That’s not a typo on the title.
Too many things are working… not as documentation says, some of UI parts are “working-ish”) so RC seems more a hope than a real status.
I downloaded a file named nethsecurity-8-23.05.3-ns.0.0.5-rc2-x86-64-generic-squashfs-combined-efi.img.gz
from the link @giacomo provided into announcement. Tried to install, following documentation. And that’s what it’s stated.
https://docs.nethsecurity.org/en/latest/install.html
When you first boot NethSecurity, the system will try to configure the network interfaces.
By default, the network configuration will be as follows:The LAN interface will be configured with a static IP address of 192.168.1.1. The WAN interface will be configured to use DHCP to obtain an IP address from your ISP.
This do not represent what happened: 3 network cards: 2x RTL8139D 1x Realtek RTL8168; what actually appened, copying from the documentation, is.
When you first boot NethSecurity, the system will configure two network adapters.
By default, the network configuration will be as follows:The LAN (GREEN) interface will be configured as a bridge populated with to the first NIC recognized by the system; bridge will be configured with a static IP address of 192.168.1.1 The second NIC recognized will be configured as WAN (RED) using DHCP to obtain an IP address from your ISP. Any other network card connected won't be assigned to any network zone or configured in any way. If any cable is connected to them you can find the port "not used" on switch counterpart.
The second version is a bit more useful…
- from console, sysadmin cannot configure in any way adapters/zones/addresses, currently
- more network card than 2? The exceeding ones will be not configured and won’t work at all (off the link led on the switch)
- if you try to connect to any card that’s not part of the LAN bridge you cannot access… in any way. But if the documentation is correct, you save a lot of time when read.
Internet connection capability is set only if QoS is visited and the WAN/RED adapter is edited. Ok. How about QoS rules? There’s no way to define bandwith limits for any application? Only via…
https://docs.nethsecurity.org/en/latest/qos.html
shell? I can understand the controller/controlled scenario, but at least the … QoS dashboard for the current rules and some hints about change it?
Dashboard is really nice, however some tuneup might could make it nicer.
Internet connection, DPI-core, known hosts are not clickable, like other elements. But some are… newbies like asks themselves: why “some do, some don’t”?
System section tells people “change hostname”. Ok, it’s fine. How can I change system name? Makes sens to not edit if config is coming from controller, however… Why I can’t change it?
Dashboard shows if Multiwan is enabled. But if it’s not… network card or ip addresses are not shown.
Password: is mandatory only for devices to force default password change at first login, or it’s also mandatory for software?
Updates
After loading RC2, a “Bug & security fix” was available. Installed, that worked fine.
System update. It was an available option. It’s stated
New features are released with images. If a new image is available you can update the system to a new version. Alternatively upload a compatible firmware image.
This type of update will reboot the device (which will therefore not be reachable for a few dozen seconds) and then completely rewrites the firmware, preserving all the configurations. However it is recommended to save a configuration backup before proceeding with the upgrade.
I tried the update, but I completely didn’t get that:
- there was indeed an update
- and after firing the update sequence, the system, will automatically download, install, reboot without almost any message or update status.
Now the version reports Installed release: NethSecurity 8-23.05.3-ns.0.0.5-rc2-2-ge4b0cc1
(thus -2 into title), but i cannot fire in any way update check.
I receive however contraddictory messages…
New features are released with images. If a new image is available you can update the system to a new version. Alternatively upload a compatible firmware image.
- Backup your configuration before updating your NethSecurity system
- The current settings and configuration will be preserved
This is my suggestion for replacing the first part:
If a new image is available will be shown here.
You can update the system to this version; when updated is started, system will be automatically reboot without messages at the end of the installation.
Alternatively, you can upload a compatible firmware image.
I bet that can be rephrased even better.
Also: suggesting as nice practice to backup settings, however configuration will be preserved for the update… It’s only me getting “mixed signals” on how it’s better to behave?
Backup and restore. Only one configuration is allowed on NethSec. It’s a downgrade from NS7, and other devices allow multiple configuration. I am not into the condition to create a backup on the system, store it inside (like I’m probably gonna make a mess on reconfigure the system)… and roll back if something goes really wrong. As controller/controlled scenario, works. As a standalone system, is 10 years step back compared to appliances (some of them allow dual-firmware scenario as a fault tolerant option if the update goes sideways).
There are a lot of OpenWRT residuals. NTP servers (it’s necessary to have as default OpenWRT ones?) the default certificate (which still identifies as OpenWRT), logs (netdata[4913]: NETDATA_HOST_OS_ID_LIKE=lede openwrt)
Nice idea real time report. However… this fails because https://LANIP:19999 doesn’t work as default configuration. If something needs to be changed from default, state it into report page.
Edit:
NetData is accessible (at contrary of both 443 and 9090 ports) only on LAN as default?
Notification part is completly missing. Will notifications be handled only from the controller I mean… at least the daily report via email, c’mon
I’m really clunky in getting a gist of this distro, but the edges are still rough and make bleed the adopters.