Unofficial E2guardian package for pfSense



  • @pfsensation ok thats a stopper!!!
    But will it work squid multi wan + e2g? Ill give a shot on it today.



  • @kenpachizaraki said in Unofficial E2guardian package for pfSense:

    @pfsensation ok thats a stopper!!!
    But will it work squid multi wan + e2g? Ill give a shot on it today.

    Yeah that setup should be fine, although I haven't tried it. Theoretically it should work because all the traffic is passed to Squid, then it can decide to use the multiple gateways. Let us know what results you get if you try it, I know there's been quite a few requests for that.

    However, I completely forgot. For one of my sites, I do have E2 Guardians configured via VLANs. So I can vouch that it does work fine as long as you assign the interface correctly and get DHCP etc working properly on the VLAN.



  • @marcelloc Can you please update the package files? Me, Fred and Phillip have pushed quite a few patches and fixes to the E2 Guardian branch.



  • @pfsensation yes dhcp vlans are working correctly. Right now i enabled squid but no blocking on sites. Just pure proxy. I want to use e2g since it can block https without installing cert. Ill post result later.



  • @kenpachizaraki said in Unofficial E2guardian package for pfSense:

    @pfsensation yes dhcp vlans are working correctly. Right now i enabled squid but no blocking on sites. Just pure proxy. I want to use e2g since it can block https without installing cert. Ill post result later.

    I personally would steer away from Squid unless you really need to fill in the gap for multiwan support. Pfsense runs a old version of Squid that's pretty slow by today's standards. In my own testing, streaming sites like YouTube were a lot slower with Squid. E2 Guardian v5 on the other hand has been super fast and the code is way more efficient now.



  • @pfsensation yes that why i like e2g coz of that reason. However without multi wan support the only way is to use squid. If only e2g works multiwan then i can ditched squid. Maybe someone was able to work it out since it is common to have multi wan.



  • @kenpachizaraki said in Unofficial E2guardian package for pfSense:

    @pfsensation yes that why i like e2g coz of that reason. However without multi wan support the only way is to use squid. If only e2g works multiwan then i can ditched squid. Maybe someone was able to work it out since it is common to have multi wan.

    I used to use multi wan with gateway groups before but it turned out to be a pain sometimes, you need to spend quite some time setting it up correctly. You can't truly use both lines as one as the Web server on the other end will always see two IP's. Now at home I've only got a multi wan to fail over to free street WiFi lol, if my main connection fails. So pfsense can at least get a connection to send out an email notification to me.



  • Just as a heads up guys, pfSense 2.4.4 is released. But E2Guardian package has not yet been updated to support it. Hopefully it will be updated shortly by @marcelloc
    so don't update until a new package has come out. Otherwise you'll be left with a wide open network without filtering!

    • Also if you have pfBlockerNG installed, do not update it!! - It completely messes up the PHP GUI! I found out the hard way...


  • Starting with 2.4.4, only official packages are listed on default installation.

    To workaround this limitation, apply the patch on my unofficial repo.

    https://github.com/marcelloc/Unofficial-pfSense-packages/blob/master/244_unofficial_packages_list.patch

    apply using system patches package.



  • Marcelloc,

    I applied the patch thru system patches package but the E2Guardian package is still not available on the package list. How can I reinstall E2Guardian package. What will we do now !



  • Same here. The patch does not work. Can’t see e2 or wpad packages.



  • The patch works perfectly fine. I'm using it at the moment.

    Make sure you run the command in the first post again after the update to make sure that the unofficial repo is still added to pfsense.

    Steps : run the command in the first post to add the unofficial repo

    Install system patches

    Copy the code from the patch Marcello posted (the entire thing) give the patch a description and save it. Click test and then apply. Now when you go to the package manager, you will see E2 Guardian and WPAD.



  • pfsensation,

    yes, I have run the command of the unofficial repo ,installed the system patches and placed the url https://github.com/marcelloc/Unofficial-pfSense-packages/blob/master/244_unofficial_packages_list.patch on the URL/COMMIT ID and then applied it. but nothing happened, no e2guardian package on the package list.

    I used base directory : /usr/local/etc/pkg/repos/
    all other options are defaults

    I have also tried base directory : / but still no progress.



  • @ravegen said in Unofficial E2guardian package for pfSense:

    pfsensation,

    yes, I have run the command of the unofficial repo ,installed the system patches and placed the url https://github.com/marcelloc/Unofficial-pfSense-packages/blob/master/244_unofficial_packages_list.patch on the URL/COMMIT ID and then applied it. but nothing happened, no e2guardian package on the package list.

    I used base directory : /usr/local/etc/pkg/repos/
    all other options are defaults

    I have also tried base directory : / but still no progress.

