KeeneticOS 4.0
KeeneticOS 4.0.2
01/08/2023
Fixed
Restored Fast transition (802.11r) operation for wireless roaming in additional segments such as the Guest segment (
protected
). [NDM-2774] [Forum topic]The Ping Check now works correctly when the Operator DNS is disabled and secure DNS over HTTPS (DoH) or DNS over TLS (DoT) is enabled. [NDM-2784] [Forum topic]
Fixed issue with adding the default ISP route when setting up a static IPv6 Internet connection. [NDM-2839]
Wireless connection with WPA3-PSK (
SAE-H2E
method) security no longer triggers a system reboot. [SYS-932]The cause of the
not found: interface security-level
error message in the System log has been fixed when configuring the extender. [NDM-2868]The issue of unregistered devices originating from the Extender IP address in additional segments has been resolved. [NDM-2869] [Forum topic]
KeeneticOS 4.0.1
19/07/2023
Improved
Faster and more reliable operating system updates for Mesh Wi-Fi nodes. The structure of the Mesh Wi-Fi System and the connections between nodes now determine the order in which nodes are updated. [NDM-2816]
The Web interface now supports the Danish language. [SYS-907]
Fixed
Fixed issue with
404 error
when redirecting to legacy initial setup wizard at/wizard/initial-setup
[NDM-2848] [Forum topic]Network segmentation has been fixed to prevent Guest segment devices from accessing the settings of Extender nodes. [NDM-2744]
Fixed support for Microsoft Point-to-Point Encryption (MPPE) on L2TP/IPsec connections. [NDM-2859]
KeeneticOS 4.0.0
07/07/2023
Improved
The Yandex.DNS presets in the Internet Safety menu now support secure resolutions using DNS-over-HTTPS (DoH) protocol. [SYS-901]
Fixed
The name of the segment and other description fields are now protected against the XSS vulnerability in the Web interface. [NWI-2715]
Enabling the DNS transit requests feature correctly disables DNS packet interception. [NDM-2769]
Fixed an error that caused all WireGuard tunnels to disable when one of the tunnels was turned off. [NDM-2800] [Forum topic]
Fixed HTTP server configuration errors after changing the interface security level under certain conditions. [NDM-2832]
KeeneticOS 4.0 Beta 3
23/06/2023
New
Implemented a new option to de-announce IPv6 prefixes for backup connections. [NDM-2805]
Improved
Added ICMPv6 support to
ipv6 static
rules, allowing pingv6 to local devices with IPv6 addresses. [NDM-2760]ipv6 static (... | icmpv6) [interface] {mac}
— enableicmpv6
protocol for specified{mac}
Fixed
The WireGuard connections no longer restart after NTP time synchronisation. [NDM-2773] [Forum topic]
KeeneticOS 4.0 Beta 2
09/06/2023
New
There are no changes for Keenetic Start(KN-1110).
Fixed
It is now possible to add new extenders to the Wi-Fi system without an Internet connection. [NDM-2594]
Speed limits set for multiple registered devices no longer cause the system to spontaneously restart. [NDM-2730]
Corrected the display of the Network SSID tooltip for the Scan for networks results list on the Wi-Fi Monitor page. [NWI-2648] [Forum topic]
Fixed some minor visual issues with the Web interface layouts. [NWI-2675, NWI-2676] [Forum topic]
Fixed positioning of Web UI elements on the System Dashboard page when zooming in Safari iOS 16. [NWI-2626]
Fixed the GRE/IPsec connection issue when using IKEv2 and Cisco iOS/Nx-Os endpoints. [NDM-2789]
KeeneticOS 4.0 Beta 1
26/05/2023
New
There are no changes for Keenetic Start(KN-1110).
