 e2guardian 100825 S uwait 0xfffff80047c79280 e2guardian 100645 S uwait 0xfffff80047ad8d00 e2guardian 100638 S uwait 0xfffff800136d3800 e2guardian 100636 S uwait 0xfffff80047f87100 e2guardian 100635 S uwait 0xfffff80013809f00 e2guardian 100634 S uwait 0xfffff8000f2c1280 e2guardian 100633 S uwait 0xfffff8000f226f00 e2guardian 100632 S uwait 0xfffff80003b49480 e2guardian 100627 S uwait 0xfffff8000f225480 e2guardian 100625 S uwait 0xfffff80040765900 e2guardian 100624 S sbwait 0xfffff800069cd96c e2guardian 100623 S uwait 0xfffff80047f88b80 e2guardian 100621 S uwait 0xfffff80040758900 e2guardian 100619 S uwait 0xfffff8000f225c80 e2guardian 100616 S uwait 0xfffff80040781380 e2guardian 100610 S sbwait 0xfffff8002fd833fc e2guardian 100608 S uwait 0xfffff80047f87500 e2guardian 100607 S uwait 0xfffff80067106300 e2guardian 100605 S uwait 0xfffff80047b1f580 e2guardian 100604 S sbwait 0xfffff8001377f6b4 e2guardian 100603 S uwait 0xfffff80040782880 e2guardian 100602 S uwait 0xfffff8000f225880 e2guardian 100601 S uwait 0xfffff80040781100 e2guardian 100600 S uwait 0xfffff8000f1e1a00 e2guardian 100598 S uwait 0xfffff80047a63380 e2guardian 100597 S uwait 0xfffff8000f225280 e2guardian 100596 S uwait 0xfffff8000f1e2b00 e2guardian 100595 S uwait 0xfffff80047ad8780 e2guardian 100592 S uwait 0xfffff80047adda00 e2guardian 100591 S uwait 0xfffff8000f1e2e00 e2guardian 100590 S uwait 0xfffff80047d32500 e2guardian 100588 S uwait 0xfffff80040781080 e2guardian 100587 S uwait 0xfffff80047a63e00 e2guardian 100586 S uwait 0xfffff80047d32780 e2guardian 100585 S uwait 0xfffff80003b46000 e2guardian 100584 S uwait 0xfffff80047f86280 e2guardian 100583 S uwait 0xfffff80003b5d600 e2guardian 100581 S uwait 0xfffff8000f1e2500 e2guardian 100580 S uwait 0xfffff8000f2c1180 e2guardian 100579 S uwait 0xfffff80047d33280 e2guardian 100578 S uwait 0xfffff80047f87f00 e2guardian 100577 S uwait 0xfffff8000f227980 e2guardian 100575 S uwait 0xfffff80047f85480 e2guardian 100573 S uwait 0xfffff80047f86e00 e2guardian 100570 S sbwait 0xfffff800137d396c e2guardian 100568 S uwait 0xfffff80047f88180 e2guardian 100567 S uwait 0xfffff80003b07080 e2guardian 100566 S uwait 0xfffff8000f1e2300 e2guardian 100564 S sbwait 0xfffff8004041e96c e2guardian 100563 S uwait 0xfffff8000f2c0f00 e2guardian 100562 S uwait 0xfffff80040758880 e2guardian 100561 S sbwait 0xfffff80047cb5c24 e2guardian 100559 S uwait 0xfffff8000f2c1b80 e2guardian 100558 S uwait 0xfffff800136d3a00 e2guardian 100555 S uwait 0xfffff80040781b00 e2guardian 100554 S uwait 0xfffff80013808c00 e2guardian 100553 S uwait 0xfffff8000f2c1880 e2guardian 100552 S uwait 0xfffff80047f87a00 e2guardian 100551 S uwait 0xfffff80047f88d80 e2guardian 100550 S sbwait 0xfffff80047b9a6b4 e2guardian 100549 S sbwait 0xfffff80047ed66b4 e2guardian 100548 S uwait 0xfffff8000f225380 e2guardian 100545 S uwait 0xfffff80047c7a180 e2guardian 