KeeneticOS 3.3
KeeneticOS 3.3.16
31/3/2020
Improved
Multiple improvements to the Internet availability-checking algorithm: [NDMS-600]
Reduced the number of simultaneous connections to conserve network resources, on both Keenetic and external servers;
Enabled sequential polling of test servers, instead of simultaneous polling;
Enabled dynamic polling interval between checks for Internet access.
Fixed
Link to KeeneticOS Release notes is now visible on the Updates and component options section of the System setting page. [NDW-739]
KeeneticOS 3.3.15
13/3/2020
Fixed
Private key validation in the Connection settings section of the WireGuard® VPN. [NDW-653]
KeeneticOS 3.3.12
22/2/2020
Fixed
Execution of Wireless ACL rules on Wi‑Fi system extenders is now working correctly. [NDMS-398]
Wireless ISP (WISP) fast re-connection after prolonged absence of an upstream Wi‑Fi access point. [NDMS-439]
PEAP/MS-CHAPv2 authentication now works properly for 802.1x connections. [NDMS-402]
KeeneticOS 3.3.10
14/2/2020
New
Enabled key pair generation — public and private keys for newly created WireGuard® connections in Other connections section of the Web Interface. [NDW-559]
Improved
The Device lists page for better responsiveness. [NDW-509]
Shorten association time for Wi‑Fi Extenders during a WPS (Wi‑Fi Protected Setup) connection to a Mesh Wi‑Fi System Controller. [NDMS-344]
Improved the Wi‑Fi radio channel selection algorithm when Backhaul connection is actively used by nodes of a Mesh Wi‑Fi System. [NDMS-436]
Enhanced the stability of the hardware packet accelerator for heavily-loaded IPsec connections. [NDMS-113]
Fixed
The duplication of host entries on the Device lists page connected through wireless extenders. [NDMS-470]
The KeeneticOS availability checker for the AdGuard DNS Internet safety service is now working correctly. [NDMS-477]
TCP connection failure after three days of Keenetic device uptime under certain conditions. [NDMS-468]
Restored operation of the Internet LED with a positive testing result of the
internet-checker
service of KeeneticOS. [NDMS-421]Changed ARP host polling frequency for smooth device discovery and display in the Registered devices list. [NDMS-429]
Solved Wi‑Fi download speed regression caused by new Linux kernel version 4.9 of KeeneticOS. [NDMS-385]
The Apple Watch® now connects to a Keenetic Wi‑Fi access point with enabled FT (Fast Transition — 802.11r) wireless roaming. [NDMS-424]
The Port forwarding page display when there are no rules.
The redirect to the notification page for Internet Explorer 11 users. Internet Explorer 11 is outdated and is not supported by the Keenetic Web UI.
The VPN IPsec connections with fragmented IP traffic. [NDMS-113, NDMS-388, NDMS-395]
The error messages
unable to extract domain from request
in System log while Service — AdguardDNS is running. [NDMS-450]
KeeneticOS system reboot when using VLAN-based settings for wired Internet connection and with the IPv6 system component installed. [NDMS-391]
Wi‑Fi access point configuration with Network protection — WPA2-PSK + WPA3-PSK or WPA3-PSK when using the WPA Enterprise system component. [NDMS-394]
The Web Interface rendering on iPad Pro® with iOS 13 version and higher. [NDW-275]
KeeneticOS 3.3.2
26/12/2019
Improved
There are no changes for Keenetic Speedster (KN-3010).
Fixed
Fixed MBSSID (Multi Broadcast SSID) configuration for the Wi‑Fi access point. Now all Wi-FI SSIDs (Network name) are broadcast. [NDMS-368]
KeeneticOS 3.3.1
25/12/2019
New
Implemented session timeout for the SSH server system component. By default the timeout of an inactive SSH session is 300 sec. [NDMS-354]
ip ssh session timeout {timeout}
— set timeout of an inactive SSH session
Implemented a KeeneticOS automatic update schedule, which allows the performance of a device update in a convenient time frame. [NDMS-16]
Tip
KeeneticOS automatic updates are released on a rolling basis. New versions will be pushed to all devices within a few weeks of release. Your Keenetic may not be updated immediately after a new version is available.
components auto-update schedule {schedule}
Implemented a Mesh Wi‑Fi System backhaul link over a 2.4 GHz radio. Now, single-band Wi‑Fi devices can create a Mesh Wi‑Fi system, and it is possible to mix single-band and dual-band Wi‑Fi devices in Mesh Wi‑Fi system setups. [NDMS-278]
SafeDNS®: implemented DNS-over-TLS (DoT) protocol support. [NDMS-254]
Implemented the option to withdraw consent to share anonymous device usage information with Keenetic. [NDMS-242]
system dump-report disable
— disable anonymous device diagnostic and usage information reports.
Added a new type of VPN connection — WireGuard®. The CLI commands for setting up the WireGuard® server are listed below: [NDMS-148]
interface Wireguard0
wireguard private-key [private-key]
— set a private key manually or automatically (not displayed in the running-config text configuration file)wireguard listen-port {port}
— if listen-port is not set, it is configured randomlywireguard peer {key}
— add a remote peer with a public keyendpoint {address:port}
— set a remote address for outbound connectionskeepalive-interval {interval}
preshared-key {key}
allow-ips {address/mask}
— add an allowed IP address pool
Added a WireGuard® VPN settings section on the Other connections page, providing effortless setting up of the desired VPN connection. [NDW-90]
Implemented SSL server autostart unless otherwise configured, such as by: [NDMS-127]
ip http ssl no enable
— disable SSL server
Wi‑Fi wireless access point now supports a new technology — Airtime Fairness (ATF) is a feature that boosts the overall network performance by sacrificing a little bit of airtime of the slowest Wi‑Fi devices. [case-14977]
interface WifiMaster1 atf inbound
— enable ATFinterface WifiMaster1 atf disable
— disable ATF
Improved
The Mesh Wi‑Fi System is in release state now. The BETA sign has been removed from the Wi‑Fi system menu. [NDW-388]
Note
A Mesh Wi‑Fi System consists of multiple Keenetic routers that work together to form a single unified Wi‑Fi network with seamless roaming according to 802.11k/r/v standards. The use of a mesh applies to large homes or offices, or spaces with intefering walls or other obstructions, where a single router doesn't provide enough quality Wi‑Fi coverage. You need at least two Keenetic routers to form a mesh. One connects to the Internet (operates in Router mode) while the other links to the first one — wirelessly or via a network cable — to extend Wi‑Fi coverage (operates in Extender mode). A Keenetic Mesh Wi‑Fi system is easy to set up and manage. You only need to set up the router; the rest of the extenders will replicate the router's settings.
Increased the number of supported clients to 32 for the UDP-to-HTTP proxy (udpxy) system component, allowing home network devices that do not support multicast traffic to watch IPTV channels.
Improved compatibility with earlier-generation Broadcom-based Wi‑Fi clients that are unaware of Fast Transition (FT) - 802.11r mechanism. [NDMS-289]
A manually configured static IP address on a Wi‑Fi system extender no longer prevents it from connecting to the Internet. [NDMS-89]
Implemented WireGuard® VPN debug message logging, providing extended debug functionality for support engineers and advanced users. [NDMS-252]
interface Wireguard0 debug
Enabled KeenDNS Operating mode — Direct access for private IP addresses. It helps save direct access settings when your Keenetic obtains a private IP address from the device with public IP forwarding traffic to Keenetic. [NDW-138]
Added the Refresh button for PPP-connections (L2TP, PPTP, PPPoE) on the System dashboard page. [NDW-37]
Added a new Adjustment of TCP MSS option for WireGuard® VPN settings. This feature enables the automatic adjustment of the Maximum Segment Size (MSS) for packets that are forwarded to VPN tunnel, specifically the TCP packet segments with the synchronize/start (SYN) bit set. [NDW#2665]
Disabled the
accm, accomp, pcomp
options of the SSTP VPN server system component, for compatibility with VPN Client Pro Android® application. [NDMS-201]Enabled WireGuard® Endpoint field configuration as FQDN (Fully Qualified Domain Name). [NDW-107]
Enabled
fast path
for L2TP over IPSec traffic acceleration.Improved notification about missing admin password by way of a yellow pop-up badge in the Web Interface. [NDW-98]
Added the
Secure
flag to the Set-Cookie header in SSL sessions for protection against XSS (Cross-Site Scripting) attacks. [NDMS-123]Web Interface security is hardened by adding the X-Frame-Options
DENY
header in the Web Interface engine for protection against Clickjacking attacks. [NDMS-123]Improved the compatibility of the KeeneticOS
Acme
service with the new Let's Encrypt® CDN for obtaining HTTPS certificates. [NDMS-134]Updated to the latest OpenSSL library version
1.1.1d
.