KeeneticOS 4.0 Beta 0.3
20/05/2023
Fixed
Sorting in the Channels column on the Wi-Fi Monitor page now works correctly. [NWI-2603] [Forum topic]
Corrected the layout of the dialogue box of the Fail-safe function. [NWI-2635] [Forum topic]
Fixed incorrect local and remote IKEv2 proposal IDs when using GRE/IPsec tunnels. [NDM-2750]
KeeneticOS 4.0 Beta 0.2
13/05/2023
New
Implemented a new
ip
format option for the DCHP server in the command line interface (CLI): [NDM-2755]ip dhcp pool {name} option {2..254} ip {address[,address]*}
— set IP addressip
for certain DCHPoption
number
KeeneticOS 4.0 Beta 0.1
06/05/2023
Fixed
The
HEAD
method for*.html
resources has been restored in the web server response. [NDM-2748] [Forum topic]
KeeneticOS 4.0 Alpha 20
27/04/2023
Improved
Implemented propagation of Network Time Protocol settings to extenders in the Wi-Fi System. [NDM-2508]
Fixed
The incompatibility of the Ping Check service with DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) name servers has been fixed. [NDM-2739] [Forum topic]
Fixed incorrect assignment of VLAN roles to ports in the Web Interface. [NWI-2593]
KeeneticOS 4.0 Alpha 19
17/04/2023
Fixed
The KeeneticOS API is re-enabled for the Keenetic mobile application. [SYS-838] [Forum topic]
The cause of the
unable to obtain addresses
error message in the System log has been fixed when using DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) filtering. [NDM-2735] [Forum topic]Fixed cause of
resource deadlock avoided
error message in System log coming fromCloud agent service
. [NDM-2736] [Forum topic]
KeeneticOS 4.0 Alpha 18
14/04/2023
New
The new option to bind DNSv6 addresses is now available via the command line interface (CLI), as follows:
ipv6 name-server {address} [{domain} [on {interface}]]
— bind DNSv6{address}
on specified{interface}
;for example:
ipv6 name-server 123::456 "" on UsbLte0
Improved
The initial Ping Check state has been changed to a negative state to avoid using a non-working connection to access the Internet. Reduced initial Ping Check time. [NDM-1837]
Fixed
Disabled the use of name servers (DNS servers) on offline backup connections. [NDM-795]
The static route for the WireGuard® VPN remote peer is no longer removed after changes are made to the underlying connection of the WireGuard VPN tunnel. [NDM-2522]
The bandwidth control of the Connection policy now works as intended for IPsec IKEv2 client connections. [NDM-2537]
Fixed incorrect re-association logic when dealing with a roaming Wi-Fi client with PMKID. [SYS-810]
Asymmetric speed limiting now works correctly for registered devices when IntelliQoS is enabled. [SYS-836]
KeeneticOS 4.0 Alpha 17
07/04/2023
Fixed
The Wireless ISP connection now displays the password field correctly when connecting to a mixed
WPA1-PSK/WPA2-PSK
wireless network. [NWI-1544] [Forum topic]The Other Devices category returns to the Traffic monitor page. [NWI-2541]
Fixed the Safari browser's non-editable Clients isolation checkbox. [NWI-2501] [Forum topic]
Fixed adding a route with
/32
IP subnet or address mask on the OpenVPN interface. [NDM-2686]Fixed a phantom traffic display for unregistered devices. [NDM-2702]
The multipath policies now work correctly and do not use connections with negative Ping Check testing results. [NDM-2706]
KeeneticOS 4.0 Alpha 16
31/03/2023
Improved
The Firewall service now flushes corresponding sessions when firewall rules are enabled or disabled. [NDM-2690]
The maximum MTU size has been increased to
1514
bytes, providing PPPoE MTU =1500
bytes over VLAN. [SYS-812]
Fixed
There are no changes for Keenetic Start(KN-1110).
