NethSec 8 RC2-2 impressions

That’s not a typo on the title.
Too many things are working… not as documentation says, some of UI parts are “working-ish”) so RC seems more a hope than a real status.

I downloaded a file named nethsecurity-8-23.05.3-ns.0.0.5-rc2-x86-64-generic-squashfs-combined-efi.img.gz from the link @giacomo provided into announcement. Tried to install, following documentation. And that’s what it’s stated.

When you first boot NethSecurity, the system will try to configure the network interfaces.
By default, the network configuration will be as follows:

The LAN interface will be configured with a static IP address of
The WAN interface will be configured to use DHCP to obtain an IP address from your ISP.

This do not represent what happened: 3 network cards: 2x RTL8139D 1x Realtek RTL8168; what actually appened, copying from the documentation, is.

When you first boot NethSecurity, the system will configure two network adapters.
By default, the network configuration will be as follows:

The LAN (GREEN) interface will be configured as a bridge populated with to the first NIC recognized by the system; bridge will be configured with a static IP address of 
The second NIC recognized will be configured as WAN (RED) using DHCP to obtain an IP address from your ISP.
Any other network card connected won't be assigned to any network zone or configured in any way. If any cable is connected to them you can find the port "not used" on switch counterpart.

The second version is a bit more useful…

  • from console, sysadmin cannot configure in any way adapters/zones/addresses, currently
  • more network card than 2? The exceeding ones will be not configured and won’t work at all (off the link led on the switch)
  • if you try to connect to any card that’s not part of the LAN bridge you cannot access… in any way. But if the documentation is correct, you save a lot of time when read.

Internet connection capability is set only if QoS is visited and the WAN/RED adapter is edited. Ok. How about QoS rules? There’s no way to define bandwith limits for any application? Only via…
shell? I can understand the controller/controlled scenario, but at least the … QoS dashboard for the current rules and some hints about change it?

Dashboard is really nice, however some tuneup might could make it nicer.
Internet connection, DPI-core, known hosts are not clickable, like other elements. But some are… newbies like asks themselves: why “some do, some don’t”?
System section tells people “change hostname”. Ok, it’s fine. How can I change system name? Makes sens to not edit if config is coming from controller, however… Why I can’t change it?
Dashboard shows if Multiwan is enabled. But if it’s not… network card or ip addresses are not shown.

Password: is mandatory only for devices to force default password change at first login, or it’s also mandatory for software?

After loading RC2, a “Bug & security fix” was available. Installed, that worked fine.
System update. It was an available option. It’s stated

New features are released with images. If a new image is available you can update the system to a new version. Alternatively upload a compatible firmware image.
This type of update will reboot the device (which will therefore not be reachable for a few dozen seconds) and then completely rewrites the firmware, preserving all the configurations. However it is recommended to save a configuration backup before proceeding with the upgrade.

I tried the update, but I completely didn’t get that:

  • there was indeed an update
  • and after firing the update sequence, the system, will automatically download, install, reboot without almost any message or update status.

Now the version reports Installed release: NethSecurity 8-23.05.3-ns.0.0.5-rc2-2-ge4b0cc1 (thus -2 into title), but i cannot fire in any way update check.

I receive however contraddictory messages…

New features are released with images. If a new image is available you can update the system to a new version. Alternatively upload a compatible firmware image.

  • Backup your configuration before updating your NethSecurity system
  • The current settings and configuration will be preserved

This is my suggestion for replacing the first part:

If a new image is available will be shown here.
You can update the system to this version; when updated is started, system will be automatically reboot without messages at the end of the installation.
Alternatively, you can upload a compatible firmware image.

I bet that can be rephrased even better.

Also: suggesting as nice practice to backup settings, however configuration will be preserved for the update… It’s only me getting “mixed signals” on how it’s better to behave?

Backup and restore. Only one configuration is allowed on NethSec. It’s a downgrade from NS7, and other devices allow multiple configuration. I am not into the condition to create a backup on the system, store it inside (like I’m probably gonna make a mess on reconfigure the system)… and roll back if something goes really wrong. As controller/controlled scenario, works. As a standalone system, is 10 years step back compared to appliances (some of them allow dual-firmware scenario as a fault tolerant option if the update goes sideways).

There are a lot of OpenWRT residuals. NTP servers (it’s necessary to have as default OpenWRT ones?) the default certificate (which still identifies as OpenWRT), logs (netdata[4913]: NETDATA_HOST_OS_ID_LIKE=lede openwrt)

Nice idea real time report. However… this fails because https://LANIP:19999 doesn’t work as default configuration. If something needs to be changed from default, state it into report page.
NetData is accessible (at contrary of both 443 and 9090 ports) only on LAN as default?

Notification part is completly missing. Will notifications be handled only from the controller I mean… at least the daily report via email, c’mon :wink:

I’m really clunky in getting a gist of this distro, but the edges are still rough and make bleed the adopters.

1 Like

Hi Pike
I can’t get your post and I would like to better understand the context of some activities. I didn’t quite grasp what you tested and how, for example why did you test the NTP server of a firewall?

It’s odd that you were unable to manage the interfaces; it’s the part that even sysadmins with little experience managed to handle more easily.
We did many training courses on NethSecurity 8 and it’s generally the easy section.

I also noticed there were difficulties in management via the console. I would like to emphasize that we have developed a very intuitive user interface; I ask you to use that. Console management should be done if you are familiar with OpenWrt subsystem.

Furthermore, I would like to highlight some points that could be further explored, such as the use of DPI filtering, configuring multi-WAN with custom policies, creating IPsec and OpenVPN tunnels, using OpenVPN’s road warrior mode, as well as configuring NAT/netmap and custom zones. These are the relevant parts; do you have time to try them out?

If you have suggestions on how to improve the documentation or if you would like to open a PR, it would be more than welcome.

Overall, I am confident that with your help, we can further improve the user experience and ensure greater clarity in communications and documentation. Thank you so far


Awful documentation as usual:
3 pages for the installation: Download, Installation, Credentials.
Why making it simple when you can make it complicated?

Lots of assumptions:

  • Install on bare metal: I hope the linux newbee has the /dev/sdd as the usb connection, else he might loose a disk.
  • Install on Proxmox:
    qm importdisk ... local-lvm => I have only ZFS to be able to use zpool scrub...
    qm set ... local-lvm => again, I have only ZFS
    – After ajusting those commands, I had a raw disk which I had to “Move Storage” to convert to qcow2.

But finally it booted.


Why don’t you do as everybody else and make an ISO file?


1 Like


Maybe because OpenWRT doesn’t have an ISO Image?


1 Like

Why are you so hungry? :slight_smile:
Please suggest improvements with PRs to documentario

TBH for alot of people even just normal documentation and organzations of such works because a big challenge, in regards to PR for documentation, isnt that a toll order for most, for the sake of the community.

i think he has documented and or highlighted above some things that could be added or imporved,

Maybe better asked him to daft it better here n the community, then a responsible party would maybe use that for a PR.

that way, we still get the new documentation updated, and the parties making suggestions for imporvements do not feel or have a significant work up their alley

Right but we need concrete improvement to the documentation, we can write them here and move on a pr. But we need specific suggestions

1 Like