E2Guardian in PfSense

[Charles Hack]

Is possible install E2Guardina in PfSense.

[jetsyste...@gmail.com]

On Monday, June 20, 2016 at 9:18:13 AM UTC-4, Charles Hack wrote:
> Is possible install E2Guardina in PfSense.

Yes. But the current FREEBSD port does not have SSL MITM turn on, I think it is using all the compilation defaults.

Refer to this thread for the instructions. Goto the last pages.
https://forum.pfsense.org/index.php?topic=87526.180

[Forid Snm]

Is there any step by step up-to-date guide yet?  

[jetsyste...@gmail.com]

On Monday, June 20, 2016 at 9:18:13 AM UTC-4, Charles Hack wrote:

> Is possible install E2Guardina in PfSense.

1. Create a virtual machine with FreeBSD 10.3 or the same version of your pfsense's FreeBSD.
Make sure it has Internet access and connectivity to your pfsense machine

2. Fetch e2guardian from FreeBSD ports
# pkg add http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/e2guardian-3.4.0.3.txz
Fetching e2guardian-3.4.0.3.txz

3. Please have a look at https://www.freshports.org/www/e2guardian/ - by default SSL=off: by default- you need to switch it on.
# portsnap fetch extract update && cd /usr/ports/www/e2guardian
# make config
At this stage you need to check SSL to build e2g with SSL support or check other build options you need.
# make install clean

4. Create package for personal use.
# make package
But it says to run "portlint -CN" and that gives an error.
That portlint is only relevant if your developing a package yourself.
In this case your compiling an existing package and probably safe to ignore the portlint 'error' about to much files and cleanup to be done..

5. Copy the created package to your pfsense machine.
If your FreeBSD virtual machine does not have a web server then use ftp or scp to transfer the file
If your FreeBSD virtual machine has a web server that can serve the package you can repeat step #2 using the corresponding path.

6. Install package
If you copied the package using the web server method the package is already installed.
If you copied the package by other means then install package
#pkg add pkgcopiedpath

There is a procedure to install a GUI for e2guardian but I do not recommend it because it was made for a really older version of e2g.

There is another problem that has to be addressed. The mitm error page is made for apache as main web server.
pfsense uses gnix as main web server, so you have to configure e2g to use another web server or find a way to use gnix.
I use other web server so I can not help you with the gnix option.

It wont be easy to use the gnix. I think you will have to change the pfsense https web site to use other ssl port
as e2g will need the default ssl port to serve the error page. Before there where vhosts package available but now you have to do it.

[marcello...@gmail.com]

I'm finishing the package update for pfSense 2.3.x.

First I'll publish it as non official package on:

https://github.com/marcelloc/Unofficial-pfSense-packages

the install process is simple as run a script on console/ssh.

[jetsyste...@gmail.com]

On Monday, June 20, 2016 at 9:18:13 AM UTC-4, Charles Hack wrote:

> Is possible install E2Guardina in PfSense.

I looked into the script and see that it will install e2guardian from freebsd ports as is, with defaults.

If anyone wants to use mitm with e2g the defaults wont work.

I do not know if pfsense will let you run "make config" and then "make install" to activate the ssl support option.

I think it wont because "make" requires to have compilation packages in the system.