Unofficial E2guardian package for pfSense



  • I'm changing the packages under unofficial repo to have uninstall and update under system -> Package manger. E2guardian will take some time as it needs a manual compiled binaries. But packages like wpad and filer are already updated.



  • @jetberrocal:

    Yes it does.  Thanks to marcelloc now we have e2g with mitm support.

    Select the Groups Tab.  Edit the group that you want to enable mitm.

    Select "Filter ssl sites …" in Group options.  Save.

    Remember to set the Certificate for SSL mitm in General Tab. Save.

    Thanks for the quick reply! So I got the correct SSL cert now ('internal-ca), but SSL Keyword filtering seems to be spotty. For example, if I Google using a banned (not weighted) keyword (temporarily I've set the word "Jonathan" to be banned), the search results still display. If I click on the Wikipedia article (which is HTTPS), it gets blocked, but I would have expected the search results on Google (also HTTPS) to have been blocked too. If I go to Amazon (again HTTPS) and search for "Jonathan" I also can see search results, and if I click any of the links, they show up just fine - completely ignoring the banned keyword.

    Any ideas why?



  • Searches are another story.  What I do is to force the search engine to do safe search.

    Actually I am now testing this.

    I am having problem with Google but Yahoo and Bing are working.

    From e2g forums: This is the current list that works for urlregexplist

    
    "(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/search\?)(.*)(&?)(safe=[^&]*)"->"\1\2\3"
    # ... and add 'safe=vss'
    "(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/search\?)"->"\1safe=strict&"
    
    #"(http[s]?://[0-9a-z]+.bing.com/images/search\?.*)"->"\1&adlt=strict"
    "(http[s]?://[0-9a-z]+.bing\.[a-z]+[-/%.0-9a-z]*/search\?.*)"->"\1&adlt=strict"
    
    # Yahoo - remove 'vm=...' and add 'vm=r'
    "(^http://[.0-9a-z]+\.yahoo\.[a-z]+[-/%.0-9a-z]*/search)(.*)(&?)(vm=[^&]*)"->"\1\2\3"
    "(^http://[.0-9a-z]+\.yahoo\.[a-z]+[-/%.0-9a-z]*/search+.*\?)"->"\1vm=r&"
    
    You go to the ACLs - Url Lists that you are using for testing.  Go down to Modify section, then enable and write the code in the provided box. Save and Activate.
    
    The Google regex need love to fix it, but I am not good with regex.
    [/s][/s]
    


  • @jetberrocal:

    Searches are another story.  What I do is to force the search engine to do safe search.

    Actually I am now testing this.

    I am having problem with Google but Yahoo and Bing are working.

    From e2g forums: This is the current list that works for urlregexplist

    
    "(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/search\?)(.*)(&?)(safe=[^&]*)"->"\1\2\3"
    # ... and add 'safe=vss'
    "(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/search\?)"->"\1safe=strict&"
    
    #"(http[s]?://[0-9a-z]+.bing.com/images/search\?.*)"->"\1&adlt=strict"
    "(http[s]?://[0-9a-z]+.bing\.[a-z]+[-/%.0-9a-z]*/search\?.*)"->"\1&adlt=strict"
    
    # Yahoo - remove 'vm=...' and add 'vm=r'
    "(^http://[.0-9a-z]+\.yahoo\.[a-z]+[-/%.0-9a-z]*/search)(.*)(&?)(vm=[^&]*)"->"\1\2\3"
    "(^http://[.0-9a-z]+\.yahoo\.[a-z]+[-/%.0-9a-z]*/search+.*\?)"->"\1vm=r&"
    
    You go to the ACLs - Url Lists that you are using for testing.  Go down to Modify section, then enable and write the code in the provided box. Save and Activate.
    
    The Google regex need love to fix it, but I am not good with regex.
    
    The issue with SSL filtering is bigger than just search results though. For example, here's a random page on Amazon. The name "Jonathan" appears 13 times on the page, but pfSense isn't blocking it. And this isn't a search results page. My understanding is that 1 instance of the banned keyword should block the page (given that I put the <jonathan> tag under the banned Keywords - not weighted)
    https://www.amazon.com/Jonathan-Thomas-Sarbacher/dp/B01NBALPRR/ref=sr_1_1?ie=UTF8&qid=1496099352&sr=8-1&keywords=Jonathan
    
    Either I have something configured incorrectly or SSL Keyword filtering has bugs that need to be fixed. I'm not sure which.
    
