KeeneticOS 3.4
KeeneticOS 3.4.1
13/5/2020
Improved
Disabled
dns-proxy
rebind protection for the loopback IP address127.0.0.1
since it caused some mobile applications to fail. [NDMS-688] [Forum topic]Disabled
dns-proxy
rebind protection for theplex.direct
domain, providing for proper operation of the Plex application. [NDMS-696]The Device list page now shows the Ethernet port number for wired devices. [NDW-829]
Gateway and DNS server information is added to the System dashboard page in extender mode. [NDW-872]
Fixed
Fixed Schedule editor operation in mobile browsers. [NDW-738]
Fixed the toggle switch operation for the Private Cloud components on the Applications tile in the dashboard. [NDW-885]
KeeneticOS 3.4 Beta 2
27/4/2020
Improved
Updated to the latest OpenSSL library version 1.1.1g, which fixes the CVE-2020-1967 vulnerability.
Fixed
User can now cancel and clear the host Speed limit configuration for the Registered devices on the Device lists page. [NDW-869]
KeeneticOS 3.4 Beta 1
18/4/2020
Improved
There are no changes for Keenetic Lite (KN-1311).
Fixed
Internet availability and firmware updates checking are now working properly when AdGuard DNS service is active on the Internet safety page. [NDMS-648]
KeeneticOS 3.4 Beta 0
16/4/2020
New
Implemented upstream speed limit for registered hosts. [NDW-815]
Improved
There are no changes for Keenetic Lite (KN-1311).
KeeneticOS 3.4 Alpha 15
11/4/2020
Fixed
Removed the
CONFIG_COMPACTION
kernel option to improve memory operations within the task queue handler under heavy loads. [NDMS-423]
KeeneticOS 3.4 Alpha 14
3/4/2020
Improved
There are no changes for Keenetic Lite (KN-1311).
KeeneticOS 3.4 Alpha 13
2/4/2020
New
There are no changes for Keenetic Lite (KN-1311).
Improved
Updated to the latest OpenSSL library version 1.1.1f, which fixes the CVE-2020-1967 vulnerability.
Fixed
Fixed the long reconnection time for backhaul links between Wi‑Fi System nodes. [NDMS-612]
Configuration saving with activated Mode — ICMP echo (ping) for Check the availability of the Internet (Ping Check) section on Web Interface is now working correctly. [NDW-780]
KeeneticOS 3.4 Alpha 12
29/3/2020
Improved
Multiple improvements to the Internet availability-checking algorithm: [NDMS-600]
Reduced the number of simultaneous connections to conserve network resources, on both Keenetic and external servers;
Enabled sequential polling of test servers, instead of simultaneous polling;
Enabled dynamic polling interval between checks for Internet access.
Fixed
Fixed
SSL_read() failed
error on Wi‑Fi system extenders affected by OpenSSL library usage. [Forum topic]
KeeneticOS 3.4 Alpha 11
27/3/2020
Improved
Added KrØØk/CVE-2019-15126 vulnerability protection against decryption of Wi‑Fi WPA2 traffic. [NDMS-589]
Added randomization for source port of L2TP/IPsec VPN connection, to reduce reconnect time. [NDMS-483]
Updated to the latest OpenSSL library version 1.1.1e, which fixes the CVE-2019-1551 vulnerability.
Fixed
Removed IPsec forced rekey for every 20 GBytes of transferred traffic, to improve stability of high load VPN tunnels. [NDMS-483]
Restored client-to-client communication between VPN clients of different VPN servers of KeeneticOS, for example, PPTP and L2TP/IPsec. [NDMS-588]
Traffic counter for incoming and outgoing VPN IPsec tunnels on the Host traffic monitor page of Web Interface. [NDMS-228]
Handling of IP alias for IPIP (IP over IP) with IPsec protection. [NDMS-590] [Forum topic]
IPsec VPN tunnel connection now follows a user-defined schedule. [NDMS-594] [Forum topic]
Link to KeeneticOS Release notes is now visible on the Updates and component options section of the System setting page. [NDW-739] [Forum topic]
Unregistered devices and Multicast traffic tabs of the Host traffic monitor used to disappear on page refresh. [NDW-632] [Forum topic]
KeeneticOS 3.4 Alpha 10
22/3/2020
Improved
Implemented advanced host traffic filtering based on MAC address ,to reduce discovery time on the Device lists page of the Web Interface and prevent devices with blocked access to the Internet from any outbound transactions. [NDMS-585, NDMS-586]
Fixed
There are no changes for Keenetic Lite (KN-1311).
KeeneticOS 3.4 Alpha 9
19/3/2020
Improved
Implemented a new feature for
ping-check
service, which allows restarting a manually-specified interface. [NDMS-569]interface {name} ping-check restart [interface]
— enable{interface}
restart. Optional{name}
argument is omitted (resulting in restarting the same interface) by default;ping-check {name} restart-interface
— prior syntax is made obsolete.
The default MTU (Maximum transmission unit) size for WireGuard® VPN connections is set to 1324 bytes to optimize transfer of data through external networks. [NDMS-486]
Fixed
The Device lists are now cleared of hosts mistakenly retrieved from OpenVPN connections. [NDMS-567] [Forum topic]
KeeneticOS 3.4 Alpha 8
14/3/2020
New
There are no changes for Keenetic Lite (KN-1311).
