Hello everyone,
after a long break, I have recently put my eBlocker back into operation. With https/certificate support.
This has also worked wonderfully on my three test devices.
Until last Sunday.
I performed a manual update in the afternoon and at some point later in the evening, I noticed that the behavior of the pages accessed had changed slightly compared to the previous days. The dashboard icon was suddenly no longer displayed on some websites, even though I had seen it the day before...
Anyway...
In the "Function test" dashboard, "Website filtering (HTTPS)" is suddenly displayed with a red exclamation mark. And that on all three devices. This was definitely not the case the day before.
The behavior can be seen in Firefox as well as in Edge or Chrome.
I have since created a new certificate and distributed / installed it again, but unfortunately this does not change the error pattern.
I'm currently at a bit of a loss...
Thank you and best regards, Wanninger
@wanninger I wouldn't worry too much: As long as the eBlocker Icon / the Controlbar is displayed everything is fine.👍
Otherwise please check if the Certificate is expired (which is valid for 3 years by default). Then eBlockerOS automatically generates a new Certificate that needs to be installed again. Check Settings> HTTPS > Tab Certificate.
Or maybe just the Function Test needs improvement 🤔
THX!
Well, let's put it this way:
After commissioning the weekend before last, the three test clients (one smart phone and two Linux desktops) all ticked green. Even the one that is now red on all three test clients.
This worked until last Sunday afternoon. Since then, the red exclamation mark has been displayed on all three test clients.
The eBlocker/Dashboard icon was always displayed on https://eblocker.org and now, since the update/restart on Sunday afternoon, it is no longer displayed.
Surely there is a reason for this and it is not a coincidence...
Currently there are still a few sites where the eBlocker icon is displayed and there are also other sites where it was always displayed and since Sunday suddenly no longer - see eblocker.org .
Unfortunately, it also looks like the eBlocker is no longer filtering as accurately as it used to - that's a very imprecise way of putting it, of course - it just looks like this...
-Wanninger
@wanninger The icon might come from the browser's cache still. If there is no icon on eBlocker.org - you have an issue.
Please check the certificate validity as discussed above. This is not a general issue but surely something specific to your setup!
THX!
ok, different then.
I have already dealt with the certificate issue. I had already created a new certificate on 20.01. and imported it everywhere. After it suddenly stopped working properly on Sunday, I created a new one and distributed it again. Unfortunately without any change. I have already gone through the number.
I also checked the cache issue - that wasn't it either.
Since you/I can't check anything else here, I'll set up the VM-eB again. I'll get back to you when I have something new.
Thank you
@wanninger Thanks for the new info that you have created a new certificate on Saturday Jan 20 - and the HTTPS issue started the following Sunday. 💡 That's for sure the cause of trouble!
I see no reason at all to set up eBlockerOS anew. You've probably just missed to grant root/CA status to the new certificate. I know, a correct certificate install is complicated unless you follow the instructions closely. In 99.9% of all HTTPS issues reported here in the forum, this is the cause btw...
Please check the instructions for your OSs here: https://eblocker.org/en/docs/storing-the-eblocker-certificate/
THX!
@wanninger Just checking back if you've resolved the issue, so we can mark the thread solved.
Otherwise I'm happy to help. Just let me know 👍
THX!
Now I have the proof in my hand.
Yesterday I reinstalled the second eB and configured it ready-to-use.
On my two test clients, all hooks were green, as already written. The eB icon was also visible again on all the pages I was familiar with. A few hours later and with average use, the red exclamation mark suddenly reappeared. At the same time, the eB icon disappeared again on many of the sites I was familiar with. Not on all of them, but on most of them. So the appearance definitely matches the appearance of my first eB.
I will now do a factory reset on the first eB, reconfigure it, take a snapshot and then see what happens.
There must be something that triggers the effect. It wasn't the updates as mentioned before...
@wanninger Please stick to one client and use Firefox as browser for a defined test environment.
If Function Test shows all green, click on the lock icon next left of the browser URL (i.e. when visiting eBlocker.org). In the dialog that's popping up click "Connection secure >". In the next window click "More information" on the very bottom of the dialog. The result looks like this:
Please then click on "View Certificate" and take a screenshot the result as well - and share the screenshots.
Repeat the very same once you see red in Function Test and the icon does not appear on the visited website.
Again: A new eBlockerOS install / Factory Rest makes no sense and is a waste of time. We'll find out the cause easily if you follow the instructions above.
THX!
I understand all that, but unfortunately the problem is that I can't get rid of the error once it's there. So far I have only managed to do this by reinstalling. A factory reset would be just another attempt. I really don't feel like reinstalling the eB a few more times, even if it's quick. That's why I snapshot the good case, then I can always go back to it until the real cause is clarified.
As soon as I can provide the screenshots I'll do that...
I was able to adjust it faster than I thought.
@wanninger Thanks for the screenshots.
Could you please run a "traceroute www.eblocker.org" on the linux console of your client when the icon is absent and post a screenshot of the results here.
Background: I suspect the traffic is not being passed to eBlocker for some reason. 🤔 Are you running eBlockerOS in Automatic Network Mode?
THX!
looks like that:
I try again:
Are you running eBlockerOS in Automatic Network Mode?
Can you confirm that HTTPS is red in Function Test at the very same time on the very same client where you've executed the traceroute above? Please repeat to double check.
What's the result of visiting http://ipv6.eblocker.org ?
What's your client's IP address?
Where is your DCHP server running?
Sorry for the many questions - but you've unfortunately missed to answer the standard questions when opening this thread. Now it requires much more info ping pong than usually to drill down 😥 Maybe it's a good idea to answer the questions first to avoid more back and forth...🤔
THX!