100544 S uwait 0xfffff800136d4680 e2guardian 100543 S uwait 0xfffff8000f226d00 e2guardian 100542 S uwait 0xfffff80047ad8c80 e2guardian 100541 S uwait 0xfffff80003b48800 e2guardian 100540 S uwait 0xfffff80003b47900 e2guardian 100539 S uwait 0xfffff80040767980 e2guardian 100538 S uwait 0xfffff800136d3380 e2guardian 100537 S uwait 0xfffff80047a63900 e2guardian 100536 S sbwait 0xfffff80047c5c3fc e2guardian 100535 S sbwait 0xfffff800069cec24 e2guardian 100534 S sbwait 0xfffff800069ce144 e2guardian 100533 S sbwait 0xfffff80047c07c24 e2guardian 100532 S uwait 0xfffff80047f86980 e2guardian 100531 S uwait 0xfffff8000f225680 e2guardian 100530 S sbwait 0xfffff8000f7ef3fc e2guardian 100529 S sbwait 0xfffff8006967b144 e2guardian 100528 S uwait 0xfffff8000f226000 e2guardian 100527 S uwait 0xfffff8000f1e2c00 e2guardian 100526 S uwait 0xfffff8004071ed00 e2guardian 100525 S uwait 0xfffff8004071ec00 e2guardian 100524 S uwait 0xfffff8000f1e1880 e2guardian 100523 S uwait 0xfffff8000f226800 e2guardian 100522 S uwait 0xfffff8000f225a80 e2guardian 100521 S uwait 0xfffff8000f227380 e2guardian 100520 S uwait 0xfffff80047a63680 e2guardian 100519 S uwait 0xfffff80047f88580 e2guardian 100518 S uwait 0xfffff80003b5ab80 e2guardian 100517 S uwait 0xfffff80047c7b400 e2guardian 100516 S uwait 0xfffff800136d4300 e2guardian 100515 S select 0xfffff80040782a40 e2guardian 100514 S uwait 0xfffff8000f226700 e2guardian 100513 S uwait 0xfffff800403bf100 e2guardian 100512 S select 0xfffff80047b1ebc0 e2guardian 100511 S uwait 0xfffff80040781a80 e2guardian 100510 S uwait 0xfffff8000f1e2800 e2guardian 100509 S uwait 0xfffff80013808700 e2guardian 100507 S sbwait 0xfffff80047ed73fc e2guardian 100506 S uwait 0xfffff80003b49200 e2guardian 100504 S sbwait 0xfffff80028b2a6b4 e2guardian 100503 S sbwait 0xfffff800451c0144 e2guardian 100502 S uwait 0xfffff80040758c00 e2guardian 100501 S uwait 0xfffff800406fee80 e2guardian 100499 S uwait 0xfffff80003894f00 e2guardian 100498 S uwait 0xfffff80047f87400 e2guardian 100496 S uwait 0xfffff8000f2c0680 e2guardian 100495 S uwait 0xfffff80047c7b280 e2guardian 100494 S sbwait 0xfffff8000f7ef144 e2guardian 100493 S sbwait 0xfffff80047cbb144 e2guardian 100492 S sbwait 0xfffff80045110c24 e2guardian 100490 S sbwait 0xfffff80047de96b4 e2guardian 100489 S uwait 0xfffff8000f227880 e2guardian 100488 S uwait 0xfffff800403bf880 e2guardian 100487 S uwait 0xfffff8000f227680 e2guardian 100486 S uwait 0xfffff80040782900 e2guardian 100485 S uwait 0xfffff8000f1e1280 e2guardian 100483 S uwait 0xfffff80047ad8400 e2guardian 100482 S uwait 0xfffff80047ad9580 e2guardian 100481 S uwait 0xfffff80040758700 e2guardian 100480 S select 0xfffff800407323c0 e2guardian 100479 S uwait 0xfffff8000f227a80 e2guardian 100478 S uwait 0xfffff80047c7a900 e2guardian 100477 S uwait 0xfffff8000f226c00 e2guardian 100476 S uwait 0xfffff80047f85e80 e2guardian 100475 S