KeeneticOS 3.8
What’s new?
Here are the themes we are developing right now.
New content filtering and ad-blocking options:
Choose filtering profiles from popular public DNS resolvers: AdGuard DNS, CleanBrowsing, Cloudflare DNS, Neustar UltraDNS Public, OpenDNS, Quad9, Yandex.DNS;
Mix and match filtering profiles from different service providers to your devices in one setup;
Add your custom DNS profiles and use them along with public DNS resolvers;
Assign default filtering profiles to network segments;
Try content filtering services from the NextDNS.
Would you mind giving us feedback in the forum?
KeeneticOS 3.8.2
22/06/2022
Fixed
Fixed the issue with the Safari browser which was resulting in a blank Web Interface Login page. [NWI-1216] [Forum topic]
KeeneticOS 3.8.1
20/06/2022
Improved
Renaming of the Extender now executes faster, and no longer causes re-calculation for the whole Mesh Wi-Fi system. [NDM-1838]
Fixed
The Unregister action for the network host is now executed more carefully, with forced deletion of the Static IP setting. [NWI-1113]
The validator for the requested KeenDNS domain name now acts according to RFC 5890. The '
-
' symbol is prohibited at the KeenDNS domain's beginning and end. [NWI-1159]
KeeneticOS 3.8.0
10/06/2022
New
The new Channel number option for Wireless ISP connections allows setting of a specific channel number instead of automatic channel selection based on an SSID. This setting significantly reduces the air scanning time, leaving more slots for Wi-Fi distribution and Mesh Wi-Fi backhaul operation. Use this setting for scenarios when the uplink ISP or Hotspot has a fixed Wi-Fi channel number. [NWI-938]
Fixed
Switching wireless networks on/off at the Home segment configuration page of a Keenetic device in Access point/Extender mode no longer leads to loss of device control for a while. [NDM-2178]
Fixed DoT (DNS over TLS) operation after reconnection of a PPPoE session. [NDM-2215]
The Wi-Fi SMPS (Spatial Multiplexing Power Save) feature now correctly handles requests from Qualcomm 835/845/855 wireless clients providing a dynamic switching MIMO scheme from 2x2 to 1x1 and vice versa. [SYS-560]
The WPS enrollee mode is disabled on the Access Point, providing a correct wireless connection flow for specific devices. [SYS-540]
Fixed the reason for a sporadic
VLAN ID is busy
error message on the device in the Extender mode. [NDM-2252]
KeeneticOS 3.8 Beta 2
20/05/2022
New
The new default setting Auto for time synchronization selects NTP servers automatically from Keenetic's cloud infrastructure, with the option to manually set up custom servers. [NWI-1107]
Improved
Using the Web Interface to assign an Ethernet port to the Guest segment enables its operation if wireless networks are disabled. [NWI-1029]
The new Bandwidth control mode selector (Auto / Manual / Disabled) for inbound and outbound traffic is now available for configuring connections in the Internet Connections policies. [NWI-1070]
The OpenSSL library is updated to the latest version,
1.1.1o
, fixing the CVE-2022-1292 and CVE-2022-1473 vulnerabilities. [SYS-551]
Fixed
Fixed the misbehaviour of tabs across the Web Interface while changing orientation from portrait (vertical) to landscape (horizontal) and vice versa in mobile browsers. [NWI-1026]
Updated and unified toggle behaviour for the Application section. [NWI-1037] [Forum topic]
The L2TP reception window is increased to 1024 packets to fine-tune performance. [NDM-2138]
The Keenetic will not serve DNS requests when not in the Router mode. [NDM-2205]
Fixed erroneous Connection priority selector behaviour occurring under certain conditions. [NWI-1068]
Restored Internet Checker behaviour to support default routes through a gateway in the local network using topologies with a non-Keenetic device as the primary router. [NDM-2220]
The Default content filtering profiles for multiple network segments now act correctly. [NDM-2230]
Fixed the reason for the
fastvpn
service operation causing the following messagesfastvpn: len = 56, head = ...
in the System log. [SYS-557] [Forum topic]
KeeneticOS 3.8 Beta 1
21/04/2022
New
There are no changes for Keenetic Start(KN-1110).
Improved
Added
MTU
control to IKEv2 VPN client configuration in the advanced settings section, providing better interoperability with certain VPN providers, for example, Surfshark VPN. [NWI-974]Added a warning message while setting up a Port forwarding rule for the HTTPS or 443/TCP protocol. [NWI-977]
Increased the maximum PSK key size up to
196
characters for IPsec VPN and IPsec/L2TP connections, providing proper connection to corporate networks with firm security policies. [NDM-2128]Added the display of the
regional code
next to the Model name field on the About the system tile. [NWI-1027]Improved IPv4 availability criteria for
MAP-T
-enabled connections for the proper display on the Dashboard page. [NWI-1025]Added links to the NextDNS account configurations on the Internet safety page, providing easy access to the NextDNS management portal. [NWI-1020] [Forum topic]
Added support for two-factor authentication (2FA) for the NextDNS service on the Internet safety page. [NWI-1021]
Fixed
Muted excessive debug messages from
https-dns-proxy: curl ...
DNS over HTTPS (DoH) service of the KeeneticOS. [SYS-516]Wi-Fi radio turned off by the Wi-Fi button now keeps this state after a system reboot or power-off event. [SYS-78]
KeeneticOS 3.8 Alpha 8
18/03/2022
Improved
The Mesh Wi-Fi System controller now configures multiple extenders simultaneously. This improvement dramatically reduces start-up times for the systems with many extenders. [NDM-2003]
The Captive portal option is now available for multiple network segments simultaneously. [NWI-916]
The Application traffic analyser now identifies different types of traffic within one application, for example, Video/Voice call or File transfer within the WhatsApp application. Based on this data, IntelliQoS can further enhance traffic priority. [NWI-951]
Added MAP-T connection information to the System dashboard. [NWI-960]
Updated to the latest OpenSSL library version 1.1.1n, which fixes the CVE-2022-0778 vulnerability. [SYS-523]
Fixed
UPnP port forwarding now works accurately with multiple Internet connections policies in place. [NDM-1382]
Fixed the WireGuard® outgoing packet loop when the underlying WAN link goes down. [NDM-852]
Moving registered devices between Internet Connection policies profiles won't break their work schedule(s) anymore. [NDM-1716]
Fixed the display of the Ports and VLANs settings on mobile devices. [NWI-924] [Forum topic]
Fixed multiple remote peer support for OpenVPN connections. [NDM-2115]
DNS servers configured for WireGuard® connections now work accurately. [NDM-2122]
Fixed the configuration logic of the automatic default route for MAP-T. [NDM-2125]
Internet connection via IPv6 MAP-T now supports the
1:1 IPv4
sharing ratio option. [NDM-2127]
KeeneticOS 3.8 Alpha 7
04/03/2022
New
The new MAP-T option is available for tunnelling IPv4 protocol packets over an ISP's internal IPv6-only network according to the RFC7599. Please check whether your ISP supports this feature. [NDM-1824, NWI-906]
The new Conditional Wi-Fi broadcast option is available for the Mesh Wi-Fi System. When enabled, Wi-Fi System Extenders stop wireless network broadcasting when the Wi-Fi System Controller is inaccessible. [NWI-895]
The Internet connection policy now has the Adaptive Outbound Speed Limit option, currently available through the CLI only, as follows: [NDM-2109]
ip policy rate-limit output ({rate} | auto)
Improved
The user properties menu is now directly accessible from the Applications settings with user credentials. [NWI-893]
Updated the metadata file of the Web Interface to comply with the Progressive Web App (PWA) specification. [NWI-904] [Forum topic]
Improved traffic classification through additional attribute parsing. [NDM-2021]
Changed the RTP (Real-time Transport Protocol) classification category to Voice over IP for the Cloud-based content filtering and ad blocking system component. [NDM-2110]
We replaced Service Class with a Traffic Priority setting for registered devices and IntelliQoS. [NWI-939]
Fixed
