KeeneticOS 4.2
KeeneticOS 4.2.1
04/10/2024
New
The Wi-Fi System Controller is now able to manage the KeeneticOS update channel on the Wi-Fi System Extenders. [NDM-3419]
mws member {member} update channel {channel}
— set KeeneticOS{channel}
on an extender{member}
Fixed
Fixed issue with saving of Wireguard®
connect via
setting. [NDM-3467]Fixed an issue where open Wi-Fi network settings were corrupted after restarting the device. [NDM-3485]
The following fixes have been applied to the next-generation Web interface.
Fixed the status of the Use Syslog checkbox on the Diagnostics page. [NWI-3689] [Forum topic]
Removed overscrolling in the Transition log tab on the Mesh Wi-Fi System page. [NWI-3694] [Forum topic]
Fixed Allow WPS option to be stored in the Wi-Fi System Extender settings. [NWI-3697] [Forum topic]
Fixed autocomplete in the command line interface of the Web CLI page. [NWI-3715] [Forum topic]
Fixed flashing of the segment description. [NWI-3716] [Forum topic]
Fixed the display of the disabled Wi-Fi interface warning on the Wi-Fi Monitor page. [NWI-3717] [Forum topic]
Fixed the behaviour of port tooltips on the System Dashboard page. [NWI-3727] [Forum topic]
Fixed the display of the Wi-Fi Channel width in Wi-Fi settings. [NWI-3730] [Forum topic]
Fixed layout issues on wide screens. [NWI-3731] [Forum topic]
Fixed an issue where the Mesh Wi-Fi System would not work correctly with extenders using KeeneticOS version
3.7
. [NDM-3491]Fixed an issue with the
community
filtering for SNMPv1 protocol. [SYS-1203]
KeeneticOS 4.2 Beta 4
18/09/2024
New
The new public DNS resolver presets from ControlD are now accessible on the Internet Safety page. [NDM-3452] [Forum topic]
A standalone
Policy Table
mode has been implemented, which disables the automatic addition of static routes to the selected connection policy. [NDM-3445]ip policy {name} standalone
— enablestandalone
mode for connection policy{name}
.
WireGuard client connections now select a random listen port each time the tunnel reconnects. [NDM-3469] [Forum topic]
Fixed
Fixed a memory leak in the VirtualIP IPSec VPN server application. [NDM-3460]
Fixed DNS leakage for custom Connection policies. [NDM-3468] [Forum topic]
Fixed the employment of the SA AEAD mode cypher suite in Phase 2 for Site-to-Site IPsec VPN settings after device reboot. [NDM-3470] [Forum topic]
The following fixes have been applied to the next-generation Web interface.
Fixed visual issues in the Transition Log tab on the Wi-Fi system page. [NWI-3658] [Forum topic]
Locked toggles for Access Points on Extenders in the Mesh Wi-Fi system. [NWI-3634] [Forum topic]
Fixed the colour contrast of system notifications. [NWI-3667] [Forum topic]
Fixed horizontal scrolling of tables on mobile screens. [NWI-3683] [Forum topic]
Fixed the link in the Current user has no password notification to open in the same tab. [NWI-3719] [Forum topic]
Fixed the column titles of the UPnP Port Forwarding Table. [NWI-3688] [Forum topic]
Fixed the drop-down lists overlapping with buttons. [NWI-3721] [Forum topic]
Added custom port selection to the Proxy server address for Proxy connections. [NWI-3713] [Forum topic]
KeeneticOS 4.2 Beta 3
04/09/2024
New
Added a CLI command to unbind the DDNS service requests from the specified interface. [NDM-3420]
interface {name} dyndns nobind
— disable DynDNS bind on interface{name}
.
Implemented a CLI command to enable the sending of the
client ID
for the WireGuard connection peer. [NDM-3427] [Forum topic]interface {name} wireguard peer {peer} client-id send {value}
— setclient-id
as a decimal{value}
of the required hexadecimal ID for Wireguard{peer}
.
Added a CLI command to configure the
authgroup
value for the OpenConnect connection to ensure third-party compatibility. [NDM-3430] [Forum topic]interface {name} openconnect authgroup {authgroup}
— set the{authgroup}
value to use with OpenConnect interface{name}
connection.
When accessing the Internet over the tunnel, clients of IKEv1/IPsec and IKEv2/IPsec VPN Server applications now follow the connection policy selected for the bound network segment. [NDM-3431] [Forum topic]
Fixed
Restored the correct work of access to my.keenetic.net restriction from local network segments configured to prohibit services hosted on the Keenetic device. [NDM-3346]
Fixed the display of the Mesh Wi-Fi System clients shifting between bands in the Transition Log. [NDM-3412] [Forum topic]
Fixed the application of the routes automatically received by the OpenVPN connection. [NDM-3415]
Fixed the socket leak in
nf_queue
. [NDM-3428] [Forum topic]Fixed the underlying connection selection for the OpenConnect connections. [NDM-3434]
The following fixes have been applied to the next-generation Web interface.
Fixed the items displayed in the Destination IP column of the Active Connections tab in Diagnostics menu. [NWI-3633] [Forum topic]
Fixed the IP address data display on the My networks and Wi-Fi card on the System Dashboard page for Extender devices. [NWI-3636] [Forum topic]
Fixed the display of the Wireless ACL page for Extender devices. [NWI-3640] [Forum topic]
Removed the unnecessary saving of the System Dashboard cards layout when the user logs in. [NWI-3635] [Forum topic]
Fixed the Proxy server address validation for the Proxy Connections on the Other Connections page to permit the
127.0.0.1
host to serve as a proxy server. [NWI-3642] [Forum topic]Fixed tabs display to fit the screen at lower resolutions better. [NWI-3393] [Forum topic]
Fixed the menu scroll bar positioning on mobile screens. [NWI-3654] [Forum topic]
Disabled the automatic capitalization property for user input fields. [NWI-3655] [Forum topic]
An IP address display was added for OpenConnect VPN connections in a connected state. [NWI-3656] [Forum topic]
Fixed the DNS servers link on the System Dashboard's Internet card. [NWI-3660] [Forum topic]
Fixed the WireGuard connection configuration import to ignore the invalid
PersistentKeepalive
property. [NWI-3659] [Forum topic]Fixed the Packet size setting for the Network Connection Test tools on the Diagnostics page. [NWI-3661] [Forum topic]
Fixed the width of notification banners. [NWI-3662] [Forum topic]
Fixed the System Component Options links from the Applications card on the System Dashboard. [NWI-3664] [Forum topic]
Fixed the copy-to-clipboard control for the Public key in WireGuard connection settings. [NWI-3666] [Forum topic]
Fixed the false positive No new routes found error when importing network routes from the file. [NWI-3670] [Forum topic]
KeeneticOS 4.2 Beta 2
08/08/2024
Improved
Mesh Wi-Fi system controller now propagates segments without Wi-Fi access points to extenders. [NDM-3210]
Disabled DTLS (Datagram Transport Layer Security) support for the OpenConnect VPN server in KeenDNS cloud mode to improve compatibility with the VPN Client Pro application. [NDM-3394] [Forum topic]
Enabled caching of the saved configuration to improve the Web interface response time and reduce CPU load. [NWI-3643]
Fixed
Fixed an issue where IPv6 static DNS configuration entries were cleared after the device started. [NDM-3390]
Resolved the issue causing unstable connectivity between local and remote networks in a multi-subnet configuration of a site-to-site IPsec VPN tunnel, secured in Phase 1 by IKEv1. [NDM-3381]
Fixed the display of the Transition Log for Mesh Wi-Fi system clients on mobile devices. [NWI-3579]
KeeneticOS 4.2 Beta 1
24/07/2024
Improved
Added client names for IPv6 connections on the Diagnostics > Active Connections page for the Next-generation web interface (beta). [NDM-3381] [Forum topic]
Fixed
Fixed incorrect application of a DNS query filtering rule for IPv6 link-local addresses that occurred under certain conditions. [NDM-3379] [Forum topic]
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed bugs on the Diagnostics page. [NWI-3523] [Forum topic]
Removed the change schedule link from My networks and Wi-Fi card on Wi-Fi system extenders. [NWI-3556] [Forum topic]
Fixed search results to take into account installed components. [NWI-3568] [Forum topic]
Connection types have been added to the description for interfaces (PPPoE, L2TP, PPTP) that use the same underlying wire interface. [NWI-3581] [Forum topic]
Fixed the unintentional disabling of the DHCP Relay when saving segment settings. [NWI-3583] [Forum topic]
Fixed the duplication of the Applications header. [NWI-3599] [Forum topic]
Fixed the display of the Transition log content on the Mesh Wi-Fi System page. [NWI-3604] [Forum topic]
Fixed the display of the current operating mode and selected country on the General System Settings page. [NWI-3606] [Forum topic]
Fixed saving of interface order in the default policy. [NWI-3607] [Forum topic]
Fixed the settings dialogue for the registered device using UPnP service. [NWI-3624] [Forum topic]
KeeneticOS 4.2 Beta 0
16/07/2024
New
We are introducing the next-generation Web interface as the standard UI for configuring and managing your Keenetic device. [NDM-3378]
Improved
Implemented dynamic table size adjustment with
nf_conntrack_max
value forsoftware ppe
(Packet Processing Engine) when the user changes maximum NAT sessions via command line interface (CLI). [NDM-3344]
Fixed
Fixed an issue where the channel number would incorrectly display as zero when connected via Wireless ISP (WISP). [SYS-1171]
Fixed the PPTP VPN connection stalling on the backup connection after the primary connection is restored. [NDM-3376]
KeeneticOS 4.2 Alpha 17
06/07/2024
Improved
The SNTP service compatibility enhancement adds support for
Reference Identifier
andReference Timestamp
values in SNTP responses based on RFC4330. [NDM-3368]
Fixed
A problem that caused the
OpenVPN: Connection reset, restarting
error message to appear in the System log has been fixed. [NDM-3355]
KeeneticOS 4.2 Alpha 16
29/06/2024
Fixed
There are no changes for Keenetic City (KN-1511).
KeeneticOS 4.2 Alpha 15
23/06/2024
Fixed
Fixed IPv6 ULA (Unique local address) prefix announcements with incorrect
A
bit. [NDM-3350] [Forum topic]The L2TP/IPsec VPN client now uses a random source port to avoid connection problems when multiple VPN L2TP/IPsec connections are established behind NAT on an upstream router. [NDM-3349]
KeeneticOS 4.2 Alpha 14
15/06/2024
Fixed
Fixed selection of the best node for wireless backhaul connection in the Mesh Wi-Fi System. [SYS-1161]
KeeneticOS 4.2 Alpha 13
08/06/2024
Maintenance release
This maintenance release for Keenetic City (KN-1511) has only minor changes.
KeeneticOS 4.2 Alpha 12
01/06/2024
New
You can now assign Network ports on Extender devices to any configured network segment using the Command Line Interface (CLI). Alternatively, you may wish to disable the Network ports for security reasons. [NDM-3162]
mws member {member} port {port} [no] access {interface}
— assign{port}
on a{member}
node to access an{interface}
segment;mws member {member} port {port} [no] disable
— disable{port}
on a{member}
node.
Enhanced software packet processing engine to enable acceleration for traffic with a manually set TTL value. [SYS-1157] [Forum topic]
Fixed
Fixed remote access over an IKEv2/IPsec VPN connection to a local network host for which a SNAT mapping rule is configured. [NDM-3310]
An issue that caused the error message
failed to lookup service for segment "WifiMaster1"
on Extender devices to appear in the System log has been fixed. [NDM-3325]
KeeneticOS 4.2 Alpha 11
25/05/2024
New
The new IntelliQoS option allows 802.1p priority code point (PCP) mapping for egress packets in the command line interface (CLI). [NDM-3318] [Forum topic]
interface {name} vlan qos egress map {priority} {pcp}
{priority}
— NTCE priority queue number. Use0
to assign the same PCP value to any outgoing packet on the interface;{pcp}
— set the new value of the 802.1p priority code point.
The implementation of a ZeroTier connection now includes accepting managed routes and DNS servers published on the ZeroTier network controller. [NDM-3319] [Forum topic]
Improved
The OpenSSL library has been moved to a different branch with the latest version
3.0.13
. [SYS-1152]Improved robustness of the DNS over TLS and DNS over HTTPS server cache. [NDM-3320] [Forum topic]
Fixed
Fixed an issue where static DNS settings were cleared when the device was restarted. [NDM-3303]
Fixed the DynDNS domain name validation; now it's possible to use only one domain. [NDM-3309] [Forum topic]
KeeneticOS 4.2 Alpha 10
17/05/2024
Improved
The clients of the VPN Server (PPTP, SSTP and OpenConnect) now access the Internet following the Connection Policy of the local network to which the server is bound. [NDM-3295]
Fixed
Fixed Connection Policies work with IPv6 protocol under certain conditions. [NDM-3289]
Enabled the SNMP reports by OID
ifAdminStatus
to monitor the operational state of device ports via third-party software. [NDM-3296]Fixed a problem where certain settings were disabled due to incorrect inversion of boolean variables. [NDM-3297] [Forum topic]
The problem of returning
null
for undefined boolean settings in the KeeneticOS core API has been fixed. [NDM-3298] [Forum topic]Fixed the continued reconnections of OpenVPN with more than one active client or server. [NDM-3301]
KeeneticOS 4.2 Alpha 9
09/05/2024
Fixed
Fixed a problem that could cause the password argument to be parsed incorrectly during configuration. [NDM-3293] [Forum topic]
KeeneticOS 4.2 Alpha 8
09/05/2024
Improved
The implementation of IKEv1/IKEv2 IPsec VPN servers now allows to avoid IP address conflicts with other interfaces. [NDM-3250]
Implemented support for direct access mode to KeenDNS domain from browsers with
TLS 1.3 hybridized Kyber
enabled. [NDM-3284] [Forum topic]
KeeneticOS 4.2 Alpha 7
28/04/2024
Fixed
An issue that caused the
system failed [0xcffd0042]
error message to appear in the System log during client auto-registration has been fixed. [NDM-3275] [Forum topic]An issue that caused the
duplicate key
error message to appear in the System log when opening the IntelliQoS page has been fixed. [NDM-3276] [Forum topic]
KeeneticOS 4.2 Alpha 6
27/04/2024
New
Improved
Improved host detection using
EchoReq
in theICMPv6
protocol to ensure correct operation of port forwarding rules for the IPv6 protocol. [NDM-3265] [Forum topic]The Phase 2 of the site-to-site IPsec tunnel now supports the SHA512 HMAC algorithm. [NDM-3269]
crypto ipsec transform-set {name} hmac esp-sha512-hmac
— enableesp-sha512-hmac
algorithm for transform-set{name}
Added MAC address and registration time information to the name of devices registered automatically. This will help you easily identify and keep track of the devices on your network. [NDM-3253]
Fixed
Fixed the forwarding of the source IP address in the
X-Real-IP
header when accessing web applications via KeenDNS. [NDM-2214]Fixed random disconnection of IKEv2 tunnels to the Keenetic IKEv2/IPsec VPN server. [NDM-3059]
The Application traffic analyser engine now operates more efficiently with the IPv6 protocol under high network load. [NDM-3235]
Fixed problem with converting Band Steering settings after updating to KeeneticOS
4.1.x
version. [NDM-3241]Fixed hostname resolution for Ping Check in TCP/TLS port check mode when using secure DNS for domain name resolution. [NDM-3273] [Forum topic]
Fixed access to the KeenDNS Web Applications configured with prohibited remote access (
security-level private
) from the home network. [NDM-3264] [Forum topic]
KeeneticOS 4.2 Alpha 5
20/04/2024
New
The
camouflage
mode option has been added to both SSTP VPN and OpenConnect VPN servers and clients, providing greater security against remote service scanning. [NDM-3257] [Forum topic]oc-server camouflage
— enablecamouflage
option for the OpenConnect VPN serversstp-server camouflage
— enablecamouflage
option for the SSTP VPN server
Fixed
Fixed spurious EoIP/IPsec connection attempts after device restart. [NDM-2518]
Incomplete application of static IPv6 routes when re-establishing an associated VPN connection after a reboot fixed. [NDM-3248] [Forum topic]
Fixed issue with absent route to remote Wireguard endpoint after device restart. [NDM-3223]
The problem that causes the error message
PingCheck::Resolve: "default": system failed [0xcffd003c], upstream is very slow to respond
in the System log has been fixed. [NDM-3244]UPnP service rules are now correctly applied to clients accessing the Internet using the Connection policy with active multipath mode. [NDM-3251]
KeeneticOS 4.2 Alpha 4
13/04/2024
Improved
Implemented an
aggressive
mode option for the IKEv1 client in the command line interface (CLI) for compatibility with VPN (IPsec) servers running on Fritz!Box routers. [NDM-3227]interface {name} ipsec aggressive
— set theaggressive
Phase 1 mode for VPN connection{name}
Fixed
Fixed DNS query interception in the additional network segments. [NDM-3228] [Forum topic]
KeeneticOS 4.2 Alpha 3
06/04/2024
New
The new OpenConnect VPN client system component is now available, allowing you to establish a secure connection to a remote server via the command line interface (CLI). [NDM-3207]
Improved
Implemented a workaround to prevent certain Realtek Wi-Fi drivers from crashing on Windows OS when passing non-PMF authentication on a PMF-enabled access point. [SYS-1131]
Fixed
Fixed priority of user-defined
ip static
rules over automatic UPnP port forwarding rules to a host. [NDM-3078]Fixed home network access for L2TP/IPsec VPN server clients when
ip static
rules are configured on WAN IP aliases. [NDM-3110]Fixed binding to the WAN address and inbound access to the service port for the ZeroTier client connection. [NDM-3216] [Forum topic]
KeeneticOS 4.2 Alpha 2
30/03/2024
New
A new CLI
grep
extension is now available to filter the output of theshow
command. [NDM-3075]grep [-A <n>] [-B <n>] [-C <n>] regex
— trim theshow
command output using theregex
regular expression.-A
— number of XML nodes to show after match.-B
— number of XML nodes to show before match.-C
— displayed XML cluster depth.
For example:
(config)>
show interface | grep address
Interface, name = "Home" address: 192.168.2.1 ipv6: Interface, name = "Guest" address: 10.1.30.1 ipv6: (config)>show system | grep cpuload
cpuload: 5
Improved
A new read/send timeout option allows the session lifetime for Web applications of the KeenDNS proxy service to be set via the command line interface (CLI). [NDM-3157]
ip http proxy {name} timeout {timeout}
— set{timeout}
for KeenDNS{name}
proxy.
The WireGuard advanced security configuration (ASC) parameters are now available in the command line interface (CLI). [NDM-3202]
interface {name} wireguard asc {jc} {jmin} {jmax} {s1} {s2} {h1} {h2} {h3} {h4}
— set additional ASC parameters for WireGuard{name}
tunnel.
Fixed
Fixed iOS L2TP/IPsec client disconnecting under heavy load. [NDM-3180]
KeeneticOS 4.2 Alpha 1
22/03/2024
New
A new segment default policy for hosts has been implemented and is now enabled by default. Registered devices with this connection policy assigned will follow the default connection policy of the network segment they are connecting to. [NDM-2237]
ip hotspot host {MAC} conform
— set host with specified{MAC}
to follow the current segment's connection policy.
The new application filtering option is now available in the Application traffic analyser service via command line interface (CLI). This option allows to create a filtering profile, add required applications, assign a host or segment to the filtering profile and enable the operation schedule. [NDM-3069]
ntce filter profile {name} application {application}
— add an application to the profile.ntce filter profile {name} group {group}
— add an application group to the profile.ntce filter profile {name} type {type}
— set the profile type, which can bepermit
ordeny
.ntce filter profile {name} description {description}
— set the profile description.ntce filter profile {name} schedule {schedule}
— set the profile schedule.ntce filter assign host {host} {profile}
— assign a profile to a registered host (MAC address).ntce filter assign interface {interface} {profile}
— assign a profile to an interface.
The new option to automatically register hosts in the Home segment is now available (enabled by default). You can disable this behaviour using the command line interface (CLI). [NDM-3101]
ip hotspot auto-register disable
— disable automatic host registration for the Home segment.
The new OpenConnect VPN server system component is now available, providing a remote SSL VPN connection to your Keenetic. [NDM-3141]
oc-server interface {interface}
— bind OpenConnect server to an interface.oc-server pool-range {begin} {size}
— set OpenConnect address pool.oc-server static-ip {name} {address}
— set static IP address for a user.oc-server mtu {mtu}
— set OpenConnect server MTU.oc-server multi-login
— enable multiple connections with the same user account.ip nat oc
— enable NAT for OpenConnect clients.service oc-server
— enable OpenConnect service.
Improved
Disabling Port Forwarding (
ip static
) rules now forces matching active sessions to be dropped. [NDM-3067]Implemented new options to preserve Referer and Origin headers for Web applications of the KeenDNS proxy service in the command line interface (CLI). [NDM-3089] [Forum topic]
ip http proxy {name} preserve-referer
— preserve Referer header for{name}
of the web proxy rule.ip http proxy {name} preserve-origin
— preserve Origin header for{name}
of the web proxy rule.
A NetFlow monitor system component can now collect IPv6 traffic information and monitor network flows. [NDM-3109]
The
MOBIKE
extension (RFC 4555) has been enabled for both the IKEv2/IPsec VPN Server and the IKEv2 client. [NDM-3164]
Fixed
The CloudFlare content filter has been corrected to work properly on networks that do not support IPv6. [NDM-3163]
Fixed port forwarding issues after Hotspot (
ip hostspot
) code refactoring. [NDM-3127, NDM-3171] [Forum topic]