Unofficial E2guardian package for pfSense
-
The latest e2guardian code updates fixed most crashed with ssl connections. I've pushed it to Unofficial repo right now.
If you want to update bsd package under console exec on console:
pkg install -f e2guardian
This will update binaries to 4.1.1_12 version. check with
pkg info | grep -i e2g
After that, save and apply config on GUI.
-
Is e2g blocking the connection? Sometimes ads are seen by e2g as bad stuff? Do you see a corresponding line in the e2g log to the logs your showing? If there is a corresponding line maybe the e2g log gives you the reason to the block and you can refine the e2g config.
It's failing to negotiate ssl to the client and consequently denying access to a page it can't connect. It show a green icon because the html return code is 200 instead a 50x. But that error was specifically related to a cert dir permission.
Are you sure Marcello?
Everything was going good for an hour or two, then I had my entire pfSense box crash on me. I am literally out of answers and don't see how I can get this to work properly again…
Crash report begins. Anonymous machine information: amd64 10.3-RELEASE-p19 FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May 3 16:09:14 CDT 2017 root@ce23-amd64-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense Crash report details: No PHP errors found. Filename: /var/crash/bounds 1 Filename: /var/crash/info.0 Dump header from device /dev/label/swap0 Architecture: amd64 Architecture Version: 1 Dump Length: 72192B (0 MB) Blocksize: 512 Dumptime: Thu Jun 29 17:14:38 2017 Hostname: pfSense.kortex Magic: FreeBSD Text Dump Version String: FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May 3 16:09:14 CDT 2017 root@ce23-amd64-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense Panic String: Dump Parity: 225053250 Bounds: 0 Dump Status: good Filename: /var/crash/info.last Dump header from device /dev/label/swap0 Architecture: amd64 Architecture Version: 1 Dump Length: 72192B (0 MB) Blocksize: 512 Dumptime: Thu Jun 29 17:14:38 2017 Hostname: pfSense.kortex Magic: FreeBSD Text Dump Version String: FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May 3 16:09:14 CDT 2017 root@ce23-amd64-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense Panic String: Dump Parity: 225053250 Bounds: 0 Dump Status: good Filename: /var/crash/textdump.tar.0 ddb.txt06000014000013125223556 7076 ustarrootwheeldb:0:kdb.enter.default> run lockinfo db:1:lockinfo> show locks No such command db:1:locks> show alllocks No such command db:1:alllocks> show lockedvnods Locked vnodes db:0:kdb.enter.default> show pcpu cpuid = 1 dynamic pcpu = 0xfffffe010fd49100 curthread = 0xfffff80003520960: pid 12 "swi4: clock" curpcb = 0xfffffe0091ca2c80 fpcurthread = none idlethread = 0xfffff80003521960: tid 100004 "idle: cpu1" curpmap = 0xffffffff820f89a0 tssp = 0xffffffff821138f8 commontssp = 0xffffffff821138f8 rsp0 = 0xfffffe0091ca2c80 gs32p = 0xffffffff82115350 ldt = 0xffffffff82115390 tss = 0xffffffff82115380 db:0:kdb.enter.default> bt Tracing pid 12 tid 100007 td 0xfffff80003520960 carp_detach() at carp_detach+0x16/frame 0xfffffe0091ca2820 in6_purgeaddr() at in6_purgeaddr+0x3e/frame 0xfffffe0091ca29c0 nd6_timer() at nd6_timer+0x102/frame 0xfffffe0091ca29f0 softclock_call_cc() at softclock_call_cc+0x17b/frame 0xfffffe0091ca2ab0 softclock() at softclock+0x94/frame 0xfffffe0091ca2ae0 intr_event_execute_handlers() at intr_event_execute_handlers+0xab/frame 0xfffffe0091ca2b20 ithread_loop() at ithread_loop+0x96/frame 0xfffffe0091ca2b70 fork_exit() at fork_exit+0x9a/frame 0xfffffe0091ca2bb0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0091ca2bb0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- db:0:kdb.enter.default> ps pid ppid pgrp uid state wmesg wchan cmd 36223 95194 95194 0 S nanslp 0xffffffff82001571 sleep 34170 94904 94904 0 S nanslp 0xffffffff82001570 sleep 32840 60661 285 0 S nanslp 0xffffffff82001570 sleep 22515 41737 21 0 S nanslp 0xffffffff82001571 sleep 95194 94686 95194 0 Ss wait 0xfffff8000f64c000 sh 94904 94580 94904 0 Ss wait 0xfffff8006e91b9e0 sh 94686 28113 28113 0 S piperd 0xfffff80003c14ba0 cron 94580 28113 28113 0 S piperd 0xfffff8000f5898b8 cron 93294 285 285 0 S accept 0xfffff80003e5b88e php-fpm 78970 1 78970 0 Ss (threaded) e2guardian 101477 S accept 0xfffff80047ca5b46 e2guardian 101474 S accept 0xfffff8004799b88e e2guardian 101473 S uwait 0xfffff8000f225580 e2guardian 101450 S uwait 0xfffff80040781c80 e2guardian 101446 S uwait 0xfffff80040782100 e2guardian 101445 S sbwait 0xfffff8004515096c e2guardian 101436 S uwait 0xfffff8000f226600 e2guardian 101434 S uwait 0xfffff8000f1e1d00 e2guardian 101432 S uwait 0xfffff8000f2c1780 e2guardian 101431 S uwait 0xfffff800136d5500 e2guardian 101410 S uwait 0xfffff80047d31380 e2guardian 101406 S uwait 0xfffff80013808b00 e2guardian 101405 S uwait 0xfffff800403bfb80 e2guardian 101403 S uwait 0xfffff80013807280 e2guardian 101401 S uwait 0xfffff80047f85800 e2guardian 101400 S uwait 0xfffff80040782200 e2guardian 101398 S uwait 0xfffff8000f2c1680 e2guardian 101397 S uwait 0xfffff80003b49e80 e2guardian 101396 S uwait 0xfffff80047f86480 e2guardian 101391 S uwait 0xfffff8000f2c0e00 e2guardian 101182 S uwait 0xfffff8000f227780 e2guardian 101013 S uwait 0xfffff80003b49c00 e2guardian 100825 S uwait 0xfffff80047c79280 e2guardian 100645 S uwait 0xfffff80047ad8d00 e2guardian 100638 S uwait 0xfffff800136d3800 e2guardian 100636 S uwait 0xfffff80047f87100 e2guardian 100635 S uwait 0xfffff80013809f00 e2guardian 100634 S uwait 0xfffff8000f2c1280 e2guardian 100633 S uwait 0xfffff8000f226f00 e2guardian 100632 S uwait 0xfffff80003b49480 e2guardian 100627 S uwait 0xfffff8000f225480 e2guardian 100625 S uwait 0xfffff80040765900 e2guardian 100624 S sbwait 0xfffff800069cd96c e2guardian 100623 S uwait 0xfffff80047f88b80 e2guardian 100621 S uwait 0xfffff80040758900 e2guardian 100619 S uwait 0xfffff8000f225c80 e2guardian 100616 S uwait 0xfffff80040781380 e2guardian 100610 S sbwait 0xfffff8002fd833fc e2guardian 100608 S uwait 0xfffff80047f87500 e2guardian 100607 S uwait 0xfffff80067106300 e2guardian 100605 S uwait 0xfffff80047b1f580 e2guardian 100604 S sbwait 0xfffff8001377f6b4 e2guardian 100603 S uwait 0xfffff80040782880 e2guardian 100602 S uwait 0xfffff8000f225880 e2guardian 100601 S uwait 0xfffff80040781100 e2guardian 100600 S uwait 0xfffff8000f1e1a00 e2guardian 100598 S uwait 0xfffff80047a63380 e2guardian 100597 S uwait 0xfffff8000f225280 e2guardian 100596 S uwait 0xfffff8000f1e2b00 e2guardian 100595 S uwait 0xfffff80047ad8780 e2guardian 100592 S uwait 0xfffff80047adda00 e2guardian 100591 S uwait 0xfffff8000f1e2e00 e2guardian 100590 S uwait 0xfffff80047d32500 e2guardian 100588 S uwait 0xfffff80040781080 e2guardian 100587 S uwait 0xfffff80047a63e00 e2guardian 100586 S uwait 0xfffff80047d32780 e2guardian 100585 S uwait 0xfffff80003b46000 e2guardian 100584 S uwait 0xfffff80047f86280 e2guardian 100583 S uwait 0xfffff80003b5d600 e2guardian 100581 S uwait 0xfffff8000f1e2500 e2guardian 100580 S uwait 0xfffff8000f2c1180 e2guardian 100579 S uwait 0xfffff80047d33280 e2guardian 100578 S uwait 0xfffff80047f87f00 e2guardian 100577 S uwait 0xfffff8000f227980 e2guardian 100575 S uwait 0xfffff80047f85480 e2guardian 100573 S uwait 0xfffff80047f86e00 e2guardian 100570 S sbwait 0xfffff800137d396c e2guardian 100568 S uwait 0xfffff80047f88180 e2guardian 100567 S uwait 0xfffff80003b07080 e2guardian 100566 S uwait 0xfffff8000f1e2300 e2guardian 100564 S sbwait 0xfffff8004041e96c e2guardian 100563 S uwait 0xfffff8000f2c0f00 e2guardian 100562 S uwait 0xfffff80040758880 e2guardian 100561 S sbwait 0xfffff80047cb5c24 e2guardian 100559 S uwait 0xfffff8000f2c1b80 e2guardian 100558 S uwait 0xfffff800136d3a00 e2guardian 100555 S uwait 0xfffff80040781b00 e2guardian 100554 S uwait 0xfffff80013808c00 e2guardian 100553 S uwait 0xfffff8000f2c1880 e2guardian 100552 S uwait 0xfffff80047f87a00 e2guardian 100551 S uwait 0xfffff80047f88d80 e2guardian 100550 S sbwait 0xfffff80047b9a6b4 e2guardian 100549 S sbwait 0xfffff80047ed66b4 e2guardian 100548 S uwait 0xfffff8000f225380 e2guardian 100545 S uwait 0xfffff80047c7a180 e2guardian 100544 S uwait 0xfffff800136d4680 e2guardian 100543 S uwait 0xfffff8000f226d00 e2guardian 100542 S uwait 0xfffff80047ad8c80 e2guardian 100541 S uwait 0xfffff80003b48800 e2guardian 100540 S uwait 0xfffff80003b47900 e2guardian 100539 S uwait 0xfffff80040767980 e2guardian 100538 S uwait 0xfffff800136d3380 e2guardian 100537 S uwait 0xfffff80047a63900 e2guardian 100536 S sbwait 0xfffff80047c5c3fc e2guardian 100535 S sbwait 0xfffff800069cec24 e2guardian 100534 S sbwait 0xfffff800069ce144 e2guardian 100533 S sbwait 0xfffff80047c07c24 e2guardian 100532 S uwait 0xfffff80047f86980 e2guardian 100531 S uwait 0xfffff8000f225680 e2guardian 100530 S sbwait 0xfffff8000f7ef3fc e2guardian 100529 S sbwait 0xfffff8006967b144 