Unofficial E2guardian package for pfSense
-
@kenpachizaraki Hi, Technically you can't block chrome web store. Let me tell you why. So, first of all, if you block "chrome.google.com" domain that you block directly google itself. You can't tell the e2guardian if e2guardian see "webstore" word, block the domain because the domain is under SSL. It means e2guardian can't see into the SSL traffic of an SSL domain.
"webstore" page under the encrypted traffic of an SSL domain which is "chrome.google.com", in the world no one can see the SSL traffic. (for now)
You can tell e2guardian to block "chrome.google.com" but if it blocks this domain that you can't access "google.com" :/
You can search how SSL works on google. It will help you to understand what I'm trying to say.
https://chrome.google.com/webstore/category/extensions
-
@kenpachizaraki With MITM you can block the web store but if you're doing this for a school or company with machines on a domain. Do it through GPO.
However with E2G you should be able to block chrome Web store. Remember E2G can do more powerful things than just rely on the URL. I haven't done it this way for a while so I can't give you exact instructions but it can be done.
-
@pfsensation If you do it without MITM, let us know please. Also if you do a test it would awesome. Thanks.
-
@pfsensation @ucribrahim sorry for the confusion here. Actually i dont want to block webstore url. What i want is to block those proxy plugins that you install in your chrome browser. There are lots of proxy plugins that when you install in chrome make you access ristricted sites.
I have done it in other paid UTM software where in we install the cert and inspect all 443 connections to block outgoing malformed proxy connection.
Yes it can be done via GPO bit it is tedious to add all those chrome proxy - a lot of them.
-
@kenpachizaraki You could block most of them by locking down outgoing ports (allowing only connections to E2 Guardian) and blocking the domains for proxies and VPN's through E2 Guardian.
Although this will block most of these proxies from working, SSL VPN's working over port 443 may still work. I don't believe E2 Guardian has a way of completely blocking them yet. As far as I'm aware, the way these "paid" firewalls use to block VPN's is they try to inspect the traffic. If its suspicious or it couldn't be successfully decrypted via MITM then it gets blocked.
If you want to avoid the Chrome GPO method of allowing extensions installations. Then you can also make the chrome extensions directory read only and block it that way.
The subject of blocking these VPNs working over 443 may need a bit more digging into though.
-
@pfsensation yes outgoing ports can be block but most of them are using 443. So your legitimate 443 connections will also be blocked. They are really snicky little bastard to block using that method. Hopefully in the future e2g can find a way to block those traffic.
-
@kenpachizaraki Really? I did some testing a while back, when I blocked the VPN providers domain. It would mess up the vpn client to server negotiation and just fail to connect.
But I do understand your frustrations, it's difficult to properly block these VPN's on 443. I'll bring this up to the E2guardian devs and see if there's anything that can be done to mitigate the risks. I do know some firewall solutions such as Smoothwall actually work pretty well, so it can be done but I'm pretty certain you'll probably get some false positives for sure.
-
@pfsensation if you know the vpn provider domain yes it can be easily block even using firewall.
Can you try this one in your chrome browser
https://chrome.google.com/webstore/detail/vpn-grab-a-proxy-free/epiohmjifijenpabfpggbphmjinbhgnn?hl=enHard part of this is you need to check logs on what domain that proxy is connecting.
-
@pfsensation @marcelloc @ucribrahim is it possible for e2g maybe regex to get the wan ip address?
if wan = to interface wan (whatismyipaddress) = Pass
if wan != to interface wan (whatismyipaddress) = Block/RejectSince if someone uses proxy wan ip changes to the proxy being used.
If this is possible then we can block those annoying proxy to bypass e2g or squid. -
@kenpachizaraki I'll do some testing on this when I have some free time and can setup a virtual lab. At the moment I'm quite bogged down with work and life on general. But I have requested a a feature in E2guardian to detect and block VPN's.
-
@kenpachizaraki Although this can probably be done, passing or blocking due to the WAN IP hasn't been implemented into E2 Guardian. Not sure if this will be added or if its a good method even to block Internet access for those trying to bypass the firewall.
-
OMG no one replies. I guess my question is really hard.
Or perhaps, no one would like to help. -
@ravegen What is your question? Maybe I can answer your question or someone will.
-
@pfsensation @marcelloc
filed bugs on e2guardian already
https://github.com/e2guardian/e2guardian/issues/444maybe someone can verify this one.
http and https://youtube is already blacked in e2guardian but when accessing using google chrome i can still access the site. But when using incognito mode, https://youtube is blocked.
Is this caching? or any settings i need to enable? -
@kenpachizaraki It is just cache, google chrome has strong caching. Just clear cache of your browser and try again.
If you still goes restricted domain, try to kill your client states on pfsense and also clear cache again of your browser. ( command : pfctl -k 192.168.1.1 )
Also It is not a bug at all.
-
@ucribrahim ok if its cache how long will it retain?
Ive tested for several hours and still youtube is accessible even clicking on different videos -
@kenpachizaraki I don't know, search on google how google cache works.
-
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@genesislubrigas There's no need for you to use Squid with E2 Guardian. You can still get stats with Light squid.
How do you get stats with Light squid ? Can you kindly assist. Thanks
this was my question
-
This post is deleted! -
Hi,
I did some test on how to work Lightsquid with E2guadian. First, Install Lightsquid package and then use the following command.
fetch -o /usr/local/pkg/lightsquid.inc http://e-sac.siteseguro.ws/lightsquid/inc.txt
After that reboot your pfsense.
Go to Services > E2guardian > Report and Log, and under this menu, there is an option which is "Log File Format". Choose "Squid Log Format" and then save the settings.
After you do that go to Status > Squid Proxy Reports and then click "Refresh Full" button, after that, you'll need to see logs on the Lightsquid page which by clicking the "Open Lightsquid" button.
I was able to work the lightsquid service by changing "Log File Format > Squid Log Format" but it is gonna work with default option which of e2g log file format.
It is also so strange for example if you go to Daemon menu and at the bottom if you click Save button and then Save Changes button. E2g will be broken and only it is gonna work if you restart your pfsense. So guys do not do that so many times :)