DansGuardian - Blocking VPN



  • We have a VPN that we are using for VOIP traffic, and DansGuardian is blocking it and I cannot figure out how to get it unblocked.

    I've finally figured out how to get DansGuardian to load its Blacklist file (the URL Blacklist file from urlblacklist.com to start with), but I'm not even sure that's working because I can still go to sites like:

    http://www.bovada.lv/

    AFAIK, I've got DansGuardian, and Squid all in and working together correctly.  I can see the sites I visit (or try to visit) in the DansGuardian log, and the Squid log.  DansGuardian just doesn't appear to be loading the blacklist properly, nor is it reading from the exception list as it says it should.  In the Exception "Sites" list I uncommented the line:

    *ip

    And then added the IP address of our VPN, and I still cannot access it.

    Running PFSense 2.1.5-RELEASE (amd64)
    built on Mon Aug 25 07:44:45 EDT 2014
    FreeBSD 8.3-RELEASE-p16

    With
    DansGuardian:  2.12.0.3_2 pkg v.0.1.12
    Squid: 2.7.9 pkg v.4.3.4

    TIA



  • OK, managed to figure out why Blacklist did not load.  I had a "partial" list that Firefox didn't warn me aborted during the download process.  I found that out by trying to open the list, WinZip tried to gunzip it and failed, reported premature EOF.  I downloaded again from:

    http://urlblacklist.com/?sec=download

    and I had to try a couple times to be sure this time I got a complete file.  Don't know why that times out sometimes, busy I guess.

    But, I still have my 2nd problem which is that our VPN won't work while using DansGuardian.  Anybody have any ideas on that?



  • Figured out how to "Unblock" the VPN.  I had to add a NAT rule, and move it before the "General" rule that defined our transparent proxy.  The general rule sent all port 80 traffic to DansGuardian for filtering, now the specific rule for the VPN takes traffic for that and basically leaves it alone (pretty much all we cared about was port 80, it's how we connect and monitor our phones which are soft phones).  The phone traffic itself, being UDP was unaffected.



  • @scottd:

    OK, managed to figure out why Blacklist did not load.  I had a "partial" list that Firefox didn't warn me aborted during the download process.  I found that out by trying to open the list, WinZip tried to gunzip it and failed, reported premature EOF.  I downloaded again from:

    http://urlblacklist.com/?sec=download

    and I had to try a couple times to be sure this time I got a complete file.  Don't know why that times out sometimes, busy I guess.

    But, I still have my 2nd problem which is that our VPN won't work while using DansGuardian.  Anybody have any ideas on that?

    Do you have a subscription? Is so, let them know… If not, then its their way of of saying you need a subscription  ::)


Log in to reply