    Any thoughts?[/s][/s]</jonathan>
    


  • Since you are testing I guess you only have one ACL for the Phrase List and the Groups you have some  but the user you are using for testing belongs to the Group were you selected the Phrase List with the Banned word.

    Let say the ACL is the Default, make sure you select Default in the Group you are testing for the Phrase List box.

    Just in case assume the words are case sensitive (there is a setting to make this case insensitive)

    Use the sample text to follow the correct syntax.



  • @jetberrocal:

    Since you are testing I guess you only have one ACL for the Phrase List and the Groups you have some  but the user you are using for testing belongs to the Group were you selected the Phrase List with the Banned word.

    Let say the ACL is the Default, make sure you select Default in the Group you are testing for the Phrase List box.

    Just in case assume the words are case sensitive (there is a setting to make this case insensitive)

    Use the sample text to follow the correct syntax.

    Yes, I'm using all the default groups and lists. I have not created anything new. I'm not using any authentication or users. On General > Lower Case Options I have "force lower case." On General > Phrase Filter Mode I have "smart only." And just to be overly thorough, I entered the following keywords on ACLs > Phrase List > Default > Banned:

    <jonathan>< Jonathan >
    < jonathan >
    <jonathan>As I understand it, that should have more than covered the possibilities, but the SSL page on Amazon that I referenced in my last post isn't blocked. It still gets displayed as though I hadn't attempted to filter it. I'm starting to think this is a bug.</jonathan></jonathan>



  • The error is happening to me.

    I checked the config files and it is being generated correctly. 
    I also disable Exceptions box in case the word falls in the exceptions.

    So it seems to be an e2g 3.5.1 problem.

    I guess this has to be checked on the e2g forum.

    By the way I used the word <jet>. Search on Google and selected the link
    https://www.google.com.pr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&uact=8&ved=0ahUKEwjq5qXotpbUAhUE6yYKHTncD78QFghvMAw&url=https%3A%2F%2Fjetprogramusa.org%2F&usg=AFQjCNGFZZgNdXX2OXYga7BOLHmLFjdZ_g</jet>



  • @jetberrocal:

    The error is happening to me.

    I checked the config files and it is being generated correctly. 
    I also disable Exceptions box in case the word falls in the exceptions.

    So it seems to be an e2g 3.5.1 problem.

    I guess this has to be checked on the e2g forum.

    By the way I used the word <jet>. Search on Google and selected the link
    https://www.google.com.pr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&uact=8&ved=0ahUKEwjq5qXotpbUAhUE6yYKHTncD78QFghvMAw&url=https%3A%2F%2Fjetprogramusa.org%2F&usg=AFQjCNGFZZgNdXX2OXYga7BOLHmLFjdZ_g</jet>

    Thanks for helping to check this! At least I know I'm not the only one now.

    I've logged the issue on the E2Guardian Google Groups: https://groups.google.com/forum/#!topic/e2guardian/NfBZ1Ux_lEY

    If no one replies within a day or so, I'm going to log it as an issue on GitHub.

    Thanks again!

    Jonathan



  • @jkrueger2020:

    @jetberrocal:

    The error is happening to me.

    I checked the config files and it is being generated correctly. 
    I also disable Exceptions box in case the word falls in the exceptions.

    So it seems to be an e2g 3.5.1 problem.

    I guess this has to be checked on the e2g forum.

    By the way I used the word <jet>. Search on Google and selected the link
    https://www.google.com.pr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&uact=8&ved=0ahUKEwjq5qXotpbUAhUE6yYKHTncD78QFghvMAw&url=https%3A%2F%2Fjetprogramusa.org%2F&usg=AFQjCNGFZZgNdXX2OXYga7BOLHmLFjdZ_g</jet>

    Thanks for helping to check this! At least I know I'm not the only one now.

    I've logged the issue on the E2Guardian Google Groups: https://groups.google.com/forum/#!topic/e2guardian/NfBZ1Ux_lEY

    If no one replies within a day or so, I'm going to log it as an issue on GitHub.

    Thanks again!