uwait 0xfffff800136d6500 e2guardian 100474 S sbwait 0xfffff800136303fc e2guardian 100473 S uwait 0xfffff80028b34500 e2guardian 100472 S sbwait 0xfffff8002fd836b4 e2guardian 100471 S uwait 0xfffff8000f226900 e2guardian 100470 S sbwait 0xfffff8000f19a96c e2guardian 100468 S sbwait 0xfffff8000f6bc6b4 e2guardian 100467 S uwait 0xfffff8000f2c1580 e2guardian 100466 S uwait 0xfffff8000f225780 e2guardian 100465 S sbwait 0xfffff80047ca43fc e2guardian 100464 S uwait 0xfffff8000f1e1780 e2guardian 100463 S uwait 0xfffff80047f88080 e2guardian 100462 S uwait 0xfffff80040783400 e2guardian 100461 S uwait 0xfffff800136d5180 e2guardian 100460 S select 0xfffff80047b1ef40 e2guardian 100459 S uwait 0xfffff80040758780 e2guardian 100458 S sbwait 0xfffff800069d96b4 e2guardian 100457 S uwait 0xfffff80013808e80 e2guardian 100456 S select 0xfffff80040783ec0 e2guardian 100455 S uwait 0xfffff80040758a80 e2guardian 100454 S uwait 0xfffff800136d6d00 e2guardian 100452 S uwait 0xfffff8000f227d80 e2guardian 100451 S select 0xfffff80047b1e0c0 e2guardian 100450 S uwait 0xfffff80047f86000 e2guardian 100449 S uwait 0xfffff8004071e100 e2guardian 100448 S select 0xfffff80003b480c0 e2guardian 100447 S select 0xfffff80047c7aac0 e2guardian 100445 S uwait 0xfffff80047ad8880 e2guardian 100443 S uwait 0xfffff8000f225980 e2guardian 100441 S uwait 0xfffff80047f85c80 e2guardian 100439 S uwait 0xfffff800136d5480 e2guardian 100437 S uwait 0xfffff8000f227c80 e2guardian 100436 S uwait 0xfffff8000f226200 e2guardian 100423 S uwait 0xfffff80047a63a80 e2guardian 100398 S uwait 0xfffff8000f2c0900 e2guardian 100397 S uwait 0xfffff8000f2c0a00 e2guardian 100396 S uwait 0xfffff80047f85600 e2guardian 100388 S uwait 0xfffff8000f226b00 e2guardian 100384 S uwait 0xfffff8000f1e2900 e2guardian 100382 S select 0xfffff800408423c0 e2guardian 100372 S uwait 0xfffff8000f1e0f00 e2guardian 100370 S select 0xfffff80003b465c0 e2guardian 100360 S uwait 0xfffff8000f2c0b00 e2guardian 100358 S uwait 0xfffff8000f226100 e2guardian 100341 S uwait 0xfffff80040841200 e2guardian 100333 S uwait 0xfffff80047ad8b80 e2guardian 100292 S uwait 0xfffff80003b48e00 e2guardian 100268 S uwait 0xfffff80047f87600 e2guardian 100231 S uwait 0xfffff80040781d80 e2guardian 100224 S uwait 0xfffff8000f1e1980 e2guardian 100223 S select 0xfffff80003b47140 e2guardian 100222 S uwait 0xfffff80047ad9780 e2guardian 100216 S uwait 0xfffff8000f1e2400 e2guardian 100144 S uwait 0xfffff8000f227180 e2guardian 100091 S uwait 0xfffff80003b47300 e2guardian 100431 S sigwait 0xfffff80047dc1000 e2guardian 91851 90812 90450 100 S sbwait 0xfffff80045151c24 ssl_crtd 91831 90812 90450 100 S sbwait 0xfffff80047c06144 ssl_crtd 91507 90812 90450 100 S sbwait 0xfffff80003e2896c ssl_crtd 91499 90812 90450 100 S sbwait 0xfffff8001e7ca3fc ssl_crtd 91305 90812 90450 100 S sbwait 0xfffff80047c92c24 ssl_crtd 90812 90450 90450 100 S kqread 