KeeneticOS 4.1
KeeneticOS 4.1.1
07/03/2024
Improved
Added MAC filtering for
ApCli
backhaul connection with boundBSSID
for correct operation of Mesh Wi-Fi System. [SYS-1118]
Fixed
Fixed the Wi-Fi Fast Transition (802.11r) operation in the case of different SSIDs on the same network segment. [NDM-2917]
The use of the traceroute diagnostic tool with a specified port for TCP/UDP has been corrected. CLI command example:
tools traceroute 1.1.1.1 port 1883
. [NDM-3138]
KeeneticOS 4.1.0
21/02/2024
Fixed
Fixed duplicate 802.11k (Radio Resource Management)
RRM: perform scan notified channel:
events in the System log when changing Wi-Fi channel on Mesh Wi-Fi System nodes. [SYS-1098]
KeeneticOS 4.1 Beta 4
07/02/2024
New
The prefix delegation hint command for the DHCPv6 client has been implemented in the Command Line Interface (CLI). [NDM-3076]
interface {name} ipv6 dhcp client pd hint {prefix | ::/length}
— set requiredprefix
or its::/length
Improved
The error message
wind: failed to decrypt message
has been moved to debug messages. [SYS-1084] [Forum topic]The number of the
ip alias
entries has been increased from8
to250
. [NDM-3063]The OpenSSL library has been updated to the latest version
3.1.5
, which fixes the following list of vulnerabilities: CVE-2023-5678, CVE-2024-0727. [SYS-1097]
Fixed
IntelliQoS rate limiting (
ntce upstream rate-limit
) is now working as intended. [NDM-3104]Fixed the
ntce-pace2: unable to proceed with data, exit
error message with IntelliQoS service under certain conditions. [NDM-3115]Fixed issue with running multiple Proxy Connections at the same time. [NDM-3122]
Fixed
Dns::Proxy
service crash when mirroring TCP requests to IntelliQoS. [SYS-1099]Fixed the issue where Band Steering mode would reset to the None selection under certain conditions. [NDM-3126]
KeeneticOS 4.1 Beta 3
19/01/2024
New
The new "Handoff" option to force Wi-Fi clients with weak signals to disconnect is now available via the Command Line Interface (CLI). [NDM-3081]
interface {name} rssi-threshold {rssi-threshold}
— set minimal{rssi-threshold}
level for wireless clients connected to specified Access Point{name}
Fixed
Fixed wireless client disconnect/connect event conditions that were causing incorrect notifications from the Keenetic mobile application. [NDM-3079]
KeeneticOS 4.1 Beta 2
21/12/2023
Fixed
SSTP VPN server address allocation now works correctly for IPv6 clients. [NDM-2821]
Fixed a reboot issue during ZeroTier connection setup. [SYS-1066]
KeeneticOS 4.1 Beta 1
13/12/2023
Maintenance release
This maintenance release for Keenetic City (KN-1511) has only minor changes.
KeeneticOS 4.1 Beta 0.1
08/12/2023
New
The new WireGuard VPN
via
option allows the underlying connection to be implicitly specified for peers. [NDM-272] [Forum topic]interface {name} wireguard peer {key} connect via {via}
— set the peer{key}
of the Wireguard{name}
connection to establish connection over the{via}
interface
Improved
The implementation of automatic source NAT now includes address translation for networks declared as aliases, ensuring the correct operation of the
tools ping
andtools traceroute
commands. [NDM-3061]
Fixed
Fixed the
DNS proxy
issue that caused the theDNS_PROBE_FINISHED_NXDOMAIN
error message in the web browser when Internet access was blocked by a schedule for another client. [SYS-1050]Fixed Ping Check compatibility with DNS over HTTPS (DoH) and DNS over TLS (DoT) servers. [NDM-3062]
KeeneticOS 4.1 Beta 0
02/12/2023
New
The new Pairwise Master Key Security Association (PMK SA) cache lifetime control option is now available in the Command Line Interface (CLI). The default value has been changed from
720
seconds to1440
seconds. [NDM-3052]interface {name} pmksa-lifetime {pmksa-lifetime}
— set{pmksa-lifetime}
(in seconds) for specified interface{name}
Fixed
Fixed incorrect application of the
crypto map {name} virtual-ip dhcp route [{address}/{mask}]
CLI command. [NDM-3053]
KeeneticOS 4.1 Alpha 19
24/11/2023
Fixed
Schedule event handling has been improved to handle switching between Standard Time and Daylight Saving Time. [NDM-3036]
Fixed the
system failed [0xcffd0c26]
error message when creating/modifying a multipath Internet Connection Policy with aTunnelSixInFour
connection. [NDM-3051] [Forum topic]Fixed the
ndnproxy: [....] unable to send request: invalid argument
error message in the System log. [NDM-3054]
KeeneticOS 4.1 Alpha 18
17/11/2023
Improved
The OpenVPN service has been updated to version
2.6.7
. This update includes fixes for the following security vulnerabilities: CVE-2023-46850 and CVE-2023-46849. [NDM-3049]
Fixed
The Proxy client compatibility issue that prevented it from working correctly with HTTPS servers has been fixed. [NDM-3020]
The
system failed [0xcffd0287]
error message when importing WireGuard VPN configurations has been fixed. [NDM-3045]Fixed
nginx
service startup failure without installed Keenetic mobile application system component. [NDM-3046] [Forum topic]
KeeneticOS 4.1 Alpha 17
10/11/2023
Improved
The Keenetic Wi-Fi system now allows manual selection of the STP bridge priority value to work seamlessly on an existing network with managed switches. [NDM-2406]
mws stp priority {priority}
— set STP{priority}
IPv6 local prefixes of the ULA
fc00::/7
address space are now available for configuration on network interfaces. [NDM-3039] [Forum topic]
Fixed
Fixed IPv6 in IPv4 Tunnels configuration in Web interface. [NWI-3076] [Forum topic]
Fixed an issue that prevented the IPsec VPN tunnel connection after restarting the router. [NDM-3019] [Forum topic]
Fixed operation of static routes with the exclusive route option enabled. [NDM-3029]
KeeneticOS 4.1 Alpha 16
03/11/2023
New
The new IPv6 interface identifier options are now available, providing a custom setting in the Command Line Interface (CLI). [NDM-2672]
interface {name} ipv6 id ({suffix} | eui64 | random)
— assign an IPv6 interface identifier
The new XFRM interface implementation allows IPsec VPN site-to-site tunnel traffic to follow firewall rules and operate based on the routing table, including use as an Internet connection. [NDM-3009]
interface XFRM0
— create an XFRM interface;crypto map {name} tunnel-interface XFRM0
— assign the XFRM interface to a crypto map
Fixed
The
strongSwan
service configuration can now be applied correctly under special conditions. [SYS-1033]
KeeneticOS 4.1 Alpha 15
27/10/2023
Improved
The new
source-address
option allows the source IP address to be specified for theping
andping6
CLI commands. [NDM-3016]tools ping {host} [count {count}] [size {packetsize}] [sequence-id {sequence-id}] [source ({source-interface} | {source-address})] [tos {tos}] [ttl {ttl}]
tools ping6 {host} [count {count}] [size {packetsize}] [sequence-id {sequence-id}] [source ({source-interface} | {source-address})] [tos {tos}] [ttl {ttl}]
Fixed
Fixed wireless client rejection with
STA had re-associated from 00:00:00:00:00:00
message in the System log. [SYS-1029]Multiple connections to the IKEv2/IPsec VPN server now operate correctly using the same login credentials. [NDM-2986]
The issue with the OpenVPN server showing a Not Connected state after the router reboot has been fixed. [NDM-2874] [Forum topic]
KeeneticOS 4.1 Alpha 14
20/10/2023
New
The new
ntp source
option allows to specify the source IP address for outgoing NTP client traffic. [NDM-3006]ntp source {address}
— set NTP client source IP{address}
Enhanced SNMP implementation allows multiple community setups and profiles with restricted access to OID branches. [NDM-3008]
snmp view <view> include <oid-tree>
— include subtree to the view;snmp view <view> exclude <oid-tree>
— exclude subtree from the view;
Fixed
Fixed a problem where the system would freeze when looking up multiple secure DNS server addresses during startup. [NDM-3017] [Forum topic]
KeeneticOS 4.1 Alpha 13
13/10/2023
Fixed
Fixed infinite resolution timeout in
DNS proxy
service during device startup, causing system reboot. [NDM-3012] [Forum topic]
KeeneticOS 4.1 Alpha 12
13/10/2023
Fixed
The static DNS servers bound to the backup connection are no longer used for the active connection. [NDM-2990]
Disabled global scope in IPv6 ULA prefix announcement to prevent clients from using local addresses as the default connection and unavailability by KeenDNS name. [NDM-2993]
KeeneticOS 4.1 Alpha 11
06/10/2023
Maintenance release
This maintenance release for Keenetic City (KN-1511) has only minor changes.
KeeneticOS 4.1 Alpha 10
30/09/2023
New
The option to enforce Protected Management Frames (PMF) is now available for wireless interfaces with WPA2 protection. [NDM-2930]
interface {interface} pmf force
— force PMF on specified{interface}
Introduced synchronisation of
read-only
permission for user accounts for Mesh Wi-Fi system extenders. [NDM-2985]
Fixed
Fixed CLAT working in backup connection mode. [NDM-2885]
The error message
Could not bind on given addresses: Address in use
in the System log no longer appears when using DNS-over-TLS (DoT) server settings. [SYS-1007]Fixed missing traffic statistics for a network with the number of registered devices approaching 200. [SYS-1014]
KeeneticOS 4.1 Alpha 9
23/09/2023
New
The additional user accounts are now transfered to extenders in the Wi-Fi System. [NDM-2871]
Added sequential shutdown of bridged interfaces during a broadcast storm to protect remote access to the Keenetic device. [SYS-1003]
The new Proxy connection options, which introduce connectivity over the UDP protocol, are now available from the Command Line Interface (CLI). [NDM-2971] [Forum topic]
interface {name} proxy udpgw-upstream {ip} {port}
— set UDPGW remote serverinterface {name} proxy socks5-udp
— enable UDP mode for SOCKS v5
Improved
Increased the number of wireless Network name SSIDs up to
7
on each band. [SYS-995]Note
The BSSID MAC addresses on dual-band devices may have changed. It is recommended that you clear the BSSID binding settings on your Extenders, if you are using them.
Fixed
Fixed application of Internet safety profiles to clients with assigned routing policies. [NDM-2928] [Forum topic]
Fixed client bandwidth limitation configured via RADIUS server options for the Captive portal system component. [NDM-2947]
The issue that caused the system to reboot with the
FT_KDP_EventInform
error message has been fixed. [SYS-994]Traffic Monitor now correctly displays client traffic in VPN connections established over public networks. [SYS-1004]
KeeneticOS 4.1 Alpha 8
15/09/2023
Maintenance release
This maintenance release for Keenetic City (KN-1511) has only minor changes.
KeeneticOS 4.1 Alpha 7
12/09/2023
Improved
Implemented blocking of transit IPv6 DNS traffic when Internet filters are enabled. [NDM-2960]
Fixed
Fixed Band Steering configuration errors on extenders. [NDM-2962] [Forum topic]
KeeneticOS 4.1 Alpha 6
09/09/2023
Maintenance release
This maintenance release for Keenetic City (KN-1511) has only minor changes.
KeeneticOS 4.1 Alpha 5
01/09/2023
Fixed
Fixed reinstallation of default route when changing WireGuard tunnel priority in Connection policy. [NDM-2933] [Forum topic]
Adjusted the maximum number of sessions for the
swnat
service to match theconntrack
settings in configuration. [SYS-980]Fixed wireless backhaul operation on extenders with scheduled Wi-Fi radio shutdowns. [NDM-2912]
KeeneticOS 4.1 Alpha 4
21/08/2023
Fixed
Fixed time zone synchronisation on Extenders in a Mesh Wi-Fi System. [NDM-2918]
Fixed
socket is not ready for request
error message in the System log for the DNS proxy service. [SYS-971] [Forum topic]
KeeneticOS 4.1 Alpha 3
18/08/2023
New
The new ZeroTier client supports secure connection with your private networks and devices anywhere online. [NDM-2883]:
interface ZeroTier0
— create ZeroTier interfaceinterface {name} zerotier network-id {network-id}
— set ZeroTier network IDinterface {name} zerotier accept-addresses
— accept addresses from the serverinterface {name} zerotier accept-routes
— accept routes from the serverinterface {name} zerotier connect [via {via}]
— enable connection via specified interfaceshow interface {name} zerotier peers
— show peers
Fixed
Fixed use of static
78.47.125.180
DNS record use for the KeenDNS direct mode. [NDM-2905]Fixed PPPoE session disconnect when renewing DHCP address on a parent interface. [NDM-2904]
Fixed unnecessary restart of the
dhcp6d
daemon after saving segment settings. [NDM-2916]Enabling traffic shaping for registered clients no longer causes problems with web browsing. [SYS-953] [Forum topic]
Fixed timeouts when accessing websites using a custom Connection policy with multipath enabled. [NDM-2792]
Fixed Ping Check
system failed [0xcffd0304], network unreachable
error message that appears under certain conditions. [NDM-2906]
KeeneticOS 4.1 Alpha 2
11/08/2023
Improved
The OpenSSL library is updated to the latest version
3.1.2
, which fixes the following list of vulnerabilities: CVE-2023-3817, CVE-2023-3446, CVE-2023-2975. [SYS-949]
Fixed
Fixed KeenDNS cloud connectivity over IPv6 protocol. [NDM-2894]
The problem that causes the error message
Ndns::Tunnel: out of memory [0xcffe00ba]
in the System log has been fixed. [NDM-2895] [Forum topic]Fixed display of disabled Internet connection status in the Web interface. [NDM-2890] [Forum topic]
Fixed source IPv4 address selection when
ip alias
addresses are configured. [SYS-945] [Forum topic]Fixed an issue with duplicate detection where the Extender would appear in the list of unregistered devices if its IP address was changed. [NDM-2892] [Forum topic]
KeeneticOS 4.1 Alpha 1
04/08/2023
Improved
Incoming and outgoing bandwidth control for IntelliQoS implemented in the Command Line Interface (CLI). [NDM-2757]
ntce upstream rate-limit {interface} input ({rate} | auto)
— set bandwidth limit for specific{interface}
for incoming directionntce upstream rate-limit {interface} output ({rate} | auto)
— set bandwidth limit for specific{interface}
for outgoing direction
The OpenSSL library is updated to the latest version,
3.1.1
, which fixes the following list of vulnerabilities: CVE-2023-2650, CVE-2023-0465. [SYS-883]
Fixed
Fixed KeenDNS cloud connectivity over IPv6 without an IPv4 Internet connection. [NDM-2870]
Fixed operation of OpenVPN connections using a custom Connection policy. [NDM-2888]