NanoKVM?
- Thread starter Greg_E
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
Im starting to research them as well. They have a pci version which may help move me off server hardware to consumer levels and save money.
seems like someone posted a video online about the security flaws and they are starting to address them. dont have the link at the moment but I believe it’s on the github for download software updates.
seems like someone posted a video online about the security flaws and they are starting to address them. dont have the link at the moment but I believe it’s on the github for download software updates.
Well, mine boots. Waiting for some cables and a bigger SD card before trying it, a 16GB card seems to be too small when I try to copy a 2GB image into the folder that wasn't present.
It does ask that you change the default password.
It does still have baked in DNS servers to 8.8.8.8, 8.8.4.4, and 192.168.0.1.
For whatever reason, it is not finding the update web site so I may need to figure out how to update the application manually.
I also need to go back through and read how to change the baked in DNS, if it is going to be a DHCP device, then I want it to use the DNS provided from the DHCP lease.
No where does it list the MAC address of this device, I ended up pulling it out of my firewall logs. Now I can set an IP reservation for it.
There is no where in the web gui to set a manual IP address or any other networking parameters.
There is no way to upload a bootable image from the web gui, you can try SCP but it almost looks like an after thought. I may try this after I get a larger card.
The Lite version (the one I bought) is currently on Amazon for $35 (plus the cost of an SD card). The price on the bigger version that comes with an SD card is at the same price as a JetKVM, and I think the JET is probably a better choice for the same dollars.
I'll have to see what I need to do to get this updated and working the way I want before I really condemn it. It might be nice, it might not, but it definitely is still a young product and needs to grow a little bit.
It does ask that you change the default password.
It does still have baked in DNS servers to 8.8.8.8, 8.8.4.4, and 192.168.0.1.
For whatever reason, it is not finding the update web site so I may need to figure out how to update the application manually.
I also need to go back through and read how to change the baked in DNS, if it is going to be a DHCP device, then I want it to use the DNS provided from the DHCP lease.
No where does it list the MAC address of this device, I ended up pulling it out of my firewall logs. Now I can set an IP reservation for it.
There is no where in the web gui to set a manual IP address or any other networking parameters.
There is no way to upload a bootable image from the web gui, you can try SCP but it almost looks like an after thought. I may try this after I get a larger card.
The Lite version (the one I bought) is currently on Amazon for $35 (plus the cost of an SD card). The price on the bigger version that comes with an SD card is at the same price as a JetKVM, and I think the JET is probably a better choice for the same dollars.
I'll have to see what I need to do to get this updated and working the way I want before I really condemn it. It might be nice, it might not, but it definitely is still a young product and needs to grow a little bit.
Make of that what you will. Definitely some security questions around NanoKVM.
Response to concerns about NanoKVM security · Issue #301 · sipeed/NanoKVM
In apalrd's recent video (https://www.youtube.com/watch?v=plJGZQ35Q6I), apalrd raised several security concerns regarding NanoKVM. We have carefully watched the video—some parts are fair, while oth...
github.com
That's the thread.
New cards arrived crushed and broken. But still playing with it for a little bit on the small card...
DNS seems to be broken! I can ping out to 8.8.8.8, but can not ping out to google.com or microsoft.com, nslookup fails as well.
Updates are not working (still) but I do see some IP entries as follows, this was not tied to any actions that I created, not tied to trying to get an update.
114.114.114.114
119.29.29.29
Use your favorite WhoIs to look them up if you want, they are in China.
Watching IP addresses through my firewall to try and see what it is doing. If I can't stop them, I may just block those connections. I can see the DNS requests, not even NTP (pool.ntp.org) is successful. I see requests for cdn.sipeed.com during the time frame where I was requesting the updates. I do not see any names that might be associated with the above IP addresses, so that's funny!
I think I need to unplug this for now, at least until I can get DNS and maybe get the update figured out. Not feeling very trusting right now.
New cards arrived crushed and broken. But still playing with it for a little bit on the small card...
DNS seems to be broken! I can ping out to 8.8.8.8, but can not ping out to google.com or microsoft.com, nslookup fails as well.
Updates are not working (still) but I do see some IP entries as follows, this was not tied to any actions that I created, not tied to trying to get an update.
114.114.114.114
119.29.29.29
Use your favorite WhoIs to look them up if you want, they are in China.
Watching IP addresses through my firewall to try and see what it is doing. If I can't stop them, I may just block those connections. I can see the DNS requests, not even NTP (pool.ntp.org) is successful. I see requests for cdn.sipeed.com during the time frame where I was requesting the updates. I do not see any names that might be associated with the above IP addresses, so that's funny!
I think I need to unplug this for now, at least until I can get DNS and maybe get the update figured out. Not feeling very trusting right now.
I'm not going to be able to fix the code, but I can certainly provide info that I see.
I should probably mirror the switch port and capture EVERYTHING to a server, I'll have to think about this and see what the best way to gather the data might be, my Mikrotik switch might be able to grab this stuff and spit it out to a USB drive, I'll look into this when I have time. But for right now, it is staying disconnected until at least Monday when the new card will be here and maybe I can figure out some fixes before then, and hopefully fixes that can be done before the first boot from a fresh image. Wish I had better Linux skills!
[edit] looks like the Torch tool in RouterOS will do what I want, or at least close to what I want. I'll have to figure it out.
I should probably mirror the switch port and capture EVERYTHING to a server, I'll have to think about this and see what the best way to gather the data might be, my Mikrotik switch might be able to grab this stuff and spit it out to a USB drive, I'll look into this when I have time. But for right now, it is staying disconnected until at least Monday when the new card will be here and maybe I can figure out some fixes before then, and hopefully fixes that can be done before the first boot from a fresh image. Wish I had better Linux skills!
[edit] looks like the Torch tool in RouterOS will do what I want, or at least close to what I want. I'll have to figure it out.
Last edited:
I think this is how I'm going to need to capture this, RouterOS has a sniffer built in, and among other things you can isolate a single physical port. Then I think I need to stream it out to Wireshark for collection.
I did ask Mikrotik if it's possible to just capture to a USB drive, waiting on a reply.
I did ask Mikrotik if it's possible to just capture to a USB drive, waiting on a reply.
I haven't forgotten about this, just haven't had time to fool with it again. Microtik no longer answers questions directly, they referred me to their forum. I think the best way to do this is packet filter on the switch, and stream that info back to wireshark on another computer. Need to get that set up.
Other computer will be my ClockworkPi uConsole with RaspberryPi cm4 and Parrot Security OS, this is one of the functions I bought this computer for, so might as well dig in and learn to use it. Only downside is that I only have USB to ethernet, so 100mbps max. They didn't expose the gigabit or PCIe on this device as the cm4/5 were an afterthought. I also have a Devterm but finding it hard to use these days without dropping another $80 on it for a cm4.
Other computer will be my ClockworkPi uConsole with RaspberryPi cm4 and Parrot Security OS, this is one of the functions I bought this computer for, so might as well dig in and learn to use it. Only downside is that I only have USB to ethernet, so 100mbps max. They didn't expose the gigabit or PCIe on this device as the cm4/5 were an afterthought. I also have a Devterm but finding it hard to use these days without dropping another $80 on it for a cm4.
I finally sat down and did some searching... The DNS was a mess with the first line looking at 192.168.0.1, it apparently never would skip to the next line of 8.8.8.8. This is why it couldn't update. the fix is from their github issues (because a forum is beyond their capacity?):
github.com
Edit this to set your preferred/required DNS servers, and it will finally get out. I'm not sure why they didn't just use the DNS provided from your DHCP server, the IP is handled by DHCP so the DNS really should have been handled this way too.
You may also need to turn on the "preview updates" to get the latest thing (currently version 2.2.6), not sure what it changed, still no http/https upload for images to the card, still no manual IP and DNS entry areas. But at least they are still working on it.
Uploading images at about 4-5 MBps over SCP (turn SSH on first).
In the 1.4.0 system image, it does default to forcing you to update the admin password before you can do anything, so at least that is better.
I need to see if I can configure my last lab machine to wake on LAN so I can give this a full test, then use it to install an OS and then control that OS. I'm not certain I will leave this connected when not in use, I still want to sniff the network and see what I can see with this latest application (v 2.2.6).
[edit] Looked at my firewall, and the only thing I don't like is this:
Not sure if it is really google meet, or just another google connection, going to have to find out as this thing does not need to be generating/joining a meeting!
[2.1.6] /etc/resolv.conf still lists Google and Chine DNS resolvers · Issue #311 · sipeed/NanoKVM
Hello, The changelog for version 2.1.6 lists the following change perf: removed unnecessary modifications to DNS configuration I understand it is in relation to this answer where you stated you wou...
github.com
Code:
/boot/resolv.confYou may also need to turn on the "preview updates" to get the latest thing (currently version 2.2.6), not sure what it changed, still no http/https upload for images to the card, still no manual IP and DNS entry areas. But at least they are still working on it.
Uploading images at about 4-5 MBps over SCP (turn SSH on first).
In the 1.4.0 system image, it does default to forcing you to update the admin password before you can do anything, so at least that is better.
I need to see if I can configure my last lab machine to wake on LAN so I can give this a full test, then use it to install an OS and then control that OS. I'm not certain I will leave this connected when not in use, I still want to sniff the network and see what I can see with this latest application (v 2.2.6).
[edit] Looked at my firewall, and the only thing I don't like is this:
Code:
Apr 25, 2025 1:36 PM
Apr 25, 2025 1:38 PM
Device (48da356f1937) Others 172.30.1.9 39008 stun.l.google.com 19302 Conferencing Google Meet
Last edited:
Every time you log in, it goes here:
At least it is TLS, pretty sure it is just checking for updates, and only when you log in. Other than that, my firewall is very quiet with pretty much nothing coming from this device. I still want to mirror a port and sniff everything to make sure, but it's looking like it should be OK once you get the DNS set correctly.
I also want to get in and set the NTP to my local GPS based server, then even less traffic on the web.