Can you confirm that HTTPS is red at the very same time on the very same client where you've executed the traceroute above?
--> 1. yes, 2. yes, 3. yes
What's the result of visiting http://ipv6.eblocker.org ?
-->see screenshot
Sorry for the many questions - but you've unfortunately missed to answer the standard questions when opening this thread.
--> sorry for that - my mistake - I didn't pay attention
Now it requires much more info ping pong than usually to drill down 😥 Maybe it's a good idea to answer the questions first to avoid more back and forth...🤔
--> You're absolutely right - promise to do better next time.
----------
...but honestly, what would I gain from telling nonsense or even inventing stories here - nothing. So everything I've said so far is to the best of my knowledge and belief.
----------
...but honestly, what would I gain from telling nonsense or even inventing stories here - nothing
??? Are you looking for support or for trouble?
Please just keep focused on the questions asked and stop these irrelevant remarks then everyone is gonna be more happy.👍
Nevertheless, I suspect you have a severe IP configuration / routing issue in your network.
Here is what we have so far:
- Routing shows two different internal network segments (=not a good idea, unless you know what you do).
- Internet router is 192.168.132.1 probably a /24 network.
- eBlockerOS is rather set to 192.168.100.99 on a /24.
- The Gateway set in eBlockerOS 192.168.100.254 is not used in routing at all.
- It's unclear how routing between the two networks 100–>132 takes place. 🤔
- DHCP is "external. Question where your DHCP server is running is open. Is this your router or a real/configurable DHCP server?
- Have you set eBlocker's IP as gateway address in this DHCP server as shown in the screenshot (please take a screenshot of the settings in your DHCP server) and share.
- Is your client set to use DHCP for IP configuration or fixed? Please share the clients settings (IP & Gateway) after receiving the DHCP lease or the fixed settings.
I honestly fear you are running two DHCP servers on your network. Please check the eBlocker Doctor (Settings> Doctor) which will probably report this.
To get this weird network setup straight, I'd suggest to
- set eBlocker's IP to a free IP in the 192.168.132.0/24 network, say 192.168.132.111
- set 192.168.132.1 as Gateway in eBlockerOS
- disable all DHCP servers (double check!)
- set eBlockerOS to run the DHCP server
- set the client to get it's IP config from DHCP server
- reboot the client to catch the new DHCP
Then you'll have a config that works for sure.
Last: I'd recommend not to set DNS to Tor as Tor is not always reliable which can result domain resolutions to delay or completely fail. Setting DNS to Tor is for very high privacy needs only.
THX!
Just came across this pretty loong thread and sorry, I don't want to interfere here, but maybe @wanninger just uses a client-/browser-side VPN/IP-anonymization (ie. Tor/Brave etc.)?
Then HTTPS check will be by-passed as well.
Indeed it's very unfortunate that you didn't share the infos asked in the README FIRST document and still ie. the question I have asked above (which is part of the README FIRST) is not answered. We have some experience finding configuration issues but that needs a clear sight of your configuration, which honestly I am still not having yet with this info puzzle.
Please keep your patience even if it's not easy in this case. You are doing great - and solution is probably close.
Thanks everyone and best regards,
Hi
I have now done the work again (it's not really much) and reset the eBlocker factory. Then I reconfigured the basic configuration, redistributed the certificate, installed it and then used FF and Edge.
As expected, everything was green.
I took a snapshot of this status to be on the safe side. After playing around in FF and Edge, I added some entries (HTTPS) to the exceptions in eB. After another check, the red exclamation mark was suddenly there again.
I quickly removed the exceptions, checked again and lo and behold, everything was green again.
Long story short, the culprit is the domain name
>> eblocker.org <<
As soon as this domain name appears in any exception list, the red exclamation mark appears - in my case 100% reproducible on two VBOX eBs.
@wanninger Well, this is a very well know configuration issue (@robf and others experienced in the past) and it's well documented here in the forum!
I was misled by your words
the eB icon disappeared again on many of the sites I was familiar with
which is simply wrong!
"Garbage in garbage out" IT professionals say 😉
Hope next time you open a request you stay with the facts and check the README first. Then we come to a very quick solution, for sure! 👍
THX!
Sorry I caused this extra work by not being accurate in my descriptions and not following the readme.
My statement was - from a technical point of view - definitely wrong.
However, if you look at the whole process that triggered my statement, it doesn't make it any more correct, but it does explain how it came about.
After the reinstallation, everything was fine at first and I had a whole series of pages that were displayed with icon. At some point afterwards, when the "HTTPS" was suddenly displayed in red, the eB icon had disappeared from most of the pages I checked.
The fact that this was all triggered at the same time by the takeover of the "Possible trusted apps" and/or "Suggested exceptions" has unfortunately only been on my screen since yesterday afternoon.
From the commercial time of the eB, when Tim was still supporting, I still have his statement in my head that not all sites can display the eB icon due to their structure (e.g. google). And that's still in my head today, actually until yesterday.
The whole explanation is not meant to be a justification, but merely to explain how my statement came about.
If I need support again, I will read the readme and check at least once more where the error could still be.
Regards
From the commercial time of the eB, when Tim was still supporting, I still have his statement in my head that not all sites can display the eB icon due to their structure (e.g. google).
With eBlockerOS 3 we have significantly improved the display of the icon. Now it should be always present unless the domain is on the HTTPS whitelist (like maybe Google for you?) of course. See the Release Notes and the section "Many ... improvements" in the corresponding blog post.
We took your support case as a chance to improve the README which now states the fact about the red HTTPS Function Test more clearly. Hope this helps others, who read the README first 😉
THX!