Reworked the hardware crypto engine to support native
CryptoAPI
withEIP93
driver providing system-wide cryptography. [case-6144]
Fixed
Fixed link detection and statistics display for wired hosts connected to wireless Extenders for the Mesh Wi‑Fi System. [NDMS-319]
Selection of WireGuard® VPN default gateway when WAN-port has two connections — IPoE (IP over Ethernet) and PPPoE (PPP over Ethernet). [NDMS-353]
The software packet accelerator for correct operation with IPsec VPN service of KeeneticOS. [NDMS-309]
Packet fragmentation of EoIP (Ethernet over IP) traffic encapsulated in IPsec VPN connections. [NDMS-351, NDMS-253]
The SSTP (Secure Socket Tunneling Protocol) VPN connection to a server using a DynDNS or other domain name with an obtained SSL certificate. [NDMS-259, NDMS-275]
Remote access to the Keenetic device in Extender mode via HTTPS-protected
*.keenetic.io
domain name. [NDMS-378]
Recalculated OOM (Linux Out-of-Memory Killer) scores for internal services of KeeneticOS, to improve system durability. [NDMS-290]
Implemented memory preallocation for the Wi‑Fi driver, to avoid out-of-memory crash under heavy load. [NDMS-325]
Fast transition (FT) roaming of Wi‑Fi clients with WPA2-PSK and WPA2 Enterprise network protection now proceeds correctly. [NDMS-298]
Сonfiguration importing process of the WireGuard® VPN connection now operates correctly. [NDMS-295]
SafeDNS® DNS name resolving and service availability checking. [NDMS-282]
Fixed the registered device configuration page, unable to save settings error. [NDW-166]
Fixed packets loss for WireGuard® VPN connections under certain conditions. [NDMS-249]
The Unregister button is now removing Registered devices and Blocked devices correctly on the Device lists page. [NDW-139]
Fixed Cancel button behaviour when the user needs to undo syslog settings on System log section of Diagnostics page. [NDW-141]
The Output column of the UPnP port forwarding table section now displays correct information. [NDW-140]
Host name field configuration on the Wired connections page. [NDW-131]
WireGuard® listen port for inbound VPN connections providing proper VPN tunnel set up. [NDMS-200]
Listen port configuration error in WireGuard® VPN section of the Web Interface. [NDW-107]
Address field validation for the WireGuard® VPN in the Web Interface. [NDW-107]
Status of WireGuard® VPN connection on the System dashboard page. [NDW-107]
The Wireless Network setting with Channel width — 20/40 MHz now applies correctly. [NDMS-191]
Fixed the backhaul link metric setting when acquiring an extender to the Mesh Wi‑Fi system.
Revised the component selection algorithm on the Systems component options section of the Web Interface.
Freezing of multicast IPTV stream affected by IGMP Group-Specific Query message processing. [NDMS-84]
The reset of the Wi‑Fi FT (Fast Transition - 802.11r) master key during configuration changes.
Port forwarding rule to This Keenetic destination now works correctly. [NDMS-131]
The connection of Android devices to the PPTP server of KeeneticOS is now more stable. [NDMS-59]
Fixed DNS-over-HTTPS (DoH) operation for Internet connection policies members. [NDMS-48]
Applying
auto
static routes with explicit gateway addressing. [NDMS-122]
Wi‑Fi connection of Apple® devices, with mixed Network protection
WPA2-PSK + WPA3-PSK
and enabled FT (Fast Transition - 802.11r) roaming, introduced in iOS 13, is now working properly. [NDMS-32]Non-WPA3 aware mobile devices can now connect with mixed Network protection
WPA2-PSK + WPA3-PSK
and active FT roaming. [NDMS-119]
The ESP (Encapsulating Security Payload) protocol and EoIP (Ethernet over IP) over IPsec (Internet Protocol Security) VPN connections are now working properly with fragmented packets. [NDMS-109]