e2guardian 100528 S uwait 0xfffff8000f226000 e2guardian 100527 S uwait 0xfffff8000f1e2c00 e2guardian 100526 S uwait 0xfffff8004071ed00 e2guardian 100525 S uwait 0xfffff8004071ec00 e2guardian 100524 S uwait 0xfffff8000f1e1880 e2guardian 100523 S uwait 0xfffff8000f226800 e2guardian 100522 S uwait 0xfffff8000f225a80 e2guardian 100521 S uwait 0xfffff8000f227380 e2guardian 100520 S uwait 0xfffff80047a63680 e2guardian 100519 S uwait 0xfffff80047f88580 e2guardian 100518 S uwait 0xfffff80003b5ab80 e2guardian 100517 S uwait 0xfffff80047c7b400 e2guardian 100516 S uwait 0xfffff800136d4300 e2guardian 100515 S select 0xfffff80040782a40 e2guardian 100514 S uwait 0xfffff8000f226700 e2guardian 100513 S uwait 0xfffff800403bf100 e2guardian 100512 S select 0xfffff80047b1ebc0 e2guardian 100511 S uwait 0xfffff80040781a80 e2guardian 100510 S uwait 0xfffff8000f1e2800 e2guardian 100509 S uwait 0xfffff80013808700 e2guardian 100507 S sbwait 0xfffff80047ed73fc e2guardian 100506 S uwait 0xfffff80003b49200 e2guardian 100504 S sbwait 0xfffff80028b2a6b4 e2guardian 100503 S sbwait 0xfffff800451c0144 e2guardian 100502 S uwait 0xfffff80040758c00 e2guardian 100501 S uwait 0xfffff800406fee80 e2guardian 100499 S uwait 0xfffff80003894f00 e2guardian 100498 S uwait 0xfffff80047f87400 e2guardian 100496 S uwait 0xfffff8000f2c0680 e2guardian 100495 S uwait 0xfffff80047c7b280 e2guardian 100494 S sbwait 0xfffff8000f7ef144 e2guardian 100493 S sbwait 0xfffff80047cbb144 e2guardian 100492 S sbwait 0xfffff80045110c24 e2guardian 100490 S sbwait 0xfffff80047de96b4 e2guardian 100489 S uwait 0xfffff8000f227880 e2guardian 100488 S uwait 0xfffff800403bf880 e2guardian 100487 S uwait 0xfffff8000f227680 e2guardian 100486 S uwait 0xfffff80040782900 e2guardian 100485 S uwait 0xfffff8000f1e1280 e2guardian 100483 S uwait 0xfffff80047ad8400 e2guardian 100482 S uwait 0xfffff80047ad9580 e2guardian 100481 S uwait 0xfffff80040758700 e2guardian 100480 S select 0xfffff800407323c0 e2guardian 100479 S uwait 0xfffff8000f227a80 e2guardian 100478 S uwait 0xfffff80047c7a900 e2guardian 100477 S uwait 0xfffff8000f226c00 e2guardian 100476 S uwait 0xfffff80047f85e80 e2guardian 100475 S uwait 0xfffff800136d6500 e2guardian 100474 S sbwait 0xfffff800136303fc e2guardian 100473 S uwait 0xfffff80028b34500 e2guardian 100472 S sbwait 0xfffff8002fd836b4 e2guardian 100471 S uwait 0xfffff8000f226900 e2guardian 100470 S sbwait 0xfffff8000f19a96c e2guardian 100468 S sbwait 0xfffff8000f6bc6b4 e2guardian 100467 S uwait 0xfffff8000f2c1580 e2guardian 100466 S uwait 0xfffff8000f225780 e2guardian 100465 S sbwait 0xfffff80047ca43fc e2guardian 100464 S uwait 0xfffff8000f1e1780 e2guardian 100463 S uwait 0xfffff80047f88080 e2guardian 100462 S uwait 0xfffff80040783400 e2guardian 100461 S uwait 0xfffff800136d5180 e2guardian 100460 S select 0xfffff80047b1ef40 e2guardian 100459 S uwait 0xfffff80040758780 e2guardian 100458 S sbwait 0xfffff800069d96b4 e2guardian 100457 S uwait 0xfffff80013808e80 e2guardian 100456 S select 0xfffff80040783ec0 e2guardian 100455 S uwait 0xfffff80040758a80 e2guardian 100454 S uwait 0xfffff800136d6d00 e2guardian 100452 S uwait 0xfffff8000f227d80 e2guardian 100451 S select 0xfffff80047b1e0c0 e2guardian 100450 S uwait 0xfffff80047f86000 e2guardian 100449 S uwait 0xfffff8004071e100 e2guardian 100448 S select 0xfffff80003b480c0 e2guardian 100447 S select 0xfffff80047c7aac0 e2guardian 100445 S uwait 0xfffff80047ad8880 e2guardian 100443 S uwait 0xfffff8000f225980 e2guardian 100441 S uwait 0xfffff80047f85c80 e2guardian 100439 S uwait 0xfffff800136d5480 e2guardian 100437 S uwait 0xfffff8000f227c80 e2guardian 100436 S uwait 0xfffff8000f226200 e2guardian 100423 S uwait 0xfffff80047a63a80 e2guardian 100398 S uwait 0xfffff8000f2c0900 e2guardian 100397 S uwait 0xfffff8000f2c0a00 e2guardian 100396 S uwait 0xfffff80047f85600 e2guardian 100388 S uwait 0xfffff8000f226b00 e2guardian 100384 S uwait 0xfffff8000f1e2900 e2guardian 100382 S select 0xfffff800408423c0 e2guardian 100372 S uwait 0xfffff8000f1e0f00 e2guardian 100370 S select 0xfffff80003b465c0 e2guardian 100360 S uwait 0xfffff8000f2c0b00 e2guardian 100358 S uwait 0xfffff8000f226100 e2guardian 100341 S uwait 0xfffff80040841200 e2guardian 100333 S uwait 0xfffff80047ad8b80 e2guardian 100292 S uwait 0xfffff80003b48e00 e2guardian 100268 S uwait 0xfffff80047f87600 e2guardian 100231 S uwait 0xfffff80040781d80 e2guardian 100224 S uwait 0xfffff8000f1e1980 e2guardian 100223 S select 0xfffff80003b47140 e2guardian 100222 S uwait 0xfffff80047ad9780 e2guardian 100216 S uwait 0xfffff8000f1e2400 e2guardian 100144 S uwait 0xfffff8000f227180 e2guardian 100091 S uwait 0xfffff80003b47300 e2guardian 100431 S sigwait 0xfffff80047dc1000 e2guardian 91851 90812 90450 100 S sbwait 0xfffff80045151c24 ssl_crtd 91831 90812 90450 100 S sbwait 0xfffff80047c06144 ssl_crtd 91507 90812 90450 100 S sbwait 0xfffff80003e2896c ssl_crtd 91499 90812 90450 100 S sbwait 0xfffff8001e7ca3fc ssl_crtd 91305 90812 90450 100 S sbwait 0xfffff80047c92c24 ssl_crtd 90812 90450 90450 100 S kqread 0xfffff800403f6a00 squid 90450 1 90450 100 Ss wait 0xfffff8000f61b4f0 squid 67735 66720 66720 0 S kqread 0xfffff8000f90d700 nginx 67573 66720 66720 0 S kqread 0xfffff8000f223200 nginx 67468 66720 66720 0 S kqread 0xfffff80003af7700 nginx 67132 66720 66720 0 S kqread 0xfffff80047b65b00 nginx 66720 1 66720 0 Ss pause 0xfffff8000f139598 nginx 60661 1 285 0 S wait 0xfffff800404e14f0 sh 60441 83727 83373 100 S select 0xfffff8006960fd40 pinger 8208 83727 83373 100 S select 0xfffff80047b1edc0 pinger 13480 83727 83373 100 S select 0xfffff800129286c0 pinger 56974 83727 83373 100 S select 0xfffff8000f371c40 pinger 98654 83727 83373 100 S select 0xfffff80003b5adc0 pinger 51075 83727 83373 100 S select 0xfffff80047c7b540 pinger 27257 27143 27257 0 S+ ttyin 0xfffff8000388f0a8 sh 27143 26915 27143 0 S+ wait 0xfffff80047fe54f0 sh 27124 64627 27124 0 Ss (threaded) sshlockout_pf 100226 S nanslp 0xffffffff82001570 sshlockout_pf 100131 S piperd 0xfffff8001379e2e8 sshlockout_pf 26915 1 26915 0 Ss+ wait 0xfffff80003b424f0 login 10076 9674 9674 0 S nanslp 0xffffffff82001571 minicron 9674 1 9674 0 Ss wait 0xfffff8000f0b44f0 minicron 9552 9170 9170 0 S nanslp 0xffffffff82001570 minicron 9170 1 9170 0 Ss wait 0xfffff8000f0b5000 minicron 9059 8697 8697 0 S nanslp 0xffffffff82001570 minicron 8697 1 8697 0 Ss wait 0xfffff800478164f0 minicron 87458 83727 83373 100 S select 0xfffff80047c7bcc0 pinger 87371 83727 83373 100 S piperd 0xfffff80003c158b8 unlinkd 83727 83373 83373 100 S kqread 0xfffff80047c0f000 squid 83373 1 83373 100 Ss wait 0xfffff80013759000 squid 82594 1 82594 0 Ss (threaded) filterdns 100209 S uwait 0xfffff800406fee00 signal-thread 100208 S uwait 0xfffff80003b46c00 149.154.167.91 100207 S uwait 0xfffff800136d4d80 telegram.org 100206 S uwait 0xfffff800136d5880 filterdns 100205 S uwait 0xfffff80040759100 filterdns 100204 S uwait 0xfffff80040841d80 filterdns 100203 S uwait 0xfffff80003b49d80 filterdns 100202 S uwait 0xfffff80003b49c80 filterdns 100201 S uwait 0xfffff800406fe880 adnxs.com 100200 S uwait 0xfffff80003b49800 adnexus.net 100199 S uwait 0xfffff80040840980 a.ads2.msn.com 100198 S uwait 0xfffff80040840a80 a.ads1.msn.com 100197 S uwait 0xfffff80040759780 ads1.msn.com 100196 S uwait 0xfffff80040759600 ads1.msads.net 100195 S uwait 0xfffff80040759400 ads.msn.com 100194 S uwait 0xfffff80040759800 ad.doubleclick.net 100193 S uwait 0xfffff80040759680 preview.msn.com 100192 S uwait 0xfffff80040759300 rad.msn.com 100191 S uwait 0xfffff80040759180 filterdns 100190 S uwait 0xfffff80040759280 filterdns 100189 S uwait 0xfffff8004071eb00 filterdns 100188 S uwait 0xfffff80003d02f00 filterdns 100187 S uwait 0xfffff800136d5580 filterdns 100186 S uwait 0xfffff800136d5980 filterdns 100185 S uwait 0xfffff800136d5380 filterdns 100184 S uwait 0xfffff800136d6680 filterdns 100183 S uwait 0xfffff80040780580 filterdns 100182 S uwait 0xfffff80040780500 filterdns 100181 S uwait 0xfffff80040843c80 filterdns 100180 S uwait 0xfffff8004075bd80 filterdns 100179 S uwait 0xfffff80040758d00 a-0001.a-msedge.net 100178 S uwait 0xfffff80013807380 cs1.wpc.v0cdn.net 100177 S uwait 0xfffff800136d4f00 filterdns 100176 S uwait 0xfffff80040841700 filterdns 100175 S uwait 0xfffff80040841880 filterdns 100174 S uwait 0xfffff80040841b00 filterdns 100173 S uwait 0xfffff80003b07400 watson.live.com 100172 S uwait 0xfffff800136d4e00 filterdns 100171 S uwait 0xfffff800136d3600 filterdns 100170 S uwait 0xfffff80003b48a00 filterdns 100169 S uwait 0xfffff8004071f100 filterdns 100168 S uwait 0xfffff8004071f200 filterdns 100167 S uwait 0xfffff80003b5d800 filterdns 100166 S uwait 0xfffff80003b5d700 filterdns 100165 S uwait 0xfffff80040758680 filterdns 100164 S uwait 0xfffff800136d6780 filterdns 100163 S uwait 0xfffff800136d6f00 filterdns 100162 S uwait 0xfffff80040759000 filterdns 100161 S uwait 0xfffff80040759480 filterdns 100160 S uwait 