0xfffff800403f6a00 squid 90450 1 90450 100 Ss wait 0xfffff8000f61b4f0 squid 67735 66720 66720 0 S kqread 0xfffff8000f90d700 nginx 67573 66720 66720 0 S kqread 0xfffff8000f223200 nginx 67468 66720 66720 0 S kqread 0xfffff80003af7700 nginx 67132 66720 66720 0 S kqread 0xfffff80047b65b00 nginx 66720 1 66720 0 Ss pause 0xfffff8000f139598 nginx 60661 1 285 0 S wait 0xfffff800404e14f0 sh 60441 83727 83373 100 S select 0xfffff8006960fd40 pinger 8208 83727 83373 100 S select 0xfffff80047b1edc0 pinger 13480 83727 83373 100 S select 0xfffff800129286c0 pinger 56974 83727 83373 100 S select 0xfffff8000f371c40 pinger 98654 83727 83373 100 S select 0xfffff80003b5adc0 pinger 51075 83727 83373 100 S select 0xfffff80047c7b540 pinger 27257 27143 27257 0 S+ ttyin 0xfffff8000388f0a8 sh 27143 26915 27143 0 S+ wait 0xfffff80047fe54f0 sh 27124 64627 27124 0 Ss (threaded) sshlockout_pf 100226 S nanslp 0xffffffff82001570 sshlockout_pf 100131 S piperd 0xfffff8001379e2e8 sshlockout_pf 26915 1 26915 0 Ss+ wait 0xfffff80003b424f0 login 10076 9674 9674 0 S nanslp 0xffffffff82001571 minicron 9674 1 9674 0 Ss wait 0xfffff8000f0b44f0 minicron 9552 9170 9170 0 S nanslp 0xffffffff82001570 minicron 9170 1 9170 0 Ss wait 0xfffff8000f0b5000 minicron 9059 8697 8697 0 S nanslp 0xffffffff82001570 minicron 8697 1 8697 0 Ss wait 0xfffff800478164f0 minicron 87458 83727 83373 100 S select 0xfffff80047c7bcc0 pinger 87371 83727 83373 100 S piperd 0xfffff80003c158b8 unlinkd 83727 83373 83373 100 S kqread 0xfffff80047c0f000 squid 83373 1 83373 100 Ss wait 0xfffff80013759000 squid 82594 1 82594 0 Ss (threaded) filterdns 100209 S uwait 0xfffff800406fee00 signal-thread 100208 S uwait 0xfffff80003b46c00 149.154.167.91 100207 S uwait 0xfffff800136d4d80 telegram.org 100206 S uwait 0xfffff800136d5880 filterdns 100205 S uwait 0xfffff80040759100 filterdns 100204 S uwait 0xfffff80040841d80 filterdns 100203 S uwait 0xfffff80003b49d80 filterdns 100202 S uwait 0xfffff80003b49c80 filterdns 100201 S uwait 0xfffff800406fe880 adnxs.com 100200 S uwait 0xfffff80003b49800 adnexus.net 100199 S uwait 0xfffff80040840980 a.ads2.msn.com 100198 S uwait 0xfffff80040840a80 a.ads1.msn.com 100197 S uwait 0xfffff80040759780 ads1.msn.com 100196 S uwait 0xfffff80040759600 ads1.msads.net 100195 S uwait 0xfffff80040759400 ads.msn.com 100194 S uwait 0xfffff80040759800 ad.doubleclick.net 100193 S uwait 0xfffff80040759680 preview.msn.com 100192 S uwait 0xfffff80040759300 rad.msn.com 100191 S uwait 0xfffff80040759180 filterdns 100190 S uwait 0xfffff80040759280 filterdns 100189 S uwait 0xfffff8004071eb00 filterdns 100188 S uwait 0xfffff80003d02f00 filterdns 100187 S uwait 0xfffff800136d5580 filterdns 100186 S uwait 0xfffff800136d5980 filterdns 100185 S uwait 0xfffff800136d5380 filterdns 100184 S uwait 0xfffff800136d6680 filterdns 100183 S uwait 0xfffff80040780580 filterdns 100182 S uwait 0xfffff80040780500 