KeeneticOS 3.7
KeeneticOS 3.7.1
10/12/2021
Improved
Enhanced Wi‑Fi Network protection: WPA2 Enterprise exchange with a RADIUS server now has Network name (SSID) in the
Called-Station-Id
message —'50-FF-20-AA-BB-CC:Keenetic-5555'
. [SYS-9]
Fixed
Corrected seamless Wi-Fi roaming operation: The forwarding of the LLC frames of the Inter-Access Point Protocol daemon now operates accurately via a backhaul link of the Wi-Fi system. [SYS-427]
KeeneticOS 3.7.0
28/11/2021
New
Improved
Implemented
/storage
partition formatting on factory reset, providing secure clearance of the private user's information or installed OPKG image. [NDM-1943]
Fixed
The Wi‑Fi spectrum analyzer now operates when the Mesh Wi‑Fi System backhaul connection is disabled. [SYS-413]
Fixed the inability to set up a static DNS server address with the custom port setting in the Web Interface, for example —
1.1.1.1:5353
. [NWI-766]Fixed the forced disconnect of live Wi‑Fi clients when removing them from the Whitelist of the Wireless ACL. [SYS-400]
Fixed the false advertisement of 802.11k capabilities in Wi‑Fi network beacons. [SYS-414]
KeeneticOS 3.7 Beta 8
21/11/2021
Improved
There are no changes for Keenetic Hero (KN-1011).
Fixed
Fixed the issue of Wi‑Fi clients being unable to connect to a Wi‑Fi network with a hidden network name (SSID). [SYS-411]
Wi‑Fi system dynamic Fast Transition (802.11r) key exchange now operates appropriately when an Extender has the IP address changed over time via DHCP. [SYS-354] [Forum topic]
KeeneticOS 3.7 Beta 7
17/11/2021
Fixed
Fixed Wi‑Fi roaming zone configuration error:
unable to set global STA mask in non-MWS mode
. [NDM-1942]
KeeneticOS 3.7 Beta 6
13/11/2021
Improved
Removed an error message that occurred if an IP address was configured instead of a URL (Uniform Resource Locator) for a DoH (DNS over HTTP) server:
Resolver prefix doesn't appear to contain a hostname
. [NDM-1938]Access to WebDAV server resources from the local network is now allowed for the
security-level private
mode. [NDM-1890]Enabled centralized Wi‑Fi
country code
configuration from Wi‑Fi system Controller, and blocked this setting on Extenders. [NDM-1921, NWI-733]Corrected the calculation Distance to the cell tower for QMI modems on LTE TDD (Time-Division Duplex) cells. [NDM-1916]
Receiving of SMS (Short Message Service) in the Turkish language now operates correctly for 4G/3G QMI modems. [NDM-1919]
Improved operability of the Wi‑Fi connection in a noisy environment. [SYS-398]
Redesigned the display of active channels, and the colour legend of Wi‑Fi Channel utilization in the Wi‑Fi spectrum analyzer. [NWI-734]
Closing of Traffic monitor additional tabs is now allowed in mobile browsers. [NWI-666] [Forum topic]
Added tab sorting algorithm to the 4G/3G modem menu, providing easy access to the active/connected modem when there are several tabs with modem profiles. [NWI-680]
Added links to the Internet connections settings from the dashboard Internet tile, providing a fast way to edit connection(s). [NWI-682]
Fixed
Fixed the mobile application request handler that caused the error message:
unable to find (empty) as "Network::Interface::Base"
. [NDM-1927] [Forum topic]When a VoIP (Voice over Internet Protocol) service profile is selected, all obligatory fields are highlighted and visible. [NWI-729]
KeeneticOS 3.7 Beta 5
07/11/2021
New
Implemented Wi‑Fi Spectrum Analyzer. The dedicated Spectrum Analyzer radio continuously scans all 5 GHz Wi‑Fi channels and visualizes the level of interference from neighbouring networks to help channel selection and planning. [SYS-297, SYS-393, NDM-1908, NDM-1858, NWI-590, NWI-708]
Improved
The PSK (PreShared Key) length is extended to 96 characters for IPsec and L2TP/IPSec VPN servers. [NDM-1780]
Fixed
Fixed the occasional false "4 GBytes" bursts of apparent traffic in the Traffic monitor. [SYS-396]
The Static IP address assigned to a registered device now works more reliably. [NDM-1893]
Disabled validation of the DoT (DNS over TLS) / DoH (DNS over HTTPS) certificates until the system time of the KeeneticOS is synchronized. [NDM-1910] [Forum topic]
The pop-up window closing icon is restored. [NWI-684] [Forum topic]
Fixed the incorrect connection type in the More information section for Registered devices currently offline. [NDW-664] [Forum topic]
The operation of the Wireguard VPN causes
no buffer space available
error message in the System log. [NDM-1913]
KeeneticOS 3.7 Beta 4
28/10/2021
New
Added support for the following modems:
4G LTE Cat4 DS Telecom DSA901 modem; [NDM-1904]
4G LTE Cat4 HP LT4120 modem module. [SYS-381]
Tip
To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module.