0xfffff80040758f00 filterdns 100159 S uwait 0xfffff80040783e00 filterdns 100158 S uwait 0xfffff80003b5da80 filterdns 100157 S uwait 0xfffff800136d6880 filterdns 100156 S uwait 0xfffff800136d6b80 filterdns 100155 S uwait 0xfffff80013808200 filterdns 100154 S uwait 0xfffff80013808100 filterdns 100153 S uwait 0xfffff80013808000 filterdns 100152 S uwait 0xfffff80013807e80 filterdns 100151 S uwait 0xfffff80013807d80 filterdns 100150 S uwait 0xfffff80013807c80 filterdns 100149 S uwait 0xfffff80013807b80 filterdns 100148 S uwait 0xfffff80013807a80 filterdns 64627 1 64627 0 Ss select 0xfffff800406feb40 syslogd 41737 1 21 0 S+ wait 0xfffff8001375a000 sh 33875 1 33875 1002 Ss select 0xfffff80003b0acc0 dhcpd 28840 1 28840 0 Ss (threaded) ntpd 100127 S select 0xfffff800136d4ac0 ntpd 28113 1 28113 0 Ss nanslp 0xffffffff82001571 cron 27776 27391 27391 0 S kqread 0xfffff80040741a00 nginx 27609 27391 27391 0 S kqread 0xfffff800400eed00 nginx 27391 1 27391 0 Ss pause 0xfffff80003c7b598 nginx 22372 1 22372 0 Ss kqread 0xfffff80003ca6c00 dhcpleases 21375 1 21375 59 Ss (threaded) unbound 100589 S kqread 0xfffff80040451100 unbound 100110 S kqread 0xfffff80015908400 unbound 19354 1 19354 0 Ss (threaded) dpinger 100119 S accept 0xfffff80003e5c5d6 dpinger 100118 S nanslp 0xffffffff82001570 dpinger 100117 S nanslp 0xffffffff82001570 dpinger 100116 S sbwait 0xfffff80003e5c3fc dpinger 100115 S uwait 0xfffff8004071f400 dpinger 15876 1 15876 0 Ss bpf 0xfffff80003b7c000 filterlog 12879 1 12879 65 Ss select 0xfffff80003b5b440 dhclient 7966 1 7966 0 Ss select 0xfffff80003c352c0 dhclient 7023 1 7023 0 Ss (threaded) sshlockout_pf 100106 S nanslp 0xffffffff82001571 sshlockout_pf 100095 S uwait 0xfffff80003b47800 sshlockout_pf 6949 1 6949 0 Ss select 0xfffff80003b5c9c0 sshd 336 1 336 0 Ss select 0xfffff80003b47dc0 devd 325 323 323 0 S kqread 0xfffff80003c7da00 check_reload_status 323 1 323 0 Ss kqread 0xfffff80003c7d900 check_reload_status 285 1 285 0 Ss kqread 0xfffff80003bae600 php-fpm 55 0 0 0 DL mdwait 0xfffff80003b1c800 [md0] 20 0 0 0 DL syncer 0xffffffff82052508 [syncer] 19 0 0 0 DL vlruwt 0xfffff80003b439e0 [vnlru] 18 0 0 0 DL (threaded) [bufdaemon] 100084 D sdflush 0xfffff80003b7d8e8 [/ worker] 100075 D psleep 0xffffffff82051704 [bufdaemon] 17 0 0 0 DL pgzero 0xffffffff8206283c [pagezero] 9 0 0 0 DL pollid 0xffffffff81fffe90 [idlepoll] 8 0 0 0 DL psleep 0xffffffff82061bc0 [vmdaemon] 7 0 0 0 DL (threaded) [pagedaemon] 100079 D umarcl 0xffffffff82061540 [uma] 100071 D psleep 0xffffffff82112c04 [pagedaemon] 6 0 0 0 DL waiting_ 0xffffffff821036c0 [sctp_iterator] 5 0 0 0 DL pftm 0xffffffff80d5db10 [pf purge] 16 0 0 0 DL (threaded) [usb] 100061 D - 0xfffffe00009e4e70 [usbus4] 100060 D - 0xfffffe00009e4e18 [usbus4] 100059 D - 0xfffffe00009e4dc0 [usbus4] 100058 D - 0xfffffe00009e4d68 [usbus4] 100057 D - 0xfffffe00009e4d10 [usbus4] 100056 D - 0xfffffe00009d4f48 [usbus3] 100055 D - 0xfffffe00009d4ef0 [usbus3] 100054 D - 0xfffffe00009d4e98 [usbus3] 100053 D - 0xfffffe00009d4e40 [usbus3] 100052 D - 0xfffffe00009d4de8 [usbus3] 100050 D - 0xfffffe00009c4f48 [usbus2] 100049 D - 0xfffffe00009c4ef0 [usbus2] 100048 D - 0xfffffe00009c4e98 [usbus2] 100047 D - 0xfffffe00009c4e40 [usbus2] 100046 D - 0xfffffe00009c4de8 [usbus2] 100044 D - 0xfffffe00009b4f48 [usbus1] 100043 D - 0xfffffe00009b4ef0 [usbus1] 100042 D - 0xfffffe00009b4e98 [usbus1] 100041 D - 0xfffffe00009b4e40 [usbus1] 100040 D - 0xfffffe00009b4de8 [usbus1] 100038 D - 0xfffffe000099cf48 [usbus0] 100037 D - 0xfffffe000099cef0 [usbus0] 100036 D - 0xfffffe000099ce98 [usbus0] 100035 D - 0xfffffe000099ce40 [usbus0] 100034 D - 0xfffffe000099cde8 [usbus0] 4 0 0 0 DL (threaded) [cam] 100070 D - 0xffffffff81f360c8 [scanner] 100019 D - 0xffffffff81f36280 [doneq0] 15 0 0 0 DL - 0xffffffff81f579c0 [rand_harvestq] 3 0 0 0 DL crypto_r 0xffffffff82060098 [crypto returns] 2 0 0 0 DL crypto_w 0xffffffff8205ff40 [crypto] 14 0 0 0 DL (threaded) [geom] 100013 D - 0xffffffff820f7de8 [g_down] 100012 D - 0xffffffff820f7de0 [g_up] 100011 D - 0xffffffff820f7dd8 [g_event] 13 0 0 0 DL (threaded) [ng_queue] 100010 D sleep 0xffffffff81ef46f8 [ng_queue1] 100009 D sleep 0xffffffff81ef46f8 [ng_queue0] 12 0 0 0 RL (threaded) [intr] 100078 I [swi1: netisr 1] 100068 I [swi1: pfsync] 100066 I [swi1: pf send] 100063 I [irq1: atkbd0] 100062 I [irq14: ata0] 100051 I [irq16: uhci3] 100045 I [irq18: uhci2] 100039 I [irq19: uhci1+] 100033 I [irq23: uhci0 ehci0] 100032 I [irq258: re0] 100027 I [swi5: fast taskq] 100025 I [swi6: Giant taskq] 100023 I [swi6: task queue] 100008 I [swi4: clock] 100007 Run CPU 1 [swi4: clock] 100006 I [swi1: netisr 0] 100005 I [swi3: vm] 11 0 0 0 RL (threaded) [idle] 100004 CanRun [idle: cpu1] 100003 Run CPU 0 [idle: cpu0]
