KeeneticOS 3.9
What’s new?
Welcome! Release 3.9 contains numerous new features, fixes, and improvements. You can learn the main innovations from this brief introduction.
Expanded support for the IPv6 protocol now includes Dual-Stack Lite (DS-Lite) and MAP-T connection options, hardware traffic offloading, and out-of-the-box IPv6 experience with the Initial Setup Wizard.
New Fail-safe configuration mode for worry-free remote device management.
New Wi-Fi monitor and network scanner to see what's going on in the air.
The multipath routing policy option to optimize the usage of multiple Internet connections, speed up and balance the traffic.
Upgraded to version
2.6
OpenVPN client and server to keep you up-to-date with the latest security measures.The HTTP/HTTPS/SOCKS5 proxy to help with the most challenging tunnelling applications, along with the simple task of connecting your network to the Internet via a proxy server.
Transport Layer Security validation for safe VoIP telephony communications over the Internet.
An easier internet connection setup with the option to retrieve the previous router's username and password for PPPoE connection.
KeeneticOS 3.9.8
11/05/2023
New
New SIP transport options -
udp6
,tcp6
,tls6
- are available with IPv6 protocol support for thenvox sip {id} transport
CLI command. [VOX-142]nvox sip {id} transport (udp6 | tcp6 | tls6)
— enable SIP transport with the specified protocol
New SIP transport options - UDP6, TCP6 and TLS6 - are now available on the Telephone Line Settings page of the Web Interface. [NWI-2499]
The new Captive Portal option is available for manual authorization of hotspot hosts in the command line interface (CLI): [NDM-2417]
interface Chilli0 chilli login {mac}
— make manual authorization for specified{mac}
Added new optional
username
andpassword
parameters to thechilli login {mac}
command of the Captive portal system component: [NDM-2679]interface Chilli0 chilli login {mac} [username {username} password {password}]
— make manual authorization with specified{username}
and{password}
Fixed
Fixed incorrect assignment of VLAN roles to ports in the Web Interface. [NWI-2593]
The bandwidth control of the Connection policy now works as intended for IPsec IKEv2 client connections. [NDM-2537]
Fixed incorrect re-association logic when dealing with a roaming Wi-Fi client with PMKID. [SYS-810]
The Wireless ISP connection now displays the password field correctly when connecting to a mixed
WPA1-PSK/WPA2-PSK
wireless network. [NWI-1544]The Other Devices category returns to the Traffic monitor page. [NWI-2541]
Fixed the Safari browser's non-editable Clients isolation checkbox. [NWI-2501]
Increased the packet queue length of the Captive portal system component to prevent packets from being dropped due to system log congestion errors under heavy load. [NDM-2572]
Fixed adding a route with
/32
IP subnet or address mask on the OpenVPN interface. [NDM-2686]Web API authentication now works correctly with different software versions of the ZTE MF79U USB modem. [NDM-2694]
Fixed an issue where KeenDNS would not resolve a domain correctly in Direct mode under certain conditions. [KNDNS-136]
KeeneticOS 3.9.5
20/03/2023
Improved
Implemented
web-api
authentication for the ZTE MF79U USB modem, which allows proper management in KeeneticOS. [NDM-2592]
Fixed
Frequency band selector management now works as intended for
UsbQmi
andUsbLte
modems. [NWI-1543]Custom DNS resolution profiles are now correctly applied to Segments and registered devices. [NWI-1547]
SNMP response now comes from the correct source IP address when accessing via a VPN connection. [NDM-2082]
Corrected Partial data tooltip content display in Safari and Firefox browsers. [NWI-1527]
Mobile traffic counting now operates correctly on the Data usage & limit page. [NDM-2626]
The cause of the
group address 224.0.1.187 is not equal destination address
error message in the System log has been fixed. [SYS-775]Fixed the BSS ranking algorithm for the
WifiStation
and Mesh Wi-Fi System backhaul connection. [SYS-782]The DNS servers toggle now operates as intended for
UsbLte
interfaces. [NWI-1542]Reconnection of a wireless client to the access point with WPA3-PSK protection works correctly after accidental disconnection. [SYS-797]
KeeneticOS 3.9.4
27/02/2023
New
The Meiglink SLM820 4G LTE Cat 12 modem module is now supported. [NDM-2602]
Tip
To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module.
Improved
Fixed unnecessary SMB file and printer sharing service restarting when the status of irrelevant network interfaces changes. [NDM-1840]
The Media Server no longer requires activation - Access the applications running on your Keenetic in Guest or other
protected
segments. [NDM-2514]The maximum length of a PIN code for the SIM card in the
UsbLte
andUsbQmi
modems is now eight characters. [NWI-1509]The username of the KeeneticOS account now allows the dot '
.
' character. [NWI-1523]The OpenSSL library is updated to the latest version,
3.0.8
, which fixes the following list of vulnerabilities: [SYS-759]
Fixed
The RADIUS settings propagate correctly from the Controller to all Extenders of the Wi-Fi System. [NDM-2243]
The check box to Enable the SNTP service for local devices is available with a custom configuration of NTP servers. [NWI-1505]
The Phase 1 Rekey time display is corrected in the Web Interface for Site-to-site IPsec VPN connections after changes in system statistics. [NWI-1518]
The Fast Transition (802.11r) option is displayed correctly after changing the network name (SSID) for one of the Wi-Fi bands. [NWI-1508]
The Clients tooltip now displays Wi-Fi device names on the Extender's Wi-Fi monitor page. [NWI-1528]
System halt has been fixed when connecting to the cloud service under certain conditions. [NDM-2516]
KeeneticOS 3.9.3
08/02/2023
Improved
KeeneticOS now allows you to assign
512
hosts with Static IP settings on the Device lists page for registered devices. [NDM-2501]For the Fibocom L850-GL/L860-GL modem modules, SMS storage has been moved from the modem's internal memory to the SIM card memory to avoid problems with receiving and reading incoming SMS messages. [SYS-723]
Fixed
DNS IPv6 responses now sent from the correct and expected port 53. [NDM-2439]
The cause of the
ndnproxy:out of socket file descriptors
error message in the System log was fixed. It occurs under heavy loading of theDNS proxy
service. [SYS-727]The
DNS proxy
service now handles TCP chunks correctly, resulting in better service stability. [SYS-726]The Fail-safe configuration mode no longer causes an unnecessary reboot. The timeout is set to three minutes. [NWI-1496]
The Provider name description now displays correctly on the Dashboard and Connection priorities pages. [NWI-1495]
The SSTP VPN server now supports legacy
TLSv1/SHA1
algorithms for correct SSTP connection with particular Windows 7 clients. [NDM-2525]Fixed early expiration of the Days until count resets timer in the Data usage & limit feature for Mobile Broadband connections. [SYS-720]
The enabled DNS request transit option now operates as expected for unregistered hosts. [NDM-2547]
Phase 1 Rekey time is now displayed correctly for site-to-site IPsec VPN connections. [NDM-2554]
Fixed the reason for spontaneous disconnection of remote connections to L2TP/IPsec VPN server. [NDM-2555]
The Traffic monitor page now displays the correct average speed for 3 minutes. [NDM-2556]
Fixed
watchdog timer interrupt on CPU0
system reboot when using the Traffic shaper system component. [SYS-397]Corrected the "transmitted bytes" statistic in the host traffic monitor legend. [NDM-2560]
The OpenVPN
askpass
option now works as intended after updating the OpenVPN service to version2.6
. [NDM-2563]The remote access to the Download station via KeenDNS no longer produces
limiting requests: excess by zone
errors in the System log. [SYS-752]
KeeneticOS 3.9.2
27/12/2022
New
The new country option for
Israel
is now available in the 5 GHz Wireless Network settings. [SYS-687]The Quectel RM520N-GL 5G/4G LTE Cat 19 modem module is now supported. [SYS-698]
Fixed
The Keenetic mobile app no longer shows the
New network client: ...
message when a wireless client fails to connect to the Wi-Fi. [NDM-2510]The pop-up for VPN statistics now displays correctly on mobile phone screens. [NWI-1481]
The Scan the network option on the Wi-Fi monitor page now displays the scanning result correctly. [SYS-679]
Changing settings of a wired interface no longer excludes it from the connection policy in the Connection priorities menu. [NWI-1488]
The L2TP/IPsec VPN connection reconnects correctly after an Internet connection recovery. [NDM-2507]
KeeneticOS 3.9.1
14/12/2022
New
The new Multi-AP backhaul compatibility option for Range Extender mode allows extension of the wireless coverage of a non-Keenetic Mesh enabled device that requires transmission of Wi-Fi data frames in the 4-address format. [NWI-1468]
Additional USB modems are now supported, including:
Brovi E3372-325 4G Cat4 USB modem. [NDM-2419]
Telit LN941 4G Cat6 QMI-type modem module. [NDM-2453]
Added support for the Dell DW5829e 4G LTE Cat9 USB QMI modem module. [NDM-2400]
The new Fail-safe configuration mode lets you change Keenetic's settings from anywhere without worrying that you'll lose control by choosing the wrong settings. If a remote management session terminates abnormally, the device will automatically reboot in three minutes, and undo the changes. [NWI-1429, NDM-1945, NDM-1844]
Additional USB modems are now supported, including:
Huawei E5783B-230 — 4G LTE Cat 7 mobile router. [NDM-2277]
Huawei E8231 — 3G USB mobile router. [NDM-2296]
The Fast Leave option provides a quick switch between IPTV channels via an IGMP proxy when supported by the ISP. [NDM-2375]
You can use the following command in the CLI:
igmp-proxy fast-leave
— enable IGMPv2 Fast Leave.
