Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Client-Side BEV_EVENT_ERROR #16

Open
bmjakobsen opened this issue Mar 10, 2022 · 13 comments
Open

Client-Side BEV_EVENT_ERROR #16

bmjakobsen opened this issue Mar 10, 2022 · 13 comments

Comments

@bmjakobsen
Copy link

HTTP/S Traffic doesnt work, i always get a BEV_EVENT_ERROR in the logs of the SSL-Proxy.

@sonertari
Copy link
Owner

That happens for more than a couple of reasons. But the most probably one is that your web browser may be rejecting the certificates forged by SSLproxy. If that's the case, you should download the CA certificate used by SSLproxy and install it to your browser. If you are using your smartphone, then it may be more difficult, and you may need to bypass SSLproxy by adding one or more SSLproxy rules.

@bmjakobsen
Copy link
Author

Thanks for your reply,
the certificate is installed. I am using a windows 10 and debian machine. In Firefox and Edge i get the error ERR_EMPTY_RESPONSE.

It once worked, but it suddenly stopped working, i couldnt find the cause or difference in configuration. In pf the package gets through.

@sonertari
Copy link
Owner

I cannot recall the reason if/when I get ERR_EMPTY_RESPONSE on the browser. But most probably, in my case, it was either because the system time of UTMFW was off by a large margin (so certificates were being rejected), or an issue with user authentication.

Normally, I would enable debug logging in SSLproxy and inspect verbose logs. But you need to recompile sslproxy (on OpenBSD) for that and start it on the command line with the -D4 option.

It's hard to guess without further info.

@bmjakobsen
Copy link
Author

How would i recompile it? And is there something like a startup skript where utmfw starts the sslproxy?

@bmjakobsen
Copy link
Author

If it helps,
When i try to open a website i get these 3 lines in the logs:

289 | Mar 14 | 10:12:59 | sslproxy | ERROR | Client-side BEV_EVENT_ERROR
290 | Mar 14 | 10:12:59 | sslproxy | ERROR | Error from bufferevent: 60:Operation timed out 0:0:-:0:-:0:-
291 | Mar 14 | 10:12:59 | sslproxy | WARNING | Closing on ssl error without filter match: 10.156.200.101:52532,
18.66.139.69:443, -, -, firefox.settings.services.mozilla.com,
firefox.settings.services.mozilla.com/firefox.settings.services.mozilla.com

@sonertari
Copy link
Owner

Looking at the logs you have provided, I think that the server side of UTMFW is not connected to the Internet. Can you make sure the external interface is up and configured properly, and can reach the Internet? Also, make sure E2Guardian Web Filter and Snort IPS are also running? Any networking or routing changes on the server side? (If you have modified any configuration which may cause this but you don't remember, perhaps it would be easier to install UTMFW again to rule it out.)

Btw, first you need to install an OpenBSD 7 machine to compile sslproxy, then copy it to your UTMFW, and run it on the command line. (This may be too much to ask from ordinary users.) But if my guess above is correct, you probably don't need it anyway.

@bmjakobsen
Copy link
Author

I can reach the outside using ping, and i just added two pass rules for www and https to bypass filtering, and it works now. So it seems that the sslproxy or firewall is the problem.

@bmjakobsen
Copy link
Author

Could it be that i destroyed something by updating using pkg_add -u?

@bmjakobsen
Copy link
Author

Why would i need to recompile for log level 4? I can activate it in the sslproxy config.
I activated it and i still got the same 3 lines from above

@sonertari
Copy link
Owner

If adding some pf rules to bypass sslproxy solves the problem, I also think that either sslproxy, e2guardian, or snort is the problem. Or pf rules are broken (the traffic is diverted to those UTM software using pf rules).

You were not supposed to try to update the packages like that, because I build UTMFW from scratch, make release and everything, and UTMFW uses its own signify key pairs. And UTMFW does not support updating or upgrading, but just install. But I don't think you broke anything by doing that.

Log level 4 is very verbose, more than those 3 lines, and you can enable it in Mk/main.mk and recompile.

@bmjakobsen
Copy link
Author

bmjakobsen commented Mar 14, 2022

The pf rules work, http/s are diverted to 8081 and 8443. Pf logs also say that they passed traffic into the sslproxy. I will look into recompiling and verbose logging later.

@sonertari
Copy link
Owner

Can you check the software versions and build dates of E2Guardian and Snort? You can find them on their Info pages on the WUI, or you can use the command line.

@bmjakobsen
Copy link
Author

i currently cant because i have decided to reinstall, but i have the image saved and will look at it later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants