KeeneticOS 3.8
What’s new?
Here are the themes we are developing right now.
New content filtering and ad-blocking options:
Choose filtering profiles from popular public DNS resolvers: AdGuard DNS, CleanBrowsing, Cloudflare DNS, Neustar UltraDNS Public, OpenDNS, Quad9, Yandex.DNS;
Mix and match filtering profiles from different service providers to your devices in one setup;
Add your custom DNS profiles and use them along with public DNS resolvers;
Assign default filtering profiles to network segments;
Try content filtering services from the NextDNS.
Would you mind giving us feedback in the forum?
KeeneticOS 3.8.2
22/06/2022
Fixed
Fixed the issue with the Safari browser which was resulting in a blank Web Interface Login page. [NWI-1216] [Forum topic]
KeeneticOS 3.8.1
20/06/2022
Improved
Renaming of the Extender now executes faster, and no longer causes re-calculation for the whole Mesh Wi-Fi system. [NDM-1838]
Fixed
The Unregister action for the network host is now executed more carefully, with forced deletion of the Static IP setting. [NWI-1113]
The validator for the requested KeenDNS domain name now acts according to RFC 5890. The '
-
' symbol is prohibited at the KeenDNS domain's beginning and end. [NWI-1159]
KeeneticOS 3.8.0
10/06/2022
New
The new Channel number option for Wireless ISP connections allows setting of a specific channel number instead of automatic channel selection based on an SSID. This setting significantly reduces the air scanning time, leaving more slots for Wi-Fi distribution and Mesh Wi-Fi backhaul operation. Use this setting for scenarios when the uplink ISP or Hotspot has a fixed Wi-Fi channel number. [NWI-938]
Fixed
Fixed the Hardware network accelerator toggle visibility depending on installed KeeneticOS system component. [NWI-1146]
Switching wireless networks on/off at the Home segment configuration page of a Keenetic device in Access point/Extender mode no longer leads to loss of device control for a while. [NDM-2178]
Fixed DoT (DNS over TLS) operation after reconnection of a PPPoE session. [NDM-2215]
The WPS enrollee mode is disabled on the Access Point, providing a correct wireless connection flow for specific devices. [SYS-540]
Fixed the reason for a sporadic
VLAN ID is busy
error message on the device in the Extender mode. [NDM-2252]
KeeneticOS 3.8 Beta 2
20/05/2022
New
The new default setting Auto for time synchronization selects NTP servers automatically from Keenetic's cloud infrastructure, with the option to manually set up custom servers. [NWI-1107]
Improved
Using the Web Interface to assign an Ethernet port to the Guest segment enables its operation if wireless networks are disabled. [NWI-1029]
The new Bandwidth control mode selector (Auto / Manual / Disabled) for inbound and outbound traffic is now available for configuring connections in the Internet Connections policies. [NWI-1070]
The OpenSSL library is updated to the latest version,
1.1.1o
, fixing the CVE-2022-1292 and CVE-2022-1473 vulnerabilities. [SYS-551]
Fixed
Fixed the misbehaviour of tabs across the Web Interface while changing orientation from portrait (vertical) to landscape (horizontal) and vice versa in mobile browsers. [NWI-1026]
Updated and unified toggle behaviour for the Application section. [NWI-1037] [Forum topic]
The L2TP reception window is increased to 1024 packets to fine-tune performance. [NDM-2138]
The Keenetic will not serve DNS requests when not in the Router mode. [NDM-2205]
Fixed erroneous Connection priority selector behaviour occurring under certain conditions. [NWI-1068]
Restored Internet Checker behaviour to support default routes through a gateway in the local network using topologies with a non-Keenetic device as the primary router. [NDM-2220]
The Default content filtering profiles for multiple network segments now act correctly. [NDM-2230]
Fixed the reason for the
fastvpn
service operation causing the following messagesfastvpn: len = 56, head = ...
in the System log. [SYS-557] [Forum topic]
KeeneticOS 3.8 Beta 1
21/04/2022
New
There are no changes for Keenetic Sprinter (KN-3710).
Improved
Added
MTU
control to IKEv2 VPN client configuration in the advanced settings section, providing better interoperability with certain VPN providers, for example, Surfshark VPN. [NWI-974]Added a warning message while setting up a Port forwarding rule for the HTTPS or 443/TCP protocol. [NWI-977]
Increased the maximum PSK key size up to
196
characters for IPsec VPN and IPsec/L2TP connections, providing proper connection to corporate networks with firm security policies. [NDM-2128]Added the display of the
regional code
next to the Model name field on the About the system tile. [NWI-1027]Improved IPv4 availability criteria for
MAP-T
-enabled connections for the proper display on the Dashboard page. [NWI-1025]Added links to the NextDNS account configurations on the Internet safety page, providing easy access to the NextDNS management portal. [NWI-1020] [Forum topic]
Added support for two-factor authentication (2FA) for the NextDNS service on the Internet safety page. [NWI-1021]
Fixed
Muted excessive debug messages from
https-dns-proxy: curl ...
DNS over HTTPS (DoH) service of the KeeneticOS. [SYS-516]Wi-Fi radio turned off by the Wi-Fi button now keeps this state after a system reboot or power-off event. [SYS-78]
KeeneticOS 3.8 Alpha 8
18/03/2022
Improved
The Mesh Wi-Fi System controller now configures multiple extenders simultaneously. This improvement dramatically reduces start-up times for the systems with many extenders. [NDM-2003]
The Captive portal option is now available for multiple network segments simultaneously. [NWI-916]
The Application traffic analyser now identifies different types of traffic within one application, for example, Video/Voice call or File transfer within the WhatsApp application. Based on this data, IntelliQoS can further enhance traffic priority. [NWI-951]
Added MAP-T connection information to the System dashboard. [NWI-960]
Updated to the latest OpenSSL library version 1.1.1n, which fixes the CVE-2022-0778 vulnerability. [SYS-523]
Fixed
UPnP port forwarding now works accurately with multiple Internet connections policies in place. [NDM-1382]
Fixed the WireGuard® outgoing packet loop when the underlying WAN link goes down. [NDM-852]
Moving registered devices between Internet Connection policies profiles won't break their work schedule(s) anymore. [NDM-1716]
Fixed the display of the Ports and VLANs settings on mobile devices. [NWI-924] [Forum topic]
Fixed multiple remote peer support for OpenVPN connections. [NDM-2115]
DNS servers configured for WireGuard® connections now work accurately. [NDM-2122]
Fixed the configuration logic of the automatic default route for MAP-T. [NDM-2125]
Internet connection via IPv6 MAP-T now supports the
1:1 IPv4
sharing ratio option. [NDM-2127]
KeeneticOS 3.8 Alpha 7
04/03/2022
New
The new MAP-T option is available for tunnelling IPv4 protocol packets over an ISP's internal IPv6-only network according to the RFC7599. Please check whether your ISP supports this feature. [NDM-1824, NWI-906]
The new Conditional Wi-Fi broadcast option is available for the Mesh Wi-Fi System. When enabled, Wi-Fi System Extenders stop wireless network broadcasting when the Wi-Fi System Controller is inaccessible. [NWI-895]
The Internet connection policy now has the Adaptive Outbound Speed Limit option, currently available through the CLI only, as follows: [NDM-2109]
ip policy rate-limit output ({rate} | auto)
Improved
The user properties menu is now directly accessible from the Applications settings with user credentials. [NWI-893]
Updated the metadata file of the Web Interface to comply with the Progressive Web App (PWA) specification. [NWI-904] [Forum topic]
Improved traffic classification through additional attribute parsing. [NDM-2021]
Changed the RTP (Real-time Transport Protocol) classification category to Voice over IP for the Cloud-based content filtering and ad blocking system component. [NDM-2110]
Enabled offloading of the Top — Traffic priority via the hardware
PPE
(Packet Processing Engine). [SYS-506]We replaced Service Class with a Traffic Priority setting for registered devices and IntelliQoS. [NWI-939]
Fixed
The KeeneticOS now operates correctly with a
startup-config
file size of more than 64 Kbytes. [NDM-2090]Fixed the selection of an optimal backhaul connection to the Mesh Wi-Fi System node based on Wi‑Fi RSSI and STP distance metrics. [SYS-486]
Fixed the
invalid domain name
error messages for the DHCP server with an enabledupdate-dns
option upon receiving DHCP requests with special symbols in thehostname
field. [NDM-2085]Fixed invalid remote RADIUS server requests with WPA2 Enterprise network protection. [NDM-2081]
The menu list of the Web Interface now displays with full height on the mobile Safari® browser. [NWI-914] [Forum topic]
KeeneticOS 3.8 Alpha 6
14/02/2022
Fixed
The Port Forwarding page now displays correctly on mobile screens. [NWI-883] [Forum topic]
KeeneticOS 3.8 Alpha 5
07/02/2022
Improved
New configuration option for devices in the Extender mode: a network Segment can have No IP address. [NWI-847] [Forum topic]
Fixed
The sorting of the User-defined routes table now functions appropriately. [NWI-873] [Forum topic]
KeeneticOS 3.8 Alpha 4
01/02/2022
New
Added per-host sessions counters on the Management > Diagnostics > Active connections screen. [NWI-844]
The new Session expiry timeout parameter is available in the Captive portal settings. The session terminates when the Captive portal client does not renew the DHCP lease for a specified period. The maximum lease time is 72 hours (4320 minutes). [NWI-867]
Improved
Added a cautionary note for the Negotiation mode selector in IKEv1 IPsec connection setup. [NWI-877]
Note
Use the Aggressive mode for compatibility purposes only as it introduces security risks. If this Keenetic device has the IPsec server (Virtual IP) or L2TP/IPsec VPN servers enabled, the IPsec VPN connections enforce the Main negotiation mode regardless of this setting.
Added an option to save KeeneticOS and configuration files before a manual system update. [NWI-871]
The controls of the User-defined routes section are moved to the top, providing easy management, with a long list of the routes. [NWI-862] [Forum topic]
Fixed
Opening the Internet safety menu does not cause the
Core::Configurator: not found: "show/rc/dns-proxy/filter/engine"
error message in the System log when there are no installed KeeneticOS components of this category. [NWI-866] [Forum topic]The Wi-Fi beacon frames broadcasted during the auto-channel selection (ACS) routine had invalid channel numbers. [SYS-473]
Fixed LED indication of packet transmission over the 5 GHz radio interface while the 2.4 GHz Wi‑Fi network is disabled. [SYS-475] [Forum topic]
The Wireless ISP tile for 5 GHz connection on the Dashboard menu now links to the proper path, Wireless ISP > WISP 5GHz. [NWI-872]
Keenetic RMM service polls no longer produce
ndm: Hotspot::Account: data is absent for host "aa:bb:cc:dd:ee:ff"
error messages for devices that have been offline since system restart. [NDM-2057]The Active connections section of the Diagnostics menu once again displays statistics. [NDM-2061] [Forum topic]
KeeneticOS 3.8 Alpha 3
24/01/2022
New
Extended flexibility with a secure DNS setup: Resolve specified domain names via a preset secure DNS server with the following CLI commands for DoT (DNS over TLS) and DoH (DNS over HTTPS) options. [NDM-2040] [Forum topic]
dns-proxy tls upstream {address} [port] [sni {sni}] [spki {spki}] [on {interface}] [domain {domain}]
dns-proxy https upstream {url} {json | dnsm} [spki {spki}] [on {interface}] [domain {domain}]
Fixed
The CLI command for disabling ARP discovery
ip hotspot auto-scan no interface Home
now operates correctly when the corresponding Segment uses a wide IP subnet mask255.255.240.0
. [NDM-1940]
KeeneticOS 3.8 Alpha 2
17/01/2022
New
A new configuration option for improved compatibility with legacy Wi-Fi clients: Control the TKIP countermeasures
hold-down
timer. If the Wi‑Fi Access Point with WPA-PSK + WPA2-PSK protection mode detects twoMIC errors in RX
failures within 60 seconds, it blocks all the wireless TKIP clients on that interface for the hold-down timer. Use this command to disable or tune this behaviour. [SYS-434]interface {name} encryption tkip hold-down {hold-down}
— set thehold-down
timer in seconds (from 0 to 60). The default value is 60 sec.
Added DDNS update status on the Domain name > DDNS configuration page. [NWI-818]
Improved
Improved Network ports tile of the System dashboard now links to System settings > Network ports for all operating modes of the Keenetic. [NWI-822]
System dashboard improvement: Use the Change link to modify the schedule of Wi‑Fi network availability when Wi-Fi is disabled. [NWI-840]
Fixed
Fixed an error in accessing the device's Web Interface after a few days of operation, causing the following messages in the System log. [NDM-2046]
ndm: Http::Nginx: there are errors in config, reconfigure.
ndm: Http::Manager: unable to update configuration, retry.
Repaired the DHCP-client startup when the Keenetic is connected to the Internet as a Wi‑Fi client. [NDM-2028]
Fixed
ntce: unknown protocol.
error message in the System log of the Traffic classification engine component triggered by IPv6/Teredo packets. [NDM-2044]The IPv6 section of the System dashboard menu now displays only the default IPv6 gateway for the corresponding interface. [NWI-823] [Forum topic]
Fixed an
Invalid username or password
error displaying on the Web Interface Login page under certain conditions. [NWI-805] [Forum topic]Fixed hint layout and uptime label on dashboard tiles for mobile screens. [NWI-832]
Corrected Network access naming for VPN server settings. [NWI-838] [Forum topic]
KeeneticOS 3.8 Alpha 1
This is the initial shipping release for Keenetic Sprinter (KN-3710).