KeeneticOS 4.0 Alpha 15
24/03/2023
Improved
The
ip alias
configuration no longer affects the NAT translation for the primary PPPoE connection. [SYS-806]
KeeneticOS 4.0 Alpha 14
17/03/2023
New
The Web Interface's new custom HTTPS server port allows you to free up a standard
TCP/443
port and forward it to any device on your local network. [NDM-2670]ip http ssl port {port}
— assign a different{port}
for HTTPS server of the Web Interface
Added new optional
username
andpassword
parameters to thechilli login {mac}
command of the Captive portal system component: [NDM-2679]interface Chilli0 chilli login {mac} [username {username} password {password}]
— make manual authorization with specified{username}
and{password}
Improved
Added a
robots.txt
file to the Web Interface server to prevent indexing by search engines. [NDM-2673]
Fixed
Custom DNS resolution profiles are now correctly applied to Segments and registered devices. [NWI-1547] [Forum topic]
Prevented IPsec configuration failure using a cryptographic key
crypto ike key
with an unsupported length greater than 72 characters. [NDM-2562]Increased the packet queue length of the Captive portal system component to prevent packets from being dropped due to system log congestion errors under heavy load. [NDM-2572]
Reconnection of a wireless client to the access point with WPA3-PSK protection works correctly after accidental disconnection. [SYS-797]
KeeneticOS 4.0 Alpha 13
10/03/2023
New
The setting for the new On-demand type of Internet connection is available from the Command Line Interface (CLI). The On-demand type of connection is automatically disconnected if a higher priority Internet connection is running. [NDM-2643]
interface {name} standby enable
— switch connection type to On-demand for specified interface{name}
The new Captive Portal option is available for manual authorization of hotspot hosts in the command line interface (CLI): [NDM-2417]
interface Chilli0 chilli login {mac}
— make manual authorization for specified{mac}
Fixed
The OpenVPN connection configuration parser handles the
<auth-user-pass>
inline password section correctly. [NDM-2640]The cause of the
lock precedence violation
error message in the System log that caused slow Web Interface responses has been fixed. [NDM-2663] [Forum topic]The parsing of the security parameters during a
site-survey
action now operates correctly for an Access Point (AP) that announces WPA2 and Fast Transition (FT). [SYS-796]
KeeneticOS 4.0 Alpha 12
07/03/2023
Improved
There are no changes for Keenetic Start(KN-1110).
Fixed
The Select Your Country or Region pop-up displays correctly in desktop and mobile Safari browsers. [NWI-1541] [Forum topic]
Fixed the BSS ranking algorithm for the
WifiStation
and Mesh Wi-Fi System backhaul connection. [SYS-782]The start up of the DHCP client now works correctly on extenders that are connected via wireless backhaul. [NDM-2655] [Forum topic]
OpenVPN interface state detection has been restored; this was causing the VPN connection to fail. [NDM-2661] [Forum topic]
Fixed a bug introduced in 4.0 Alpha 11 that prevented the Keenetic mobile application agent from starting correctly in KeeneticOS. [SYS-793]
Fixed DNS settings incorrectly removed on IKEv1/IPsec and IKEv2/IPsec VPN servers. [NDM-2662]
KeeneticOS 4.0 Alpha 11
03/03/2023
New
The Country and Time Zone Confirmation popup will appear when you enter the Web Interface. This confirmation is needed to improve communication with the Keenetic Cloud, time synchronization servers, proper Wi-Fi network announcement, and legal consent. [NWI-1437]
In accordance with the requirements of the Federal Law of the Russian Federation No. 152, the Device Privacy Notice will be displayed for your review when you confirm that your country of operation is the Russian Federation.
The new 464clat (RFC6877) option has been implemented for the IPv6 transition mechanism. [NDM-2121]
The EAEU regional code replaces the former RU code. [NDM-2396]
The SNMP server system component now supports IPv6 protocol operation. [NDM-2653]
Improved
The SkyDNS IP addresses have been added to the static DNS cache on KeeneticOS to provide a faster connection to the SkyDNS service. [NDM-2497]
Fixed
SNMP response now comes from the correct source IP address when accessing via a VPN connection. [NDM-2082]
The default route is now correctly assigned for HTTP/HTTPS/SOCKS5 proxy interfaces. [NDM-2366]
The Fast Transition (802.11r) option is displayed correctly after changing the network name (SSID) for one of the Wi-Fi bands. [NWI-1508]
The Clients tooltip now displays Wi-Fi device names on the Extender's Wi-Fi monitor page. [NWI-1528] [Forum topic]
The cause of the
group address 224.0.1.187 is not equal destination address
error message in the System log has been fixed. [SYS-775]
KeeneticOS 4.0 Alpha 10
20/02/2023
Improved
The username of the KeeneticOS account now allows the dot '
.