filterdns 100181 S uwait 0xfffff80040843c80 filterdns 100180 S uwait 0xfffff8004075bd80 filterdns 100179 S uwait 0xfffff80040758d00 a-0001.a-msedge.net 100178 S uwait 0xfffff80013807380 cs1.wpc.v0cdn.net 100177 S uwait 0xfffff800136d4f00 filterdns 100176 S uwait 0xfffff80040841700 filterdns 100175 S uwait 0xfffff80040841880 filterdns 100174 S uwait 0xfffff80040841b00 filterdns 100173 S uwait 0xfffff80003b07400 watson.live.com 100172 S uwait 0xfffff800136d4e00 filterdns 100171 S uwait 0xfffff800136d3600 filterdns 100170 S uwait 0xfffff80003b48a00 filterdns 100169 S uwait 0xfffff8004071f100 filterdns 100168 S uwait 0xfffff8004071f200 filterdns 100167 S uwait 0xfffff80003b5d800 filterdns 100166 S uwait 0xfffff80003b5d700 filterdns 100165 S uwait 0xfffff80040758680 filterdns 100164 S uwait 0xfffff800136d6780 filterdns 100163 S uwait 0xfffff800136d6f00 filterdns 100162 S uwait 0xfffff80040759000 filterdns 100161 S uwait 0xfffff80040759480 filterdns 100160 S uwait 0xfffff80040758f00 filterdns 100159 S uwait 0xfffff80040783e00 filterdns 100158 S uwait 0xfffff80003b5da80 filterdns 100157 S uwait 0xfffff800136d6880 filterdns 100156 S uwait 0xfffff800136d6b80 filterdns 100155 S uwait 0xfffff80013808200 filterdns 100154 S uwait 0xfffff80013808100 filterdns 100153 S uwait 0xfffff80013808000 filterdns 100152 S uwait 0xfffff80013807e80 filterdns 100151 S uwait 0xfffff80013807d80 filterdns 100150 S uwait 0xfffff80013807c80 filterdns 100149 S uwait 0xfffff80013807b80 filterdns 100148 S uwait 0xfffff80013807a80 filterdns 64627 1 64627 0 Ss select 0xfffff800406feb40 syslogd 41737 1 21 0 S+ wait 0xfffff8001375a000 sh 33875 1 33875 1002 Ss select 0xfffff80003b0acc0 dhcpd 28840 1 28840 0 Ss (threaded) ntpd 100127 S select 0xfffff800136d4ac0 ntpd 28113 1 28113 0 Ss nanslp 0xffffffff82001571 cron 27776 27391 27391 0 S kqread 0xfffff80040741a00 nginx 27609 27391 27391 0 S kqread 0xfffff800400eed00 nginx 27391 1 27391 0 Ss pause 0xfffff80003c7b598 nginx 22372 1 22372 0 Ss kqread 0xfffff80003ca6c00 dhcpleases 21375 1 21375 59 Ss (threaded) unbound 100589 S kqread 0xfffff80040451100 unbound 100110 S kqread 0xfffff80015908400 unbound 19354 1 19354 0 Ss (threaded) dpinger 100119 S accept 0xfffff80003e5c5d6 dpinger 100118 S nanslp 0xffffffff82001570 dpinger 100117 S nanslp 0xffffffff82001570 dpinger 100116 S sbwait 0xfffff80003e5c3fc dpinger 100115 S uwait 0xfffff8004071f400 dpinger 15876 1 15876 0 Ss bpf 0xfffff80003b7c000 filterlog 12879 1 12879 65 Ss select 0xfffff80003b5b440 dhclient 7966 1 7966 0 Ss select 0xfffff80003c352c0 dhclient 7023 1 7023 0 Ss (threaded) sshlockout_pf 100106 S nanslp 0xffffffff82001571 sshlockout_pf 100095 S uwait 0xfffff80003b47800 sshlockout_pf 6949 1 6949 0 Ss select 0xfffff80003b5c9c0 sshd 336 1 336 0 Ss select 0xfffff80003b47dc0 devd 325 323 323 0 S kqread 0xfffff80003c7da00 check_reload_status 