-
Are you sure Marcello?
Everything was going good for an hour or two, then I had my entire pfSense box crash on me. I am literally out of answers and don't see how I can get this to work properly again…
Not sure about system crashes(I got none until now). The issue I had until this latest version(4.1.2-dev) was crashes every 30sec on highload ssl traffic without squid parent in splice_all mode.
EDIT: if fixes some crashes but still need parent splice_all protecting it. :(
-
Are you sure Marcello?
Everything was going good for an hour or two, then I had my entire pfSense box crash on me. I am literally out of answers and don't see how I can get this to work properly again…
Not sure about system crashes(I got none until now). The issue I had until this latest version(4.1.2-dev) was crashes every 30sec on highload ssl traffic without squid parent in splice_all mode.
EDIT: if fixes some crashes but still need parent splice_all protecting it. :(
Just so we're clear here's screenshots, I've already got Squid on Splice all mode. Also by crash, I don't know what else to say, pfSense completely stopped responding, no DHCP, DNS, SSH nothing. AT ALL. Had to reboot to get it all back up.
-
You screnshot show that you did not enabled ssl filtering, you just selected splice all.
BTW, I'm using the automatic parent that has it enabled by default.
to check, do a
ps ax | grep -i squid
This is automatic parent with splice_all enabled
82592 - Is 0:00.00 /usr/local/sbin/e2guid -f /usr/local/etc/e2guardian/squidparent.conf (squid)
82741 - S 0:46.80 (squid-1) -f /usr/local/etc/e2guardian/squidparent.conf (squid)
85223 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85459 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85645 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85896 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
86189 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)This is squid package daemon with splice_all enabled
18762 - Is 0:00.00 /usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf
19478 - S 1:43.80 (squid-1) -f /usr/local/etc/squid/squid.conf (squid)
27590 - I 0:00.03 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
27685 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28048 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28112 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28747 - I 0:00.02 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd) -
You screnshot show that you did not enabled ssl filtering, you just selected splice all.
BTW, I'm using the automatic parent that has it enabled by default.
to check, do a
ps ax | grep -i squid
This is automatic parent with splice_all enabled
82592 - Is 0:00.00 /usr/local/sbin/e2guid -f /usr/local/etc/e2guardian/squidparent.conf (squid)
82741 - S 0:46.80 (squid-1) -f /usr/local/etc/e2guardian/squidparent.conf (squid)
85223 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85459 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85645 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85896 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
86189 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)This is squid package daemon with splice_all enabled
18762 - Is 0:00.00 /usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf
19478 - S 1:43.80 (squid-1) -f /usr/local/etc/squid/squid.conf (squid)
27590 - I 0:00.03 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
27685 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28048 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28112 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28747 - I 0:00.02 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)It doesn't need enabling, the checkbox is for transparent HTTPS isn't it? I don't want squid to hijack all the connections, because it needs to go through E2Guardian first. Also I don't run it in automatic mode because I realised at some point that squid wasn't caching in that mode. It only properly cached in manual mode.
You must be somehow using squid to intercept https instead of e2 guardian, that's why you aren't getting a lot of these crashes.