    Jonathan

    If they ask for the conf files they are in /usr/local/etc/e2guardian/



  • When using Mitm I'm getting "Error too many redirects" from time to time. It can become quite frustrating when you're trying to browse, and you have to keep refreshing and going back on the page until it finally works.

    Anyone else experiencing this? I vaguely remember seeing this being reported before to the E2G team, I assume it's fixed in 4.1 If it has, maybe we can back port?

    Also marcelloc, have you been able to test newer versions of E2G on pfsense? Hoping it can be stable enough soon for us to update.



  • @pfsensation:

    Also marcelloc, have you been able to test newer versions of E2G on pfsense? Hoping it can be stable enough soon for us to update.

    Not yet, just that version that was crashing on BSD.



  • I've updated the install process to use freebsd package style instead of manual fetch from script. you can also enable the unofficial repository to install it using GUI.

    See the updated install instructions on the first post of this topic.

    Unfortunately, this package is still available only for AMD64 architecture.



  • @pfsensation:

    When using Mitm I'm getting "Error too many redirects" from time to time. It can become quite frustrating when you're trying to browse, and you have to keep refreshing and going back on the page until it finally works.

    Anyone else experiencing this? I vaguely remember seeing this being reported before to the E2G team, I assume it's fixed in 4.1 If it has, maybe we can back port?

    Also marcelloc, have you been able to test newer versions of E2G on pfsense? Hoping it can be stable enough soon for us to update.

    I found this link related to your problem
    https://github.com/e2guardian/e2guardian/issues/92

    I think you need to add the particular site to a ssl cert exception conf file.



  • Was this answer:

    @marcelloc:

    I'm changing the packages under unofficial repo to have uninstall and update under system -> Package manger. E2guardian will take some time as it needs a manual compiled binaries. But packages like wpad and filer are already updated.

    Meant as a reply to me:

    @Mr.:

    How can I safely remove icap, clam, e2guardian, tinyproxy, and all others?

    So I can start fresh again, and can you give me the exact install commands?

    If so, it means I can't completely remove it now?



  • You can remove packages under console using pkg binary. (pkg info, pkg delete, etc…)

    I'm changing the package structure to be able to install, remove, update it easier.



  • I installed E2Guardian from the unnoficial repo AMD64. Now I have two entries for E2Guardian in the web config. How can I remove the old manual one? Or any, as they are basically the same instance with two entries in the tab.

    Another question is, why isn't E2Guardian decrypting/phrase matching content properly? If you go to Youtube and type in "porn x" inappropriate images appear, and there seem to be more than enough bad words on the search results for it to be blocked. But it doesn't get blocked even though I have all the phraselists enabled for pornography. However, when I refresh then it blocks. Why isn't it blocking on the first search? Is it just checking URL and ignoring?
    Also having the same issues on Yandex, when you search for "porn" in images, it loads up. If you refresh then it blocks.

    I guess this is a pretty big bug. I don't think my configuration or setup is wrong because after refresh it is blocking the site just fine, maybe someone can confirm? I remember it working fine before the latest update. Not sure what could be wrong.

    EDIT: wow this is weird… Searching "Porn x" from YouTube homepage right now blocks it. If you search something else then porn x. It bypasses the proxy, if you refresh the page it blocks it again. Why would it behave this way? I'm fully confused and tearing my hair out.

    EDIT2: Now it seems to block searching that term from any page. If you try searching it 2/3x it eventually loads up. And bypasses block page.

    Oh just to clarify. E2G is correctly decrypting HTTPS. I can see the internal CA in my browser when going to YouTube.



  • Maybe a firewall/antivirus conflict? I personally doubt it but in the tech universe, I prefer to not rule out any possibilities…



  • @pfsensation:

    OMG!! Now everything is working perfectly! Certificates are forged and have the required SAN (Subject Alternative Name) for Google Chrome, Firefox etc to work.
    Here's my sexy page at home :P – 'KorTeX' is just what I call my network.

    @pfsensation Can you share your block page code? please?



