NethSecurity Install on Proxmox shield (doc error)

Hi NethSecurity,

Install on Proxmox:
Installation — NethSecurity documentation.

root@pve-1:/temp# qm importdisk 401 nethsecurity-23.05.0-x86-64-generic-squashfs-combined-efi.img.gz local-lvm

Gives error:
nethsecurity-23.05.0-x86-64-generic-squashfs-combined-efi.img.gz: non-existent or non-regular file

It should be with no .gz ?
qm importdisk 401 nethsecurity-23.05.0-x86-64-generic-squashfs-combined-efi.img local-lvm

root@pve-1:/temp# qm importdisk 401 nethsecurity-23.05.0-x86-64-generic-squashfs-combined-efi.img local-lvm
importing disk 'nethsecurity-23.05.0-x86-64-generic-squashfs-combined-efi.img' to VM 401 ...
  Rounding up size to full physical extent 320.00 MiB
  Logical volume "vm-401-disk-0" created.
transferred 0.0 B of 316.3 MiB (0.00%)
transferred 4.0 MiB of 316.3 MiB (1.26%)
transferred 316.3 MiB of 316.3 MiB (100.00%)
Successfully imported disk as 'unused0:local-lvm:vm-401-disk-0'



Victory !



Hello, about this alpha, i tried to test on proxmox but the IMG wont boot. (No bootable device)
I tried import as a disk and as a CD IMG. Both import wont boot. Any suggestion?

Did you enable the scsi0 device in the proxmox vm boot options?

1 Like

Yes, followed all the steps.

Hi @sarz4fun

As I wrote above, there is an error in the documentation; there is no .gz at the end of the image name in the qm command.


I think that this is not the only place to take out the .gz at the end of the image name…

Hi NethSecurity,

Also, why taking port 443 to access the manager page ???

Then after that how do you want to redirect port 443 to the webserver of another server ???

Errare humanum est, perseverare diabolicum

You can also access another “manager page” with:


Hi NethSecurity,

Installation — NethSecurity documentation.

By default, the network configuration will be as follows:

  • The LAN interface will be configured with a static IP address of
  • The WAN interface will be configured to use DHCP to obtain an IP address from your ISP.

Developers assume that testers will plug their test server directly into the internet because they also assume that you have more than one public IP address.

In reality, an ordinary tester has only one public IP address and he first checks on a virtual machine on his private network.

That is why the NethSecurity LAN interface will not have an IP address because, in the majority of cases, is already taken by the main server.


The NethSecurity makes the same assumption for Let’s Encrypt certificate and that is why I wrote that the package acme-dnsapi is missing… NethSecurity / Is there a Let's Encrypt possibility? - #5 by michelandre.

Same assumption for NS8b.

Again: Errare humanum est, perseverare diabolicum

1 Like

Did you use 401 as VM ID? If the answer is no you need to change the VM ID in the other commands too.
Do you have two network interfaces in your Proxmox server?

I followed the installation steps for proxmox (except of the appended .gz part) and it worked, so maybe one of the commands failed on your side.

Here are my proxmox hardware settings:

And the options:


The only difference Is my storage: local-zfs instead of local-lvm.
I think that i can’t import the image on zfs block storage… Maybe i have to dd the image…

I Will try again later.

Thank you for pointing it out, I’ve fixed the doc.

This is the default of OpenWrt and it seems to me a good default for real usage scenario: the first time you install a firewall, you probably will not have anything listens on port 443 on the public internet.

Still, you can change the port of the web user interface. It’s already documented inside the developer manual. But from you questions I got it’s hard to find it :wink: Added to the admin manual: Remote access — NethSecurity documentation

Not really: OpenWrt auto-configuration is much more complex than this, and it depends on the running hardware. The logic is buried inside the core code, but I’d say the developers assume the testers are using virtual machines.
There is a special logic for VMs:

  • QEMU: always use DHCP, eth0 is lan, eth1 is wan
  • Digital Ocean: always use DHCP, eth1 is lan, eth0 is wan

You’re right, there is a note about it in the manual. This is again a default from OpenWrt. We can change it for sure, but is there a really good static default IP address? I think most of use will try just without reading the doc :smiley:

12 posts were merged into an existing topic: NethSecurity / Is there a Let’s Encrypt possibility?

Solved for proxmox and ZFS…
I created a new disk manually.
dd the image on the disk
Started vm and boot now.

1 Like

I noticed that my proxmox Vm won’t show guest agent properties.
Quickly Downloaded qemu-ga last package on openwrt repo and works well.
Should be possibile to include the package in nethsec?

Is important for proxmox the guest agent.



Thanks for the suggestion, card added: Trello

1 Like

Package added.
It will be available since tomorrow inside the latest image.

1 Like

Is it resolved?