Unofficial E2guardian package for pfSense
-
You screnshot show that you did not enabled ssl filtering, you just selected splice all.
BTW, I'm using the automatic parent that has it enabled by default.
to check, do a
ps ax | grep -i squid
This is automatic parent with splice_all enabled
82592 - Is 0:00.00 /usr/local/sbin/e2guid -f /usr/local/etc/e2guardian/squidparent.conf (squid)
82741 - S 0:46.80 (squid-1) -f /usr/local/etc/e2guardian/squidparent.conf (squid)
85223 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85459 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85645 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
85896 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)
86189 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (ssl_crtd)This is squid package daemon with splice_all enabled
18762 - Is 0:00.00 /usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf
19478 - S 1:43.80 (squid-1) -f /usr/local/etc/squid/squid.conf (squid)
27590 - I 0:00.03 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
27685 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28048 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28112 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)
28747 - I 0:00.02 (ssl_crtd) -s /var/squid/lib/ssl_db -M 4MB -b 2048 (ssl_crtd)It doesn't need enabling, the checkbox is for transparent HTTPS isn't it? I don't want squid to hijack all the connections, because it needs to go through E2Guardian first. Also I don't run it in automatic mode because I realised at some point that squid wasn't caching in that mode. It only properly cached in manual mode.
You must be somehow using squid to intercept https instead of e2 guardian, that's why you aren't getting a lot of these crashes.
Here's the output I got:
7054 - Is 0:00.00 /usr/local/sbin/squid -f /usr/local/etc/squid/squid.co 7504 - S 0:20.91 (squid-1) -f /usr/local/etc/squid/squid.conf (squid) 23007 - S 0:00.14 (squid-1) -f /usr/local/etc/e2guardian/squidparent.con 23461 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 23769 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 23863 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 24152 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 24438 - I 0:00.01 (ssl_crtd) -s /var/squid/lib/ssl_db2 -M 4MB -b 2048 (s 52915 0 S+ 0:00.00 grep -i squid
EDIT: When setting it to automatic mode, I get no squid cache. No hits on the squid realtime tab, maybe this is our difference in setup?
-
The latest e2guardian code updates fixed most crashed with ssl connections. I've pushed it to Unofficial repo right now.
If you want to update bsd package under console exec on console:
pkg install -f e2guardian
This will update binaries to 4.1.1_12 version. check with
pkg info | grep -i e2g
After that, save and apply config on GUI.
Completely missed this message so I tried updatiing the binaries and it did in fact update. However I'm back to the age old problem of not even being able to start E2Guardian now (no surprises there)…
Jun 29 21:48:08 e2guardian 72211 Error reading filter group conf file(s). Jun 29 21:48:08 e2guardian 72211 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:08 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:08 php-fpm 64719 /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Starting e2guardian. basic_string Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error in reading filter group files Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian' Jun 29 21:48:08 php-fpm 64719 /pkg_edit.php: Starting E2guardian Jun 29 21:48:08 e2guardian 74856 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:08 e2guardian 74856 Error reading filter group conf file(s). Jun 29 21:48:08 e2guardian 74856 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:08 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:08 php-fpm 64719 /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Starting e2guardian. basic_string Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error in reading filter group files Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian' Jun 29 21:48:10 e2guardian 77879 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:10 e2guardian 77879 Error reading filter group conf file(s). Jun 29 21:48:10 e2guardian 77879 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:10 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:20 e2guardian 7246 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:20 e2guardian 7246 Error reading filter group conf file(s). Jun 29 21:48:20 e2guardian 7246 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:20 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:30 e2guardian 10205 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:30 e2guardian 10205 Error reading filter group conf file(s). Jun 29 21:48:30 e2guardian 10205 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:30 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:40 e2guardian 15165 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:40 e2guardian 15165 Error reading filter group conf file(s). Jun 29 21:48:40 e2guardian 15165 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:40 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:48:50 e2guardian 18289 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:48:50 e2guardian 18289 Error reading filter group conf file(s). Jun 29 21:48:50 e2guardian 18289 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:48:50 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:00 e2guardian 21975 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:00 e2guardian 21975 Error reading filter group conf file(s). Jun 29 21:49:00 e2guardian 21975 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:00 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:10 e2guardian 25580 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:10 e2guardian 25580 Error reading filter group conf file(s). Jun 29 21:49:10 e2guardian 25580 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:10 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:20 e2guardian 49914 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:20 e2guardian 49914 Error reading filter group conf file(s). Jun 29 21:49:20 e2guardian 49914 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:20 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:30 e2guardian 52328 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:30 e2guardian 52328 Error reading filter group conf file(s). Jun 29 21:49:30 e2guardian 52328 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:30 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian Jun 29 21:49:40 e2guardian 58315 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Jun 29 21:49:40 e2guardian 58315 Error reading filter group conf file(s). Jun 29 21:49:40 e2guardian 58315 Error parsing the e2guardian.conf file or other e2guardian configuration files Jun 29 21:49:40 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
I've tried the usual re applying black list, reinstall, uninstall then install. No joy yet.
