KeeneticOS 3.3
KeeneticOS 3.3.9
7/2/2020
Fixed
TCP connection failure after three days of Keenetic device uptime under certain conditions. [NDMS-468] [Forum topic]
KeeneticOS 3.3.8
4/2/2020
Fixed
Restored operation of the Internet LED with a positive testing result of the
internet-checker
service of KeeneticOS. [NDMS-421] [Forum topic]Changed ARP host polling frequency for smooth device discovery and display in the Registered devices list. [NDMS-429] [Forum topic]
KeeneticOS 3.3.7
30/1/2020
New
There are no changes for Keenetic Speedster (KN-3010).
Improved
The Device lists page for better responsiveness. [NDW-509] [Forum topic]
Shorten association time for Wi‑Fi Extenders during a WPS (Wi‑Fi Protected Setup) connection to a Mesh Wi‑Fi System Controller. [NDMS-344]
Improved the Wi‑Fi radio channel selection algorithm when Backhaul connection is actively used by nodes of a Mesh Wi‑Fi System. [NDMS-436]
Enhanced the stability of the hardware packet accelerator for heavily-loaded IPsec connections. [NDMS-113]
Fixed
Solved Wi‑Fi download speed regression caused by new Linux kernel version 4.9 of KeeneticOS. [NDMS-385] [Forum topic]
The Apple Watch® now connects to a Keenetic Wi‑Fi access point with enabled FT (Fast Transition — 802.11r) wireless roaming. [NDMS-424]
The Port forwarding page display when there are no rules. [Forum topic]
The redirect to the notification page for Internet Explorer 11 users. Internet Explorer 11 is outdated and is not supported by the Keenetic Web UI. [Forum topic]
The VPN IPsec connections with fragmented IP traffic. [NDMS-113, NDMS-388, NDMS-395]
The error messages
unable to extract domain from request
in System log while Service — AdguardDNS is running. [NDMS-450]
KeeneticOS 3.3.3
15/1/2020
Fixed
KeeneticOS system reboot when using VLAN-based settings for wired Internet connection and with the IPv6 system component installed. [NDMS-391]
Wi‑Fi access point configuration with Network protection — WPA2-PSK + WPA3-PSK or WPA3-PSK when using the WPA Enterprise system component. [NDMS-394]
The Web Interface rendering on iPad Pro® with iOS 13 version and higher. [NDW-275] [Forum topic]
KeeneticOS 3.3.2
26/12/2019
Improved
There are no changes for Keenetic Speedster (KN-3010).
Fixed
Fixed MBSSID (Multi Broadcast SSID) configuration for the Wi‑Fi access point. Now all Wi-FI SSIDs (Network name) are broadcast. [NDMS-368]
KeeneticOS 3.3.1
25/12/2019
Improved
The Mesh Wi‑Fi System is in release state now. The BETA sign has been removed from the Wi‑Fi system menu. [NDW-388]
Note
A Mesh Wi‑Fi System consists of multiple Keenetic routers that work together to form a single unified Wi‑Fi network with seamless roaming according to 802.11k/r/v standards. The use of a mesh applies to large homes or offices, or spaces with intefering walls or other obstructions, where a single router doesn't provide enough quality Wi‑Fi coverage. You need at least two Keenetic routers to form a mesh. One connects to the Internet (operates in Router mode) while the other links to the first one — wirelessly or via a network cable — to extend Wi‑Fi coverage (operates in Extender mode). A Keenetic Mesh Wi‑Fi system is easy to set up and manage. You only need to set up the router; the rest of the extenders will replicate the router's settings.
Fixed
There are no changes for Keenetic Speedster (KN-3010).
KeeneticOS 3.3.0
20/12/2019
New
Implemented session timeout for the SSH server system component. By default the timeout of an inactive SSH session is 300 sec. [NDMS-354]
ip ssh session timeout {timeout}
— set timeout of an inactive SSH session
Fixed
Fixed link detection and statistics display for wired hosts connected to wireless Extenders for the Mesh Wi‑Fi System. [NDMS-319]
Selection of WireGuard® VPN default gateway when WAN-port has two connections — IPoE (IP over Ethernet) and PPPoE (PPP over Ethernet). [NDMS-353]
The software packet accelerator for correct operation with IPsec VPN service of KeeneticOS. [NDMS-309]
Packet fragmentation of EoIP (Ethernet over IP) traffic encapsulated in IPsec VPN connections. [NDMS-351, NDMS-253]
The SSTP (Secure Socket Tunneling Protocol) VPN connection to a server using a DynDNS or other domain name with an obtained SSL certificate. [NDMS-259, NDMS-275]
Remote access to the Keenetic device in Extender mode via HTTPS-protected
*.keenetic.io
domain name. [NDMS-378]Сonfiguration importing process of the WireGuard® VPN connection now operates correctly. [NDMS-295]
KeeneticOS 3.3 Beta 6
20/12/2019
Fixed
Recalculated OOM (Linux Out-of-Memory Killer) scores for internal services of KeeneticOS, to improve system durability. [NDMS-290]
Temporarily disabled DNS-over-TLS (DoT) for SafeDNS®. [NDMS-282]
KeeneticOS 3.3 Beta 5
4/12/2019
Improved
Increased the number of supported clients to 32 for the UDP-to-HTTP proxy (udpxy) system component, allowing home network devices that do not support multicast traffic to watch IPTV channels.