KeeneticOS 3.4 Alpha 7
13/3/2020
Improved
KeeneticOS service
internet-checker
adds captive portal examination for reliable Internet availability detection. [NDMS-553] [Forum topic]Excessive logging of WireGuard® handshake has been reduced to save space for helpful messages in the System log. [NDMS-555] [Forum topic]
Fixed
IGMP proxy service deactivation on the
bridge interface
of the network Segment for the case when both the multicast source and clients are in the same Segment. [NDMS-231]Reset to the default values of Phase 1 — IKE lifetime and Phase 2 — SA (Security Association) lifetime for L2TP/IPsec and Virtual IP VPN connections when some other VPN settings are changed. [NDMS-546]
The reason for
lock precedence violation: IPV6_SUBNETS
error messages in the System log. [Forum topic]Network mask parsing in
ip nat
command. It's now possible to use a short notation of IP network mask —ip nat 192.168.1.0/24
. [NDMS-552] [Forum topic]Private key validation in the Connection settings section of the WireGuard® VPN. [NDW-653]
KeeneticOS 3.4 Alpha 6
7/3/2020
New
There are no changes for Keenetic Lite (KN-1311).
Improved
The new configuration option
upstream-rate
allows asymmetric Internet access speed restriction in the upload direction for any giveninterface/host/unknown-host
. [NDMS-512]interface traffic-shape rate {rate} [asymmetric {upstream-rate}]
ip traffic-shape host {mac} rate {rate} [asymmetric {upstream-rate}]
ip traffic-shape unknown-host rate {rate} [asymmetric {upstream-rate}]
Fixed
DNS response with IP address
0.0.0.0
is removed from the anti-rebind list of thedns-proxy
service of KeeneticOS because some supported Internet security and content filtering services use such IP address to filter blocked media content and links. [NDMS-528] [Forum topic]Updated
pppd
daemon responsible for Point-to-Point Protocol (PPP protocol) of KeeneticOS, which fixes the CVE-2020-8597 vulnerability.
KeeneticOS 3.4 Alpha 5
27/2/2020
Fixed
Restored access to the Web Interface when the system admin account has no password. [NDMS-526]
KeeneticOS 3.4 Alpha 4
27/2/2020
New
Implemented PMF (Protected Management Frames) and WPA3-PSK/OWE (Opportunistic Wireless Encryption) for Wireless ISP (WISP) client providing wireless connection to the Internet. [NDMS-498, NDMS-226]
The SSH server system component of KeeneticOS now supports new modern and robust security algorithms: ChaCha20 symmetric cipher encryption and Poly1305 message authentication code across ed25519 public-key cryptography. [NDMS-516, NDMS-517]
Fixed
Fixed one-way RTP (Real-time Transport Protocol) voice communication for VoIP calls via WireGuard VPN tunnel. Now both subscribers can hear each other well. [NDMS-503]
Fixed the uptime calculation in the
show ip hotspot
CLI command. The uptime value is now refreshing properly for all Registered devices. [NDMS-520] [Forum topic]
KeeneticOS 3.4 Alpha 3
22/2/2020
Fixed
Repaired the task queue corruption related to the Linux kernel
CONFIG_COMPACTION
option. The change avoids system restart under the heavy system load of applications that use external storage, e.g. Media Server and Download Station. [NDMS-423] [Forum topic]WireGuard® VPN tunnel sometimes could not reconnect, after system restart and in some other circumstances. [NDMS-497] [Forum topic]
Fixed the System name field's validation to prevent the use of the
space
symbol. [NDW-620] [Forum topic]Fixed the KeenDNS domain name proxy option to preserve the HTTP Host header. [NDMS-490]
KeeneticOS 3.4 Alpha 2
18/2/2020
Fixed
Execution of Wireless ACL rules on Wi‑Fi system extenders is now working correctly. [NDMS-398]
A manually configured static IP address on a Wi‑Fi system extender no longer prevents it from connecting to the Internet. [NDMS-89]
Fixed display of Internet connection Status on the System dashboard. [NDW-608] [Forum topic]
KeeneticOS 3.4 Alpha 1
14/2/2020
New
Wireless Backhaul connection shutdown for the Wi‑Fi system controller is now available. It helps to maximize the performance of the Wi‑Fi system if all nodes are connected via wired Ethernet connection. The CLI command is below. [NDMS-314] [Forum topic ]
mws backhaul shutdown
Added DNS Rebinding protection feature for the
dns-proxy
service of KeeneticOS. [NDMS-437] [Forum topic][no] dns-proxy rebind-protect (strict | auto)
auto
— block IP addresses of thesecurity-level private
segments (default);strict
— block IP addresses from the list: IANA IPv4 Special-Purpose Address Registry.
Implemented
NOTIMPL
response toIQUERY
for thedns-proxy
service of KeeneticOS, which meansNot Implemented
error for DNS requests from network devices. TheIQUERY
method of performing inverse DNS lookups is made obsolete. [NDMS-465]
Fixed
PEAP/MS-CHAPv2 authentication now works properly for 802.1x connections. [NDMS-402] [Forum topic]
Accelerated WEB Interface response time when thousands of dynamic routes are uploaded to KeeneticOS routing table via OPKG (Open Package) system packages. [Forum topic]
Updated the
mini_snmpd
system service with fixes for the CVE-2020-6058, CVE-2020-6059, CVE-2020-6060 vulnerabilities.