Unofficial E2guardian package for pfSense
-
@susamlicubuk im not using MITM to block https
i can see which domain proxy are going but there are lot of them.
you may try to install this one google chrome
https://chrome.google.com/webstore/detail/vpn-grab-a-proxy-free/epiohmjifijenpabfpggbphmjinbhgnnIt can bypass e2g even with MITM, though it can be block using domain it connects to.
But if there are hundreds of these application/plugin in chrome then it will take most of your time chasing the domains :) -
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@susamlicubuk im not using MITM to block https
i can see which domain proxy are going but there are lot of them.
you may try to install this one google chrome
https://chrome.google.com/webstore/detail/vpn-grab-a-proxy-free/epiohmjifijenpabfpggbphmjinbhgnnIt can bypass e2g even with MITM, though it can be block using domain it connects to.
But if there are hundreds of these application/plugin in chrome then it will take most of your time chasing the domains :)can already block vpngrab
No need to use mitm
look at domain names from realtime logs and block them -
@ucribrahim said in Unofficial E2guardian package for pfSense:
@ravegen I'm not saying that if you use Lightsquid with E2guardian it gets broken. Nooo! I'm saying that if you go to Daemon menu and click Save settings so many times at the same time. It will get broken and it is gonna work until you restart pfsense. I don't know it just me or someone knows that.
Maybe I'm wrong but this is my experience about e2guardian.
NOTE: There is no problem, using Lightsquid with E2guardian. @pfsensation said go to do that "Set E2 Guardian reporting to Squid format, install light squid, run the command. And just wait for the logs to come through. I didn't have to do anything else."
Of course use the following command and then restart pfsense after that go to do necessary settings.
fetch -o /usr/local/pkg/lightsquid.inc http://e-sac.siteseguro.ws/lightsquid/inc.txt
You don't need to restart pfsense. What happens is sometimes multiple threads or processes of E2 Guardian can be started. Although this is barely an issue anymore, and most of the bugs have been squashed.
Instead of restart you can run "top" get the process ID of E2 Guardian processes, then type "kill" followed by the process ID to completely kill E2 Guardian processes. Then you can go back to the GUI, press the save then start. And it'll work as normal.
But this is only happens nowadays in extreme cases when you're spamming buttons...
-
@susamlicubuk yes as i said it can be block using domains easily but what if there are hundreds of those proxy? You have to test install them one by one and check on logs...waste of time to do that.
We are only checking only chrome what about firefox? And those proxy that is set manually? Thousand of them....If we can find ways to blocked them dynamically e2g would be superior...
-
Guys let's be reasonable here. Blocking VPN's is not a simple thing anymore. Especially now when they can work over port 80/443 which you cannot block.
Furthermore, E2 Guardian, even if it does implement a way to block VPN's going through the proxy. It'll be far from the end all and be all solution. We might even need a mixture of a Deep Packet Inspection system, good black list and E2 Guardian detecting VPN user agents and being able to recognise VPN traffic from everything else.
Hold tight guys... In terms of Chrome, I'm sure there was a way to block ALL extensions from being installed through GPO. Give it a Google search and see what comes up!
-
@marcelloc Sua solução é excelente, apliquei hoje e resolveu uma situação que estava me causando dores de cabeça.
-
@pfsensation yes i agree. Even in paid solutions the way they block it was using mitm. Which now is the only way i can think.
Ir can be achieve using gpo by blocking the installation of the proxy.
Anyway it is an endless development, always.
And a big thanks to e2g and @marcelloc and everyone who contribute. Kodus guys.... -
@pfsensation just a question maybe you should know or someone here.
E2g v5 can be use in direct mode but still it requires squid (installed and running but disabled). I tried to stop squid in service and e2g stop functioning even in direct mode. Thus it mean somehow you need squid running on background? -
@pfsensation said in Unofficial E2guardian package for pfSense:
@ucribrahim said in Unofficial E2guardian package for pfSense:
@ravegen I'm not saying that if you use Lightsquid with E2guardian it gets broken. Nooo! I'm saying that if you go to Daemon menu and click Save settings so many times at the same time. It will get broken and it is gonna work until you restart pfsense. I don't know it just me or someone knows that.
Maybe I'm wrong but this is my experience about e2guardian.
NOTE: There is no problem, using Lightsquid with E2guardian. @pfsensation said go to do that "Set E2 Guardian reporting to Squid format, install light squid, run the command. And just wait for the logs to come through. I didn't have to do anything else."
Of course use the following command and then restart pfsense after that go to do necessary settings.
fetch -o /usr/local/pkg/lightsquid.inc http://e-sac.siteseguro.ws/lightsquid/inc.txt
You don't need to restart pfsense. What happens is sometimes multiple threads or processes of E2 Guardian can be started. Although this is barely an issue anymore, and most of the bugs have been squashed.
Instead of restart you can run "top" get the process ID of E2 Guardian processes, then type "kill" followed by the process ID to completely kill E2 Guardian processes. Then you can go back to the GUI, press the save then start. And it'll work as normal.
But this is only happens nowadays in extreme cases when you're spamming buttons...
I solved this. Now there is no realtime status on realtime tab.
-
@kenpachizaraki No squid isn't required at all. I'm running it on my box and I've completely removed squid.
What happens when you remove squid, does E2 Guardian just not start up?
E2 Guardian is an open source project, I urge everyone to contribute if they can. I've contributed a lot to it and have hit road blocks due to translations and as such. Therefore even if you can help out with translations and updating them. That helps too!
