KeeneticOS 4.2
KeeneticOS release notes for Keenetic Extra (KN-1713) in the Development Channel
KeeneticOS releases in this channel show what we're working on right now. We update roughly weekly. N.B.: While releases in this channel do undergo testing, they are still sometimes bugs present, as we want you, our community, to share in what's new as soon as possible. Your input is really valued.
Keenetic Extra (KN-1713) is currently in the Standard Updates support period and receives regular software updates, including security enhancements, new features, operating system updates, and bug fixes.
KeeneticOS 4.2 Alpha 5
20/04/2024
New
The
camouflage
mode option has been added to both SSTP VPN and OpenConnect VPN servers and clients, providing greater security against remote service scanning. [NDM-3257] [Forum topic]oc-server camouflage
— enablecamouflage
option for the OpenConnect VPN serversstp-server camouflage
— enablecamouflage
option for SSTP VPN server
Fixed
Fixed spurious EoIP/IPsec connection attempts after device restart. [NDM-2518]
Incomplete application of static IPv6 routes when re-establishing an associated VPN connection after a reboot fixed. [NDM-3248] [Forum topic]
Fixed issue with absent route to remote Wireguard endpoint after device restart. [NDM-3223]
The problem that causes the error message
PingCheck::Resolve: "default": system failed [0xcffd003c], upstream is very slow to respond
in the System log has been fixed. [NDM-3244]UPnP service rules are now correctly applied to clients accessing the Internet using the Connection policy with active multipath mode. [NDM-3251]
KeeneticOS 4.2 Alpha 4
13/04/2024
Improved
Implemented an
aggressive
mode option for the IKEv1 client in the command line interface (CLI) for compatibility with VPN (IPsec) servers running on Fritz!Box routers. [NDM-3227]interface {name} ipsec aggressive
— set theaggressive
Phase 1 mode for VPN connection{name}
Fixed
Fixed DNS query interception in the additional network segments. [NDM-3228] [Forum topic]
KeeneticOS 4.2 Alpha 3
06/04/2024
New
The new OpenConnect VPN client system component is now available, allowing you to establish a secure connection to a remote server via the command line interface (CLI). [NDM-3207]
Added support for the Yota D071C 4G LTE Cat4 USB modem. [NDM-3218]
Improved
Implemented a workaround to prevent certain Realtek Wi-Fi drivers from crashing on Windows OS when passing non-PMF authentication on a PMF-enabled access point. [SYS-1131]
Fixed
Fixed priority of user-defined
ip static
rules over automatic UPnP port forwarding rules to a host. [NDM-3078]Fixed home network access for L2TP/IPsec VPN server clients when
ip static
rules are configured on WAN IP aliases. [NDM-3110]Fixed binding to the WAN address and inbound access to the service port for the ZeroTier client connection. [NDM-3216] [Forum topic]
KeeneticOS 4.2 Alpha 2
30/03/2024
New
A new CLI
grep
extension is now available to filter the output of theshow
command. [NDM-3075]grep [-A <n>] [-B <n>] [-C <n>] regex
— trim theshow
command output using theregex
regular expression.-A
— number of XML nodes to show after match.-B
— number of XML nodes to show before match.-C
— displayed XML cluster depth.
For example:
(config)>
show interface | grep address
Interface, name = "Home" address: 192.168.2.1 ipv6: Interface, name = "Guest" address: 10.1.30.1 ipv6: (config)>show system | grep cpuload
cpuload: 5
Improved
A new read/send timeout option allows the session lifetime for Web applications of the KeenDNS proxy service to be set via the command line interface (CLI). [NDM-3157]
ip http proxy {name} timeout {timeout}
— set{timeout}
for KeenDNS{name}
proxy.
The WireGuard advanced security configuration (ASC) parameters are now available in the command line interface (CLI). [NDM-3202]
interface {name} wireguard asc {jc} {jmin} {jmax} {s1} {s2} {h1} {h2} {h3} {h4}
— set additional ASC parameters for WireGuard{name}
tunnel.
