NethSecurity - additional packages

Hello everyone,

is it possible to add additional packages to the NethSecurity appliance via the opkg package manager ? Since NethSecurity is based on OpenWrt, I tried to integrate the OpenWrt repositories and install packages from them. However, an error message always appeared stating that the architecture is not supported.

Are there perhaps other repositories that I can integrate? I would like to run Tailscale on the NethSecurity appliance…

Thank you.

balombi

Welcome to the community Balombi!
Thanks for trying NethSecurity.

Sure, just add the upstream repositories following the instructions.
Than install what you need.

But looking quickly to the official repository I do not see any tailscale package.
Still, you can add custom repositories to /etc/opkg/customfeeds.conf

Tailscale has been removed from the official package list, see this issue.

Me too, same problem.

I’m trying to install Keepalived, but I’m running into an “unsupported kernel” error. I’ve tried both the stable release (NS 8-23.05.5-ns.1.3.0) and the developer release (NS 8-23.05.5-ns.1.3.0-21-gb5a2469e626), but neither seems to work.

Is there a specific Keepalived version that’s known to work with this kernel, or any other way to get it installed?

I know HA is planned for a future release, but I need to get Keepalived running on some critical installation now…

No, unfortunately, openwrt doesn’t support modversions. You need to rebuild the whole image if you need additional kernel modules.

Since the required modules will be included in a future release, your best option is to update to a development version as soon as they are available (probably within a month or two).

The quickest option is to rebuild.

4 Likes

@izuky you can try this prototype image: High availability stack · NethServer/nethsecurity@92d597c · GitHub

Just download the artifact. Beware, you must be logged into GitHub.

2 Likes

Oh my god thanks I’ll try it now.
If I don’t find any problems and put it into production, what problems will I have with the updates and the enterprise license?

If you update only packages, you should not have big issues.
But when you upgrade with an stable image, of course keepalived and conntrackd will be gone.

Thank you, I’m testing it and it works BUT:

The configuration is written without the virtual_ipaddress parameter.

Despite the configuration being correct:

Screenshot 2024-10-24 105807

Every time the service restarts, the file is overwritten without that configuration. Even if I manually modify the file (/etc/keepalived/keepalived.conf), it reverts back to the version without virtual_ipaddress after the next restart:

The only solution I found was to modify the /etc/init.d/keepalived file and add:

It’s working now.

I know you’re not too concerned about this right now, but this might save you some trouble when you develop it further.

Thanks again!"

PS:
I also tried installing the “luci-app-keepalived” package to try configuring it through the Luci interface and see if the problem still occurred, but even when setting it there, it is still ignored

3 Likes

Indeed, thanks for sharing it!

Just added it to the image, last build is here.

Thank you for this infromation :slight_smile: