Unofficial E2guardian package for pfSense
-
Hi Marcelloc,
Could you please update the binaries, the E2G developers have pushed out some patches which should help with these segmentation faults. Funnily enough the debug version seems to work more stable for me than the one in the repo.
Thanks
Binaries updated on repo.
Awesome, updating right away!
-
hi pfsensation
I'm in Turkey we have many sites forbidden we have many sites forbidden
operator bans telecom with DNS -
Last build I forgot to remove DEBUG compile option, so I've pushed binaries version e2guardian-5.0.2_5.txz without debug to the repo.
If you need current debug version, fetch from :
pkg add -f https://e-sac.websiteseguro.com/e2g/e2guardian-5.0.2_5.txz
-
hi pfsensation
I'm in Turkey we have many sites forbidden we have many sites forbidden
operator bans telecom with DNSThat's your problem in the screenshot. Turkey already bans most bad sites due to religious reasons. I recently came back from Turkey (Antalya), went on holiday it was amazing! I'm guessing you're using Turkce Telekom?
I'm not too sure how it'll work in your instance as I haven't tested it. E2 Guardian can't do any phrase checking if the DNS is being null routed. However it should still be detect the URL from ShallaList. Turn on Forge SSL Certificates, and install the CA and give it a shot. Remember, on HTTPS sites you will not get a block page of you do not have MITM enabled.
-
Is anybody else receiving ERR_SSL_BAS_RECORD_MAC_ALERT on chrome and firefox after latest updated with MITM?
-
Is anybody else receiving ERR_SSL_BAS_RECORD_MAC_ALERT on chrome and firefox after latest updated with MITM?
I don't seem to be getting it, just gave it a quick try. What setup are you using? And did you try clearing the cache?
-
@Marcelloc when I use E2 Guardian in MITM mode with pfBlocker. I'm getting NGINX errors, E2G seems to be forwarding the traffic to the NGINX server rather that directly to pfBlocker.
I've tried setting the options to make all traffic going to pfBlocker IP bypass the proxy but it hasn't helped. How have you got it setup and are you having this issue? I am using DNSBL on pfBlocker.
-
did you try clearing the cache?
Yes. After cleaning and restarting, few sites goes fine then all get mac error.
-
I'm getting NGINX errors, E2G seems to be forwarding the traffic to the NGINX server rather that directly to pfBlocker.
Does pfblockerNG package started redirecting or showing error pages on latest versions? The pfblocker versions I've used was just a deny rules creator, with any redirect.
-
I'm getting NGINX errors, E2G seems to be forwarding the traffic to the NGINX server rather that directly to pfBlocker.
Does pfblockerNG package started redirecting or showing error pages on latest versions? The pfblocker versions I've used was just a deny rules creator, with any redirect.
Nope, this was an ongoing problem since I enabled transparent proxy. pfBlocker has an option for blocking hosts - I have adblocking hosts files. The way it works is, it redirects those domains to pfBlocker's own internal web server in order to block them. They are getting intercepted by the proxy.
EDIT:
I have made a discovery Marcello. On normal non-debug E2Guardian which is setup with Squid. If Squid restarts, or needs to log rotate etc, it crashes E2Guardian. This doesn't seem to be the case with the debug version of E2Guardian, I have tried to replicate the issue but have been unsuccessful. Have you got any ideas?
-
did you try clearing the cache?
Yes. After cleaning and restarting, few sites goes fine then all get mac error.
Weird, I haven't got it yet. What authentication method are you using?
-
-
Weird, I haven't got it yet. What authentication method are you using?
IP address
Strange, no issues like the one you're describing on my end yet… Only issue I have is that when using it with Squid, from time to time E2Guardian crashes. And somehow... It doesn't crash when debug is enabled.
I'm also hoping you can help me out with the pfBlocker issue, am I doing something wrong?
-
Hi Marcello,
I just managed to re-produce the Mac Alert you've been getting by enabling SSL re-write and header re-write. I wonder if it is related to this: https://github.com/e2guardian/e2guardian/commit/c389e53b189e0d38108aca210dc217cb940bfec7
-
Hi Marcello,
I just managed to re-produce the Mac Alert you've been getting by enabling SSL re-write and header re-write. I wonder if it is related to this: https://github.com/e2guardian/e2guardian/commit/c389e53b189e0d38108aca210dc217cb940bfec7
I have this enabled too. Thanks for the test and report .
If you have time, do the same test with version 5.0.2_3
-
Hi Marcello,
I just managed to re-produce the Mac Alert you've been getting by enabling SSL re-write and header re-write. I wonder if it is related to this: https://github.com/e2guardian/e2guardian/commit/c389e53b189e0d38108aca210dc217cb940bfec7
I have this enabled too. Thanks for the test and report .
If you have time, do the same test with version 5.0.2_3
Have you got a compiled binary for it? I'll give it a shot for you, by the way I tested in both Chrome and Firefox. Both had the Mac error, where as IE complained about TLS. It does sound like a OpenSSL issue maybe but I am by no means an expert on E2Guardian's inner workings.
-
Yes, that debug version
pkg add -f https://e-sac.websiteseguro.com/e2g/e2guardian-5.0.2_3.txz -
Yes, that debug version
pkg add -f https://e-sac.websiteseguro.com/e2g/e2guardian-5.0.2_3.txzOn 5.0.2_3 SSL Re-write works and no Mac Alert issue. I think it might be that dependency, causing issues.
-
I've pushed a comiled package with code until commit bc7890a.
Seems to be working without latest patches for ssl on http1.1
version on repo:
e2guardian-5.0.2_7.txz -
I've pushed a comiled package with code until commit bc7890a.
Seems to be working without latest patches for ssl on http1.1
version on repo:
e2guardian-5.0.2_7.txzI knew that would be the issue!!! Great work! Now to find out why the new OpenSSL is giving this rather odd problem.