Turris OS 5.2 has bee released

8th Sep 2021

About Turris project:

Project Turris started back in 2013. It was a security project sponsored by CZ.NIC to get more relevant data about attacks on average Joe. As part of the project, routers with custom software were created and given away to Czech Republic households. Those routers were under contract, which stated that they had to be the main access point to the Internet. From those routers, firewall logs were collected. Apart from firewall logs, some minimalistic honeypots were written for popular protocols, trying to learn more about attacker’s behavior. The resulting data were shared with the Czech national CSIRT team and the relevant result with the worldwide security community. Apart from that, those data were used to generate publicly available greylist and dynamically update firewall on the routers and frequent updates, open-source firmware, and performance. After receiving this kind of feedback, CZ.NIC decided to try to spread those routers even further and created a commercially available version.

This version became available worldwide and got plenty of additional features over time, like monitoring and logging of local network traffic or integration with Nextcloud to provide more privacy. Security programs also evolved, nowadays it is much more scalable, and automatic evaluation of attacks and firewall updates got much quicker. Some new data were made publicly available, and even more of them are planned to be made public for security researchers around the globe to use.

Article: Turris OS 5.2

Author: Josef Schlehofer

URL CZ verze:

URL EN verze:

Turris OS 5.2 has been released

In the newly released Turris OS 5.2 version, you can find Overview after logging in to web interface reForis. It provides you easily recognized status about the activated services for automatic updates, data collection, dynamic firewall, test for Internet connectivity, speed test using, and added list of OpenVPN clients to any OpenVPN servers. Based on the community feedback, we prepared for you the requested missing features in reForis. Since this release, you can see the Storage tab, the possibility of doing a factory reset from the UI and adding a registration token to use Honeypot as a Service. Some of these features were missing from an old web interface or from the previous major version of Turris OS.

Our frontend developers redesigned WebApps, a landing page where you can choose custom applications and add your own.  We added the possibility of configuring the router without using the Ethernet port on your computer using a USB flash drive.


Web interface reForis is using modern open-source technologies like Bootstrap, React, and Flask. It allows us to have responsive web design and easy maintenance in the future. Unfortunately, we can not use the existing frontend parts from the old web interface Foris, and it would take a lot of time than starting from scratch. We decided to use this opportunity and start over.

In reForis, you can find since this release two new tabs – Storage and Honeypot as a Service. We also prepared new features like the possibility to do a factory reset in Administration → Maintenance. We added the option to set the hostname for your router. There are also new two packages list – RIPE Atlas SW Probe and Common passwords, which you can install in Package management. We refactored the part related to diagnostics to make it more clear and understandable with a description of what each diagnostics module does.


After logging into reForis, you will see Overview, which shows status about activated or disabled automatic updates, data collection, and dynamic firewall. You can also find connection tests for IPv4 and IPv6 connectivity,, and your’s added OpenVPN clients to public OpenVPN servers.

Storage tab

In this tab, you might want to configure external storage. It could be a USB flash drive, a SSD disk connected into the USB port, or even an mSATA SSD disk. You need to configure external storage if you want to install packages with the External storage label. You can find it, for example, next to LXC containers, Nextcloud, and others I/O intensive applications.

The selected external storage will be formatted to Btrfs. It will move the current folder /srv from the internal storage to external.

On the following screenshots, you can see the old Storage plugin in Foris and the new Storage plugin in reForis. We added an option to configure RAID and use prepared storage if you do a factory reset or something else.

Storage plugin in reForis 1.0.3

Old storage plugin from Foris

We added an option for system logs retention based on your feature requests when using the Storage plugin. All logs are stored in the router’s RAM by default and erased if you reboot the router.

Honeypot as a Service (HaaS) tab

CZ.NIC, the Czech domain registry, runs public Honeypot as a Service. The collected data are analyzed by the national security team CSIRT.CZ. HaaS is possible to install and run on your server or your computer with a public IPv4 address. It is not required to have a Turris router. You need to register on the HaaS website or use mojeID account and follow these details.

We simplified these steps for Turris users. You need to request a token and then fill in in Honeypot as a Service tab, which you need to install using the SSH honeypot package list.

Honeypot as a Service tab in reForis

When everything is set, all SSH sessions will use the honeypot from the Internet. After some time, you can see those sessions on Honeypot as a Service website. There will be the IP address, which attacked used, credentials (login/passwords), and the attacker’s behavior like what he/she tried to do.

Factory reset

From web interface reForis, you can make a factory reset, which can be helpful if you want to configure your router from the beginning. It will remove all the packages you installed and modified files and restore the router into its factory state to the moment when you take the router from the original packaging.

How it looks when you want to save a compromised password

Diagnostics tab

Diagnostics are helping it while solving issues, which some users might have, and consult them with the technical support department. We take a look at how we can make diagnostics more user-friendly for you. On the screenshots, you can decide if we succeeded in making it better or not.


We redesigned and refactored both frontend and backend parts of the landing page called WebApps, where you can choose if you want to use a Dark theme or Light theme.

Old landing page, which you could see in previous versions of Turris OS

New landing page with the dark theme

List of known mini PCIe and USB drivers

We prepared for you one feature, which should help connect known USB and mini PCIe devices connected all the time to your router, such as Wi-Fi cards, LTE modems, etc. The device needs to be listed on our list of devices available on our GitLab repository for mini PCIe and USB devices. In that case, the router will automatically download the necessary drivers if there is an active Internet connection. 

If you would like to add your device and help others, you need to know the vendor ID, device/product ID, and which drivers the USB or miniPCIe requires.

Ethernetless initial setup

These days, notebooks often do not have an Ethernet port. You usually need to buy a USB adapter to RJ45 to configure the router. Therefore, we decided to prepare an Ethernetless initial configuration of the router. You can configure Wi-Fi SSID and password in file medkit-config.json, put it together with the medkit to your USB flash drive, and use rescue mode 4 to reflash the router. More details about JSON syntax and about this setup can be found in our documentation.

Thanks to anyone who helped us during the testing

We appreciate anyone who joined the public testing of this release. It helped us to make this release better and fix some issues discovered by using various configurations.

We hope you like these new features, and we would like to hear your voices regarding this release on our community forum or here in the comments.