KeeneticOS 4.2
KeeneticOS release notes for Keenetic Giga (KN-1011) in the Development Channel
KeeneticOS releases in this channel show what we're working on right now. We update roughly weekly. N.B.: While releases in this channel do undergo testing, they are still sometimes bugs present, as we want you, our community, to share in what's new as soon as possible. Your input is really valued.
Keenetic Giga (KN-1011) is currently in the Standard Updates support period and receives regular software updates, including security enhancements, new features, operating system updates, and bug fixes.
KeeneticOS 4.2 Alpha 5
20/04/2024
New
The
camouflage
mode option has been added to both SSTP VPN and OpenConnect VPN servers and clients, providing greater security against remote service scanning. [NDM-3257] [Forum topic]oc-server camouflage
— enablecamouflage
option for the OpenConnect VPN serversstp-server camouflage
— enablecamouflage
option for SSTP VPN server
The Next-generation web interface (beta) component now supports Extender mode operation. [NWI-1861]
Fixed
Fixed spurious EoIP/IPsec connection attempts after device restart. [NDM-2518]
Incomplete application of static IPv6 routes when re-establishing an associated VPN connection after a reboot fixed. [NDM-3248] [Forum topic]
Fixed issue with absent route to remote Wireguard endpoint after device restart. [NDM-3223]
The problem that causes the error message
PingCheck::Resolve: "default": system failed [0xcffd003c], upstream is very slow to respond
in the System log has been fixed. [NDM-3244]UPnP service rules are now correctly applied to clients accessing the Internet using the Connection policy with active multipath mode. [NDM-3251]
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed the display of the SMS page using the Dark theme. [NWI-3324] [Forum topic]
Fixed the
statusLed
icon on the Web Interface Login page. [NWI-3363] [Forum topic]Fixed the height of the Search query input field. [NWI-3328] [Forum topic]
KeeneticOS 4.2 Alpha 3
06/04/2024
New
The new OpenConnect VPN client system component is now available, allowing you to establish a secure connection to a remote server via the command line interface (CLI). [NDM-3207]
Added support for the Yota D071C 4G LTE Cat4 USB modem. [NDM-3218]
Improved
Implemented a workaround to prevent certain Realtek Wi-Fi drivers from crashing on Windows OS when passing non-PMF authentication on a PMF-enabled access point. [SYS-1131]
Fixed
Fixed priority of user-defined
ip static
rules over automatic UPnP port forwarding rules to a host. [NDM-3078]Fixed home network access for L2TP/IPsec VPN server clients when
ip static
rules are configured on WAN IP aliases. [NDM-3110]Fixed binding to the WAN address and inbound access to the service port for the ZeroTier client connection. [NDM-3216] [Forum topic]
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed the display of the Network ports card in the Firefox browser. [NWI-3357] [Forum topic]
Fixed the display of the Network SSID tooltips on the Wi-Fi Monitor page. [NWI-3379] [Forum topic]
KeeneticOS 4.2 Alpha 4
13/04/2024
Improved
DNS over HTTPS (DoH) now supports secure name resolution over the HTTP/3 protocol. [NDM-3229] [Forum topic]
Implemented an
aggressive
mode option for the IKEv1 client in the command line interface (CLI) for compatibility with VPN (IPsec) servers running on Fritz!Box routers. [NDM-3227]interface {name} ipsec aggressive
— set theaggressive
Phase 1 mode for VPN connection{name}
Improved display of 4G/3G signal metrics on the Mobile page in the Next-generation web interface (beta) component. [NWI-3383] [Forum topic]
Fixed
Fixed DNS query interception in the additional network segments. [NDM-3228] [Forum topic]
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed several issues with the System Dashboard page. [NWI-3323] [Forum topic]
KeeneticOS system component names are now displayed in English if the translation is not available. [NWI-3364] [Forum topic]
An expanded view arrow for multi-partition USB storage devices has been added to the USB Devices section of the Applications menu. [NWI-3369] [Forum topic]
Added an Expand/Collapse action for the parent items in the File browser pop-up in the USB Devices section of the Applications menu. [NWI-3370] [Forum topic]
Fixed flickering when tapping folders in the File browser on mobile devices. [NWI-3371] [Forum topic]
Added scrolling to the Permissions for the selected folder panel in the File browser on mobile devices. [NWI-3376] [Forum topic]
The IPv6 settings section now only appears in connection configurations when the IPv6 system component is installed. [NWI-3384] [Forum topic]
Fixed the display of shadows in the Dark theme. [NWI-3389] [Forum topic]
Fixed the display of the Save and Cancel buttons when changing Wi-Fi settings in the My Networks and Wi-Fi menu. [NWI-3392] [Forum topic]
The content of the More Information block on the Clients Lists page has been corrected. [NWI-3402] [Forum topic]
Fixed the Connection policy dropdown display on the Clients Lists page in mobile view. [NWI-3373] [Forum topic]
KeeneticOS 4.2 Alpha 2
30/03/2024
New
A new CLI
grep
extension is now available to filter the output of theshow
command. [NDM-3075]grep [-A <n>] [-B <n>] [-C <n>] regex
— trim theshow
command output using theregex
regular expression.-A
— number of XML nodes to show after match.-B
— number of XML nodes to show before match.-C
— displayed XML cluster depth.
For example:
(config)>
show interface | grep address
Interface, name = "Home" address: 192.168.2.1 ipv6: Interface, name = "Guest" address: 10.1.30.1 ipv6: (config)>show system | grep cpuload
cpuload: 5
Improved
A new read/send timeout option allows the session lifetime for Web applications of the KeenDNS proxy service to be set via the command line interface (CLI). [NDM-3157]
ip http proxy {name} timeout {timeout}
— set{timeout}
for KeenDNS{name}
proxy.
The WireGuard advanced security configuration (ASC) parameters are now available in the command line interface (CLI). [NDM-3202]
interface {name} wireguard asc {jc} {jmin} {jmax} {s1} {s2} {h1} {h2} {h3} {h4}
— set additional ASC parameters for WireGuard{name}
tunnel.
Fixed
Fixed iOS L2TP/IPsec client disconnecting under heavy load. [NDM-3180]
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed display of the Wireless ISP (WISP) connection details on the System Dashboard page under certain conditions. [NWI-3339] [Forum topic]
Fixed display of notifications in the Dark theme. [NWI-3358] [Forum topic]
Fixed HTML code appearing as text in certain headers. [NWI-3359] [Forum topic]
Fixed errors occurring when the Cloud-based content filtering and ad blocking component is uninstalled. [NWI-3360] [Forum topic]
Added missing translations for some UI elements. [NWI-3361] [Forum topic]
KeeneticOS 4.2 Alpha 1
22/03/2024
New
A new segment default policy for hosts has been implemented and is now enabled by default. Registered devices with this connection policy assigned will follow the default connection policy of the network segment they are connecting to. [NDM-2237]
ip hotspot host {MAC} conform
— set host with specified{MAC}
to follow the current segment's connection policy.
The new application filtering option is now available in the Application traffic analyser service via command line interface (CLI). This option allows to create a filtering profile, add required applications, assign a host or segment to the filtering profile and enable the operation schedule. [NDM-3069]
ntce filter profile {name} application {application}
— add an application to the profile.ntce filter profile {name} group {group}
— add an application group to the profile.ntce filter profile {name} type {type}
— set the profile type, which can bepermit
ordeny
.ntce filter profile {name} description {description}
— set the profile description.ntce filter profile {name} schedule {schedule}
— set the profile schedule.ntce filter assign host {host} {profile}
— assign a profile to a registered host (MAC address).ntce filter assign interface {interface} {profile}
— assign a profile to an interface.
The new option to automatically register hosts in the Home segment is now available (enabled by default). You can disable this behaviour using the command line interface (CLI). [NDM-3101]
ip hotspot auto-register disable
— disable automatic host registration for the Home segment.
The new OpenConnect VPN server system component is now available, providing a remote SSL VPN connection to your Keenetic. [NDM-3141]
oc-server interface {interface}
— bind OpenConnect server to an interface.oc-server pool-range {begin} {size}
— set OpenConnect address pool.oc-server static-ip {name} {address}
— set static IP address for a user.oc-server mtu {mtu}
— set OpenConnect server MTU.oc-server multi-login
— enable multiple connections with the same user account.ip nat oc
— enable NAT for OpenConnect clients.service oc-server
— enable OpenConnect service.
The Keenetic Phone Station system component now supports the filtering of incoming calls. [VOX-271]
nvox sip {id} whitelist {digitmap}
— create whitelist for SIP{id}
with specified{digitmap}
;for example:
nvox sip 1 whitelist +1111x.|+2222x.|2389x.|32756
— allows phone calls with numbers starting from+1111
,+2222
,2389
and an32756
number.nvox sip {id} blacklist {digitmap}
— create blacklist for SIP{id}
with specified{digitmap}
;for example:
nvox sip 1 blacklist +3333x.