-
It doesn't need enabling, the checkbox is for transparent HTTPS isn't it? I don't want squid to hijack all the connections, because it needs to go through E2Guardian first. Also I don't run it in automatic mode because I realised at some point that squid wasn't caching in that mode. It only properly cached in manual mode.
That's exactly what you want. Take a look on splice_all description
The SSL/MITM mode determines how SSL interception is treated when 'SSL Man In the Middle Filtering' is enabled.
The way you can filter(without MITM) and no configuration on clients is in sandwich mode:
-
Configure squid transparente proxy for HTTP and HTTPS with splice_all selected
-
Configure e2guardian as parent with code below on custom_options_before_auth field
cache_peer 127.0.0.1 parent 8080 0 login=*:password always_direct deny all never_direct allow all
- E2guradian listening on loopback and configured with automatic parent mode + watchdog
EDIT: When setting it to automatic mode, I get no squid cache. No hits on the squid realtime tab, maybe this is our difference in setup?
It will not interact with squid package. Automatic parent mode uses specific squid config, dir and no access.log file.
-
-
This ones my bad, I had -HOST- on my block page which was supposedly fixed… But I guess not, after removing it and pressing apply. E2 Guardian started up with no problems, lets see how it goes now.
Didn't you submit a fix for -HOST- Marcello?
Also I use both normal filtering and MITM depending on the group, guest devices are all using non-mitm filtering using splice all I guess. It only blocks HTTPS URL's, cant scan the content.
-
Didn't you submit a fix for -HOST- Marcello?
yes, submited,applied and tested on 4.1.1_11. When ip address has no dns name, it show DNSERROR on HTML page.
EDIT: I'll test it on 4.1.1_12 too.
-
Didn't you submit a fix for -HOST- Marcello?
yes, submited,applied and using here. When ip address has no dns name, it show DNSERROR on HTML page.
The only thing it shows me is a crashed E2Guardian :P
Permissions are all correct now and I can see certs in the folder but I get this still:
And the blocked site issue isn't fixed, it doesn't show the category of the blocked site when blocked via blacklist :
-
I've tried the usual re applying black list, reinstall, uninstall then install. No joy yet.
Here is the output of one of my testing vms with no hacks or code changes(using 0.4.2.5).
[2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root: pkg install -f e2guardian Updating Unofficial repository catalogue... Unofficial repository is up to date. Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: e2guardian: 4.1.1_11 -> 4.1.1_12 [Unofficial] Number of packages to be upgraded: 1 587 KiB to be downloaded. Proceed with this action? [y/N]: Y [1/1] Fetching e2guardian-4.1.1_12.txz: 100% 587 KiB 601.5kB/s 00:01 Checking integrity... done (0 conflicting) [1/1] Upgrading e2guardian from 4.1.1_11 to 4.1.1_12... Extracting e2guardian-4.1.1_12: 100% You may need to manually remove /usr/local/etc/e2guardian/e2guardian.conf if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/e2guardianf1.conf if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/authplugins/ipgroups if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirusextensionlist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirusmimetypelist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirussitelist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirusurllist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/exceptioniplist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/filtergroupslist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/bannedsitelistwithbypass if it is no longer needed. Message from e2guardian-4.1.1_12: ===> Please Note: ******************************************************************************* This port has created a log file named e2guardian.log that can get quite large. Please read the newsyslog(8) man page for instructions on configuring log rotation and compression. This port has been converted using old dansguardian-devel port Let me know how it works (or not). (Patches always welcome.) ******************************************************************************* [2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root:
Then, gone to GUI and saved config under blacklist tab and hit save
Back to console and tried to start and restart e2g
[2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root: /usr/local/etc/rc.d/e2guardian.sh start kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 e2guardian already running? (pid=84327). [2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root: /usr/local/etc/rc.d/e2guardian.sh restart kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Stopping e2guardian. Waiting for PIDS: 84327. Starting e2guardian.
-
I've tried the usual re applying black list, reinstall, uninstall then install. No joy yet.
Here is the output of one of my testing vms with no hacks or code changes(using 0.4.2.5).