    Don't place the URL. Copy the contents of the script and paste it into the patch box. Remember to remove the URL... Leave base directory as default "/"



  • you mean this content below,

    --- /etc/inc/pkg-utils.orig 2018-09-24 17:51:32.458825000 -0300
    +++ /etc/inc/pkg-utils.inc 2018-09-24 17:51:54.387033000 -0300
    @@ -388,7 +388,7 @@
    if ($base_packages) {
    $repo_param = "";
    } else {

    •   $repo_param = "-r {$g['product_name']}";
      
    •   $repo_param = "";
      

      }

      /*
      @@ -485,7 +485,7 @@
      $err);
      if (!$base_packages &&
      rtrim($out) != $g['product_name']) {

    •   		continue;
      
    •   		//continue;
        	}
      
        	$pkg_info['installed'] = true;


  • pfsensation

    thanks so much, it went ok.



  • @ravegen said in Unofficial E2guardian package for pfSense:

    pfsensation

    thanks so much, it went ok.

    Awesome, glad it worked!



  • @pfsensation I just tried over again over and over but damn it. I didn't understand while I was reading your instructions. I'm just confused, could you please tell me the steps one by one that I need to do for install e2guardian in 2.4.4 version of pfsense.)

    Thank you.



  • Getting this PHP error.. in crash reports.

    PHP ERROR: Type: 1, File: /etc/inc/service-utils.inc, Line: 668, Message: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
    Stack trace:
    #0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
    #1 {main}



  • @ucribrahim said in Unofficial E2guardian package for pfSense:

    @pfsensation I just tried over again over and over but damn it. I didn't understand while I was reading your instructions. I'm just confused, could you please tell me the steps one by one that I need to do for install e2guardian in 2.4.4 version of pfsense.)

    Thank you.

    Copy and paste the patch in, as I've done in the screenshot below
    alt Unofficial packages patch

    Then save it, press test and then apply the patch. Now if you go to the package manager. You will see E2 Guardian!



  • @asterix said in Unofficial E2guardian package for pfSense:

    Getting this PHP error.. in crash reports.

    PHP ERROR: Type: 1, File: /etc/inc/service-utils.inc, Line: 668, Message: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
    Stack trace:
    #0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
    #1 {main}

    I haven't experienced that at all, is this after upgrading to 2.4.4?

    Go ahead and start by re-installing E2 Guardian and see if that removes the error.



  • Again crashed,. Did a reinstall yesterday. Looks like the log rotation script is killing it.

    amd64
    11.2-RELEASE-p3
    FreeBSD 11.2-RELEASE-p3 #17 e6b497fa0a3(RELENG_2_4_4): Thu Sep 20 09:04:45 EDT 2018 root@buildbot3:/crossbuild/ce-244/obj/amd64/WvDslnYb/crossbuild/ce-244/pfSense/tmp/FreeBSD-src/sys/pfSense

    Crash report details:

    PHP Errors:
    [27-Sep-2018 00:00:00 America/New_York] PHP Fatal error: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
    Stack trace:
    #0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
    #1 {main}
    thrown in /etc/inc/service-utils.inc on line 668

    No FreeBSD crash data found.



  • @asterix said in Unofficial E2guardian package for pfSense:

    Again crashed,. Did a reinstall yesterday. Looks like the log rotation script is killing it.

    amd64
    11.2-RELEASE-p3
    FreeBSD 11.2-RELEASE-p3 #17 e6b497fa0a3(RELENG_2_4_4): Thu Sep 20 09:04:45 EDT 2018 root@buildbot3:/crossbuild/ce-244/obj/amd64/WvDslnYb/crossbuild/ce-244/pfSense/tmp/FreeBSD-src/sys/pfSense

    Crash report details:

    PHP Errors:
    [27-Sep-2018 00:00:00 America/New_York] PHP Fatal error: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
    Stack trace:
    #0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
    #1 {main}
    thrown in /etc/inc/service-utils.inc on line 668

    No FreeBSD crash data found.

    I experienced it today. Yeah it looks like the log rotate script is what's causing the crash. Which means logs won't be rotated. I'll have a look at it when I have a chance.



  • @marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light? ✋



  • Is there an option to edit first post in topic how to get e2guardian to show up atlest in list?



  • @marcelloc

    I have FQDN in one Firewall Alias that I created and used on Bypass Proxy for These Source IPs and Bypass Proxy for These Destination IPs. The problem is, I guess it is not working on alias because it is not bypassing on those FQDN but when I put it direct, it bypasses it properly.

    I am on Pfsense 2.4.4



  • Mesma situação aqui, acompanhando e aguardando a resposta do Marcello.



  • @ravegen said in Unofficial E2guardian package for pfSense:

    @marcelloc

    I have FQDN in one Firewall Alias that I created and used on Bypass Proxy for These Source IPs and Bypass Proxy for These Destination IPs. The problem is, I guess it is not working on alias because it is not bypassing on those FQDN but when I put it direct, it bypasses it properly.