323 1 323 0 Ss kqread 0xfffff80003c7d900 check_reload_status 285 1 285 0 Ss kqread 0xfffff80003bae600 php-fpm 55 0 0 0 DL mdwait 0xfffff80003b1c800 [md0] 20 0 0 0 DL syncer 0xffffffff82052508 [syncer] 19 0 0 0 DL vlruwt 0xfffff80003b439e0 [vnlru] 18 0 0 0 DL (threaded) [bufdaemon] 100084 D sdflush 0xfffff80003b7d8e8 [/ worker] 100075 D psleep 0xffffffff82051704 [bufdaemon] 17 0 0 0 DL pgzero 0xffffffff8206283c [pagezero] 9 0 0 0 DL pollid 0xffffffff81fffe90 [idlepoll] 8 0 0 0 DL psleep 0xffffffff82061bc0 [vmdaemon] 7 0 0 0 DL (threaded) [pagedaemon] 100079 D umarcl 0xffffffff82061540 [uma] 100071 D psleep 0xffffffff82112c04 [pagedaemon] 6 0 0 0 DL waiting_ 0xffffffff821036c0 [sctp_iterator] 5 0 0 0 DL pftm 0xffffffff80d5db10 [pf purge] 16 0 0 0 DL (threaded) [usb] 100061 D - 0xfffffe00009e4e70 [usbus4] 100060 D - 0xfffffe00009e4e18 [usbus4] 100059 D - 0xfffffe00009e4dc0 [usbus4] 100058 D - 0xfffffe00009e4d68 [usbus4] 100057 D - 0xfffffe00009e4d10 [usbus4] 100056 D - 0xfffffe00009d4f48 [usbus3] 100055 D - 0xfffffe00009d4ef0 [usbus3] 100054 D - 0xfffffe00009d4e98 [usbus3] 100053 D - 0xfffffe00009d4e40 [usbus3] 100052 D - 0xfffffe00009d4de8 [usbus3] 100050 D - 0xfffffe00009c4f48 [usbus2] 100049 D - 0xfffffe00009c4ef0 [usbus2] 100048 D - 0xfffffe00009c4e98 [usbus2] 100047 D - 0xfffffe00009c4e40 [usbus2] 100046 D - 0xfffffe00009c4de8 [usbus2] 100044 D - 0xfffffe00009b4f48 [usbus1] 100043 D - 0xfffffe00009b4ef0 [usbus1] 100042 D - 0xfffffe00009b4e98 [usbus1] 100041 D - 0xfffffe00009b4e40 [usbus1] 100040 D - 0xfffffe00009b4de8 [usbus1] 100038 D - 0xfffffe000099cf48 [usbus0] 100037 D - 0xfffffe000099cef0 [usbus0] 100036 D - 0xfffffe000099ce98 [usbus0] 100035 D - 0xfffffe000099ce40 [usbus0] 100034 D - 0xfffffe000099cde8 [usbus0] 4 0 0 0 DL (threaded) [cam] 100070 D - 0xffffffff81f360c8 [scanner] 100019 D - 0xffffffff81f36280 [doneq0] 15 0 0 0 DL - 0xffffffff81f579c0 [rand_harvestq] 3 0 0 0 DL crypto_r 0xffffffff82060098 [crypto returns] 2 0 0 0 DL crypto_w 0xffffffff8205ff40 [crypto] 14 0 0 0 DL (threaded) [geom] 100013 D - 0xffffffff820f7de8 [g_down] 100012 D - 0xffffffff820f7de0 [g_up] 100011 D - 0xffffffff820f7dd8 [g_event] 13 0 0 0 DL (threaded) [ng_queue] 100010 D sleep 0xffffffff81ef46f8 [ng_queue1] 100009 D sleep 0xffffffff81ef46f8 [ng_queue0] 12 0 0 0 RL (threaded) [intr] 100078 I [swi1: netisr 1] 100068 I [swi1: pfsync] 100066 I [swi1: pf send] 100063 I [irq1: atkbd0] 100062 I [irq14: ata0] 100051 I [irq16: uhci3] 100045 I [irq18: uhci2] 100039 I [irq19: uhci1+] 100033 I [irq23: uhci0 ehci0] 100032 I [irq258: re0] 100027 I [swi5: fast taskq] 100025 I [swi6: Giant taskq] 100023 I [swi6: task queue] 100008 I [swi4: clock] 100007 Run CPU 1 [swi4: clock] 100006 I [swi1: netisr 0] 100005 I [swi3: vm] 11 0 0 0 RL (threaded) [idle] 100004 CanRun [idle: cpu1] 100003 Run CPU 0 [idle: cpu0]
-
Are you sure Marcello?
