KeeneticOS 3.3
KeeneticOS 3.3.16
31/3/2020
Improved
Multiple improvements to the Internet availability-checking algorithm: [NDMS-600]
Reduced the number of simultaneous connections to conserve network resources, on both Keenetic and external servers;
Enabled sequential polling of test servers, instead of simultaneous polling;
Enabled dynamic polling interval between checks for Internet access.
Fixed
Listing files and directories of File and printer sharing (TSMB CIFS) application yields an empty response when uninstalled the Folder permissions control component. [NDMS-536]
The printing via File and printer sharing (TSMB CIFS) system component is not possible on the Epson L120 printer due to an invalid printer name in the
OpenPrinterEx
response. [NDMS-381]Folders with restricted permissions are now appropriately displayed in the File browser. [NDW-285]
Link to KeeneticOS Release notes is now visible on the Updates and component options section of the System setting page. [NDW-739]
KeeneticOS 3.3.15
13/3/2020
Fixed
KeeneticOS 3.3.12
22/2/2020
Fixed
There are no changes for Keenetic Giga (KN-1010).
KeeneticOS 3.3.11
22/2/2020
Fixed
Execution of Wireless ACL rules on Wi‑Fi system extenders is now working correctly. [NDMS-398]
Wireless ISP (WISP) fast re-connection after prolonged absence of an upstream Wi‑Fi access point. [NDMS-439]
PEAP/MS-CHAPv2 authentication now works properly for 802.1x connections. [NDMS-402]
KeeneticOS 3.3.10
14/2/2020
New
Enabled key pair generation — public and private keys for newly created WireGuard® connections in Other connections section of the Web Interface. [NDW-559]
Fixed
The duplication of host entries on the Device lists page connected through wireless extenders. [NDMS-470]
The KeeneticOS availability checker for the AdGuard DNS Internet safety service is now working correctly. [NDMS-477]
KeeneticOS 3.3.9
7/2/2020
Fixed
TCP connection failure after three days of Keenetic device uptime under certain conditions. [NDMS-468]
KeeneticOS 3.3.8
4/2/2020
Fixed
Restored operation of the Internet LED with a positive testing result of the
internet-checker
service of KeeneticOS. [NDMS-421]Changed ARP host polling frequency for smooth device discovery and display in the Registered devices list. [NDMS-429]
File rename operation over a File and printer sharing (TSMB CIFS) system component network share for the case-insensitive file system. [NDMS-397]
KeeneticOS 3.3.7
30/1/2020
New
Further USB modems support:
Digma Dongle USB modem: Cat 4 LTE — DW1961; [NDMS-323]
Digma Dongle USB Wi‑Fi router: Cat 4 LTE — DMW1969; [NDMS-324]
Improved
The Device lists page for better responsiveness. [NDW-509]
Shorten association time for Wi‑Fi Extenders during a WPS (Wi‑Fi Protected Setup) connection to a Mesh Wi‑Fi System Controller. [NDMS-344]
Improved the Wi‑Fi radio channel selection algorithm when Backhaul connection is actively used by nodes of a Mesh Wi‑Fi System. [NDMS-436]
Enhanced the stability of the hardware packet accelerator for heavily-loaded IPsec connections. [NDMS-113]
Fixed
Solved Wi‑Fi download speed regression caused by new Linux kernel version 4.9 of KeeneticOS. [NDMS-385]
The Apple Watch® now connects to a Keenetic Wi‑Fi access point with enabled FT (Fast Transition — 802.11r) wireless roaming. [NDMS-424]
The Port forwarding page display when there are no rules.
The redirect to the notification page for Internet Explorer 11 users. Internet Explorer 11 is outdated and is not supported by the Keenetic Web UI.
The VPN IPsec connections with fragmented IP traffic. [NDMS-113, NDMS-388, NDMS-395]
The error messages
unable to extract domain from request
in System log while Service — AdguardDNS is running. [NDMS-450]WSD (Web Services for Devices) sub-system of the File and printer sharing (TSMB CIFS) system component now supports IP aliases with wider network mask
/16
. [NDMS-404]The File and printer sharing (TSMB CIFS) system component now supports the listing of filenames longer than 255 bytes. [NDMS-240]
KeeneticOS 3.3.3
15/1/2020
Fixed
KeeneticOS system reboot when using VLAN-based settings for wired Internet connection and with the IPv6 system component installed. [NDMS-391]
Wi‑Fi access point configuration with Network protection — WPA2-PSK + WPA3-PSK or WPA3-PSK when using the WPA Enterprise system component. [NDMS-394]
Fixed downloading of files from the USB storage via the File browser of the Web Interface. [NDW-396]
Changing of the TCP port of the Media Server system component now saves correctly. [NDW-397]
The Web Interface rendering on iPad Pro® with iOS 13 version and higher. [NDW-275]
KeeneticOS 3.3.2
26/12/2019
Improved
Improved File and printer sharing (TSMB CIFS) system component compatibility with IP-cameras from Xiaomi®, and with the Konica Minolta® C224e multifunction printer. [NDMS-159]
Fixed
Fixed MBSSID (Multi Broadcast SSID) configuration for the Wi‑Fi access point. Now all Wi-FI SSIDs (Network name) are broadcast. [NDMS-368]
KeeneticOS 3.3.1
25/12/2019
Improved
The Mesh Wi‑Fi System is in release state now. The BETA sign has been removed from the Wi‑Fi system menu. [NDW-388]
Note
A Mesh Wi‑Fi System consists of multiple Keenetic routers that work together to form a single unified Wi‑Fi network with seamless roaming according to 802.11k/r/v standards. The use of a mesh applies to large homes or offices, or spaces with intefering walls or other obstructions, where a single router doesn't provide enough quality Wi‑Fi coverage. You need at least two Keenetic routers to form a mesh. One connects to the Internet (operates in Router mode) while the other links to the first one — wirelessly or via a network cable — to extend Wi‑Fi coverage (operates in Extender mode). A Keenetic Mesh Wi‑Fi system is easy to set up and manage. You only need to set up the router; the rest of the extenders will replicate the router's settings.
Fixed
The Download Station system component now connects to torrent trackers correctly. [NDMS-330, NDMS-387]
The Media Server application now displays proper status during scanning of media files on the attached USB drive. [NDW-369]
KeeneticOS 3.3.0
20/12/2019
New
Implemented session timeout for the SSH server system component. By default the timeout of an inactive SSH session is 300 sec. [NDMS-354]
ip ssh session timeout {timeout}
— set timeout of an inactive SSH session
Fixed
Fixed link detection and statistics display for wired hosts connected to wireless Extenders for the Mesh Wi‑Fi System. [NDMS-319]
Selection of WireGuard® VPN default gateway when WAN-port has two connections — IPoE (IP over Ethernet) and PPPoE (PPP over Ethernet). [NDMS-353]
The software packet accelerator for correct operation with IPsec VPN service of KeeneticOS. [NDMS-309]
Packet fragmentation of EoIP (Ethernet over IP) traffic encapsulated in IPsec VPN connections. [NDMS-351, NDMS-253]
The SSTP (Secure Socket Tunneling Protocol) VPN connection to a server using a DynDNS or other domain name with an obtained SSL certificate. [NDMS-259, NDMS-275]
Remote access to the Keenetic device in Extender mode via HTTPS-protected
*.keenetic.io
domain name. [NDMS-378]Сonfiguration importing process of the WireGuard® VPN connection now operates correctly. [NDMS-295]
KeeneticOS 3.3 Beta 6
20/12/2019
Fixed
Recalculated OOM (Linux Out-of-Memory Killer) scores for internal services of KeeneticOS, to improve system durability. [NDMS-290]
KeeneticOS 3.3 Beta 5
4/12/2019
Improved
Increased the number of supported clients to 32 for the UDP-to-HTTP proxy (udpxy) system component, allowing home network devices that do not support multicast traffic to watch IPTV channels.