Here's the output I got:
7054 - Is 0:00.00 /usr/local/sbin/squid -f /usr/local/etc/squid/squid.co 7504 - S 0:20.91 (squid-1) -f /usr/local/etc/squid/squid.conf (squid) 23007 - S 0:00.14 (squid-1) -f /usr/local/etc/e2guardian/squidparent.con 23461 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 23769 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 23863 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 24152 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 24438 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 52915 0 S+ 0:00.00 grep -i squid
EDIT: When setting it to automatic mode, I get no squid cache. No hits on the squid realtime tab, maybe this is our difference in setup?
-
The latest e2guardian code updates fixed most crashed with ssl connections. I've pushed it to Unofficial repo right now.
If you want to update bsd package under console exec on console:
pkg install -f e2guardian
This will update binaries to 4.1.1_12 version. check with
pkg info | grep -i e2g
After that, save and apply config on GUI.
Completely missed this message so I tried updatiing the binaries and it did in fact update. However I'm back to the age old problem of not even being able to start E2Guardian now (no surprises there)…
Jun 29 21:48:08 e2guardian 72211 Error reading filter group conf file(s). Jun 29 21:48:08 e2guardian 72211 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:08 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:08 php-fpm 64719 /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Starting e2guardian. basic_string Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error in reading filter group files Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian' Jun 29 21:48:08 php-fpm 64719 /pkg_edit.php: Starting E2guardian Jun 29 21:48:08 e2guardian 74856 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:08 e2guardian 74856 Error reading filter group conf file(s). Jun 29 21:48:08 e2guardian 74856 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:08 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:08 php-fpm 64719 /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Starting e2guardian. basic_string Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error in reading filter group files Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian' Jun 29 21:48:10 e2guardian 77879 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:10 e2guardian 77879 Error reading filter group conf file(s). Jun 29 21:48:10 e2guardian 77879 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:10 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:20 e2guardian 7246 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:20 e2guardian 7246 Error reading filter group conf file(s). Jun 29 21:48:20 e2guardian 7246 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:20 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:30 e2guardian 10205 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:30 e2guardian 10205 Error reading filter group conf file(s). Jun 29 21:48:30 e2guardian 10205 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:30 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:40 e2guardian 15165 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:40 e2guardian 15165 Error reading filter group conf file(s). Jun 29 21:48:40 e2guardian 15165 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:40 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:50 e2guardian 18289 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:50 e2guardian 18289 Error reading filter group conf file(s). Jun 29 21:48:50 e2guardian 18289 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:50 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:00 e2guardian 21975 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:00 e2guardian 21975 Error reading filter group conf file(s). Jun 29 21:49:00 e2guardian 21975 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:00 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:10 e2guardian 25580 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:10 e2guardian 25580 Error reading filter group conf file(s). Jun 29 21:49:10 e2guardian 25580 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:10 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:20 e2guardian 49914 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:20 e2guardian 49914 Error reading filter group conf file(s). Jun 29 21:49:20 e2guardian 49914 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:20 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:30 e2guardian 52328 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:30 e2guardian 52328 Error reading filter group conf file(s). Jun 29 21:49:30 e2guardian 52328 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:30 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:40 e2guardian 58315 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:40 e2guardian 58315 Error reading filter group conf file(s). Jun 29 21:49:40 e2guardian 58315 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:40 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
I've tried the usual re applying black list, reinstall, uninstall then install. No joy yet.
-
It doesn't need enabling, the checkbox is for transparent HTTPS isn't it? I don't want squid to hijack all the connections, because it needs to go through E2Guardian first. Also I don't run it in automatic mode because I realised at some point that squid wasn't caching in that mode. It only properly cached in manual mode.
That's exactly what you want. Take a look on splice_all description
The SSL/MITM mode determines how SSL interception is treated when 'SSL Man In the Middle Filtering' is enabled.
The way you can filter(without MITM) and no configuration on clients is in sandwich mode:
-
Configure squid transparente proxy for HTTP and HTTPS with splice_all selected
-
Configure e2guardian as parent with code below on custom_options_before_auth field
cache_peer 127.0.0.1 parent 8080 0 login=*:password always_direct deny all never_direct allow all
- E2guradian listening on loopback and configured with automatic parent mode + watchdog
EDIT: When setting it to automatic mode, I get no squid cache. No hits on the squid realtime tab, maybe this is our difference in setup?
It will not interact with squid package. Automatic parent mode uses specific squid config, dir and no access.log file.
-
-
This ones my bad, I had -HOST- on my block page which was supposedly fixed… But I guess not, after removing it and pressing apply. E2 Guardian started up with no problems, lets see how it goes now.
Didn't you submit a fix for -HOST- Marcello?
Also I use both normal filtering and MITM depending on the group, guest devices are all using non-mitm filtering using splice all I guess. It only blocks HTTPS URL's, cant scan the content.
-
Didn't you submit a fix for -HOST- Marcello?
yes, submited,applied and tested on 4.1.1_11. When ip address has no dns name, it show DNSERROR on HTML page.
EDIT: I'll test it on 4.1.1_12 too.
-
Didn't you submit a fix for -HOST- Marcello?
yes, submited,applied and using here. When ip address has no dns name, it show DNSERROR on HTML page.
The only thing it shows me is a crashed E2Guardian :P
Permissions are all correct now and I can see certs in the folder but I get this still:
And the blocked site issue isn't fixed, it doesn't show the category of the blocked site when blocked via blacklist :
-
I've tried the usual re applying black list, reinstall, uninstall then install. No joy yet.
Here is the output of one of my testing vms with no hacks or code changes(using 0.4.2.5).