  • 4.1 retryfix branch seems to be working now on BSD, I'll start GUI changes for e2guardian 4.1

    https://github.com/e2guardian/e2guardian/issues/222



  • @marcelloc:

    4.1 retryfix branch seems to be working now on BSD, I'll start GUI changes for e2guardian 4.1

    https://github.com/e2guardian/e2guardian/issues/222

    Great to hear that, it seems some of the issues I'm facing is already fixed in 4.1. Also, I did realise you got rid of the GUI duplicate. So thanks a lot for that with the 0.9.2 update. :)

    Will you be regularly maintaining your repo? Will it cause any problems with updating pfsense of default packages from pfsense repo? This seems like a really good way to get good quality unofficial packages and keep them up to date.



  • @Cino:

    @pfsensation:

    OMG!! Now everything is working perfectly! Certificates are forged and have the required SAN (Subject Alternative Name) for Google Chrome, Firefox etc to work.
    Here's my sexy page at home :P – 'KorTeX' is just what I call my network.

    @pfsensation Can you share your block page code? please?

    Sure, although it's in no way perfect. It's much, much better looking than all other block pages I've seen and works perfectly for me. If you make any changes or make it better, let me know. :)

    https://ybin.me/p/3b12275edc779552#Z9PkW1Vve44x83LQz9+XZd63bigXiWuUrJXr8lM4/Iw=



  • @pfsensation:

    @marcelloc:

    4.1 retryfix branch seems to be working now on BSD, I'll start GUI changes for e2guardian 4.1

    https://github.com/e2guardian/e2guardian/issues/222

    Great to hear that, it seems some of the issues I'm facing is already fixed in 4.1.

    False positive. I got the testing repo from e2guardian but compiled a 3.5.1 version instead of 4.1. :(

    I've include the dump of the crash on e2guardian git



  • @marcelloc:

    You can remove packages under console using pkg binary. (pkg info, pkg delete, etc…)

    I'm changing the package structure to be able to install, remove, update it easier.

    Thank you Marcello  ;D

    Is it meant to deinstall Squid so I have to start all over again with that too?




  • Is there any way to turn off Tiny proxy once and for all? It's really frustrating because I use Squid and it keeps starting up when I change any configurations on E2Guardian.



  • @pfsensation:

    Is there any way to turn off Tiny proxy once and for all? It's really frustrating because I use Squid and it keeps starting up when I change any configurations on E2Guardian.

    I'll split it in two packages when I have time.



  • @marcelloc:

    @pfsensation:

    Is there any way to turn off Tiny proxy once and for all? It's really frustrating because I use Squid and it keeps starting up when I change any configurations on E2Guardian.

    I'll split it in two packages when I have time.

    Thanks Marcello! Or you could create a off switch? :P



  • @pfsensation:

    @marcelloc:

    @pfsensation:

    Is there any way to turn off Tiny proxy once and for all? It's really frustrating because I use Squid and it keeps starting up when I change any configurations on E2Guardian.

    I'll split it in two packages when I have time.

    Thanks Marcello! Or you could create a off switch? :P

    I can't remember what I did but I think I commented out a few lines in /usr/local/etc/rc.d/tinyproxy so it wouldnt started

    
    #!/bin/sh
    
    # $FreeBSD: branches/2017Q1/www/tinyproxy/files/tinyproxy.in 340872 2014-01-24 00:14:07Z mat $
    #
    # PROVIDE: tinyproxy
    # REQUIRE: LOGIN
    #
    # Add the following lines to /etc/rc.conf.local or /etc/rc.conf to enable tinyproxy:
    # tinyproxy_enable (bool): Set to "NO" by default.
    #                          Set it to "YES" to enable tinyproxy 
    # tinyproxy_config (path): Set to "/usr/local/etc/tinyproxy.conf" by default.
    
    . /etc/rc.subr
    
    name="tinyproxy"
    rcvar=tinyproxy_enable
    
    load_rc_config $name
    
    # Make sure the pidfile matches what's in the config file.
    : ${tinyproxy_enable="NO"}
    : ${tinyproxy_pidfile="/var/run/tinyproxy.pid"}
    : ${tinyproxy_config="/usr/local/etc/tinyproxy.conf"}
    
    # pidfile=${tinyproxy_pidfile}
    # command=/usr/local/sbin/tinyproxy
    # command_args="-c $tinyproxy_config 2> /dev/null"
    
    # run_rc_command "$1"
    
    

    Thank you for sharing your block page!



