Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DansGuardian - Blocking VPN

    pfSense Packages
    2
    4
    1115
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scottd last edited by

      We have a VPN that we are using for VOIP traffic, and DansGuardian is blocking it and I cannot figure out how to get it unblocked.

      I've finally figured out how to get DansGuardian to load its Blacklist file (the URL Blacklist file from urlblacklist.com to start with), but I'm not even sure that's working because I can still go to sites like:

      http://www.bovada.lv/

      AFAIK, I've got DansGuardian, and Squid all in and working together correctly.  I can see the sites I visit (or try to visit) in the DansGuardian log, and the Squid log.  DansGuardian just doesn't appear to be loading the blacklist properly, nor is it reading from the exception list as it says it should.  In the Exception "Sites" list I uncommented the line:

      *ip

      And then added the IP address of our VPN, and I still cannot access it.

      Running PFSense 2.1.5-RELEASE (amd64)
      built on Mon Aug 25 07:44:45 EDT 2014
      FreeBSD 8.3-RELEASE-p16

      With
      DansGuardian:  2.12.0.3_2 pkg v.0.1.12
      Squid: 2.7.9 pkg v.4.3.4

      TIA

      1 Reply Last reply Reply Quote 0
      • S
        scottd last edited by

        OK, managed to figure out why Blacklist did not load.  I had a "partial" list that Firefox didn't warn me aborted during the download process.  I found that out by trying to open the list, WinZip tried to gunzip it and failed, reported premature EOF.  I downloaded again from:

        http://urlblacklist.com/?sec=download

        and I had to try a couple times to be sure this time I got a complete file.  Don't know why that times out sometimes, busy I guess.

        But, I still have my 2nd problem which is that our VPN won't work while using DansGuardian.  Anybody have any ideas on that?

        1 Reply Last reply Reply Quote 0
        • S
          scottd last edited by

          Figured out how to "Unblock" the VPN.  I had to add a NAT rule, and move it before the "General" rule that defined our transparent proxy.  The general rule sent all port 80 traffic to DansGuardian for filtering, now the specific rule for the VPN takes traffic for that and basically leaves it alone (pretty much all we cared about was port 80, it's how we connect and monitor our phones which are soft phones).  The phone traffic itself, being UDP was unaffected.

          1 Reply Last reply Reply Quote 0
          • C
            Cino last edited by

            @scottd:

            OK, managed to figure out why Blacklist did not load.  I had a "partial" list that Firefox didn't warn me aborted during the download process.  I found that out by trying to open the list, WinZip tried to gunzip it and failed, reported premature EOF.  I downloaded again from:

            http://urlblacklist.com/?sec=download

            and I had to try a couple times to be sure this time I got a complete file.  Don't know why that times out sometimes, busy I guess.

            But, I still have my 2nd problem which is that our VPN won't work while using DansGuardian.  Anybody have any ideas on that?

            Do you have a subscription? Is so, let them know… If not, then its their way of of saying you need a subscription  ::)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post