On the Connection priorities page, the new colour-coded states option will display the current state for each connection. There are three colours available: [NWI-1326]
Grey — connection is disabled;
Red — no connection or failure to connect;
Green — connection is established.
The new Enable multipath option is now available on the Connection priorities page. You can automatically balance the throughput among included connections by switching the custom Connection Policy to the Multipath mode. [NWI-1328]
On the General system settings page, there is now a checkbox that allows you to enable the SNTP service for the local network. [NWI-1330]
The new SNTP (Simple Network Time Protocol) server feature provides time synchronization for your LAN applications. [NDM-2338]
Use the following CLI command:
ntp master
— enable SNTP server inprivate
andprotected
segments
The new Transit requests option of the DNS profile allows profile-linked devices to resolve domain names via the DNS servers requested by the device instead of forcing the resolution via DNS servers specified in the profile. [NWI-1130]
The Software Network Accelerator now offloads IPv6 traffic, including MAP-T and DS-Lite IPv4 over IPv6 traffic, helping to reduce processor load and speed up traffic transfer. [SYS-611]
The new Scan for networks feature provides detailed and graphical information about the networks in the air at the Wi-Fi monitor page. [NWI-1280]
The new Proxy client is available now as a KeeneticOS system component providing Internet access via proxy servers using HTTP, HTTPS and SOCKS v5 protocols. [NDM-2195]
The following CLI commands are available to configure the Proxy client component:
interface Proxy0 proxy protocol (socks5 | http)
— choose the protocol type for the proxy connection;interface Proxy0 proxy upstream {host} [{port}]
— set address and port for proxy service, enter{host}
value as<fqdn>
or<IP>
;interface Proxy0 authentication identity {identity}
— set proxy authentication username;interface Proxy0 authentication password {password}
— set proxy authentication password;interface Proxy0 proxy connect [via {via}]
— choose interface for proxy connection.
The Proxy connection section is available in the Other connections menu for Internet access via HTTP/HTTPS/SOCKS5 proxy. [NWI-1108]
DS-Lite (IPv6 dual-stack lite) support is now available via automatic IPv4 over IPv6 provisioning, allowing access to IPv4-only enabled resources while the ISP provides a connection with the modern IPv6 protocol. [NDM-2060]
The new TCP/TLS port check mode enhances the Ping Check feature to provide verified protection against Internet access failures. This mode will prevent false-positive results if an ISP redirects traffic to a captive portal, for example, a billing service. [NDM-2094, NWI-1109]
Use the following CLI commands to set:
ping-check profile {name} mode tls
— enable TLS mode for Ping Check profile{name}
Or set up via the Web Interface for a required interface:
The new Wi-Fi monitor in the Status section provides a graphical utilization display for the Wi-Fi radio frequency channel currently in use. [NWI-1179]
Added support for the Alcatel MW70 — 4G LTE Cat7 — mobile router. [NDM-2246]
Added basic 5G mode support for the Telit FN980m — 5G and 4G LTE Cat20 — QMI-type modem module. [NDM-2260]
The new AT command terminal for
UsbLte
, andUsbQmi
modems in the command-line interface (CLI) provides ultimate flexibility for additional modem statistics and configuration options. [NDM-2266]Use the following CLI command:
interface {name} tty send {command} [expect] [timeout]
— send AT{command}
to a{name}
modem interface
For example, here are the results of two AT commands,
ATI
andAT+QTEMP
, for the Quectel EP06-E modem as aUsbQmi0
modem interface.