  • @marcelloc:

    False positive. I got the testing repo from e2guardian but compiled a 3.5.1 version instead of 4.1. :(

    I've include the dump of the crash on e2guardian git

    I could stop it from crashing but did not had time to see why this 4.1.1 BSD amd64 e2g binaries is not intercepting ssl.

    Not sure if all http workers from 4.1.1 needs to be running or it's something that will happen with traffic.

    https://github.com/e2guardian/e2guardian/pulls



  • @marcelloc:

    @marcelloc:

    False positive. I got the testing repo from e2guardian but compiled a 3.5.1 version instead of 4.1. :(

    I've include the dump of the crash on e2guardian git

    I could stop it from crashing but did not had time to see why this 4.1.1 BSD amd64 e2g binaries is not intercepting ssl.

    Not sure if all http workers from 4.1.1 needs to be running or it's something that will happen with traffic.

    https://github.com/e2guardian/e2guardian/pulls

    Great we're making progress. Your pull was merged. :)

    Don't worry, look at it when you have time. I'm very happy to see so much interest in E2Guardian now. Even at the stage it's in, it's way surpassed what SquidGuard could even hope to achieve.

    That being said. On 4.1.1 the 'error too many redirects' issue was fixed and Philip Pearce, blamed the time out for Squid etc. I've tried messing with it, but still get the message from time to time although less so now after increasing time out to 60 secs.



  • @Cino:

    I can't remember what I did but I think I commented out a few lines in /usr/local/etc/rc.d/tinyproxy so it wouldnt started

    
    #!/bin/sh
    
    # $FreeBSD: branches/2017Q1/www/tinyproxy/files/tinyproxy.in 340872 2014-01-24 00:14:07Z mat $
    #
    # PROVIDE: tinyproxy
    # REQUIRE: LOGIN
    #
    # Add the following lines to /etc/rc.conf.local or /etc/rc.conf to enable tinyproxy:
    # tinyproxy_enable (bool): Set to "NO" by default.
    #                          Set it to "YES" to enable tinyproxy 
    # tinyproxy_config (path): Set to "/usr/local/etc/tinyproxy.conf" by default.
    
    . /etc/rc.subr
    
    name="tinyproxy"
    rcvar=tinyproxy_enable
    
    load_rc_config $name
    
    # Make sure the pidfile matches what's in the config file.
    : ${tinyproxy_enable="NO"}
    : ${tinyproxy_pidfile="/var/run/tinyproxy.pid"}
    : ${tinyproxy_config="/usr/local/etc/tinyproxy.conf"}
    
    # pidfile=${tinyproxy_pidfile}
    # command=/usr/local/sbin/tinyproxy
    # command_args="-c $tinyproxy_config 2> /dev/null"
    
    # run_rc_command "$1"
    
    

    Thank you for sharing your block page!

    No problem, happy to give back to the community! :)

    I'm not an expert with this, so I went with the safest method and set the bool tinyproxy_enable "NO" at the end of the script. Now Tinyproxy doesn't start up anymore! :D



  • @pfsensation:

    No problem, happy to give back to the community! :)

    I'm not an expert with this, so I went with the safest method and set the bool tinyproxy_enable "NO" at the end of the script. Now Tinyproxy doesn't start up anymore! :D

    That works too =D, and a lot cleaner/safer



  • Added e2guardian4 to Unofficial repo  8)

    tinyproxy may not install by default.

    Also testing on 2.4(looks faster)

    But I'm seeing only one e2guardian process. I'm not sure if it's the correct behavior or still has things to fix to run correctly under Freebsd




  • @marcelloc:

    Added e2guardian4 to Unofficial repo  8)

    tinyproxy may not install by default.

    Also testing on 2.4(looks faster)

    But I'm seeing only one e2guardian process. I'm not sure if it's the correct behavior or still has things to fix to run correctly under Freebsd

    Does SSL interception and all work? Are the bugs you found squashed? Is the dependencies in the package manager meant to be  e2guardian_35-3.5.1? It seems exactly the same as the old 3.5.1 version, but I haven't installed it yet.

    Also it's threaded now right? Maybe that's why you're seeing only one process.