[2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root: pkg install -f e2guardian Updating Unofficial repository catalogue... Unofficial repository is up to date. Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: e2guardian: 4.1.1_11 -> 4.1.1_12 [Unofficial] Number of packages to be upgraded: 1 587 KiB to be downloaded. Proceed with this action? [y/N]: Y [1/1] Fetching e2guardian-4.1.1_12.txz: 100% 587 KiB 601.5kB/s 00:01 Checking integrity... done (0 conflicting) [1/1] Upgrading e2guardian from 4.1.1_11 to 4.1.1_12... Extracting e2guardian-4.1.1_12: 100% You may need to manually remove /usr/local/etc/e2guardian/e2guardian.conf if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/e2guardianf1.conf if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/authplugins/ipgroups if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirusextensionlist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirusmimetypelist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirussitelist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirusurllist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/exceptioniplist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/filtergroupslist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/bannedsitelistwithbypass if it is no longer needed. Message from e2guardian-4.1.1_12: ===> Please Note: ******************************************************************************* This port has created a log file named e2guardian.log that can get quite large. Please read the newsyslog(8) man page for instructions on configuring log rotation and compression. This port has been converted using old dansguardian-devel port Let me know how it works (or not). (Patches always welcome.) ******************************************************************************* [2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root:
Then, gone to GUI and saved config under blacklist tab and hit save
Back to console and tried to start and restart e2g
[2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root: /usr/local/etc/rc.d/e2guardian.sh start kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 e2guardian already running? (pid=84327). [2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root: /usr/local/etc/rc.d/e2guardian.sh restart kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Stopping e2guardian. Waiting for PIDS: 84327. Starting e2guardian.
-
I've tried the usual re applying black list, reinstall, uninstall then install. No joy yet.
Here is the output of one of my testing vms with no hacks or code changes(using 0.4.2.5).
[2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root: pkg install -f e2guardian Updating Unofficial repository catalogue... Unofficial repository is up to date. Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: e2guardian: 4.1.1_11 -> 4.1.1_12 [Unofficial] Number of packages to be upgraded: 1 587 KiB to be downloaded. Proceed with this action? [y/N]: Y [1/1] Fetching e2guardian-4.1.1_12.txz: 100% 587 KiB 601.5kB/s 00:01 Checking integrity... done (0 conflicting) [1/1] Upgrading e2guardian from 4.1.1_11 to 4.1.1_12... Extracting e2guardian-4.1.1_12: 100% You may need to manually remove /usr/local/etc/e2guardian/e2guardian.conf if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/e2guardianf1.conf if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/authplugins/ipgroups if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirusextensionlist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirusmimetypelist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirussitelist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirusurllist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/exceptioniplist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/filtergroupslist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/bannedsitelistwithbypass if it is no longer needed. Message from e2guardian-4.1.1_12: ===> Please Note: ******************************************************************************* This port has created a log file named e2guardian.log that can get quite large. Please read the newsyslog(8) man page for instructions on configuring log rotation and compression. This port has been converted using old dansguardian-devel port Let me know how it works (or not). (Patches always welcome.) ******************************************************************************* [2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root:
Then, gone to GUI and saved config under blacklist tab and hit save
Back to console and tried to start and restart e2g
[2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root: /usr/local/etc/rc.d/e2guardian.sh start kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 e2guardian already running? (pid=84327). [2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root: /usr/local/etc/rc.d/e2guardian.sh restart kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Stopping e2guardian. Waiting for PIDS: 84327. Starting e2guardian.
HMMm….. Tried again it seems to work now, look:
It's like 4.x has a mind of its own. However, it still doesn't show the categories of the sites that are blocked by the blacklist.
-
@Mr.:
Thank you, pfsensation :)
Of course, by now I have no clue which directories ;D
Would you know?
Thank you.
I see you are online, pfsensation: would you know which directories?
Thank you :D
-
@Mr.:
would you know which directories?
run on console/ssh:
/usr/local/bin/php /usr/local/www/e2guardian.php fetch_blacklist
-
@Mr.:
would you know which directories?
run on console/ssh:
/usr/local/bin/php /usr/local/www/e2guardian.php fetch_blacklist
Thank you Marcello.
It downloads fine. I then do the same save/reapply/save/apply, and we get the same errors.
It perhaps indeed is what pfsensation said, a permission/directories problem. Which directories?
-
Post the results of
ls -l /usr/local/etc/dansguandian/lists/blacklists
-
Post the results of
ls -l /usr/local/etc/dansguandian/lists/blacklists
Thank you Marcello.
I changed it into dansguaRdian, but it comes back with:
ls: /usr/local/etc/dansguardian/lists/blacklist: No such file or directory
-
Sorry for the typo
It's```
ls -l /usr/local/etc/e2guardian/lists/blacklists
-
@Mr.:
@Mr.:
would you know which directories?
run on console/ssh:
/usr/local/bin/php /usr/local/www/e2guardian.php fetch_blacklist
Thank you Marcello.
It downloads fine. I then do the same save/reapply/save/apply, and we get the same errors.
It perhaps indeed is what pfsensation said, a permission/directories problem. Which directories?
My E2Guardian is now fully working fine, without crashes. However -HOST- shows DNS error and setting "log client hostnames" under general tab causes the daemon to crash. So make sure you check chose things first
These are the steps I took to properly fix the crashes, probably all of them together made it work:
- First uninstalled and reinstalled E2Guardian
- Downloaded the blacklist and applied it under the blacklists tab
- Opened up FileZilla (FTP Client) navigated over to : /usr/local/etc/e2guardian Then set permissions to 644, recursively into all directories within it too. You can do this via SSH also, but I prefer using an actual FTP client, that way I can see all the files and directories in a GUI.
After that, I gave the entire pfSense box a restart, and it seems to be working. I've had it running for a day with MITM.
Try the following out, and see if it works for you.
@Marcelloc, can you write an update on GitHub regarding the blacklist category issue? I'm not fully aware of what you tried to fix it, but it doesn't seem to be fixed until now, even for you (can see from screenshots) : https://github.com/e2guardian/e2guardian/issues/244
Thanks