Improved
The
MiniUPnPd
service no longer restarts after a DHCP lease update on a WAN connection. [NDM-2459]
The calculation of the RSSI value for Fibocom L850-GL/L860-GL USB modem modules has been improved. [NDM-2416]
The OpenSSL library is updated to the latest version
3.0.7
, fixing the CVE-2022-3602 and CVE-2022-3786 vulnerabilities. [SYS-669]
Internal Firewall rules have been updated to allow usage of the DHCPv6 relay agent. [NDM-2410]
The new relay multicast DNS (mDNS) option is now available in segment settings allowing transmission of mDNS messages between all segments. [NWI-1368]
The Wi-Fi channels used by Keenetic itself are highlighted now on the diagram and table on the Wi-Fi monitor page. [NWI-1389]
Disable the use of DNS servers from the mobile operator for the
UsbQmi
andUsbLte
modem interfaces by using the CLI commandno mobile name-servers
. [NDM-2374]
The Wi-Fi monitor page has received several design improvements and changes. [NWI-1325]
We have updated the Device Privacy Notice (DPN). [NDM-2276]
Both DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) now support the IPv6 protocol. [NDM-2344]
NextDNS content filtering now uses the IPv6 protocol when available. [NDM-2345]
The Internet Checker service (
show internet status
) now inspects the Internet availability via both IPv6 and IPv4 protocols. [NDM-2348]
System and user-defined DNS profiles are now available for assignment from the content filtering profiles drop-down list, along with public DNS presets or commercial services, depending on your configuration. [NWI-1129]
Assigned unconditional priority to user-defined DNS profiles over public DNS presets and cloud DNS profiles. [NDM-2323]
Improved security: the DNS requests from blocked devices are now disabled via the DNS-proxy service of the KeeneticOS. [NDM-2321]
The OpenSSL library is updated to the latest version
1.1.1q
, fixing the CVE-2022-2097 vulnerability. [NDM-2308]
Added configuration of the custom Web API password for ZTE CDC-type modems, which was introduced in the KeeneticOS 3.8 Alpha 2 version. [NDM-2198]
The new IPv4 over IPv6 provisioning section in the Other connections menu displays configuration details for the MAP-T and DS-lite protocols. [NWI-1106]
The OpenVPN service is updated to a new version, 2.6.0. [SYS-579]
Fixed
The link position of the edit schedule displays appropriately on mobile screens. [NWI-1463]
The network topology picture from the Extender mode now displays correctly on mobile screens. [NWI-1477]
The AFP file sharing system component is updated, fixing the CVE-2022-23125 vulnerability. [SYS-681]
The L2TP/IPsec VPN server configuration now applies as expected. [NDM-2495]
The authorization of Windows clients has been fixed for the captive portal Spot4 service. [NDM-2383]
Changing the state of the underlying interface for WireGuard VPN no longer causes a system reboot. [NDM-2424]
In the case of switching from backup to the primary WAN connection, network sessions are cleared, ensuring correct routing via the primary connection. [NDM-2456]
The Transit requests option now works as expected. [NDM-2479]
Mobile data connection from a smartphone via the Android USB Tethering technology now operates properly. [NDM-2485]
The logo alignment has been fixed for the Login page on mobile screens. [NWI-1387]
The Transit requests option now operates correctly for all available DNS resolution profiles. [NDM-2403]
The cause of periodic VPN IKEv2 tunnel disconnection has been fixed. [NDM-2413]
The text style of the Confirm button is changed so that the text description is better placed for all languages in mobile view. [NWI-1449]
The OpenVPN client and server system component with the new
2.6
version no longer requires an installed IPv6 system component for operation. [NDM-2441]
The connection toggles On/Off on the Other connections page have been fixed, providing better responsiveness. [NWI-1419]
A connection to a public or personal Wi-Fi hotspot in Wireless ISP mode no longer clears the DFS (Dynamic Frequency Selection) status. [SYS-645]
We have addressed the broken Wi-Fi LED indication for when all 2.4 GHz interfaces are turned off. [SYS-642]
The Save button was missing when editing the speed limit setting; this has been fixed. [NWI-1390]
The SMB file and printer sharing component is compatible with the new OpenSSL
3.0
library. [SYS-627]The Wake-on-LAN (WoL) option now works properly in network segments with
security-level protected
settings. [NDM-2385]
When an active dual-stack IPv6 connection is present, KeenDNS IPv4 access in the Direct mode operates correctly. [NDM-2378]
The root CA (Certificate authority) certificate validation has been fixed for legacy Keenetic devices. [SYS-632]
The IPsec service management has been revised to improve stability and operation under heavy system load. This should prevent the
system failed [0xcffd00ac], code = 255
error from appearing in the System log. [NDM-624]The radio signal metrics of Huawei modems, such as SINR, RSRP, and RSRQ, are now displayed correctly. [NDM-2371]
The Import PPPoE settings button now displays as expected on mobile screens. [NWI-1355]
After capturing PPPoE data, the Import PPPoE setting function completes correctly. [NWI-1353]
The DHCPv6 stateless mode now operates correctly and propagates DNS server information to DHCPv6 clients. [NDM-2363]
Fixed the Use for accessing the Internet checkbox for WireGuard connections. [NWI-1319]
The button to import PPPoE-settings from previous routers now displays correctly in all the languages of the Web Interface. [NWI-1293]
Fixed the DNS proxy service error causing
do_page_fault(): sending SIGSEGV
error message in the System log. [SYS-592]
The Connection priority dropdown menu displays a correct list of connections. [NWI-1256]
The DNS servers assigned by the ISP remain operatable when custom DNS servers are in use. [NDM-2265]