KeeneticOS 3.9
What’s new?
Welcome! Release 3.9 contains numerous new features, fixes, and improvements. You can learn the main innovations from this brief introduction.
Expanded support for the IPv6 protocol now includes Dual-Stack Lite (DS-Lite) and MAP-T connection options, hardware traffic offloading, and out-of-the-box IPv6 experience with the Initial Setup Wizard.
New Fail-safe configuration mode for worry-free remote device management.
New Wi-Fi monitor and network scanner to see what's going on in the air.
The multipath routing policy option to optimize the usage of multiple Internet connections, speed up and balance the traffic.
Upgraded to version
2.6
OpenVPN client and server to keep you up-to-date with the latest security measures.The HTTP/HTTPS/SOCKS5 proxy to help with the most challenging tunnelling applications, along with the simple task of connecting your network to the Internet via a proxy server.
An easier internet connection setup with the option to retrieve the previous router's username and password for PPPoE connection.
KeeneticOS 3.9.8
11/05/2023
New
The new Captive Portal option is available for manual authorization of hotspot hosts in the command line interface (CLI): [NDM-2417]
interface Chilli0 chilli login {mac}
— make manual authorization for specified{mac}
Added new optional
username
andpassword
parameters to thechilli login {mac}
command of the Captive portal system component: [NDM-2679]interface Chilli0 chilli login {mac} [username {username} password {password}]
— make manual authorization with specified{username}
and{password}
Fixed
Fixed incorrect assignment of VLAN roles to ports in the Web Interface. [NWI-2593]
The bandwidth control of the Connection policy now works as intended for IPsec IKEv2 client connections. [NDM-2537]
Fixed incorrect re-association logic when dealing with a roaming Wi-Fi client with PMKID. [SYS-810]
The Wireless ISP connection now displays the password field correctly when connecting to a mixed
WPA1-PSK/WPA2-PSK
wireless network. [NWI-1544]The Other Devices category returns to the Traffic monitor page. [NWI-2541]
Fixed the Safari browser's non-editable Clients isolation checkbox. [NWI-2501]
Increased the packet queue length of the Captive portal system component to prevent packets from being dropped due to system log congestion errors under heavy load. [NDM-2572]
Fixed adding a route with
/32
IP subnet or address mask on the OpenVPN interface. [NDM-2686]Fixed an issue where KeenDNS would not resolve a domain correctly in Direct mode under certain conditions. [KNDNS-136]
KeeneticOS 3.9.5
20/03/2023
Improved
There are no changes for Keenetic City (KN-1511).
Fixed
Custom DNS resolution profiles are now correctly applied to Segments and registered devices. [NWI-1547]
SNMP response now comes from the correct source IP address when accessing via a VPN connection. [NDM-2082]
The cause of the
group address 224.0.1.187 is not equal destination address
error message in the System log has been fixed. [SYS-775]Fixed the BSS ranking algorithm for the
WifiStation
and Mesh Wi-Fi System backhaul connection. [SYS-782]The parsing of the security parameters during a
site-survey
action now operates correctly for an Access Point (AP) that announces WPA2 and Fast Transition (FT). [SYS-796]Reconnection of a wireless client to the access point with WPA3-PSK protection works correctly after accidental disconnection. [SYS-797]
KeeneticOS 3.9.4
27/02/2023
New
There are no changes for Keenetic City (KN-1511).
Improved
The username of the KeeneticOS account now allows the dot '
.
' character. [NWI-1523]The OpenSSL library is updated to the latest version,
3.0.8
, which fixes the following list of vulnerabilities: [SYS-759]
Fixed
The RADIUS settings propagate correctly from the Controller to all Extenders of the Wi-Fi System. [NDM-2243]
The check box to Enable the SNTP service for local devices is available with a custom configuration of NTP servers. [NWI-1505]
The Phase 1 Rekey time display is corrected in the Web Interface for Site-to-site IPsec VPN connections after changes in system statistics. [NWI-1518]
The Fast Transition (802.11r) option is displayed correctly after changing the network name (SSID) for one of the Wi-Fi bands. [NWI-1508]
The Clients tooltip now displays Wi-Fi device names on the Extender's Wi-Fi monitor page. [NWI-1528]
System halt has been fixed when connecting to the cloud service under certain conditions. [NDM-2516]
KeeneticOS 3.9.3
08/02/2023
Improved
KeeneticOS now allows you to assign
512
hosts with Static IP settings on the Device lists page for registered devices. [NDM-2501]
Fixed
DNS IPv6 responses now sent from the correct and expected port 53. [NDM-2439]
The cause of the
ndnproxy:out of socket file descriptors
error message in the System log was fixed. It occurs under heavy loading of theDNS proxy
service. [SYS-727]The
DNS proxy
service now handles TCP chunks correctly, resulting in better service stability. [SYS-726]The Fail-safe configuration mode no longer causes an unnecessary reboot. The timeout is set to three minutes. [NWI-1496]
The Provider name description now displays correctly on the Dashboard and Connection priorities pages. [NWI-1495]
The SSTP VPN server now supports legacy
TLSv1/SHA1
algorithms for correct SSTP connection with particular Windows 7 clients. [NDM-2525]The enabled DNS request transit option now operates as expected for unregistered hosts. [NDM-2547]
Phase 1 Rekey time is now displayed correctly for site-to-site IPsec VPN connections. [NDM-2554]
Fixed the reason for spontaneous disconnection of remote connections to L2TP/IPsec VPN server. [NDM-2555]
The Traffic monitor page now displays the correct average speed for 3 minutes. [NDM-2556]
Fixed
watchdog timer interrupt on CPU0
system reboot when using the Traffic shaper system component. [SYS-397]Corrected the "transmitted bytes" statistic in the host traffic monitor legend. [NDM-2560]
The OpenVPN
askpass
option now works as intended after updating the OpenVPN service to version2.6
. [NDM-2563]
KeeneticOS 3.9.2
27/12/2022
New
The new country option for
Israel
is now available in the 5 GHz Wireless Network settings. [SYS-687]
Fixed
The Keenetic mobile app no longer shows the
New network client: ...
message when a wireless client fails to connect to the Wi-Fi. [NDM-2510]The pop-up for VPN statistics now displays correctly on mobile phone screens. [NWI-1481]
The Scan the network option on the Wi-Fi monitor page now displays the scanning result correctly. [SYS-679]
Changing settings of a wired interface no longer excludes it from the connection policy in the Connection priorities menu. [NWI-1488]
The L2TP/IPsec VPN connection reconnects correctly after an Internet connection recovery. [NDM-2507]
KeeneticOS 3.9.1
14/12/2022
New
The new Multi-AP backhaul compatibility option for Range Extender mode allows extension of the wireless coverage of a non-Keenetic Mesh enabled device that requires transmission of Wi-Fi data frames in the 4-address format. [NWI-1468]
The new Fail-safe configuration mode lets you change Keenetic's settings from anywhere without worrying that you'll lose control by choosing the wrong settings. If a remote management session terminates abnormally, the device will automatically reboot in three minutes, and undo the changes. [NWI-1429, NDM-1945, NDM-1844]
The Fast Leave option provides a quick switch between IPTV channels via an IGMP proxy when supported by the ISP. [NDM-2375]
You can use the following command in the CLI:
igmp-proxy fast-leave
— enable IGMPv2 Fast Leave.
On the Connection priorities page, the new colour-coded states option will display the current state for each connection. There are three colours available: [NWI-1326]
Grey — connection is disabled;
Red — no connection or failure to connect;
Green — connection is established.
The new Enable multipath option is now available on the Connection priorities page. You can automatically balance the throughput among included connections by switching the custom Connection Policy to the Multipath mode. [NWI-1328]
On the General system settings page, there is now a checkbox that allows you to enable the SNTP service for the local network. [NWI-1330]
The new SNTP (Simple Network Time Protocol) server feature provides time synchronization for your LAN applications. [NDM-2338]
Use the following CLI command:
ntp master
— enable SNTP server inprivate
andprotected
segments
The new Transit requests option of the DNS profile allows profile-linked devices to resolve domain names via the DNS servers requested by the device instead of forcing the resolution via DNS servers specified in the profile. [NWI-1130]
The Software Network Accelerator now offloads IPv6 traffic, including MAP-T and DS-Lite IPv4 over IPv6 traffic, helping to reduce processor load and speed up traffic transfer. [SYS-611]
The new Scan for networks feature provides detailed and graphical information about the networks in the air at the Wi-Fi monitor page. [NWI-1280]
The new Proxy client is available now as a KeeneticOS system component providing Internet access via proxy servers using HTTP, HTTPS and SOCKS v5 protocols. [NDM-2195]
The following CLI commands are available to configure the Proxy client component:
interface Proxy0 proxy protocol (socks5 | http)
— choose the protocol type for the proxy connection;interface Proxy0 proxy upstream {host} [{port}]
— set address and port for proxy service, enter{host}
value as<fqdn>
or<IP>
;interface Proxy0 authentication identity {identity}
— set proxy authentication username;interface Proxy0 authentication password {password}
— set proxy authentication password;interface Proxy0 proxy connect [via {via}]
— choose interface for proxy connection.
The Proxy connection section is available in the Other connections menu for Internet access via HTTP/HTTPS/SOCKS5 proxy. [NWI-1108]
DS-Lite (IPv6 dual-stack lite) support is now available via automatic IPv4 over IPv6 provisioning, allowing access to IPv4-only enabled resources while the ISP provides a connection with the modern IPv6 protocol. [NDM-2060]
The new TCP/TLS port check mode enhances the Ping Check feature to provide verified protection against Internet access failures. This mode will prevent false-positive results if an ISP redirects traffic to a captive portal, for example, a billing service. [NDM-2094, NWI-1109]
Use the following CLI commands to set:
ping-check profile {name} mode tls
— enable TLS mode for Ping Check profile{name}
Or set up via the Web Interface for a required interface:
The new Wi-Fi monitor in the Status section provides a graphical utilization display for the Wi-Fi radio frequency channel currently in use. [NWI-1179]
Improved
The
MiniUPnPd
service no longer restarts after a DHCP lease update on a WAN connection. [NDM-2459]
The OpenSSL library is updated to the latest version
3.0.7
, fixing the CVE-2022-3602 and CVE-2022-3786 vulnerabilities. [SYS-669]
Internal Firewall rules have been updated to allow usage of the DHCPv6 relay agent. [NDM-2410]
The new relay multicast DNS (mDNS) option is now available in segment settings allowing transmission of mDNS messages between all segments. [NWI-1368]
The Wi-Fi channels used by Keenetic itself are highlighted now on the diagram and table on the Wi-Fi monitor page. [NWI-1389]
The Wi-Fi monitor page has received several design improvements and changes. [NWI-1325]
Both DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) now support the IPv6 protocol. [NDM-2344]
NextDNS content filtering now uses the IPv6 protocol when available. [NDM-2345]
The Internet Checker service (
show internet status
) now inspects the Internet availability via both IPv6 and IPv4 protocols. [NDM-2348]
System and user-defined DNS profiles are now available for assignment from the content filtering profiles drop-down list, along with public DNS presets or commercial services, depending on your configuration. [NWI-1129]
Assigned unconditional priority to user-defined DNS profiles over public DNS presets and cloud DNS profiles. [NDM-2323]
Improved security: the DNS requests from blocked devices are now disabled via the DNS-proxy service of the KeeneticOS. [NDM-2321]
The OpenSSL library is updated to the latest version
1.1.1q
, fixing the CVE-2022-2097 vulnerability. [NDM-2308]
Fixed
The link position of the edit schedule displays appropriately on mobile screens. [NWI-1463]
The network topology picture from the Extender mode now displays correctly on mobile screens. [NWI-1477]
The L2TP/IPsec VPN server configuration now applies as expected. [NDM-2495]
The authorization of Windows clients has been fixed for the captive portal Spot4 service. [NDM-2383]
Changing the state of the underlying interface for WireGuard VPN no longer causes a system reboot. [NDM-2424]
In the case of switching from backup to the primary WAN connection, network sessions are cleared, ensuring correct routing via the primary connection. [NDM-2456]
The Transit requests option now works as expected. [NDM-2479]
The logo alignment has been fixed for the Login page on mobile screens. [NWI-1387]
The Transit requests option now operates correctly for all available DNS resolution profiles. [NDM-2403]
The cause of periodic VPN IKEv2 tunnel disconnection has been fixed. [NDM-2413]
The text style of the Confirm button is changed so that the text description is better placed for all languages in mobile view. [NWI-1449]
The OpenVPN client and server system component with the new
2.6
version no longer requires an installed IPv6 system component for operation. [NDM-2441]
The connection toggles On/Off on the Other connections page have been fixed, providing better responsiveness. [NWI-1419]
The Save button was missing when editing the speed limit setting; this has been fixed. [NWI-1390]
The Wake-on-LAN (WoL) option now works properly in network segments with
security-level protected
settings. [NDM-2385]
When an active dual-stack IPv6 connection is present, KeenDNS IPv4 access in the Direct mode operates correctly. [NDM-2378]
The root CA (Certificate authority) certificate validation has been fixed for legacy Keenetic devices. [SYS-632]
The IPsec service management has been revised to improve stability and operation under heavy system load. This should prevent the
system failed [0xcffd00ac], code = 255
error from appearing in the System log. [NDM-624]
The DHCPv6 stateless mode now operates correctly and propagates DNS server information to DHCPv6 clients. [NDM-2363]
Fixed the Use for accessing the Internet checkbox for WireGuard connections. [NWI-1319]
The button to import PPPoE-settings from previous routers now displays correctly in all the languages of the Web Interface. [NWI-1293]
Fixed the DNS proxy service error causing
do_page_fault(): sending SIGSEGV
error message in the System log. [SYS-592]
The Connection priority dropdown menu displays a correct list of connections. [NWI-1256]
The DNS servers assigned by the ISP remain operatable when custom DNS servers are in use. [NDM-2265]