Everything was going good for an hour or two, then I had my entire pfSense box crash on me. I am literally out of answers and don't see how I can get this to work properly again…
Not sure about system crashes(I got none until now). The issue I had until this latest version(4.1.2-dev) was crashes every 30sec on highload ssl traffic without squid parent in splice_all mode.
EDIT: if fixes some crashes but still need parent splice_all protecting it. :(
-
Are you sure Marcello?
Everything was going good for an hour or two, then I had my entire pfSense box crash on me. I am literally out of answers and don't see how I can get this to work properly again…
Not sure about system crashes(I got none until now). The issue I had until this latest version(4.1.2-dev) was crashes every 30sec on highload ssl traffic without squid parent in splice_all mode.
EDIT: if fixes some crashes but still need parent splice_all protecting it. :(
Just so we're clear here's screenshots, I've already got Squid on Splice all mode. Also by crash, I don't know what else to say, pfSense completely stopped responding, no DHCP, DNS, SSH nothing. AT ALL. Had to reboot to get it all back up.
-
You screnshot show that you did not enabled ssl filtering, you just selected splice all.
BTW, I'm using the automatic parent that has it enabled by default.
to check, do a
ps ax | grep -i squid
This is automatic parent with splice_all enabled
82592 - Is 0:00.00 /usr/local/sbin/e2guid -f /usr/local/etc/e2guardian/squidparent.conf (squid)
82741 - S 0:46.80 (squid-1) -f /usr/local/etc/e2guardian/squidparent.conf (squid)
85223 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85459 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85645 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85896 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
86189 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)This is squid package daemon with splice_all enabled
18762 - Is 0:00.00 /usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf
19478 - S 1:43.80 (squid-1) -f /usr/local/etc/squid/squid.conf (squid)
27590 - I 0:00.03 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
27685 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28048 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28112 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28747 - I 0:00.02 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd) -
You screnshot show that you did not enabled ssl filtering, you just selected splice all.
BTW, I'm using the automatic parent that has it enabled by default.
to check, do a
ps ax | grep -i squid
This is automatic parent with splice_all enabled
82592 - Is 0:00.00 /usr/local/sbin/e2guid -f /usr/local/etc/e2guardian/squidparent.conf (squid)
82741 - S 0:46.80 (squid-1) -f /usr/local/etc/e2guardian/squidparent.conf (squid)
85223 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85459 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85645 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85896 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
86189 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)This is squid package daemon with splice_all enabled
18762 - Is 0:00.00 /usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf
19478 - S 1:43.80 (squid-1) -f /usr/local/etc/squid/squid.conf (squid)
27590 - I 0:00.03 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
27685 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28048 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28112 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28747 - I 0:00.02 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)It doesn't need enabling, the checkbox is for transparent HTTPS isn't it? I don't want squid to hijack all the connections, because it needs to go through E2Guardian first. Also I don't run it in automatic mode because I realised at some point that squid wasn't caching in that mode. It only properly cached in manual mode.
You must be somehow using squid to intercept https instead of e2 guardian, that's why you aren't getting a lot of these crashes.
Here's the output I got:
7054 - Is 0:00.00 /usr/local/sbin/squid -f /usr/local/etc/squid/squid.co 7504 - S 0:20.91 (squid-1) -f /usr/local/etc/squid/squid.conf (squid) 23007 - S 0:00.14 (squid-1) -f /usr/local/etc/e2guardian/squidparent.con 23461 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 23769 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 23863 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 24152 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 24438 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 52915 0 S+ 0:00.00 grep -i squid
EDIT: When setting it to automatic mode, I get no squid cache. No hits on the squid realtime tab, maybe this is our difference in setup?