Fixed
Fixed iOS L2TP/IPsec client disconnecting under heavy load. [NDM-3180]
KeeneticOS 4.2 Alpha 1
22/03/2024
New
A new segment default policy for hosts has been implemented and is now enabled by default. Registered devices with this connection policy assigned will follow the default connection policy of the network segment they are connecting to. [NDM-2237]
ip hotspot host {MAC} conform
— set host with specified{MAC}
to follow the current segment's connection policy.
The new application filtering option is now available in the Application traffic analyser service via command line interface (CLI). This option allows to create a filtering profile, add required applications, assign a host or segment to the filtering profile and enable the operation schedule. [NDM-3069]
ntce filter profile {name} application {application}
— add an application to the profile.ntce filter profile {name} group {group}
— add an application group to the profile.ntce filter profile {name} type {type}
— set the profile type, which can bepermit
ordeny
.ntce filter profile {name} description {description}
— set the profile description.ntce filter profile {name} schedule {schedule}
— set the profile schedule.ntce filter assign host {host} {profile}
— assign a profile to a registered host (MAC address).ntce filter assign interface {interface} {profile}
— assign a profile to an interface.
The new option to automatically register hosts in the Home segment is now available (enabled by default). You can disable this behaviour using the command line interface (CLI). [NDM-3101]
ip hotspot auto-register disable
— disable automatic host registration for the Home segment.
The new OpenConnect VPN server system component is now available, providing a remote SSL VPN connection to your Keenetic. [NDM-3141]
oc-server interface {interface}
— bind OpenConnect server to an interface.oc-server pool-range {begin} {size}
— set OpenConnect address pool.oc-server static-ip {name} {address}
— set static IP address for a user.oc-server mtu {mtu}
— set OpenConnect server MTU.oc-server multi-login
— enable multiple connections with the same user account.ip nat oc
— enable NAT for OpenConnect clients.service oc-server
— enable OpenConnect service.
The Keenetic Phone Station system component now supports the filtering of incoming calls. [VOX-271]
nvox sip {id} whitelist {digitmap}
— create whitelist for SIP{id}
with specified{digitmap}
;for example:
nvox sip 1 whitelist +1111x.|+2222x.|2389x.|32756
— allows phone calls with numbers starting from+1111
,+2222
,2389
and an32756
number.nvox sip {id} blacklist {digitmap}
— create blacklist for SIP{id}
with specified{digitmap}
;for example:
nvox sip 1 blacklist +3333x.
— block phone number starting from+3333
.nvox sip {id} enable-whitelist
— enable whitelist for SIP{id}
.nvox sip {id} enable-blacklist
— enable blacklist for SIP{id}
.show nvox sip {id} whitelist
— display allowlist settings.show nvox sip {id} blacklist
— display blocklist settings.
The Keenetic Phone Station system now supports import of the phonebook from a file. [VOX-326]
nvox phonebook import {filename} {mode}
— import contacts in the vCard format.filename
— *.vcf filename;mode
— import mode:replace
,overwrite
,extend
, orduplicate
.
nvox phonebook delete
— delete all contacts from the phonebook.nvox sip {id} enable-whitelist-phonebook
— enable phonebook as an allowlist filter for incoming calls.show nvox phonebook
— display all phonebook records.
Improved
Disabling Port Forwarding (
ip static
) rules now forces matching active sessions to be dropped. [NDM-3067]Implemented new options to preserve Referer and Origin headers for Web applications of the KeenDNS proxy service in the command line interface (CLI). [NDM-3089] [Forum topic]
ip http proxy {name} preserve-referer
— preserve Referer header for{name}
of the web proxy rule.ip http proxy {name} preserve-origin
— preserve Origin header for{name}
of the web proxy rule.
A NetFlow monitor system component can now collect IPv6 traffic information and monitor network flows. [NDM-3109]
The
MOBIKE
extension (RFC 4555) has been enabled for both the IKEv2/IPsec VPN Server and the IKEv2 client. [NDM-3164]
Fixed
The CloudFlare content filter has been corrected to work properly on networks that do not support IPv6. [NDM-3163]
Fixed port forwarding issues after Hotspot (
ip hostspot
) code refactoring. [NDM-3127, NDM-3171] [Forum topic]