Improved
Added the ability to use multiple partitions with the same volume labels. Restored operation with user volumes labeled
/storage
and/flash
. [NDM-1805]Implemented brute-force protection for remote access to the device via the KeenDNS domain name in the Cloud access mode. [NDM-1804]
The KeeneticOS update process is optimized to run in the background to minimize system downtime. Keenetic has dual flash memory with active and backup KeeneticOS images to ensure fail-free automatic upgrades. When a new version of the operating system is released, the device will download, store and check the integrity of the software image in the backup partition first, without interrupting the main operation. Then the Keenetic device reboots, running the updated KeeneticOS version. Internet access will be briefly interrupted only during the device reboot. [NDM-1861]
The hostname value is added to the Syslog message's payload when sending records to a server to simplify log analysis from multiple Keenetic devices. [NDM-1872]
Fixed
Restored the operation of simultaneous Wi‑Fi roaming zone and Wi‑Fi band restrictions applied to the device. The settings now propagate correctly to newly acquired Mesh Wi‑Fi System extenders as well. [NDM-1869, NDM-1875]
Fixed Network Time Protocol (NTP) server response validation under certain conditions. [NDM-1880]
Increased the server address length to 256 characters for PPTP and L2TP connections. [NDM-1907]
The Traffic monitor statistics now display correct information after changing settings on the WAN interface. [SYS-389]
KeeneticOS 3.7 Beta 3
27/09/2021
New
Added a user-defined caption to the Web Interface header and a browser tab providing improved navigation between multiple Keenetic devices. [NDM-1764, NWI-424, NWI-428, NWI-429, NWI-555, NWI-556, NWI-558]
Added support for 4G LTE Cat4 SimCOM A7600E-H modem module. [NDM-1794]
Tip
To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module.