The KeeneticOS now operates correctly with a
startup-config
file size of more than 64 Kbytes. [NDM-2090]Fixed the selection of an optimal backhaul connection to the Mesh Wi-Fi System node based on Wi‑Fi RSSI and STP distance metrics. [SYS-486]
Fixed the
invalid domain name
error messages for the DHCP server with an enabledupdate-dns
option upon receiving DHCP requests with special symbols in thehostname
field. [NDM-2085]Fixed invalid remote RADIUS server requests with WPA2 Enterprise network protection. [NDM-2081]
The menu list of the Web Interface now displays with full height on the mobile Safari® browser. [NWI-914] [Forum topic]
KeeneticOS 3.8 Alpha 6
14/02/2022
Fixed
The Port Forwarding page now displays correctly on mobile screens. [NWI-883] [Forum topic]
KeeneticOS 3.8 Alpha 5
07/02/2022
Improved
New configuration option for devices in the Extender mode: a network Segment can have No IP address. [NWI-847] [Forum topic]
Fixed
The sorting of the User-defined routes table now functions appropriately. [NWI-873] [Forum topic]
KeeneticOS 3.8 Alpha 4
01/02/2022
New
Added per-host sessions counters on the Management > Diagnostics > Active connections screen. [NWI-844]
The new Session expiry timeout parameter is available in the Captive portal settings. The session terminates when the Captive portal client does not renew the DHCP lease for a specified period. The maximum lease time is 72 hours (4320 minutes). [NWI-867]
Improved
The L2TP/IPsec VPN connection operates more stably under heavy load. [SYS-39]
Added a cautionary note for the Negotiation mode selector in IKEv1 IPsec connection setup. [NWI-877]
Note
Use the Aggressive mode for compatibility purposes only as it introduces security risks. If this Keenetic device has the IPsec server (Virtual IP) or L2TP/IPsec VPN servers enabled, the IPsec VPN connections enforce the Main negotiation mode regardless of this setting.
Added an option to save KeeneticOS and configuration files before a manual system update. [NWI-871]
The controls of the User-defined routes section are moved to the top, providing easy management, with a long list of the routes. [NWI-862] [Forum topic]
Fixed
Opening the Internet safety menu does not cause the
Core::Configurator: not found: "show/rc/dns-proxy/filter/engine"
error message in the System log when there are no installed KeeneticOS components of this category. [NWI-866] [Forum topic]The Wi-Fi beacon frames broadcasted during the auto-channel selection (ACS) routine had invalid channel numbers. [SYS-473]
Keenetic RMM service polls no longer produce
ndm: Hotspot::Account: data is absent for host "aa:bb:cc:dd:ee:ff"
error messages for devices that have been offline since system restart. [NDM-2057]The Active connections section of the Diagnostics menu once again displays statistics. [NDM-2061] [Forum topic]
KeeneticOS 3.8 Alpha 3
24/01/2022
New
Extended flexibility with a secure DNS setup: Resolve specified domain names via a preset secure DNS server with the following CLI commands for DoT (DNS over TLS) and DoH (DNS over HTTPS) options. [NDM-2040] [Forum topic]
dns-proxy tls upstream {address} [port] [sni {sni}] [spki {spki}] [on {interface}] [domain {domain}]
dns-proxy https upstream {url} {json | dnsm} [spki {spki}] [on {interface}] [domain {domain}]
Fixed
The CLI command for disabling ARP discovery
ip hotspot auto-scan no interface Home
now operates correctly when the corresponding Segment uses a wide IP subnet mask255.255.240.0
. [NDM-1940]
KeeneticOS 3.8 Alpha 2
17/01/2022
New
A new configuration option for improved compatibility with legacy Wi-Fi clients: Control the TKIP countermeasures
hold-down
timer. If the Wi‑Fi Access Point with WPA-PSK + WPA2-PSK protection mode detects twoMIC errors in RX
failures within 60 seconds, it blocks all the wireless TKIP clients on that interface for the hold-down timer. Use this command to disable or tune this behaviour. [SYS-434]interface {name} encryption tkip hold-down {hold-down}
— set thehold-down
timer in seconds (from 0 to 60). The default value is 60 sec.