Fixed
Implemented memory preallocation for the Wi‑Fi driver, to avoid out-of-memory crash under heavy load. [NDMS-325]
KeeneticOS 3.3 Beta 4
29/11/2019
Fixed
Fast transition (FT) roaming of Wi‑Fi clients with WPA2-PSK and WPA2 Enterprise network protection now proceeds correctly. [NDMS-298]
Сonfiguration importing process of the WireGuard® VPN connection now operates correctly. [NDMS-295]
SafeDNS® DNS name resolving and service availability checking. [NDMS-282]
KeeneticOS 3.3 Beta 3
19/11/2019
New
Implemented a KeeneticOS automatic update schedule, which allows the performance of a device update in a convenient time frame. [NDMS-16]
Tip
KeeneticOS automatic updates are released on a rolling basis. New versions will be pushed to all devices within a few weeks of release. Your Keenetic may not be updated immediately after a new version is available.
components auto-update schedule {schedule}
Improved
Improved compatibility with earlier-generation Broadcom-based Wi‑Fi clients that are unaware of Fast Transition (FT) - 802.11r mechanism. [NDMS-289]
Fixed
There are no changes for Keenetic Speedster (KN-3010).
KeeneticOS 3.3 Beta 2.4
15/11/2019
New
Implemented a Mesh Wi‑Fi System backhaul link over a 2.4 GHz radio. Now, single-band Wi‑Fi devices can create a Mesh Wi‑Fi system, and it is possible to mix single-band and dual-band Wi‑Fi devices in Mesh Wi‑Fi system setups. [NDMS-278]
Improved
A manually configured static IP address on a Wi‑Fi system extender no longer prevents it from connecting to the Internet. [NDMS-89]
Fixed
Fixed the registered device configuration page, unable to save settings error. [NDW-166] [Forum topic]
Fixed packets loss for WireGuard® VPN connections under certain conditions. [NDMS-249]
KeeneticOS 3.3 Beta 1
7/11/2019
New
SafeDNS®: implemented DNS-over-TLS (DoT) protocol support. [NDMS-254]
Note
DNS over TLS (DoT) is a network security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.
Improved
There are no changes for Keenetic Speedster (KN-3010).
Fixed
There are no changes for Keenetic Speedster (KN-3010).
KeeneticOS 3.3 Beta 0
2/11/2019
New
Implemented the option to withdraw consent to share anonymous device usage information with Keenetic. [NDMS-242] [Forum topic]
Note
The Product Improvement Program collects and periodically sends anonymous device diagnostic and usage information, which helps Keenetic improve the quality and performance of our products. This may include items such as device, application and service usage, as well as error diagnostics, device configuration.
system dump-report disable
— disable anonymous device diagnostic and usage information reports.
Improved
Implemented WireGuard® VPN debug message logging, providing extended debug functionality for support engineers and advanced users. [NDMS-252]
interface Wireguard0 debug
Enabled KeenDNS Operating mode — Direct access for private IP addresses. It helps save direct access settings when your Keenetic obtains a private IP address from the device with public IP forwarding traffic to Keenetic. [NDW-138]
Fixed
The Unregister button is now removing Registered devices and Blocked devices correctly on the Device lists page. [NDW-139] [Forum topic]
Fixed Cancel button behaviour when the user needs to undo syslog settings on System log section of Diagnostics page. [NDW-141] [Forum topic]
The Output column of the UPnP port forwarding table section now displays correct information. [NDW-140] [Forum topic]
Temporarily disabled the
fast path
acceleration for L2TP over IPSec traffic introduced in 3.3 Alpha 8 firmware. [Forum topic]
KeeneticOS 3.3 Alpha 11
28/10/2019
Improved
Added the Refresh button for PPP-connections (L2TP, PPTP, PPPoE) on the System dashboard page. [NDW-37]
Added a new Adjustment of TCP MSS option for WireGuard® VPN settings. This feature enables the automatic adjustment of the Maximum Segment Size (MSS) for packets that are forwarded to VPN tunnel, specifically the TCP packet segments with the synchronize/start (SYN) bit set. [NDW#2665]
Fixed
Fixed
fast path
L2TP over IPsec traffic acceleration introduced in 3.3 Alpha 8 firmware.
KeeneticOS 3.3 Alpha 10
19/10/2019
Fixed
Temporarily disabled the
fast path
acceleration for L2TP over IPSec traffic introduced in 3.3 Alpha 8 firmware. [Forum topic]Host name field configuration on the Wired connections page. [NDW-131]
KeeneticOS 3.3 Alpha 9
15/10/2019
Improved
Disabled the
accm, accomp, pcomp
options of the SSTP VPN server system component, for compatibility with VPN Client Pro Android® application. [NDMS-201] [Forum topic]Enabled WireGuard® Endpoint field configuration as FQDN (Fully Qualified Domain Name). [NDW-107]
Fixed
WireGuard® listen port for inbound VPN connections providing proper VPN tunnel set up. [NDMS-200] [Forum topic]
Listen port configuration error in WireGuard® VPN section of the Web Interface. [NDW-107] [Forum topic]
Address field validation for the WireGuard® VPN in the Web Interface. [NDW-107]
Status of WireGuard® VPN connection on the System dashboard page. [NDW-107]
KeeneticOS 3.3 Alpha 8
12/10/2019
New
Added a new type of VPN connection — WireGuard®. The CLI commands for setting up the WireGuard® server are listed below: [NDMS-148]
Note
WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.
interface Wireguard0
wireguard private-key [private-key]
— set a private key manually or automatically (not displayed in the running-config text configuration file)wireguard listen-port {port}
— if listen-port is not set, it is configured randomlywireguard peer {key}
— add a remote peer with a public keyendpoint {address:port}
— set a remote address for outbound connectionskeepalive-interval {interval}
preshared-key {key}
allow-ips {address/mask}
— add an allowed IP address pool
Added a WireGuard® VPN settings section on the Other connections page, providing effortless setting up of the desired VPN connection. [NDW-90]
Improved
Enabled
fast path
for L2TP over IPSec traffic acceleration.Improved notification about missing admin password by way of a yellow pop-up badge in the Web Interface. [NDW-98]
Fixed
The Wireless Network setting with Channel width — 20/40 MHz now applies correctly. [NDMS-191]
Fixed the backhaul link metric setting when acquiring an extender to the Mesh Wi‑Fi system.
KeeneticOS 3.3 Alpha 7
5/10/2019
Improved
There are no changes for Keenetic Speedster (KN-3010).
Fixed
There are no changes for Keenetic Speedster (KN-3010).
KeeneticOS 3.3 Alpha 6
5/10/2019
New
There are no changes for Keenetic Speedster (KN-3010).
KeeneticOS 3.3 Alpha 5
26/9/2019
New
Fixed
Revised the component selection algorithm on the Systems component options section of the Web Interface.
KeeneticOS 3.3 Alpha 4
24/9/2019
Improved
Fixed
Freezing of multicast IPTV stream affected by IGMP Group-Specific Query message processing. [NDMS-84] [Forum topic]
The reset of the Wi‑Fi FT (Fast Transition - 802.11r) master key during configuration changes.
KeeneticOS 3.3 Alpha 3
24/9/2019
New
Implemented SSL server autostart unless otherwise configured, such as by: [NDMS-127]
ip http ssl no enable
— disable SSL server
Improved
Added the
Secure
flag to the Set-Cookie header in SSL sessions for protection against XSS (Cross-Site Scripting) attacks. [NDMS-123]Web Interface security is hardened by adding the X-Frame-Options
DENY
header in the Web Interface engine for protection against Clickjacking attacks. [NDMS-123]Improved the compatibility of the KeeneticOS
Acme
service with the new Let's Encrypt® CDN for obtaining HTTPS certificates. [NDMS-134]Updated to the latest OpenSSL library version
1.1.1d
.
Fixed
Port forwarding rule to This Keenetic destination now works correctly. [NDMS-131]
The connection of Android devices to the PPTP server of KeeneticOS is now more stable. [NDMS-59]
Fixed DNS-over-HTTPS (DoH) operation for Internet connection policies members. [NDMS-48]
Applying
auto
static routes with explicit gateway addressing. [NDMS-122]
KeeneticOS 3.3 Alpha 2
11/9/2019
Fixed
Wi‑Fi connection of Apple® devices, with mixed Network protection
WPA2-PSK + WPA3-PSK
and enabled FT (Fast Transition - 802.11r) roaming, introduced in iOS 13, is now working properly. [NDMS-32]Non-WPA3 aware mobile devices can now connect with mixed Network protection
WPA2-PSK + WPA3-PSK
and active FT roaming. [NDMS-119]
KeeneticOS 3.3 Alpha 1
6/9/2019
New
Wi‑Fi wireless access point now supports a new technology — Airtime Fairness (ATF) is a feature that boosts the overall network performance by sacrificing a little bit of airtime of the slowest Wi‑Fi devices. [case-14977]
interface WifiMaster1 atf inbound
— enable ATFinterface WifiMaster1 atf disable
— disable ATF
Improved
Reworked the hardware crypto engine to support native
CryptoAPI
withEIP93
driver providing system-wide cryptography. [case-6144]
Fixed
The ESP (Encapsulating Security Payload) protocol and EoIP (Ethernet over IP) over IPsec (Internet Protocol Security) VPN connections are now working properly with fragmented packets. [NDMS-109]