Improved
Updated Wi‑Fi wireless driver to new version
7.5.0.0
. [SYS-373]Improved security: After changing user credentials, KeeneticOS cleans up active management sessions via the Web Interface and the Keenetic mobile application. [NDM-1860]
Fixed
Disabled requests from the Extenders to the Mesh Wi‑Fi Controller DNS proxy in additional segments. The Extenders now use Home segment only for system DNS requests. [NDM-976]
The availability checking for the SafeDNS® service now operates correctly when no additional DNS servers are configured. [NDM-1761]
The IKEv2 VPN tunnel now operates properly as a primary Internet connection along with the logic of automatic IKEv2 tunnel source selection. [NDM-1855]
Allocating a large file to the NTFS partition of the USB attached drive no longer causes the system to freeze or reboot. [SYS-110]
Free disk space now displays correctly in the Download station system component when the download folder and
settings.json
file places in different USB drive partitions. [NDM-656]
KeeneticOS 3.7 Beta 2
02/09/2021
Improved
When a wired Ethernet backhaul link is used to attach a Wi‑Fi System Extender to a Wi‑Fi System Controller, setting up custom Wi‑Fi channels on the Extender is now possible. Setting non-overlapping Wi‑Fi channels on different Wi‑Fi System nodes will maximize wireless clients' performance. If a wired Ethernet backhaul link disconnects, the Extender will automatically switch to a Mesh wireless backhaul link to resume operation. In this case, depending on the Mesh wireless backhaul interface, the corresponding Wi‑Fi channel on the Extender will follow the backhaul link. Once a wired Ethernet backhaul link is restored, the Extender will automatically use wired backhaul and preset Wi‑Fi channels. [NDM-1801]
Restored receiving SMS messages for the DW5821e (T77W968) modem module with updated firmware. [NDM-1839]
Fixed
The Wi‑Fi roaming setting synchronization between the Wi‑Fi System Controller and Extenders now operates properly. [NDM-1668]
Fixed the file writing error in the SMB file and printer sharing system component, which was leading to the device restart under certain conditions. [SYS-147]
Re-enabled support for sparse files for the SMB file and printer sharing system component. [NDM-924]
KeeneticOS 3.7 Beta 1
12/08/2021
Maintenance release
Maintenance release for synchronization with the KeeneticOS Preview Channel.
Fixed
There are no changes for Keenetic Hero (KN-1011).
KeeneticOS 3.7 Beta 0.9
09/08/2021
Improved
Web UI of the Download station application is now available at the
127.0.0.1:78
IP address for remote access via KeenDNS. [NDM-1806] [Forum topic]
Fixed
Adjusted the transmission power of Wi‑Fi
EAPoL
frames to address random connectivity issues. [SYS-293]Preallocation of large files now operates more smoothly and does not interrupt the user processes in KeeneticOS. [SYS-110]
Fixed remote access control for the WebDAV server system component. [NDM-1809] [Forum topic]
The entire 512 Mbytes of installed memory is now available to KeeneticOS with enabled support for the Highmem space of the RAM. [NDM-904] [Forum topic]
KeeneticOS 3.7 Beta 0.4
01/08/2021
New
Added support for the following modems:
Huawei 4G LTE Cat3 ME906E (HP lt4112) modem module [NDM-1733]
Tip
To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module.
Huawei 4G LTE Сat4 E5576-320 mobile router [NDM-1789]
Vodafone 4G LTE Cat4 K5161 USB modem [NDM-1750]
Improved
Improved memory overflow protection for the Traffic classification engine, to fix the disappearance of Uncategorized traffic from the statistics. [NDM-1793]
Improved Fibocom L850-GL / L860-GL modem module initialization in case of weak mobile network signal. [NDM-1792]
Added
id
andno-content
parameters to thesms list UsbQmiX list
CLI command. [NDM-1773]id
— list a single message with the given identifier;no-content
— disable output of SMS message content.
Fixed
Eliminated the root cause for the
unable to reset loop detector
errors in Extender logs. [NDM-1658]Fixed the reason for the
Rtx::Iapp: unsupported interface
errors in Extender logs. [NDM-1753]
KeeneticOS 3.7 Beta 0.2
17/07/2021
New
Improved
The Active connections information sheet moves to a separate tab on the Diagnostics page, providing a list of sessions established via your Keenetic device. [NWI-414]
Fixed
Fixed the reset to default MAC address on a wired connection with IPTV port option enabled. [NDM-1771] [Forum topic]
KeeneticOS 3.7 Beta 0.1
16/07/2021
Improved
A Wi‑Fi System Extender will stop broadcasting Wi‑Fi networks if the backhaul connection to the Wi‑Fi System Controller is lost, to help Wi‑Fi clients re-connect to a working Wi‑Fi System node faster. [NDM-1707]
The display format of the ECI (ECell ID) identifier is changed from hexadecimal to decimal. eNodeB ID and Sector ID parameters are added to the QMI-type modem statistics. [NDM-1732]
Added a Compressed RAM disk for system swap (zRAM) toggle to the System settings page. [NWI-405]
Note
zRAM — makes more efficient use of RAM, with limited processor overhead, by compressing random access memory blocks that are infrequently accessed or rarely modified.
Added a Hardware network accelerator (HWNAT) toggle to the System settings page. [NWI-405]
Note
A Hardware Network Accelerator — helps reduce processor load and speed up traffic transfer for faster connections. However, when enabled, the category and application traffic cannot be accounted for accurately with the Traffic classification engine. Disable Hardware Network Accelerator if detailed category and application traffic accounting is required.
Fixed
Fixed the procedure for Extender acquisition to the Mesh Wi‑Fi System under certain conditions. [NDM-1775]
KeeneticOS 3.7 Beta 0
10/07/2021
Improved
Improved DNAT session recognition by the Traffic classification engine system component. [SYS-319]
Implemented stopping of the Traffic classification engine service to free system memory before a KeeneticOS update. [NDM-1756]
The system Debug control relocates to a dedicated tab in the Diagnostics section. [NWI-401]
Fixed
Fixed Wi‑Fi operation with 802.11v WNM (Wireless Network Management) roaming enabled. [SYS-325]
KeeneticOS 3.7 Alpha 17
08/07/2021
Improved
We deployed a new firmware signing certificate to the cloud infrastructure to strengthen the security of KeeneticOS updates. [SYS-314]
Fixed
The uncategorized traffic is back to the Categories and Applications views of the Traffic monitor, with a hatch pattern for better visibility. [NWI-377] [Forum topic]
Wi‑Fi signal power level setting now operates correctly. [SYS-311]
Fixed the display of spatial streams (1x1/2x2) for connected 802.11n wireless clients. [SYS-313]
KeeneticOS 3.7 Alpha 16
03/07/2021
New
Added support for 4G LTE Cat4 Huawei K5161 modem. [NDM-1750]
Improved
Improved the application identification and traffic accounting accuracy of the Traffic classification engine system component. [SYS-309]
Fixed
Fixed the Wi‑Fi Extender IP address refresh for networks with multiple segments. [NDM-1752]
Fixed the saving of Media server application settings for devices in Extender mode, that prevented the operation on multiple network segments after reboot. [NDM-570]
Fixed
Basic MCS Map
settings for theVHT Operation IE
section in Wi‑Fi radio frames for two spatial Wi‑Fi streams, providing correct information for connected wireless clients. [SYS-306] [Forum topic]
KeeneticOS 3.7 Alpha 15
26/06/2021
New
Added support for the following modems with QMI-type interface:
Huawei 4G LTE Cat4 ME906s-158 (HP lt4132) modem module. [NDM-1711]
4G LTE Cat18 Telit LM960A18 modem module. [NDM-1712]
Tip
To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module.
Improved
As of now, the Keenetic Traffic classification engine recognizes 1400+ of the most popular Internet applications. In addition, Uncategorized traffic is now visible in the Applications and Categories views of the Traffic Monitor. [NDM-1210]
Implemented automatic merging of the least important data to the Uncategorized group to optimize memory usage by the Traffic classification engine and enable protection against memory overflow. [NDM-1681]
Fixed
Fixed an error occurring while sending a USSD request, producing warning message
system failed [0xcffd12e3]
with 4G/3G QMI-type modems. [NDM-1273] [Forum topic]Restored correct display of the Extender > Connection status for wired connections in the Mesh Wi‑Fi system page. [NDM-1717]
Removed the password prompt flick when navigating from the Mesh Wi‑Fi System page of a Controller to connected Extenders. [NDM-1724]
Unplugging USB storage from Keenetic device under heavy I/O operations no longer crashes the SMB file and printer sharing system component, which rebooted the system. [SYS-301]
Improved the
RSSI
value handler in the Wi‑Fi wireless driver to fix the Band Steering algorithm operation. [SYS-292]
KeeneticOS 3.7 Alpha 14
19/06/2021
New
Implemented Ethernet link loop detection to prevent broadcast storm outcomes, and avoid loss of system management. [SYS-217, SYS-218, SYS-264, SYS-272, NDM-1679, NWI-322]
Implemented a graphical display of signal strength for 4G/3G modems, providing a visual way to tune the antenna for best signal reception. To use this, open the 4G/3G modem page and push the Show signal level button. Depending on the modem model, there may be additional connection parameters available. [NWI-324]
The event handler for received SMS messages (
/opt/etc/ndm/sms.d/*
) is available in the Open Package support system component. [NDM-185]
KeeneticOS 3.7 Alpha 13
12/06/2021
New
Added support for the 4G LTE Cat4 Telit LE910C4 modem module. [NDM-1714]
Tip
To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module.
Improved
Implemented support for dialog-type USSD (Unstructured Supplementary Service Data) queries for QMI-type modems. [NDM-1273]
You can now easily configure remote access to the Web Interface of a connected USB modem. When adding a new KeenDNS web application, select your modem from a drop-down list of hosts. [NWI-325]
Seamless navigation from Wi‑Fi System Controller to Extenders is available now. Click the Extender name on the Mesh Wi‑Fi System page to jump to the Web Interface of the Extender. Each Extender has a unique navigation web address under the
*.keenetic.io
domain. Security tokens and automatically installed Let's Encrypt SSL certificates ensure safe and secure operation. [NDM-1287, NWI-323]Added the Optimization mode selector to the IPsec VPN server application settings. It changes the set of supported encryption algorithms, as follows. [NDM-1259, NWI-327]
Default — enables all encryption algorithms except
DES
and3DES
;Legacy — enables both
DES
and3DES
for compatibility with legacy clients;Performance — enables modern encryption algorithm
CHACHA20-POLY1305
only, for faster and secure data exchange with supported peers.
Fixed
Fixed system configuration synchronization between the Mesh Wi‑Fi System Controller and Extenders. [NDM-1668]
KeeneticOS 3.7 Alpha 12
05/06/2021
New
The Traffic classification engine (NTCE) now offers prioritization for a comprehensive set of application categories via the service classes. The new CLI commands are listed below. [NDM-1683]
ntce qos priority {category} {priority}
— assign certain priority for certain categoriesntce qos enable
— enable QoS processing for thentce
(network traffic classification engine)
Added support for 4G LTE Cat4 8810FT USB-modem as branded by the mobile operator MTS. [NDM-400]
Added support for the following modems with QMI-type interface:
Tip
To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module.
Improved
It is now possible to edit Speed limit settings for devices with internet access blocked according to schedule on the Device lists page. [NDW-2427]
Updated
Curl
daemon to7.77.0
version, which fixes the CVE-2021-22897, CVE-2021-22898, CVE-2021-22901 vulnerabilities.
Fixed
KeeneticOS now restarts smoothly after reboot with connected 4G Huawei E3372 (
cdc-mode
) USB modem. [SYS-146]
KeeneticOS 3.7 Alpha 11
29/05/2021
New
Added support for MTS 8213FT (Huawei E5785Lh-22c) 4G LTE Cat6 mobile router, branded by mobile operator MTS. [NDM-289]
Improved
Disabled ARP (Address Resolution Protocol) gateway availability checking for
UsbLte
type modems for better operation of theinternet-checker
service of the KeeneticOS. [NDM-1689]Added new IntelliQoS priority configuration page in the Web Interface. It ensures inbound, and outbound, bandwidth for prioritized applications and tasks via pre-defined, drag-and-drop category group presets. [NDW-2413]
Tip
The Traffic classification engine system component is still in the experimental stage, and can only be enabled from the command line:
service ntce
. For Keenetic devices with up to 128MB of RAM memory, it is recommended to enable ZRAM support:system zram
. The actual assignment of priorities on the IntelliQoS page is still under development, and planned for implementation in the next developer release.Updated the Web Interface of the KeeneticOS to address the CVE-2021-23017 vulnerability.
Fixed
Enabled
Frame Engine
fault protection against small TCP segments with MSS (Maximum Segment Size) less than 16 bytes, to prevent Internet access failure. [SYS-279]
KeeneticOS 3.7 Alpha 10
22/05/2021
New
Added support for the MTS 822FT (Huawei E5785) 4G LTE Cat4 modem, branded by mobile operator MTS. [NDM-289]
Added support for 4G LTE Cat11 Telit LM940 modem module. [NDM-1674]
Tip
To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module.
Improved
Patched a collection of security vulnerabilities called FragAttacks (Fragmentation and Aggregation Attacks). [SYS-276, SYS-277, SYS-278, SYS-280, SYS-282, SYS-283]
CVE-2020-24586 — fragment cache attack (not clearing fragments from memory when (re)connecting to a network).
CVE-2020-24587 — mixed key attack (reassembling fragments encrypted under different keys).
CVE-2020-24588 — aggregation attack (accepting non-SPP A-MSDU frames).
CVE-2020-26139 — forwarding EAPOL frames even though the sender is not yet authenticated (should only affect APs).
CVE-2020-26146 — reassembling encrypted fragments with non-consecutive packet numbers.
CVE-2020-26147 — reassembling mixed encrypted/plaintext fragments.
CVE-2020-26140 — accepting plaintext data frames in a protected network.
Fixed
The automatic re-indexing of media files for the Media Server system component. [NDM-1667]
KeeneticOS 3.7 Alpha 9
15/05/2021
Improved
Improved switching to the CDC mode for the E3372h-320 4G LTE Cat4 modem, branded for the A1 mobile operator. [NDM-316] [Forum topic]
Fixed
The system restart in the Extender mode under certain conditions. [NDM-514]
Fixed memory consumption by the Traffic classification engine component. [NDM-1425]
The long re-connection time for the Sierra Wireless EM7455 4G LTE modem. [NDM-812]
Internet connection status detection for the 4G/3G modems with disabled Ping Check service. [NDM-572]
The operation of DoT (DNS over TLS)/DoH (DNS over HTTPS) services resulting in the error message
https-dns-proxy: Error binding
. [NDM-541] [Forum topic]
KeeneticOS 3.7 Alpha 8
01/05/2021
Improved
Added Password protected access to web applications running on your network via the KeenDNS service. [NDW-2202]
Redesigned the Access to web applications running on your network section of the Domain name > KeenDNS page for better visibility and easy management. [NDW-2203]
Added the Auto option for the KeenDNS operating in IPv4 mode, providing automatic detection of obtained IP address type and flexible operation if this IP changes from time to time or you have a secondary/backup Internet access connection. [NDW-2243]
Added the Disconnect from the network option in the Data usage & limit page for external QMI type 4G/3G modems. It instructs Keenetic to disconnect the 4G/3G modem from the mobile network when the data limit of your mobile plan is exceeded. [NDW-2230]
Fixed
Cleanup of obsolete TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) sessions of the Traffic classification engine system component, which caused excessive memory consumption. [NDMS-1496]
The detection of SIP (Session Initiation Protocol), RTP (Real-time Transport Protocol), and RTCP (RTP Control Protocol) protocols by the Traffic classification engine system component. [NDMS-1576]
Enabled software packet acceleration for USB 4G/3G modems using the
cdc_ether
driver in KeeneticOS for better performance. [NDMS-1606]Fixed usage of the POCO M3 smartphone as external LTE (Long-Term Evolution) modem connected to the USB port of the Keenetic device. [NDMS-1640]
Access to the Keenetic device by KeenDNS domain name from the local network now works correctly. [NDMS-1344]
The application category classification on the Traffic monitor page of the Web Interface. [NDW-2231]
The mounting of the embedded OPKG system
/storage
partition after a KeeneticOS system restart. [NDMS-1638] [Forum topic]