    EDIT: So I ended updating E2Guardian via SSH by typing "13". Now it won't even start up. I am getting this error in logs

    /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Shared object "libssl.so.9" not found, required by "e2guardian" /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian'
    

    Also pfsense doesn't seem to be able to load the repo anymore. :(

    Error:

    
    >>> Updating repositories metadata...
    Updating Unofficial repository catalogue...
    Fetching meta.txz: . done
    Fetching packagesite.txz: . done
    Processing entries: . done
    Unofficial repository update completed. 8 packages processed.
    Updating pfSense-core repository catalogue...
    pkg: Repository pfSense-core load error: access repo file(/var/db/pkg/repo-pfSense-core.sqlite) failed: No such file or directory
    pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-core/meta.txz: No route to host
    repository pfSense-core has no meta file, using default settings
    pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-core/packagesite.txz: No route to host
    Unable to update repository pfSense-core
    Updating pfSense repository catalogue...
    pkg: Repository pfSense load error: access repo file(/var/db/pkg/repo-pfSense.sqlite) failed: No such file or directory
    pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-pfSense_v2_3_4/meta.txz: No route to host
    repository pfSense has no meta file, using default settings
    pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-pfSense_v2_3_4/packagesite.txz: No route to host
    Unable to update repository pfSense
    Error updating repositories!
    
    

    Being kinda screwed and out of choices… I changed Squid's port to 8080. Otherwise I get no connection at all, due to WPAD and settings on devices.



  • @pfsensation:

    Does SSL interception and all work?

    Yes.

    @pfsensation:

    Are the bugs you found squashed?

    Not sure yet. youtube looks like was working better with 3.5 but it's to early to make a conclusion about it. I've tested only few minutes

    @pfsensation:

    Is the dependencies in the package manager meant to be  e2guardian_35-3.5.1? It seems exactly the same as the old 3.5.1 version, but I haven't installed it yet.

    Maybe because both are e2guardian packages. To change it on ports to a e2guardian4 takes some time

    @pfsensation:

    Also it's threaded now right? Maybe that's why you're seeing only one process.

    Yes, I need to test it to see how far it can go  with processing multiple cores, memory and throughput

    @pfsensation:

    EDIT: So I ended updating E2Guardian via SSH by typing "13". Now it won't even start up. I am getting this error in logs

    /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Shared object "libssl.so.9" not found, required by "e2guardian" /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian'
    

    e2guardian4 needs openssl. On my 2.4 test vm it installed as a dependence. I'll test again on a clean 2.3
    you can try pkg install openssl from console

    @pfsensation:

    Also pfsense doesn't seem to be able to load the repo anymore. :(

    Error:

    
    pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-core/meta.txz: No route to host
    pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-core/packagesite.txz: No route to host
    pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-pfSense_v2_3_4/meta.txz: No route to host
    pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-pfSense_v2_3_4/packagesite.txz: No route to host
    
    

    I've removed the previous package and then installed the e2guardian4 package

    I have no idea why you are getting no route to host.



  • Also, the gui package files form 3.5.1 to 4 are different (e2guardian to e2guardian4)

    • pfSense-pkg-E2guardian-0.9.2.txz

    • pfSense-pkg-E2guardian4-0.1.txz

    EDIT

    Got this removing 3.5.1 and then instaling 4

    >>> Installing pfSense-pkg-E2guardian4... 
    Updating Unofficial repository catalogue...
    Fetching meta.txz: . done
    Fetching packagesite.txz: . done
    Processing entries: . done
    Unofficial repository update completed. 8 packages processed.
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up to date.
    Updating pfSense repository catalogue...
    pfSense repository is up to date.
    All repositories are up to date.
    The following 3 package(s) will be affected (of 0 checked):
    
    New packages to be INSTALLED:
    	pfSense-pkg-E2guardian4: 0.1 [Unofficial]
    	e2guardian: 4.1.1 [Unofficial]
    	openssl: 1.0.2l,1 [Unofficial]
    