— block phone number starting from+3333
.nvox sip {id} enable-whitelist
— enable whitelist for SIP{id}
.nvox sip {id} enable-blacklist
— enable blacklist for SIP{id}
.show nvox sip {id} whitelist
— display allowlist settings.show nvox sip {id} blacklist
— display blocklist settings.
The Keenetic Phone Station system now supports import of the phonebook from a file. [VOX-326]
nvox phonebook import {filename} {mode}
— import contacts in the vCard format.filename
— *.vcf filename;mode
— import mode:replace
,overwrite
,extend
, orduplicate
.
nvox phonebook delete
— delete all contacts from the phonebook.nvox sip {id} enable-whitelist-phonebook
— enable phonebook as an allowlist filter for incoming calls.show nvox phonebook
— display all phonebook records.
Improved
Disabling Port Forwarding (
ip static
) rules now forces matching active sessions to be dropped. [NDM-3067]Implemented new options to preserve Referer and Origin headers for Web applications of the KeenDNS proxy service in the command line interface (CLI). [NDM-3089] [Forum topic]
ip http proxy {name} preserve-referer
— preserve Referer header for{name}
of the web proxy rule.ip http proxy {name} preserve-origin
— preserve Origin header for{name}
of the web proxy rule.
A NetFlow monitor system component can now collect IPv6 traffic information and monitor network flows. [NDM-3109]
The
MOBIKE
extension (RFC 4555) has been enabled for both the IKEv2/IPsec VPN Server and the IKEv2 client. [NDM-3164]The improvements have been applied to the Next-generation web interface (beta) component.
Updated Applications card on the System Dashboard page. [NWI-3188] [Forum topic]
Added links to non-mesh extenders on the Client Lists page. [NWI-3189] [Forum topic]
Added a warning about possible connection loss when changing Wi-Fi settings. [NWI-3249] [Forum topic]
Removed the information via which node a client device is connected to when the Wi-Fi System controller component is not installed. [NWI-3334] [Forum topic]
The System Dashboard page now has an Active connections statistics string in the About the System card. [NWI-3326] [Forum topic]
Fixed
The CloudFlare content filter has been corrected to work properly on networks that do not support IPv6. [NDM-3163]
Fixed port forwarding issues after Hotspot (
ip hostspot
) code refactoring. [NDM-3127, NDM-3171] [Forum topic]The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed column filters on the Mesh Wi-Fi System > Transition Log page. [NWI-3212] [Forum topic]
Fixed Subnet validation for the Source IP field in the Firewall rule editor. [NWI-3213] [Forum topic]
Fixed display of wired connections in the Mesh Wi-Fi System table when an Extender is connected via another Extender. [NWI-3214] [Forum topic]
Fixed alignment of input field names. [NWI-3239] [Forum topic]
Fixed header alignment on the login page for mobile devices. [NWI-3240] [Forum topic]
Fixed visibility of the Save and Cancel buttons on the System Component Options page. [NWI-3191] [Forum topic]
Fixed display of ACL (access list) rules and UI elements on the Firewall page. [NWI-3153] [Forum topic]
Fixed minor issues on the Application traffic analyser page. [NWI-3163] [Forum topic]
Removed the unnecessary horizontal scrolling from the Network Ports block in the General System Settings for mobile devices. [NWI-3169] [Forum topic]
Fixed display of the Change Operating Mode block in the Dark theme. [NWI-3170] [Forum topic]
Removed text truncation in pop-up dialogues on mobile devices. [NWI-3181] [Forum topic]
Fixed frequency band selector display of the empty band group on the Mobile page. [NWI-3194] [Forum topic]
Fixed Scan the air dialog on the Mobile page. [NWI-3193] [Forum topic]
Fixed style of select boxes on mobile devices. [NWI-3192] [Forum topic]
Fixed Firewall Rule editor formatting. [NWI-3190] [Forum topic]
Fixed display of a larger list of knowledge base articles in the Related Articles popup. [NWI-3250] [Forum topic]
Fixed display of the chart on the Traffic Monitor page. [NWI-3254] [Forum topic]
Fixed saving of the Data compression (CCP) checkbox value when configuring a PPTP connection. [NWI-3296] [Forum topic]
Minor bugs fixed on the Mobile page. [NWI-3297] [Forum topic]
Fixed filtering of the System Component Options list on the General System Settings page. [NWI-3311] [Forum topic]
Fixed welcome popup message on mobile devices. [NWI-3312] [Forum topic]