-
@genesislubrigas said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ucribrahim said in Unofficial E2guardian package for pfSense:
@ravegen I'm not saying that if you use Lightsquid with E2guardian it gets broken. Nooo! I'm saying that if you go to Daemon menu and click Save settings so many times at the same time. It will get broken and it is gonna work until you restart pfsense. I don't know it just me or someone knows that.
Maybe I'm wrong but this is my experience about e2guardian.
NOTE: There is no problem, using Lightsquid with E2guardian. @pfsensation said go to do that "Set E2 Guardian reporting to Squid format, install light squid, run the command. And just wait for the logs to come through. I didn't have to do anything else."
Of course use the following command and then restart pfsense after that go to do necessary settings.
fetch -o /usr/local/pkg/lightsquid.inc http://e-sac.siteseguro.ws/lightsquid/inc.txt
You don't need to restart pfsense. What happens is sometimes multiple threads or processes of E2 Guardian can be started. Although this is barely an issue anymore, and most of the bugs have been squashed.
Instead of restart you can run "top" get the process ID of E2 Guardian processes, then type "kill" followed by the process ID to completely kill E2 Guardian processes. Then you can go back to the GUI, press the save then start. And it'll work as normal.
But this is only happens nowadays in extreme cases when you're spamming buttons...
I solved this. Now there is no realtime status on realtime tab.
Do me a favour, log into the pfsense GUI. Then press on the diagnostics tab > edit a file. Go over to: var/log/e2guardian and open up access.log.
Let me know what you can see in there
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@genesislubrigas said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ucribrahim said in Unofficial E2guardian package for pfSense:
@ravegen I'm not saying that if you use Lightsquid with E2guardian it gets broken. Nooo! I'm saying that if you go to Daemon menu and click Save settings so many times at the same time. It will get broken and it is gonna work until you restart pfsense. I don't know it just me or someone knows that.
Maybe I'm wrong but this is my experience about e2guardian.
NOTE: There is no problem, using Lightsquid with E2guardian. @pfsensation said go to do that "Set E2 Guardian reporting to Squid format, install light squid, run the command. And just wait for the logs to come through. I didn't have to do anything else."
Of course use the following command and then restart pfsense after that go to do necessary settings.
fetch -o /usr/local/pkg/lightsquid.inc http://e-sac.siteseguro.ws/lightsquid/inc.txt
You don't need to restart pfsense. What happens is sometimes multiple threads or processes of E2 Guardian can be started. Although this is barely an issue anymore, and most of the bugs have been squashed.
Instead of restart you can run "top" get the process ID of E2 Guardian processes, then type "kill" followed by the process ID to completely kill E2 Guardian processes. Then you can go back to the GUI, press the save then start. And it'll work as normal.
But this is only happens nowadays in extreme cases when you're spamming buttons...
I solved this. Now there is no realtime status on realtime tab.
Do me a favour, log into the pfsense GUI. Then press on the diagnostics tab > edit a file. Go over to: var/log/e2guardian and open up access.log.
Let me know what you can see in there
yes it is there
-
Marcelloc,
Can we request the realtime report separately can also be accessed outside the e2guardian gui so that other users can access it for viewing purposes like lightsquid proxy reports.
-
@ravegen E2 Guardian is spitting out log files, you can make a script to parse those however you like then host on a Web server.
But why would you need this feature? I understand that in a school for example you may want to see what a certain user has been visiting. But if it's for the users themselves to see what sites they've been visiting. Just use the browsers history option lol
-
@pfsensation @ucribrahim is there a way we can limit bandwidth for youtube same as squid acl?
delay_pools 2
delay_class 2 1
delay_parameters 2 128000/128000
acl YOUTUBE dstdomain .googlevideo.com
delay_access 2 allow YOUTUBE—
-
This post is deleted! -
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen E2 Guardian is spitting out log files, you can make a script to parse those however you like then host on a Web server.
But why would you need this feature? I understand that in a school for example you may want to see what a certain user has been visiting. But if it's for the users themselves to see what sites they've been visiting. Just use the browsers history option lol
Because this user might be part of management that wants to check on interval basis but is not allowed to see the settings done.
-
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@pfsensation @ucribrahim is there a way we can limit bandwidth for youtube same as squid acl?
delay_pools 2
delay_class 2 1
delay_parameters 2 128000/128000
acl YOUTUBE dstdomain .googlevideo.com
delay_access 2 allow YOUTUBE—
E2 Guardian doesn't have that granularity yet. Just use Squid as parent and do it that way if you need to. Looks like you're using delay pools, that should work fine.
-
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen E2 Guardian is spitting out log files, you can make a script to parse those however you like then host on a Web server.
But why would you need this feature? I understand that in a school for example you may want to see what a certain user has been visiting. But if it's for the users themselves to see what sites they've been visiting. Just use the browsers history option lol
Because this user might be part of management that wants to check on interval basis but is not allowed to see the settings done.
Quick and dirty way would be to setup a chron job to periodically copy the log file into pfsense WWW folder, into any new sub folder than you make.
Then your member of management can access it through [pfsense IP]/subfolder/access.log.There are software solutions to parse the logs to make it a bit more fancy. Since the GUI of E2 Guardian is done completely by Marcello in his free time. It may take a while before we have a proper log viewer. I'd personally like to see one which allows us to filter log by who, what, when, where and why.
-
@pfsensation is e2guardian working on multi vlan and multiwan? Got a quick test today but its not working....