    Number of packages to be installed: 3
    
    The process will require 15 MiB more space.
    3 MiB to be downloaded.
    [1/3] Fetching pfSense-pkg-E2guardian4-0.1.txz: ...... done
    [2/3] Fetching e2guardian-4.1.1.txz: .......... done
    [3/3] Fetching openssl-1.0.2l,1.txz: .......... done
    Checking integrity... done (0 conflicting)
    [1/3] Installing e2guardian-4.1.1...
    [1/3] Extracting e2guardian-4.1.1: .......... done
    [2/3] Installing pfSense-pkg-E2guardian4-0.1...
    [2/3] Extracting pfSense-pkg-E2guardian4-0.1: .......... done
    Saving updated package information...
    done.
    Loading package configuration... done.
    Configuring package components...
    Loading package instructions...
    Custom commands...
    Executing custom_php_install_command()...Checking E2guardian Blacklists... One moment please...Hmm...  Looks like a unified diff to me...
    The text leading up to this was:
    --------------------------
    |--- /usr/local/www/pkg_edit.orig.php	2017-04-05 17:12:56.478730000 -0300
    |+++ /usr/local/www/pkg_edit.php	2017-04-05 17:13:51.614222000 -0300
    --------------------------
    Patching file /usr/local/www/pkg_edit.php using Plan A...
    Ignoring previously applied (or reversed) patch.
    Hunk #1 ignored at 656.
    1 out of 1 hunks ignored--saving rejects to /usr/local/www/pkg_edit.php.rej
    done
    Hmm...  Looks like a unified diff to me...
    The text leading up to this was:
    --------------------------
    |--- /usr/local/www/pkg.orig.php	2017-04-05 17:18:25.349676000 -0300
    |+++ /usr/local/www/pkg.php	2017-04-05 17:20:49.204578000 -0300
    --------------------------
    Patching file /usr/local/www/pkg.php using Plan A...
    Ignoring previously applied (or reversed) patch.
    Hunk #1 ignored at 329.
    1 out of 1 hunks ignored--saving rejects to /usr/local/www/pkg.php.rej
    done
    

    iniciodone.
    Executing custom_php_resync_config_command()...```
    iniciodone.
    Menu items... done.
    Services... done.
    Writing configuration... done.
    [3/3] Installing openssl-1.0.2l,1...
    Extracting openssl-1.0.2l,1: .......... done
    Message from e2guardian-4.1.1:
    ===>  Please Note:


    This port has created a log file named e2guardian.log that can get
          quite large.  Please read the newsyslog(8) man page for instructions
          on configuring log rotation and compression.

    This port has been converted using old dansguardian-devel port
          Let me know how it works (or not). (Patches always welcome.)


    Message from pfSense-pkg-E2guardian4-0.1:
    Please visit Services - E2guardian Server menu to configure the package and enable it.
    Message from openssl-1.0.2l,1:
    Edit /usr/local/openssl/openssl.cnf to fit your needs.

    Cleaning up cache... done.
    Success

    
    


  • @marcelloc:

    Also, the gui package files form 3.5.1 to 4 are different (e2guardian to e2guardian4)

    • pfSense-pkg-E2guardian-0.9.2.txz

    • pfSense-pkg-E2guardian4-0.1.txz

    EDIT

    Got this removing 3.5.1 and then instaling 4

    >>> Installing pfSense-pkg-E2guardian4... 
    Updating Unofficial repository catalogue...
    Fetching meta.txz: . done
    Fetching packagesite.txz: . done
    Processing entries: . done
    Unofficial repository update completed. 8 packages processed.
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up to date.
    Updating pfSense repository catalogue...
    pfSense repository is up to date.
    All repositories are up to date.
    The following 3 package(s) will be affected (of 0 checked):
    
    New packages to be INSTALLED:
    	pfSense-pkg-E2guardian4: 0.1 [Unofficial]
    	e2guardian: 4.1.1 [Unofficial]
    	openssl: 1.0.2l,1 [Unofficial]
    