[2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root: pkg install -f e2guardian Updating Unofficial repository catalogue... Unofficial repository is up to date. Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: e2guardian: 4.1.1_11 -> 4.1.1_12 [Unofficial] Number of packages to be upgraded: 1 587 KiB to be downloaded. Proceed with this action? [y/N]: Y [1/1] Fetching e2guardian-4.1.1_12.txz: 100% 587 KiB 601.5kB/s 00:01 Checking integrity... done (0 conflicting) [1/1] Upgrading e2guardian from 4.1.1_11 to 4.1.1_12... Extracting e2guardian-4.1.1_12: 100% You may need to manually remove /usr/local/etc/e2guardian/e2guardian.conf if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/e2guardianf1.conf if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/authplugins/ipgroups if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirusextensionlist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirusmimetypelist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirussitelist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/contentscanners/exceptionvirusurllist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/exceptioniplist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/filtergroupslist if it is no longer needed. You may need to manually remove /usr/local/etc/e2guardian/lists/bannedsitelistwithbypass if it is no longer needed. Message from e2guardian-4.1.1_12: ===> Please Note: ******************************************************************************* This port has created a log file named e2guardian.log that can get quite large. Please read the newsyslog(8) man page for instructions on configuring log rotation and compression. This port has been converted using old dansguardian-devel port Let me know how it works (or not). (Patches always welcome.) ******************************************************************************* [2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root:
Then, gone to GUI and saved config under blacklist tab and hit save
Back to console and tried to start and restart e2g
[2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root: /usr/local/etc/rc.d/e2guardian.sh start kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 e2guardian already running? (pid=84327). [2.3.4-RELEASE][root@pfSense.yyyyyyy.br]/root: /usr/local/etc/rc.d/e2guardian.sh restart kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Stopping e2guardian. Waiting for PIDS: 84327. Starting e2guardian.
HMMm….. Tried again it seems to work now, look:
It's like 4.x has a mind of its own. However, it still doesn't show the categories of the sites that are blocked by the blacklist.
-
@Mr.:
Thank you, pfsensation :)
Of course, by now I have no clue which directories ;D
Would you know?
Thank you.
I see you are online, pfsensation: would you know which directories?
Thank you :D
-
@Mr.:
would you know which directories?
run on console/ssh:
/usr/local/bin/php /usr/local/www/e2guardian.php fetch_blacklist
-
@Mr.:
would you know which directories?
run on console/ssh:
/usr/local/bin/php /usr/local/www/e2guardian.php fetch_blacklist
Thank you Marcello.
It downloads fine. I then do the same save/reapply/save/apply, and we get the same errors.
It perhaps indeed is what pfsensation said, a permission/directories problem. Which directories?
-
Post the results of
ls -l /usr/local/etc/dansguandian/lists/blacklists
-
Post the results of
ls -l /usr/local/etc/dansguandian/lists/blacklists
Thank you Marcello.
I changed it into dansguaRdian, but it comes back with:
ls: /usr/local/etc/dansguardian/lists/blacklist: No such file or directory
-
Sorry for the typo
It's```
ls -l /usr/local/etc/e2guardian/lists/blacklists
-
@Mr.:
@Mr.:
would you know which directories?
run on console/ssh:
/usr/local/bin/php /usr/local/www/e2guardian.php fetch_blacklist
Thank you Marcello.
It downloads fine. I then do the same save/reapply/save/apply, and we get the same errors.
It perhaps indeed is what pfsensation said, a permission/directories problem. Which directories?
My E2Guardian is now fully working fine, without crashes. However -HOST- shows DNS error and setting "log client hostnames" under general tab causes the daemon to crash. So make sure you check chose things first
These are the steps I took to properly fix the crashes, probably all of them together made it work:
- First uninstalled and reinstalled E2Guardian
- Downloaded the blacklist and applied it under the blacklists tab
- Opened up FileZilla (FTP Client) navigated over to : /usr/local/etc/e2guardian Then set permissions to 644, recursively into all directories within it too. You can do this via SSH also, but I prefer using an actual FTP client, that way I can see all the files and directories in a GUI.
After that, I gave the entire pfSense box a restart, and it seems to be working. I've had it running for a day with MITM.
Try the following out, and see if it works for you.
@Marcelloc, can you write an update on GitHub regarding the blacklist category issue? I'm not fully aware of what you tried to fix it, but it doesn't seem to be fixed until now, even for you (can see from screenshots) : https://github.com/e2guardian/e2guardian/issues/244
Thanks
-
Thank you Marcello, and thank you pfsensation :)
I've attached the output of Marcello's ls command. I will next try what pfsensation suggested.
Thank you.
-
:-[ :-[ :-[
I did:
[code]
chmod -R 644 /usr/local/etc/e2guardian
/usr/local/bin/php /usr/local/www/e2guardian.php fetch_blacklist
Then I did reapply blacklist, save, daemon tab - save: still nothing, service still doesn't start:| Jul 1 03:30:56 | php-fpm | 87924 |
/pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Starting e2guardian. Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/urls: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/urls Error reading: /usr/local/etc/e2guardian/lists/bannedurllist.g_Default Error opening bannedurllist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error in reading filter group files Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian' [/q][/t][/t]
-
Access your acls under url tab and check what is enabled. It's looking for a file that doesn't exists on shallalist.
Select categories that shows under include select combo box. They are from current applied blacklist.
There is no need to change file permission.
-
Thank you for your reply, Marcello :)
I'm trying to understand what you mean with " It's looking for a file that doesn't exists on shallalist".
In the top Include box I can select, for example, adv urls, spyware urls, tracker urls. However, in the next Config box, none of these exist. What does this mean? what do I need to do here then?
Per your: "Select categories that shows under include select combo box. They are from current applied blacklist"
Could you give a concrete example?
Thank you very much for your help :P
-
Take a look or send a screenshot on the same field I've pushed on my last post.