Client-Side BEV_EVENT_ERROR about utmfw HOT 13 OPEN

That happens for more than a couple of reasons. But the most probably one is that your web browser may be rejecting the certificates forged by SSLproxy. If that's the case, you should download the CA certificate used by SSLproxy and install it to your browser. If you are using your smartphone, then it may be more difficult, and you may need to bypass SSLproxy by adding one or more SSLproxy rules.

from utmfw.

Thanks for your reply,
the certificate is installed. I am using a windows 10 and debian machine. In Firefox and Edge i get the error ERR_EMPTY_RESPONSE.

It once worked, but it suddenly stopped working, i couldnt find the cause or difference in configuration. In pf the package gets through.

from utmfw.

I cannot recall the reason if/when I get ERR_EMPTY_RESPONSE on the browser. But most probably, in my case, it was either because the system time of UTMFW was off by a large margin (so certificates were being rejected), or an issue with user authentication.

Normally, I would enable debug logging in SSLproxy and inspect verbose logs. But you need to recompile sslproxy (on OpenBSD) for that and start it on the command line with the -D4 option.

It's hard to guess without further info.

from utmfw.

How would i recompile it? And is there something like a startup skript where utmfw starts the sslproxy?

from utmfw.

If it helps,
When i try to open a website i get these 3 lines in the logs:

289 | Mar 14 | 10:12:59 | sslproxy | ERROR | Client-side BEV_EVENT_ERROR
290 | Mar 14 | 10:12:59 | sslproxy | ERROR | Error from bufferevent: 60:Operation timed out 0:0:-:0:-:0:-
291 | Mar 14 | 10:12:59 | sslproxy | WARNING | Closing on ssl error without filter match: 10.156.200.101:52532,
18.66.139.69:443, -, -, firefox.settings.services.mozilla.com,
firefox.settings.services.mozilla.com/firefox.settings.services.mozilla.com

from utmfw.

Looking at the logs you have provided, I think that the server side of UTMFW is not connected to the Internet. Can you make sure the external interface is up and configured properly, and can reach the Internet? Also, make sure E2Guardian Web Filter and Snort IPS are also running? Any networking or routing changes on the server side? (If you have modified any configuration which may cause this but you don't remember, perhaps it would be easier to install UTMFW again to rule it out.)

Btw, first you need to install an OpenBSD 7 machine to compile sslproxy, then copy it to your UTMFW, and run it on the command line. (This may be too much to ask from ordinary users.) But if my guess above is correct, you probably don't need it anyway.

from utmfw.

I can reach the outside using ping, and i just added two pass rules for www and https to bypass filtering, and it works now. So it seems that the sslproxy or firewall is the problem.

from utmfw.

Could it be that i destroyed something by updating using pkg_add -u?

from utmfw.

Why would i need to recompile for log level 4? I can activate it in the sslproxy config.
I activated it and i still got the same 3 lines from above

from utmfw.

If adding some pf rules to bypass sslproxy solves the problem, I also think that either sslproxy, e2guardian, or snort is the problem. Or pf rules are broken (the traffic is diverted to those UTM software using pf rules).

You were not supposed to try to update the packages like that, because I build UTMFW from scratch, make release and everything, and UTMFW uses its own signify key pairs. And UTMFW does not support updating or upgrading, but just install. But I don't think you broke anything by doing that.

Log level 4 is very verbose, more than those 3 lines, and you can enable it in Mk/main.mk and recompile.

from utmfw.

The pf rules work, http/s are diverted to 8081 and 8443. Pf logs also say that they passed traffic into the sslproxy. I will look into recompiling and verbose logging later.

from utmfw.

Can you check the software versions and build dates of E2Guardian and Snort? You can find them on their Info pages on the WUI, or you can use the command line.

from utmfw.

i currently cant because i have decided to reinstall, but i have the image saved and will look at it later.

from utmfw.