I am having difficulty getting the Tor connection to work.

I have ensured the Tor service is active and started and that the exit node country has been set. However, whenever I activate a profile using the Tor network via "Connection type" I loose connectivity.


I have also tried to send DNS queries over Tor using a "Direct connection" but that also fails with a DNS resolution error which leads me to believe the Tor network is not active or has stalled.

Thank you for any assistance.

Thank you for the great project.

According to the documentation, when unchecking "the box Use defined DNS as redirectors" on the Miscellaneous settings, the settings used in DNS 1 & 2 are ignored and DNS queries are not relayed. Further KB documentation says "DNS queries will be directly redirected to the root DNS servers on the Internet."

For clarification, is this essentially the same as "Unbound DNS"?

Also, in the DNS and Gateway settings page, under DNS 1 I have an entry 127.0.0.1 which I believe does in fact indicate Unbound DNS is active.

However, I am confused whether or not this entry is active or ignored due to the unchecked box mentioned above in Miscellaneous settings. Can I please have some clarification on these settings? Thank you

Hi, is there anything you've observed around switching from existing router network  over to keexy, on the same wifi SSID? On my iOS devices, the first time switching over to captive join of that SSID, it doesn't work well, and I had to disconnect and reconnect a couple times to get it to work, and at one point it complained about a "privacy" warning on the connection, alluded to self-signed. After forgetting connection and re-entering it, it went fine. It seems like a caching issue. I'm going to have many people reconnecting through Captive process to use our wifi, who will be on iOS devices, so I'm hoping there are some tips to make the process go more smoothly.  

Would a CA signed cert work much better?

Hopefully this will help somebody.  I had an old mini-pc, but no ARM-based pi device, so I recompiled for i386, and it SEEMS to work for the most part, although it was a giant pain.  Lack of a unified structure presents a lot of potential support issues, although I suppose it might give a nerd tons of opportunity for code customization.

I don't THINK I will use keexybox, even though it is a great idea, because it lacks more robust support for iptables like control over NAT, and I would also like to be able to enable and disable my filtering (for example: block child X until child X completes his homework, then unblock *roblox.com).  But otherwise, the interface is totally sweet.


--------------------------------------------
KEEXYBOX 20.10.2 install notes on i386 linux VM in VirtualBox 6.1:
----------------------------------------------------------

1) install i386 raspbios https://downloads.raspberrypi.org/rpd_x86/images/ - at the time I used
a recent version rpd_x86-2020-02-14.  Download and install ISO in virtualbox 6.1

2) make some OS changes:
a) disable IPv6 (https://www.techrepublic.com/article/how...-on-linux/)
you can disable in /etc/sysctl.conf:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
b) screen resolution, allow SSH
c) pi defaults to user 'pi', password is whatever you set, and you can 'sudo su' to root

3) in this version of the OS, PHP7.3 will install.  That is fine, but it creates issues for 2
packages, php-mcrypt (obsolete), and php-tcpdf (obsolete, but has backport)
a) to install php-tcpdf, edit /etc/apt/sources.list.  Add a source:
deb http://ftp.debian.org/debian/ buster-backports main
  then install the package:
apt install php-tcpdf
b) to install mcrypt, this is a bit harder, since there is no backport.
1. apt-get install php-dev libmcrypt-dev php-pear
2. pecl channel-update pecl.php.net
3. pecl install channel://pecl.php.net/mcrypt-1.0.2
4. edit /etc/php/7.3/cli/php.ini and add line 'extension=mcrypt.so'.
5. 'php -m | grep mcrypt' should return 'mcrypt'
6. ok, now, we need to tell keexybox to ignore the missing mcrypt package:
7. in install package (do this later, we havent created this yet), go in to
/keexybox-20.10.2/util/required_packages.conf and comment out
'php-mcrypt'

keexybox is for pi devices which use ARM architecture, not i386, so you cant use default packages. 
you must follow manual build process to create i386 binaries:
https://wiki.keexybox.org/doku.php/manual_installation

random problems I encountered:
---------------------------------------------------------
had to modify apache2.conf to keep apache from crashing:
Mutex posixsem

locked myself out, had to reset admin password (there seems to be a lack of documented support for CLI administration):
/opt/keexybox/keexyapp/bin/cake users UpdateAdminPassword <password>

booting hung with 'you are in emergency mode' - i screwed up my cdrom mount.  comment that line /dev/sr0
out of /etc/fstab

