My first impressions of tnsr
These are my first impressions of tnsr, after installing it and reading the documentation. Full disclosure I didn't even start configuring my router yet.
First, the ubuntu installer allows you chose "tnsr" as the username, effectively locking you out of the system for shell access. No check or warning done whatsoever by the installer. Ouch.
Second: the tnsr user comes with a default password and is enabled by default over ssh... I am speechless. Insecure by default over the network. In 2022.
Third: getting the latest version, I spent 20 minutes on netgate's website looking for a download link (the download link sent to me via email was outdated by the time i got to testing it in my lab) and figured out the only way to download the new version was to place another order through the store... not only there's no indication of this anywhere in the documentation but it just feels like lazy design and counter-intuitive... how hard is it to implement a download section? or clarify the documentation?
Fourth: Updating. The documentation page here https://docs.netgate.com/tnsr/en/latest/updating/updating.html is confusing to say the least. It is completely unclear what needs to be done when and in what order. Do i need to do everything? Some sections? Only one? It depends? If the easiest way to update tnsr is with the cli
tnsr# package upgradethen why confuse the user with operating system update documentation? Why not have it on a different page?
My first hour with tnsr left a bad taste in my mouth but I am convinced the core routing software is excellent.
Nonetheless, those issues show a lack of polish and attention to details
Hope you guys address those minors issues
@raph Thanks for your feedback.
To clarify some of the questions you've raised here:
I will test this and create a bug report to see what can be done there. I, myself, am not certain what restrictions we can place in the Ubuntu installer regarding valid usernames, but if there is a way to prevent that from happening, we'll see what we can do.
SSH is only listening on the host interface. This interface should be on a trusted private network. Of course it is best practice to change the default password immediately, but there are very few reasons that this interface should be exposed to the internet at any time, let alone on first install and boot up. Of course, it is always an option to use a VM console, VGA, or serial connection to access the system prior to connecting it to the local network in order to change the password.
The Home+Lab evaluation ISO can be downloaded by placing a $0 order in the Netgate shop here: https://shop.netgate.com/products/tnsr-software-subscription
The upgrade documentation accounts for several scenarios that may be applicable to different TNSR users. For example, in-place upgrades of TNSR related packages are not applicable to Home+Lab users because a paid subscription is required, but the base operating system can be upgraded. Alternatively, some users may manage a single TNSR instance via the TNSR CLI, while others appreciate scripts to be executed via the REST API. Given the wide range of TNSR use-cases, various upgrade scenarios must be accounted for. While we always strive to keep the documentation as clear as possible, we appreciate your feedback and will look into whether there are any ways to improve. Please feel free to continue to provide any suggestions/feedback.
Thanks again for your input and for being a TNSR user. We are committed to making the TNSR experience as smooth as possible, and feedback like yours goes a long way towards that goal.