' character. [NWI-1523]
Fixed
The Phase 1 Rekey time display is corrected in the Web Interface for Site-to-site IPsec VPN connections after changes in system statistics. [NWI-1518]
KeeneticOS 4.0 Alpha 9
18/02/2023
New
There are no changes for Keenetic Start(KN-1110).
Improved
There are no changes for Keenetic Start(KN-1110).
Fixed
The RADIUS settings propagate correctly from the Controller to all Extenders of the Wi-Fi System. [NDM-2243]
IPv4 connectivity restored via an IPv6 MAP-T Internet connection. [NDM-2613]
Fixed
connected
state for HTTP/HTTPS/SOCKSv5 proxy interfaces. [NDM-2627]
KeeneticOS 4.0 Alpha 8
11/02/2023
New
The Application traffic analyser now supports traffic classification for the ICMP protocol. [SYS-760]
Improved
The OpenSSL library is updated to the latest version,
3.0.8
, which fixes the following list of vulnerabilities: [SYS-759]
Fixed
The Ping Check > Automatic profile operation has been fixed. [NDM-2608]
The check box to Enable the SNTP service for local devices is available with a custom configuration of NTP servers. [NWI-1505]
KeeneticOS 4.0 Alpha 7
07/02/2023
Fixed
The DHCP renewal process no longer restarts L2TP/PPTP/IPoE Internet connections. [NDM-2590] [Forum topic]
Status detection of the interface with a static IPv6 address works as intended. [NDM-2591]
Disconnecting the underlying interface for WireGuard® VPN no longer causes traffic flooding. [NDM-2593] [Forum topic]
KeeneticOS 4.0 Alpha 6
03/02/2023
New
There are no changes for Keenetic Start(KN-1110).
Improved
The
ipv6 firewall
CLI command has been deprecated and removed. [NDM-1731]The network interface status tracking mechanism in KeeneticOS has been redesigned to provide better IPv6 protocol support and faster Web Interface response. [NDM-2415]
Warning
Different types of Internet connections and related functions may be affected. Please make a backup of your firmware image and startup configuration before updating.
Fixed
The PPPoE connection now works as intended with IPv6-only connections. [NDM-2585]
Disabled PAT (Port Address Translation) for locally generated traffic. This was particularly disruptive to MAP-T and DS-Lite Internet connections. [NDM-2587] [Forum topic]
System halt has been fixed when connecting to the cloud service under certain conditions. [NDM-2516]
KeeneticOS 4.0 Alpha 5
27/01/2023
Improved
The new WAN IPv6 address assignment option has been implemented in accordance with the RFC6204 (WAA-8) standard. [NDM-2549]
Fixed
The cause of the
ndnproxy:out of socket file descriptors
error message in the System log was fixed. It occurs under heavy loading of theDNS proxy
service. [SYS-727]The enabled DNS request transit option now operates as expected for unregistered hosts. [NDM-2547]
Fixed
watchdog timer interrupt on CPU0
system reboot when using the Traffic shaper system component. [SYS-397]The default route via the IPoE interface is now automatically restored after the PPP (PPPoE, L2TP, PPTP) interface is deleted. [NDM-2575]
KeeneticOS 4.0 Alpha 4
20/01/2023
Improved
KeeneticOS now allows you to assign
512
hosts with Static IP settings on the Device lists page for registered devices. [NDM-2501]Increased KeenDNS service web application records from
160
to256
. [NDM-2519]
Fixed
The
DNS proxy
service now handles TCP chunks correctly, resulting in better service stability. [SYS-726]Fixed
connected
state for interfaces with a statically configured IP address. [NDM-2551]Phase 1 Rekey time is now displayed correctly for site-to-site IPsec VPN connections. [NDM-2554]
Fixed the reason for spontaneous disconnection of remote connections to L2TP/IPsec VPN server. [NDM-2555]
The Traffic monitor page now displays the correct average speed for 3 minutes. [NDM-2556]
Corrected the "transmitted bytes" statistic in the host traffic monitor legend. [NDM-2560]
KeeneticOS 4.0 Alpha 3
12/01/2023
New
The new deSEC (desec.io) service is available for the Dynamic DNS (DDNS) client system component. [NDM-2540]
A new CLI command allows the deactivation of an internal
storm-control