Fixed
Implemented memory preallocation for the Wi‑Fi driver, to avoid out-of-memory crash under heavy load. [NDMS-325]
KeeneticOS 3.3 Beta 4
29/11/2019
Fixed
Fast transition (FT) roaming of Wi‑Fi clients with WPA2-PSK and WPA2 Enterprise network protection now proceeds correctly. [NDMS-298]
Сonfiguration importing process of the WireGuard® VPN connection now operates correctly. [NDMS-295]
SafeDNS® DNS name resolving and service availability checking. [NDMS-282]
KeeneticOS 3.3 Beta 3
19/11/2019
New
Implemented a KeeneticOS automatic update schedule, which allows the performance of a device update in a convenient time frame. [NDMS-16]
Tip
KeeneticOS automatic updates are released on a rolling basis. New versions will be pushed to all devices within a few weeks of release. Your Keenetic may not be updated immediately after a new version is available.
components auto-update schedule {schedule}
Improved
Improved compatibility with earlier-generation Broadcom-based Wi‑Fi clients that are unaware of Fast Transition (FT) - 802.11r mechanism. [NDMS-289]
Fixed
Startup process of the File and printer sharing (TSMB CIFS) system component in the Extender mode. [NDMS-256]
KeeneticOS 3.3 Beta 2.4
15/11/2019
New
Implemented a Mesh Wi‑Fi System backhaul link over a 2.4 GHz radio. Now, single-band Wi‑Fi devices can create a Mesh Wi‑Fi system, and it is possible to mix single-band and dual-band Wi‑Fi devices in Mesh Wi‑Fi system setups. [NDMS-278]
Improved
A manually configured static IP address on a Wi‑Fi system extender no longer prevents it from connecting to the Internet. [NDMS-89]
Fixed
Fixed the registered device configuration page, unable to save settings error. [NDW-166]
Fixed packets loss for WireGuard® VPN connections under certain conditions. [NDMS-249]
KeeneticOS 3.3 Beta 1
7/11/2019
New
SafeDNS®: implemented DNS-over-TLS (DoT) protocol support. [NDMS-254]
Note
DNS over TLS (DoT) is a network security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.
Implemented the option to withdraw consent to share anonymous device usage information with Keenetic. [NDMS-242]
system dump-report disable
— disable anonymous device diagnostic and usage information reports.
Added a new type of VPN connection — WireGuard®. The CLI commands for setting up the WireGuard® server are listed below: [NDMS-148]
Note
WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.
interface Wireguard0
wireguard private-key [private-key]
— set a private key manually or automatically (not displayed in the running-config text configuration file)wireguard listen-port {port}
— if listen-port is not set, it is configured randomlywireguard peer {key}
— add a remote peer with a public keyendpoint {address:port}
— set a remote address for outbound connectionskeepalive-interval {interval}
preshared-key {key}
allow-ips {address/mask}
— add an allowed IP address pool
Implemented WSD (Web Services for Devices) and LLMNR (Link-Local Multicast Name Resolution) discovery protocols for the File and printer sharing (TSMB CIFS) system component. [TSMB-693]
Added a WireGuard® VPN settings section on the Other connections page, providing effortless setting up of the desired VPN connection. [NDW-90]
Added the
NT QUERY SECURITY DESC
extension stub of the SMB/CIFS protocol for compatibility with the Eltex NV-501 media player. [NDMS-121]
Implemented SSL server autostart unless otherwise configured, such as by: [NDMS-127]
ip http ssl no enable
— disable SSL server
Wi‑Fi wireless access point now supports a new technology — Airtime Fairness (ATF) is a feature that boosts the overall network performance by sacrificing a little bit of airtime of the slowest Wi‑Fi devices. [case-14977]
interface WifiMaster1 atf inbound
— enable ATFinterface WifiMaster1 atf disable
— disable ATF
Improved
Enabled case insensitive mode for all files of network shares of the File and printer sharing (TSMB CIFS) system component.
Implemented WireGuard® VPN debug message logging, providing extended debug functionality for support engineers and advanced users. [NDMS-252]
interface Wireguard0 debug
Implemented the
NTLM SESSION_SETUP_ANDX
compatibility options of the File and printer sharing (TSMB CIFS) system component, providing the proper support for the smbv1 protocol for the file manager of Honor/Huawei smartphones. [NDMS-196]Enabled KeenDNS Operating mode — Direct access for private IP addresses. It helps save direct access settings when your Keenetic obtains a private IP address from the device with public IP forwarding traffic to Keenetic. [NDW-138]
Improved the device icon image resolution for the Media Server component of KeeneticOS. [NDMS-181]
Implemented DLNA service binding to network segment for Media server system component. [NDW-108]
Added the Refresh button for PPP-connections (L2TP, PPTP, PPPoE) on the System dashboard page. [NDW-37]
Added a new Adjustment of TCP MSS option for WireGuard® VPN settings. This feature enables the automatic adjustment of the Maximum Segment Size (MSS) for packets that are forwarded to VPN tunnel, specifically the TCP packet segments with the synchronize/start (SYN) bit set. [NDW#2665]
Disabled the
accm, accomp, pcomp
options of the SSTP VPN server system component, for compatibility with VPN Client Pro Android® application. [NDMS-201]Enabled WireGuard® Endpoint field configuration as FQDN (Fully Qualified Domain Name). [NDW-107]
Enabled
fast path
for L2TP over IPSec traffic acceleration.Improved notification about missing admin password by way of a yellow pop-up badge in the Web Interface. [NDW-98]
Implemented multi-threaded architecture of the File and printer sharing (TSMB CIFS) component, providing better performance.
Increased the FTP server component virtual memory limit to 16MB, for better operation with folders containing more than 100K files on an attached USB drive. [NDMS-185]
Added the
Secure
flag to the Set-Cookie header in SSL sessions for protection against XSS (Cross-Site Scripting) attacks. [NDMS-123]Web Interface security is hardened by adding the X-Frame-Options
DENY
header in the Web Interface engine for protection against Clickjacking attacks. [NDMS-123]Improved the compatibility of the KeeneticOS
Acme
service with the new Let's Encrypt® CDN for obtaining HTTPS certificates. [NDMS-134]Updated to the latest OpenSSL library version
1.1.1d
.
Reworked the hardware crypto engine to support native
CryptoAPI
withEIP93
driver providing system-wide cryptography. [case-6144]
Fixed
The Unregister button is now removing Registered devices and Blocked devices correctly on the Device lists page. [NDW-139]
Fixed Cancel button behaviour when the user needs to undo syslog settings on System log section of Diagnostics page. [NDW-141]
The Output column of the UPnP port forwarding table section now displays correct information. [NDW-140]
Fixed the LLMNR (Link-Local Multicast Name Resolution) multicast socket binding of the File and printer sharing (TSMB CIFS) component to better discover Keenetic shared network devices in Windows 10 networks. [TSMB-693]
Host name field configuration on the Wired connections page. [NDW-131]
WireGuard® listen port for inbound VPN connections providing proper VPN tunnel set up. [NDMS-200]
Listen port configuration error in WireGuard® VPN section of the Web Interface. [NDW-107]
Address field validation for the WireGuard® VPN in the Web Interface. [NDW-107]
Status of WireGuard® VPN connection on the System dashboard page. [NDW-107]
Fixed the backhaul link metric setting when acquiring an extender to the Mesh Wi‑Fi system.
Resolved the File and printer sharing (TSMB CIFS) component compatibility with VLC application version 3.1.7 running on Android®. [NDMS-152]
Resolved the kernel crash during the Apple® Time Machine® backup process with HFS+ (Hierarchical File System) file system on attached USB storage by updating the
thfsplus
driver. [NDMS-118]
Revised the component selection algorithm on the Systems component options section of the Web Interface.
Freezing of multicast IPTV stream affected by IGMP Group-Specific Query message processing. [NDMS-84]
The reset of the Wi‑Fi FT (Fast Transition - 802.11r) master key during configuration changes.
Port forwarding rule to This Keenetic destination now works correctly. [NDMS-131]
The connection of Android devices to the PPTP server of KeeneticOS is now more stable. [NDMS-59]
Fixed DNS-over-HTTPS (DoH) operation for Internet connection policies members. [NDMS-48]
The USB Ethernet Adapters system component now supports Realtek 8152 -based adapters.
Applying
auto
static routes with explicit gateway addressing. [NDMS-122]
Wi‑Fi connection of Apple® devices, with mixed Network protection
WPA2-PSK + WPA3-PSK
and enabled FT (Fast Transition - 802.11r) roaming, introduced in iOS 13, is now working properly. [NDMS-32]
The ESP (Encapsulating Security Payload) protocol and EoIP (Ethernet over IP) over IPsec (Internet Protocol Security) VPN connections are now working properly with fragmented packets. [NDMS-109]