-
The latest e2guardian code updates fixed most crashed with ssl connections. I've pushed it to Unofficial repo right now.
If you want to update bsd package under console exec on console:
pkg install -f e2guardian
This will update binaries to 4.1.1_12 version. check with
pkg info | grep -i e2g
After that, save and apply config on GUI.
Completely missed this message so I tried updatiing the binaries and it did in fact update. However I'm back to the age old problem of not even being able to start E2Guardian now (no surprises there)…
Jun 29 21:48:08 e2guardian 72211 Error reading filter group conf file(s). Jun 29 21:48:08 e2guardian 72211 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:08 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:08 php-fpm 64719 /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Starting e2guardian. basic_string Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error in reading filter group files Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian' Jun 29 21:48:08 php-fpm 64719 /pkg_edit.php: Starting E2guardian Jun 29 21:48:08 e2guardian 74856 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:08 e2guardian 74856 Error reading filter group conf file(s). Jun 29 21:48:08 e2guardian 74856 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:08 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:08 php-fpm 64719 /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Starting e2guardian. basic_string Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error in reading filter group files Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian' Jun 29 21:48:10 e2guardian 77879 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:10 e2guardian 77879 Error reading filter group conf file(s). Jun 29 21:48:10 e2guardian 77879 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:10 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:20 e2guardian 7246 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:20 e2guardian 7246 Error reading filter group conf file(s). Jun 29 21:48:20 e2guardian 7246 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:20 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:30 e2guardian 10205 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:30 e2guardian 10205 Error reading filter group conf file(s). Jun 29 21:48:30 e2guardian 10205 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:30 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:40 e2guardian 15165 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:40 e2guardian 15165 Error reading filter group conf file(s). Jun 29 21:48:40 e2guardian 15165 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:40 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:50 e2guardian 18289 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:50 e2guardian 18289 Error reading filter group conf file(s). Jun 29 21:48:50 e2guardian 18289 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:50 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:00 e2guardian 21975 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:00 e2guardian 21975 Error reading filter group conf file(s). Jun 29 21:49:00 e2guardian 21975 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:00 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:10 e2guardian 25580 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:10 e2guardian 25580 Error reading filter group conf file(s). Jun 29 21:49:10 e2guardian 25580 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:10 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:20 e2guardian 49914 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:20 e2guardian 49914 Error reading filter group conf file(s). Jun 29 21:49:20 e2guardian 49914 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:20 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:30 e2guardian 52328 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:30 e2guardian 52328 Error reading filter group conf file(s). Jun 29 21:49:30 e2guardian 52328 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:30 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:40 e2guardian 58315 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:40 e2guardian 58315 Error reading filter group conf file(s). Jun 29 21:49:40 e2guardian 58315 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:40 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
I've tried the usual re applying black list, reinstall, uninstall then install. No joy yet.
-
It doesn't need enabling, the checkbox is for transparent HTTPS isn't it? I don't want squid to hijack all the connections, because it needs to go through E2Guardian first. Also I don't run it in automatic mode because I realised at some point that squid wasn't caching in that mode. It only properly cached in manual mode.
That's exactly what you want. Take a look on splice_all description
The SSL/MITM mode determines how SSL interception is treated when 'SSL Man In the Middle Filtering' is enabled.
The way you can filter(without MITM) and no configuration on clients is in sandwich mode:
-
Configure squid transparente proxy for HTTP and HTTPS with splice_all selected
-
Configure e2guardian as parent with code below on custom_options_before_auth field
cache_peer 127.0.0.1 parent 8080 0 login=*:password always_direct deny all never_direct allow all
- E2guradian listening on loopback and configured with automatic parent mode + watchdog
EDIT: When setting it to automatic mode, I get no squid cache. No hits on the squid realtime tab, maybe this is our difference in setup?
It will not interact with squid package. Automatic parent mode uses specific squid config, dir and no access.log file.
-