feature for a specific interface:interface {name} storm-control disable
— disable storm-control on{name}
interface
Fixed
Ethernet ports are now operating correctly after re-enabling of the previously disabled ports. [NDM-2529] [Forum topic]
Connection priority change no longer modifies the interface state. [NDM-2526] [Forum topic]
The
ip6 prefix auto
setting no longer disappears from the running configuration. [NDM-2528] [Forum topic]The
ICMP
andGRE
protocols are now available for the new IPsec traffic selectors with multiple subnets. [NDM-2534] [Forum topic]The use of WireGuard® tunnels as the default route with the IPv6 protocol is now fixed. [NDM-2535]
Restored the working of IPv6 in IPv4 tunnels after switching to new routing table logic. [NDM-2544] [Forum topic]
The
interface ipv6 force-default
CLI command has been brought back into support for backward compatibility. [NDM-2545] [Forum topic]
KeeneticOS 4.0 Alpha 2
30/12/2022
Fixed
The Fail-safe configuration mode no longer causes an unnecessary reboot. The timeout is set to three minutes. [NWI-1496]
The Provider name description now displays correctly on the Dashboard and Connection priorities pages. [NWI-1495] [Forum topic]
The cause of the
not found: show/ip6/routes
error messages in the System log was fixed. [NWI-1497] [Forum topic]Restored PPPoE interface management when it changes up or down state. [NDM-2523] [Forum topic]
The SSTP VPN server now supports legacy
TLSv1/SHA1
algorithms for correct SSTP connection with particular Windows 7 clients. [NDM-2525] [Forum topic]
KeeneticOS 4.0 Alpha 1
27/12/2022
New
The new IPv6 Prefix Delegation option has been implemented for subnetting. [NDM-1976]
Use the following CLI commands to set:
ipv6 subnet {name} prefix length {length}
— set subnet prefix lengthipv6 subnet {name} prefix delegate {delegate}
— set delegated prefix length (must be shorter than prefix length)
A typical configuration Prefix Delegation for a Home segment looks like follows:
ipv6 subnet Default bind Home mode dhcp prefix length 63 prefix delegate 64 number 0
The new multiple subnets option is available for Site-to-site IPsec VPN connections in Phase 2, providing network connectivity between several subnets over a VPN tunnel. [NDM-313]
Use the following CLI commands to set:
object-group ip {name}
— create a new object groupinclude (ip | tcp | udp | tcpudp | icmp) {address} [{port} [{end-port}]]
exclude (ip | tcp | udp | tcpudp | icmp) {address} [{port} [{end-port}]]
crypto map {name} traffic-selectors {local} {remote}
— assign local/remote object groups as Phase 2 selectors
The new Add local subnet and Add remote subnet options are available for Site-to-site IPsec VPN connections on the Internet > Other connections page.
Implemented host traffic accounting for IPv6 protocol, providing correct calculation for the incoming/outgoing data of your home devices. [SYS-648]
The Application traffic analyser now supports traffic classification for the IPv6 protocol. [SYS-652]
The Traffic shaper system component now supports operation with the IPv6 protocol, providing correct traffic limitation for data flows of IPv4/IPv6 together. [SYS-658]
The Web Interface receives core support for IPv6 connections. [NDM-2448]
The OpenVPN client and server system component now supports the IPv6 protocol for VPN connection. [NDM-2451]
The Wireguard VPN component now internally supports the IPv6 protocol for VPN connection. [NDM-2452]
Implemented support for 802.1Q tagged VLAN traffic over
AccessPoint
andWifiStation
(Wireless ISP) interfaces. [SYS-682]The new HTTP/HTTPS URI mode of the Ping Check allows you to specify the host address to check using a URI (Uniform Resource Identifier). [NDM-2490] [Forum topic]
Use the following CLI commands to set:
ping-check profile {name} mode (icmp | connect | tls | uri)
— enable URI checking for Ping Check profile{name}
ping-check profile {name} uri {uri}
— set URI
Connection policy now operates with the IPv6 protocol. [NDM-2515]
Improved
Fixed
DNS IPv6 responses now sent from the correct and expected port 53. [NDM-2439]