    I am on Pfsense 2.4.4

    I'm doing something very similar to allow certain websites to bypass E2 Guardian. What's your alias type? You may have got that set incorrectly, because it works fine for me.



  • @pfsensation

    My alias type is HOST.

    Yes, I have this configuration work. But now I have so many aliases at ip addresses placed there. I do not know if there is a limitation on how many aliases or ip addresses to place on that bypass list.

    I noticed that when I placed sites, aliases and ip address on the bypass list, those will not appear on the realtime log. However, since the sites on the aliases I made shows on the realtime log, then i believe it is not working.



  • @ravegen said in Unofficial E2guardian package for pfSense:

    @pfsensation

    My alias type is HOST.

    Yes, I have this configuration work. But now I have so many aliases at ip addresses placed there. I do not know if there is a limitation on how many aliases or ip addresses to place on that bypass list.

    I noticed that when I placed sites, aliases and ip address on the bypass list, those will not appear on the realtime log. However, since the sites on the aliases I made shows on the realtime log, then i believe it is not working.

    After placing new entries in your alias, are you going back to E2 Guardian and pressing save then apply? You need to actually restart the E2 Guardian daemon for the changes to take effect right away. It's just how it works unfortunately, E2 Guardian will only resolve the hosts in your alias when it starts up. That process seems to work for me, and allows me to keep it E2 Guardian GUI cleaner without having too many bypasses directly in there.



  • I have another question about bypass list in e2guardian.

    Why is there some sites that even you put it in the exception list in the ACL, it still does not work or inaccessible that you need to put it to the bypass list.

    Why is that? What is wrong with those sites ?



  • @ravegen said in Unofficial E2guardian package for pfSense:

    I have another question about bypass list in e2guardian.

    Why is there some sites that even you put it in the exception list in the ACL, it still does not work or inaccessible that you need to put it to the bypass list.

    Why is that? What is wrong with those sites ?

    What sites? How are you accessing those sites? What's the error log?



  • @pfsensation

    Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.



  • @ravegen said in Unofficial E2guardian package for pfSense:

    @pfsensation

    Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.

    Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?



  • @pfsensation said in Unofficial E2guardian package for pfSense:

    @ravegen said in Unofficial E2guardian package for pfSense:

    @pfsensation

    Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.

    Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?

    what do you mean about config issue?
    the real time log does not show any block on a particular site or url .



  • @ravegen said in Unofficial E2guardian package for pfSense:

    @pfsensation said in Unofficial E2guardian package for pfSense:

    @ravegen said in Unofficial E2guardian package for pfSense:

    @pfsensation

    Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.

    Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?

    what do you mean about config issue?
    the real time log does not show any block on a particular site or url .

    So you mean the sites that don't work for you, don't show up on the access log (real time log) at all? If E2 Guardian is blocking it, it will always show up on there. If it's not, your issue is definitely elsewhere.

    But if possible provide those URL's so I can test from my side. As far as I'm aware, all sites should work through browser as long as your ACL allows it



  • @pfsensation said in Unofficial E2guardian package for pfSense:

    @ravegen said in Unofficial E2guardian package for pfSense:

    @pfsensation said in Unofficial E2guardian package for pfSense:

    @ravegen said in Unofficial E2guardian package for pfSense:

    @pfsensation

    Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.

    Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?

    what do you mean about config issue?
    the real time log does not show any block on a particular site or url .

    So you mean the sites that don't work for you, don't show up on the access log (real time log) at all? If E2 Guardian is blocking it, it will always show up on there. If it's not, your issue is definitely elsewhere.

    But if possible provide those URL's so I can test from my side. As far as I'm aware, all sites should work through browser as long as your ACL allows it

    Yes, the website doesnt load, doesnt show any e2guardian block error page, doesnt show any error on realtime access log.

    But my user says that when she access the website on her house with her own internet connection, she can access the site without problem.

    So what I just did was make an alias for it and put that on bypass and that solved the problem.

    Although it solves the problem, I still want to know why it is not accessible with pfsense firewall but access from her house. I already checked the firewall rules and no rules particularly blocks such websites.

    I have snort running but my snorts purpose is for blocking malwares and the snort block report does not show any ip address related to those sites that failed to load or had error loading.

    I ONLY have firewall, e2guardian and snort running on my pfsense. I dont use pfblocker or any other.

    I have do use googledns, cloudflaredns and opendns for my firewall dns where my lan and guest use.



  • @ravegen Have you ever tried enter the website that you try to access into the "Bypass for these destination" ips in E2guardian Daemon menu." field. If yes, that means something else blocks (maybe squid if there is). Let me know after you do that.



  • And nothing is showing up in snort?
    Snort needs tweaking to work as you get a lot of false/positive alerts.



  • Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.

    When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.

    Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.


Log in to reply