Code:
Apr 25, 2025 2:09 PM Device (48da356f1937) Others 172.30.1.9 54062 cdn.sipeed.com 443 TLS-Encrypted Technology and Computer cdn.sipeed.comI also want to get in and set the NTP to my local GPS based server, then even less traffic on the web.
Nope, no video with displayport to HDMI, or HDMI direct. Guess I get to see what the warranty process is going to look like, it is outside the Amazon return window.
So far the JetKVM reigns supreme in this market, and probably constantly out of stock because it at least stays working.
So far the JetKVM reigns supreme in this market, and probably constantly out of stock because it at least stays working.
I've got a few Cubes and two PCIe models, all on 2.2.5, all using HDMI - and they've been working a treat. The software now is dramatically better than at launch (when some of the initial reviews complained about it). The PCIe version is pretty slick: as you can cable it to an internal USB header on the motherboard... and most modern PSUs provide maintenance power to the slot even if the MB is off... so that gets rid of most of the cables. (Just HDMI and Ethernet external for me).
They give you over 20GB of usable room to hold images etc... but the fact that its Ethernet is only 100M means something like a 5GB Windows ISO feels like it takes forever to upload. But I have installed Windows and Ubuntu successfully, and flashed a BIOS.
Issues:
- the earliest Cube version had the hardware "reset" pins wired incorrectly: but few people received that version (but I was one of them). Not a huge deal as the UI lets you short-press or long-press the power button instead. And the second batch and newer all were fixed.
- the earliest Cubes also came with 3D-printed cases: which were fine: but I have a couple of mine on systems with their backs to a window... and sunlight has started to yellow the white plastic. Just cosmetic, and the new Cubes now all come with white or black injection-molded cases instead
- on Linux systems I sometimes see error messages in the console about USB connectivity. Like it's losing the NanoKVM USB connection and restarting it. I don't know if it's a software issue, or a bad USB cable, or flakey USB port. Any time it lost keyboard controls the UI "Reset HID" button restored it. And it's not all systems that do it... just a couple... rest have never shown errors
I saw they have a "Pro" version coming out soon. I don't know that I need the main new feature (HDMI passthrough)... but having the 1G networking would be nice!
They give you over 20GB of usable room to hold images etc... but the fact that its Ethernet is only 100M means something like a 5GB Windows ISO feels like it takes forever to upload. But I have installed Windows and Ubuntu successfully, and flashed a BIOS.
Issues:
- the earliest Cube version had the hardware "reset" pins wired incorrectly: but few people received that version (but I was one of them). Not a huge deal as the UI lets you short-press or long-press the power button instead. And the second batch and newer all were fixed.
- the earliest Cubes also came with 3D-printed cases: which were fine: but I have a couple of mine on systems with their backs to a window... and sunlight has started to yellow the white plastic. Just cosmetic, and the new Cubes now all come with white or black injection-molded cases instead
- on Linux systems I sometimes see error messages in the console about USB connectivity. Like it's losing the NanoKVM USB connection and restarting it. I don't know if it's a software issue, or a bad USB cable, or flakey USB port. Any time it lost keyboard controls the UI "Reset HID" button restored it. And it's not all systems that do it... just a couple... rest have never shown errors
I saw they have a "Pro" version coming out soon. I don't know that I need the main new feature (HDMI passthrough)... but having the 1G networking would be nice!
Last edited:
I'm giving up, not finding a way to contact Sipeed, which is probably by design. This thing is junk, I do not recommend buying it!
I don't think I'm going to be buying a cube version, no faith in the company at this moment. And since the cube is the same price as a Jetkvm, it does not make sense (or cents). Wasted my money so "the next guy" won't need to.
I don't think I'm going to be buying a cube version, no faith in the company at this moment. And since the cube is the same price as a Jetkvm, it does not make sense (or cents). Wasted my money so "the next guy" won't need to.
Still nothing from Sipeed. Another user just fell into the same thing, and probably a third. No video - v1.4.0/2.2.0 or with the 2.2.6 update · Issue #485 · sipeed/NanoKVM
I'm seeing a bunch of sellers on Amazon USA now, and lots of decent reviews. The seller I bought mine from has 4 reviews including mine, and not so good. Me thinks some sellers are buying reviews or I just was unlucky.
I'm seeing a bunch of sellers on Amazon USA now, and lots of decent reviews. The seller I bought mine from has 4 reviews including mine, and not so good. Me thinks some sellers are buying reviews or I just was unlucky.
It sucks that it's so hard for you to find help. I know there are lots of resellers now, and I've made sure to only use their Aliexpress store... but that still may not help much if I had a hardware issue.
All mine are still on 2.2.5, and are working properly (mostly Cube, couple PCIe)... but I see 2.2.6 is "available" for upgrade. I think I'm fine with 2.2.5 for now...
Hopefully it will turn out to be a driver/firmware thing... and a new SD card flash will fix yours!
All mine are still on 2.2.5, and are working properly (mostly Cube, couple PCIe)... but I see 2.2.6 is "available" for upgrade. I think I'm fine with 2.2.5 for now...
Hopefully it will turn out to be a driver/firmware thing... and a new SD card flash will fix yours!