Unofficial E2guardian package for pfSense
-
@kenpachizaraki I'll do some testing on this when I have some free time and can setup a virtual lab. At the moment I'm quite bogged down with work and life on general. But I have requested a a feature in E2guardian to detect and block VPN's.
-
@kenpachizaraki Although this can probably be done, passing or blocking due to the WAN IP hasn't been implemented into E2 Guardian. Not sure if this will be added or if its a good method even to block Internet access for those trying to bypass the firewall.
-
OMG no one replies. I guess my question is really hard.
Or perhaps, no one would like to help. -
@ravegen What is your question? Maybe I can answer your question or someone will.
-
@pfsensation @marcelloc
filed bugs on e2guardian already
https://github.com/e2guardian/e2guardian/issues/444maybe someone can verify this one.
http and https://youtube is already blacked in e2guardian but when accessing using google chrome i can still access the site. But when using incognito mode, https://youtube is blocked.
Is this caching? or any settings i need to enable? -
@kenpachizaraki It is just cache, google chrome has strong caching. Just clear cache of your browser and try again.
If you still goes restricted domain, try to kill your client states on pfsense and also clear cache again of your browser. ( command : pfctl -k 192.168.1.1 )
Also It is not a bug at all.
-
@ucribrahim ok if its cache how long will it retain?
Ive tested for several hours and still youtube is accessible even clicking on different videos -
@kenpachizaraki I don't know, search on google how google cache works.
-
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@genesislubrigas There's no need for you to use Squid with E2 Guardian. You can still get stats with Light squid.
How do you get stats with Light squid ? Can you kindly assist. Thanks
this was my question
-
This post is deleted! -
Hi,
I did some test on how to work Lightsquid with E2guadian. First, Install Lightsquid package and then use the following command.
fetch -o /usr/local/pkg/lightsquid.inc http://e-sac.siteseguro.ws/lightsquid/inc.txt
After that reboot your pfsense.
Go to Services > E2guardian > Report and Log, and under this menu, there is an option which is "Log File Format". Choose "Squid Log Format" and then save the settings.
After you do that go to Status > Squid Proxy Reports and then click "Refresh Full" button, after that, you'll need to see logs on the Lightsquid page which by clicking the "Open Lightsquid" button.
I was able to work the lightsquid service by changing "Log File Format > Squid Log Format" but it is gonna work with default option which of e2g log file format.
It is also so strange for example if you go to Daemon menu and at the bottom if you click Save button and then Save Changes button. E2g will be broken and only it is gonna work if you restart your pfsense. So guys do not do that so many times :)
-
@ucribrahim said in Unofficial E2guardian package for pfSense:
Hi,
I did some test on how to work Lightsquid with E2guadian. First, Install Lightsquid package and then use the following command.
fetch -o /usr/local/pkg/lightsquid.inc http://e-sac.siteseguro.ws/lightsquid/inc.txt
After that reboot your pfsense.
Go to Services > E2guardian > Report and Log, and under this menu, there is an option which is "Log File Format". Choose "Squid Log Format" and then save the settings.
After you do that go to Status > Squid Proxy Reports and then click "Refresh Full" button, after that, you'll need to see logs on the Lightsquid page which by clicking the "Open Lightsquid" button.
I was able to work the lightsquid service by changing "Log File Format > Squid Log Format" but it is gonna work with default option which of e2g log file format.
It is also so strange for example if you go to Daemon menu and at the bottom if you click Save button and then Save Changes button. E2g will be broken and only it is gonna work if you restart your pfsense. So guys do not do that so many times :)
So it means it gets broken
-
@ucribrahim What gets broken? I've had this up and running for a while now with no issues, and didn't even need a restart.
Set E2 Guardian reporting to Squid format, install light squid, run the command. And just wait for the logs to come through. I didn't have to do anything else.
-
@ravegen said in Unofficial E2guardian package for pfSense:
E2g will be broken and only it is gonna work if you restart your pfsense.
@pfsensation i think because you said this one.
-
I made lightsquid working with e2guardian now. the problem now is the realtime does not show any feeds anymore.
-
@ravegen I'm not saying that if you use Lightsquid with E2guardian it gets broken. Nooo! I'm saying that if you go to Daemon menu and click Save settings so many times at the same time. It will get broken and it is gonna work until you restart pfsense. I don't know it just me or someone knows that.
Maybe I'm wrong but this is my experience about e2guardian.
NOTE: There is no problem, using Lightsquid with E2guardian. @pfsensation said go to do that "Set E2 Guardian reporting to Squid format, install light squid, run the command. And just wait for the logs to come through. I didn't have to do anything else."
Of course use the following command and then restart pfsense after that go to do necessary settings.
fetch -o /usr/local/pkg/lightsquid.inc http://e-sac.siteseguro.ws/lightsquid/inc.txt
-
@kenpachizaraki
try blocking the domains belowyoutube.com
googlevideo.com
ytimg.com -
@susamlicubuk i fixed it already by blocking googlevideo.com.
i'll try to add your comments also "ytimg.com" later.
youtube can still be access due to google chrome cache but videos wont' load anymore :Dthe only thing that bothers me are the google chrome proxy plugins that bypass e2g :(
ill find try to find some way later. -
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@susamlicubuk i fixed it already by blocking googlevideo.com.
i'll try to add your comments also "ytimg.com" later.
youtube can still be access due to google chrome cache but videos wont' load anymore :Dthe only thing that bothers me are the google chrome proxy plugins that bypass e2g :(
ill find try to find some way later.I was able to test my little bit
With mitm, the VPNs are stopping. (I installed the certificate to the clients)
If there is no mitm I run pfense with lan net to pfsense pass (with required ports 80,443,53,8080,8081).
it is still useful to look at the domain names of some VPNs from the logs and to block them.
perhaps it may work if the proxy list is created in the domain list acl.
there are too many domains and ip addresses. shalla list is very inadequate.
Another solution is snort to openappid or pfblocker. -
@susamlicubuk im not using MITM to block https
i can see which domain proxy are going but there are lot of them.
you may try to install this one google chrome
https://chrome.google.com/webstore/detail/vpn-grab-a-proxy-free/epiohmjifijenpabfpggbphmjinbhgnnIt can bypass e2g even with MITM, though it can be block using domain it connects to.
But if there are hundreds of these application/plugin in chrome then it will take most of your time chasing the domains :)