    Number of packages to be installed: 3
    
    The process will require 15 MiB more space.
    3 MiB to be downloaded.
    [1/3] Fetching pfSense-pkg-E2guardian4-0.1.txz: ...... done
    [2/3] Fetching e2guardian-4.1.1.txz: .......... done
    [3/3] Fetching openssl-1.0.2l,1.txz: .......... done
    Checking integrity... done (0 conflicting)
    [1/3] Installing e2guardian-4.1.1...
    [1/3] Extracting e2guardian-4.1.1: .......... done
    [2/3] Installing pfSense-pkg-E2guardian4-0.1...
    [2/3] Extracting pfSense-pkg-E2guardian4-0.1: .......... done
    Saving updated package information...
    done.
    Loading package configuration... done.
    Configuring package components...
    Loading package instructions...
    Custom commands...
    Executing custom_php_install_command()...Checking E2guardian Blacklists... One moment please...Hmm...  Looks like a unified diff to me...
    The text leading up to this was:
    --------------------------
    |--- /usr/local/www/pkg_edit.orig.php	2017-04-05 17:12:56.478730000 -0300
    |+++ /usr/local/www/pkg_edit.php	2017-04-05 17:13:51.614222000 -0300
    --------------------------
    Patching file /usr/local/www/pkg_edit.php using Plan A...
    Ignoring previously applied (or reversed) patch.
    Hunk #1 ignored at 656.
    1 out of 1 hunks ignored--saving rejects to /usr/local/www/pkg_edit.php.rej
    done
    Hmm...  Looks like a unified diff to me...
    The text leading up to this was:
    --------------------------
    |--- /usr/local/www/pkg.orig.php	2017-04-05 17:18:25.349676000 -0300
    |+++ /usr/local/www/pkg.php	2017-04-05 17:20:49.204578000 -0300
    --------------------------
    Patching file /usr/local/www/pkg.php using Plan A...
    Ignoring previously applied (or reversed) patch.
    Hunk #1 ignored at 329.
    1 out of 1 hunks ignored--saving rejects to /usr/local/www/pkg.php.rej
    done
    

    iniciodone.
    Executing custom_php_resync_config_command()...```
    iniciodone.
    Menu items... done.
    Services... done.
    Writing configuration... done.
    [3/3] Installing openssl-1.0.2l,1...
    Extracting openssl-1.0.2l,1: .......... done
    Message from e2guardian-4.1.1:
    ===>  Please Note:


    This port has created a log file named e2guardian.log that can get
          quite large.  Please read the newsyslog(8) man page for instructions
          on configuring log rotation and compression.

    This port has been converted using old dansguardian-devel port
          Let me know how it works (or not). (Patches always welcome.)


    Message from pfSense-pkg-E2guardian4-0.1:
    Please visit Services - E2guardian Server menu to configure the package and enable it.
    Message from openssl-1.0.2l,1:
    Edit /usr/local/openssl/openssl.cnf to fit your needs.

    Cleaning up cache... done.
    Success

    
    

    Okay, I've installed the SSL. Rebooted, got the package installer working then installed version 4.1. And it still wasn't starting, then I disabled "log client hosnames" in the general tab. And it started. So far it seems to be working. I'll keep you updated. Thanks for getting this working! :)

    EDIT: SSL interception isn't working. Do I need to edit that : /usr/local/openssl/openssl.cnf ?



  • @pfsensation:

    EDIT: SSL interception isn't working.

    Some config changes on this 4.1 are "asking" for a service restart.

    I'm using ssl interception, with basic authentication and the custom html error page working

    @pfsensation:

    Do I need to edit that : /usr/local/openssl/openssl.cnf ?

    No. That message is from the bsd package. Not related to e2guardian.



  • @marcelloc:

    @pfsensation:

    EDIT: SSL interception isn't working.

    Some config changes on this 4.1 are "asking" for a service restart.

    I'm using ssl interception, with basic authentication and the custom html error page working

    @pfsensation:

    Do I need to edit that : /usr/local/openssl/openssl.cnf ?

    No. That message is from the bsd package. Not related to e2guardian.

    I'm using IP Authentication and SSL interception / forging doesn't seem to work at all. Some configs seem to not load up correctly in the GUI until I saved them again, then their correct metadata loaded. I also tried rebooting etc. Didn't fix the SSL issue.



  • @pfsensation:

    I'm using IP Authentication and SSL interception / forging doesn't seem to work at all.

    I'll set ip Authentication to see if I get same result.

    I'm using squid as parent proxy to be able to use it's authentication.



  • @marcelloc:

    @pfsensation:

    I'm using IP Authentication and SSL interception / forging doesn't seem to work at all.

    I'll set ip Authentication to see if I get same result.

    I'm using squid as parent proxy to be able to use it's authentication.

    I'm also using Squid as a parent proxy, but no extra authentication on that. It's acting quite strange, but I definitely do feel that web pages are snappier. It doesn't feel like everything is going through a proxy anymore. And memory usage so far has dropped by 15% for me, not sure if that's because of SSL issue though.


Log in to reply