Hello everyone, I'm a new KeexyBox user (first day) and actually also a first time user of a Raspberry Pi.

Let me elaborate on my use case / requirements.

I have created a user for my son, and 2 profiles.

class-time profile is from the morning to evening with a blacklist to block him from youtube etc.

free-time profile is from the evening to night with no blacklist i.e. nothing blocked.

How can I apply both profiles to the same user? It seems that we're only allowed one profile per user.

   

   

   

Hi,

I am trying to install via terminal as opposed to the image.

Upon searching around it seems as though mysql-python is not supported in python3 and throws up various issues like

Hello,

I started using your product on a raspberry pi 4, it is working great.

1. What is the minimum Raspberry pi requirement? (Raspberry model, Ram, cpu)

2. Is there a docker image for the installation?  If not, what is required to create it?

Thanks.

Hi everyone,



A bit of a setup guides for newbies like me.

It took me a while to setup Keexybox mainly because I made it hard for myself.  I wanted to replicate:





with my router changed to:

 - IP address: 192.168.1.200/24;

 - I moved the DNS across to OpenDNS DNS entries:

  - 208.67.222.222 and 208.67.220.220

 until I setup a cron job to update the Blacklists.

I wanted the internal network to be: 10.0.0.0/24
and the output network to be: 192.168.1.0/24.



I thought it might be worthwhile showing what setups worked where you have two separate networks.



So Keexybox is:

 - eth0: 192.168.1.254;

 - etho:0: 10.0.0.1/24 for the input network, looks like (attachment: keexybox network screen 1.png)

and then your DHCP looks like attachments: keexybox dhcp screen 1.png and keexybox dhcp screen 2.png

I performed an update of the Raspberry Pi as well via bash shell:

Attached Files

Thumbnail(s)
           

Hello,



I am new to keexybox. I have set it in Use KeexyBox for website filtering only mode. The Wifi AP works fine and DHCP as well. I see my devices setup with DNS pointing to the keexybox-Raspi4. All devices but a few have been setup under a new profile 'kid' and I tried to limit the internet access time using the 'Connection schedules' attribute. I tried several different time constraints and none is stopping the internet traffic.

Even the Stop, pause internet buttons on the Devices Tab does not seem to do anything. The stats although is enabled is blank.

Internet traffic metering feature(s) have any dependency on TOR or captive portal?



I want to have simple time-limit per device/profile and sit block. please let me know what I am missing. I tried reading through the documents to understand how it is supposed to work, and I am not getting the answers for this.


2. One more thing, the keeyxybox web interface after login in as admin does show as offline "Disconnected from the internet" not sure why.

Thanks,

-Michael.

Hi everyone,

I'm not sure if this is a feature request or whether other users have found a solution.  Keexybox does most of what I am looking for and I'm a new raspberry pi user, so this may be a really easy request.

In addition to users/profiles/devices we can allocate time schedules from Monday to Sunday 00:00 to 23:59 each day, which is awesome.

What I'd like to also do is to be able to allocate to a user:
 - time alocation;
in addition to the time schedule above.

So I can allocated to:
 - a user;
 - a maximum of 4hrs internet / time allocation (day/week)

So I would allocate to a user:
 - a profile;
 - a time schedule;
 - a time allocation (4hrs/day total)

Looking forward to what people have to suggest.

Cheers,

Karl Angel.