NextSecurity can be installed on virtual machines or x86 hardware.
- Quickstart guide
- 2 ethernet network cards
- 1 GB of RAM
- 1 GB of disk
Download the x86_64 image.
The image should work both on machines with legacy and EFI BIOS.
To install the system you can choose between 2 alternative methods:
- write the downloaded image directly to the disk (recommended for virtual machines)
- boot from an USB stick (recommended for physical machines with Internet access)
You can use the downloaded image as a virtual machine disk:
- extract the downloaded image:
- create a new virtual machine and select the uncompressed image as disk
- boot the virtual machine
The image can be imported inside Proxmox.
First, make sure to have 2 different network bridges. In this example we are going to use
The described procedure can be also done using the Proxmox UI.
Create the virtual machine, in this example the machine will have id
qm create 401 --name "NextSecurity" --ostype l26 --cores 1 --memory 1024 --net0 virtio,bridge=vmbr0,firewall=0 --net1 virtio,bridge=vmbr1,firewall=0 --scsihw virtio-scsi-pci
Download the image:
Extract the image:
Import the extracted images a virtual machine disk:
qm importdisk 401 nextsecurity-22.03.3-x86-64-generic-ext4-combined-efi.img local-lvm
Attach the disk to the virtual machine:
qm set 401 --scsi0 "local-lvm:vm-401-disk-0"
Setup the boot order:
qm set 401 --boot order=scsi0
Finally, start the virtual machine.
NextSecurity can be run from a USB stick or installed directly to any bootable device like hard disks or SD cards.
- attach the target disk/stick/card to a desktop Linux machine
- find the disk/stick/card device name, in this example the device is named
rootuser, write the downloaded image to the device:
zcat nextsecurity-22.03.0-x86-64-generic-squashfs-combined.img.gz | dd of=/dev/sdd bs=1M iflag=fullblock status=progress oflag=direct
- unplug the disk/stick/card from the desktop and plug it into the server
- boot the server, select the correct device (USB, SD card or hard disk) from boot menu
- the server is installed and ready to be used
If you’re running a desktop Windows machine, you will need extra software for point 2. First, make sure to format the USB drive then unmount it. Use one of the following tools to write the USB stick:
Install from USB to disk
Since running from the USB stick does not guarantee best performances, you can also install NextSecurity to the hard disk while running it from the USB stick itself:
- make sure the server has Internet access
- connect to the server using VGA, serial console or SSH
- login with default credentials
ns-installand follow the instructions
Default network configuration
On first boot the system will try to configure the network interfaces.
As the default the network configuration will be:
- lan on first ethernet device with static address
- wan on second ethernet device with DHCP
An exception are virtual machines running on KVM and on Digital Ocean cloud provider (droplet). In this case the network configuration will be:
- lan on first ethernet device with DHCP
- wan on second ethernet device with DHCP
As default, only
root user exists.
You can use the
root user for all access methods listed below.
Default network configuration:
- static IP address on LAN device named
- dynamic IP address on WAN device, usually named
Web user interface
NextSecurity has 2 different web user interface:
- LuCI: standard OpenWrt web interface, some pages may cause unpredictable configuration changes (see below)
- NextSec: custom UI, this is just a prototype and can’t be used to configure the system
Both user interfaces listen on port 443 (HTTPs):
- LuCI is accessible at
- NextSec is accessible at
The following sections/options should not be changed from the web interface:
- Flashstart firewall rules
- OpenVPN instances starting with
- XFRM network interfaces
- HTTP(S) access
- opkg configuration
- Adblock configuration
Ad default, the system accepts SSH connections on standard port
root user and default password.
From a Linux machine use:
If the machine has a VGA/DVI/HDMI video port, connect a monitor to it. Then will be able to login to the console using default credentials above.
Please note that the system is configured with
US keyboard layout.
To temporary change current keyboard layout to Italian, login to the system then execute:
loadkmap < /usr/share/keymaps/it.map.bin
Keyboard layout configuration can be saved by writing the keymap code inside
echo 'it' > /etc/keymap grep -q /etc/keymap /etc/sysupgrade.conf || echo /etc/keymap >> /etc/sysupgrade.conf
To obtain the list of available keymaps execute:
ls -1 /usr/share/keymaps/ | cut -d'.' -f1.
Other keymaps can be generated from a CentOS machine with the following command:
loadkeys -b it.map.gz -u -q >it.map.bin