NethSecurity Beta 1 is ready 🛡

NethSecurity
21

I can get that this hardware might not be suitable to NethSec. However
image
It checks all boxes.
Intel mainboard, intel chipset, intel CPU, realtek cards. Old stuff, but not “crap” and mostly… very well known hardware, not only for old age.
(I know, Realtek is not “that good” either, but is reliable enough, when the driver works)

Currently the requirements are satisfied, so should work. Or at least, help to create (for what it’s worth) a small user experience for bug solving (if there’s any) or improved system requirement list.

22

Hi @pike

Does OpenWRT work and recoginze all cards on that box (Out of box install)?
OpenWRTcan boot of USB, so it should be easy to test.

I’m just wondering…

My 2 cents
Andy

23

If it would be supported for more than 4 months I’d install NS 7.9 plus Firewall-related modules. For something to deliver, not for getting in touch with the new toy
OpenWRT do not interest me currently, and I don’t trust that much as development another firewall distro (which recently gained UEFI superpowers), but currently this other distro do not yet delivered expiration date.

Beta 1 test for me ends here, I hope for better luck in Beta 2.

24

Hi @pike

I’ve seen german clients insist on a 10 GBE equipped router / firewall.
Their main office has only 100 MBit/S connections (for a few more years!) - but they still want a 10 GBE capable box!

And yes, they have 3x 100 MBit/S bundled via routers for higher transfer speeds… :slight_smile:

Amusing, how some people think - and waste their money!

My 2 cents
Andy

25

I’d probably could do worse then them.
Maybe they don’t want a 10GBe routing switch for internal traffic? IDK. We are OT from few posts now.

26

Internal?

No, three 10 GBE NICs for their 3 connections, 5 other NICs for Internal. Some of their LANs do have 10 GBE capability. (Productive and Storage, but hardly any traffic between those two!) But the Internet? :slight_smile:

27

Howly schmackos. I did not get that, thanks for the clarification.

28

IN relation to Outgoing connections, It may not make sense, but in relation to even internal connections, it makes alot of sense actually.

Also, the fact that they have 3 100 Mbps connections is actually great,

for starters, if separate providers, then they have the advantage of failover,
secondly, the router would future proof on the organization
thirdly, they can do bonding and interesting traffic shaping/load balancing magic, to actually utilize the full 300 Mbps on the 100 Megs each. thats more complex to acheive, but doable, its what wmall ISP in Africa are doing…

29

In that place, only the national Telekom as provider. Just 3 for more Bandwidth.

And no magic in their LAN, just bad - or really, really bad planning.

A subnet /24 (256 hosts possible) for over 250 hosts.
Enlarged the subnet to /23, but forgot this onb half the hosts.
Also forgot to adapt the DHCP server range, not enough IP.
Then forgot the AD and file servers to adapt the fixed IP subnet - unreachable servers…

A few weeks later on, the same game with /22.

Also forgot half the important stuff (servers, switches, routers…).

And the boss handles this personally, when he is in vacation and does not have control - or is hardly reachable!

Just Chaos!

Sh*t happens

My 2 cents
Andy

30

I’ve create a temporary build: config: add support for some common network cards · NethServer/nethsecurity@7dee4dd · GitHub
If you have time, you can try the image downloading it by the end of the page, click on the x86_64-image artifact.
(Please note that the package will be automatically deleted in 5 days).

31

I can understand why, but I doubt I will be able to test again before saturday.
This is a UP for anyone that’s willing to use any kind of other adapters in this test setup.

32

@pike, download ans store it somewhere, then you have time to test.

33

Yes it is :slight_smile:

It’s still a bit rough, but it does it’s basic job: it allows to manage all connected firewall from a central point.

34

Hypothetically speaking, Couldn’t one modify this module, somehow and get it to connect to a Nethserver 7 instance, and have them communicating on the same network?! this will use the builtin OpenVPN module in Nethserver 7

From over the top look seems like it can do just that, from inner look. am not sure how complicated it might get.

@giacomo do you think its possible to modify this module to act as an OpenVPN connector between NEthserver 7 and Nethserver 8, so that they ar ein the same network, and AD in nethserver 7 can be reached by nethserver 8 using the internal AD Ip?

Coming to the initial question.

this ns8-nethsecurity controller, it is stated that a single nethserver instance can connect to multiple nethsecurity instances.

WHich is fine…

What about, multiple Nethserver Instances connecting to that NEthsecurity instance.

In this case, instead of using a controller, because those boxes are not acting as controller, we can have an nethsecurity Agent for NS8.

so basically, Add agent to NS8. using the same controller concept inside Nethsecurity, connect to NS8 Agent Node. then Allow for tunneling.

In this case, we are assuming, the 2 nethserver 8 instances are both cluster admin, and so are not connected to one another.

35

File cannot be actually downloaded unless I create a github account?
Or am I too coffee-short this morning and I did not found the correct way to download it?

36

Yes for the OpenVPN connection, but no for the remote administration.

You can do it manually with simple VPNs. In this case, it’s common to put a firewall in front of the server that does job.

You’re right, it seems the download link is not working without an account.

37

Bummer.

38

Bummer II: no spare account of github are available (makes sense, but whatever).

39

Still wasting Devs time trying any way to use NethSecurity Beta to migrate your NS7?

→ And 2 seperate ADs? Really a SME environment!

Why didn’t the SME plan a single AD?

Your Excuses are amazing sometimes!

My 2 cents
Andy

40

@Andy_Wismer as an engineer, you should very well know that trying to figure something out, if it has merits is not a waste of time, it actually helps alot of things.

ALot of things we have in this world exist because soeone once asked a question, and the prodcut, solution or resolution becomes the answer to that question.

Apart from NEthserver 8, there is actually a reasonable merit to my query as well as proposal. and i think @giacomo understands the need and the question at hand.

With every question i asked, and every reason i ask, its designed as both a user as well as from a developer point of view, After all, I am a Systems solutions architect for over 10 years now. and still have a long way to go, and alot more to learn from people that came before me.

No One and absolutely no one has mentioned anything about having 2 separate AD, it was with regards to 2 seprate NEthserver instances that are cluster admin.

the fact that a NEthserver instance is a cluster Admin, does not necessarily mean it must be or have an AD running, there are other uses to this. and with the discussion on vpn cluster interconenct with nethsecurity, its expanding on to this.

I know many Enterpise coporate and even SME who would use such features. especially those with multiple branches.

My Excuses get things Done, In relation to My NS7 migration, atleast i am doing something About it here: compgeniuses/ns8-goauthentik at certgen (github.com)

As indicated on the plan, I am working on an SSO module for Nethserver 8, its almost complete, Once i can validate it, ill deploy a new NEthserver 8 instance, INstall the SSO onto it, Migrate my AD to Nethserver 8, HAve the SSO module linked, Implement the NEw SSO into all systems i am using with SSO.

ATLEAST I AM DOING SOMETHING ABOUT IT ANDY

-MPOM-

1 Like