Added DDNS update status on the Domain name > DDNS configuration page. [NWI-818]
Improved
Improved Network ports tile of the System dashboard now links to System settings > Network ports for all operating modes of the Keenetic. [NWI-822]
System dashboard improvement: Use the Change link to modify the schedule of Wi‑Fi network availability when Wi-Fi is disabled. [NWI-840]
Fixed
Fixed an error in accessing the device's Web Interface after a few days of operation, causing the following messages in the System log. [NDM-2046]
ndm: Http::Nginx: there are errors in config, reconfigure.
ndm: Http::Manager: unable to update configuration, retry.
Repaired the DHCP-client startup when the Keenetic is connected to the Internet as a Wi‑Fi client. [NDM-2028]
Fixed
ntce: unknown protocol.
error message in the System log of the Traffic classification engine component triggered by IPv6/Teredo packets. [NDM-2044]The IPv6 section of the System dashboard menu now displays only the default IPv6 gateway for the corresponding interface. [NWI-823] [Forum topic]
Fixed an
Invalid username or password
error displaying on the Web Interface Login page under certain conditions. [NWI-805] [Forum topic]Fixed hint layout and uptime label on dashboard tiles for mobile screens. [NWI-832]
Corrected Network access naming for VPN server settings. [NWI-838] [Forum topic]
KeeneticOS 3.8 Alpha 1
23/12/2021
New
New content filtering option: NextDNS service is available now as the KeeneticOS system component. Install the NextDNS component and register an account with the service before use. [NDM-1870]
The following CLI commands are available to configure the NextDNS component:
nextdns check-availability
;nextdns authenticate {login} {password} [{pin}]
— please register with NextDNS before authentication;show nextdns profiles
— look for the token associated with the filtering profile and apply it with the following command;nextdns assign ( ({host} {token}) | (interface {iface} {token}) | {token} )
;dns-proxy filter engine nextdns
— to enable NextDNS.
New configuration option for Traffic classification engine: Use the
no ntce memory-watcher
CLI command to disable the memory "pressure watcher" mechanism enabled by default. [NDM-1995]More content filtering and ad blocking choices with outstanding flexibility: AdGuard DNS, CleanBrowsing, Cloudflare DNS, Neustar UltraDNS Public, OpenDNS, Quad9, Yandex.DNS are now available at once with the redesigned Public DNS resolvers & custom DNS profiles option. Mix and match content filtering services with registered devices for complete control. Install the all-new Cloud-based Content Filtering and Ad Blocking system component of KeenetiсOS and give it a try. [NDM-1820, SYS-361, NWI-784]
Warning
We suggest making a configuration backup before trying the new version of KeeneticOS 3.8. The new Cloud-based Content Filtering and Ad Blocking component settings are incompatible with previous versions of KeeneticOS.
When installing version 3.8, the existing settings of Yandex.DNS, AdGuard DNS, and Cloudflare DNS components automatically migrate to the new Cloud-based Content Filtering and Ad Blocking component.
New control option for Mesh Wi‑Fi system: Reboot Wi-Fi system extenders from the controller using the new CLI command
mws member {member} reboot
. [NDM-1946]
Improved
There are no changes for Keenetic Start(KN-1110).
Fixed
The inbound and outbound Speed limits of the custom Internet connection policy now operate accurately. [NDM-1889]
Fixed concurrent operation of the Speed limit for a Registered device and a custom Internet connection policy with speed limits. [NDM-1751]