KeeneticOS 3.5
KeeneticOS 3.5.1
15/10/2020
New
Further modem support: The Huawei E392u-12 modem is now supported. [NDMS-1078]
Improved
Improved compatibility with the Huawei E3372h-320 modem having customized firmware version for A1 mobile operator in Belarus. [NDMS-1079]
KeeneticOS 3.5 Beta 7
4/10/2020
New
Further modem support: The Telit LN940 modem is now supported. [NDMS-985]
Tip
To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module.
Improved
Improved security: The OpenSSL library is updated to version 1.1.1h
Fixed
A new Firewall rule will now be, correctly, added to the top of the rules list in the web interface. [NDW-1413] [Forum topic]
The Connection names on the Internet safety page are now correctly displayed in the language configured for the web interface. [NDW-1397] [Forum topic]
KeeneticOS 3.5 Beta 6
29/09/2020
New
Further modem support: The high-speed LTE Сat12 HP lt4220 and Foxconn T77W676 modem modules are now supported. [NDMS-985]
Tip
To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module.
Improved
Improved compatibility: The Wingle Model W02 modem, having a customised software version for the ALTEL mobile operator, is now supported. [NDMS-859]
Fixed
The case when a remote VPN client connected to the IKEv2 server running on the Keenetic can't access the Internet is now fixed. [NDMS-1019]
KeeneticOS 3.5 Beta 4
13/09/2020
Improved
Improved modem support for the Alcatel IK40V with a firmware version 01008. [NDMS-946]
Fixed
The mobile network scanning procedure Scan the air for the Anydata W140 USB modem is fixed. [NDMS-920]
The non-applicable No IP address option is removed from the advanced settings of the VPN connections in the Other connections section of the Web Interface. [NDW-1351] [Forum topic]
The list of the available Connections for the Internet Safety - DNS Servers setting of the Web Interface is fixed : only
public
interfaces can be chosen. [NDW-1352] [Forum topic]
KeeneticOS 3.5 Beta 3
6/09/2020
Fixed
KeeneticOS 3.5 Beta 2
6/09/2020
New
Another modem supported: The LTE Cat4 ZTE MF79 USB-modem is now supported. You can use a USB-modem as your primary connection, to backup an existing link, or to balance traffic between multiple links. [NDMS-979]
Improved
The internal logic of the IGMP snooping component is improved for the scenario when several multicast clients are connected to the LAN port of the device via a single external Ethernet switch or several daisy-chained Ethernet switches. [NDMS-981]
Fixed
Fixed the handling of multiple subscriptions to a multicast group on different Ethernet ports of a device operating in Extender mode. Multicast groups are used to deliver IPTV services to the customer's equipment, such as set-top boxes or computers with corresponding software installed. [NDMS-1002]
KeeneticOS 3.5 Beta 1
27/08/2020
Fixed
The spontaneous shutdown of the File and printer sharing (TSMB CIFS) component, providing network access to connected USB devices, is fixed. [NDMS-788, NDMS-974] [Forum topic]
KeeneticOS 3.5 Beta 0
15/08/2020
New
Rules enrichment: A description field has been added to the firewall rules control. [NDMS-939, NDW-1302] [Forum topic]
Improved
Security enhancement: A new network protection mode WPA2 + WPA3 Enterprise is now available, delivering enhanced security. The WPA Enterprise modes are designed for use in distributed networks and require a RADIUS authentication server. [NDW-1299]
Finer control: The Ext filesystem support has been unbundled as a separate component. If you are not using Ext filesystem on your attached USB-disks, removing the component helps to save memory for other useful options and applications available in KeeneticOS. [NDMS-965]
Fixed
WPA + WPA2 Enterprise/WPA2 Enterprise/WPA2 + WPA3 Enterprise network protection modes are now working properly for hidden network names (SSIDs). [NDMS-929]
The OPKG (Open Package) configuration form has been fixed. [NDW-1294] [Forum topic]
KeeneticOS 3.5 Alpha 18
10/8/2020
Fixed
A memory leak issue in the
I/O
subsystem was fixed. [NDMS-952] [Forum topic]USB-modems with embedded SD-card slots are now correctly displayed on the System Dashboard. [NDW-1292] [Forum topic]
KeeneticOS 3.5 Alpha 17
8/8/2020
New
Download Station efficiency: The Transmission Torrent client of the Download Station application now utilizes NTFS (file system) sparse file support. Adding new torrent tasks, especially those requiring large file allocation, is now a faster and less CPU-consuming process. [NDMS-935]
Improved
Configuration enriched: The Port forwarding rule form now has dual TCP/UDP protocol options for your greater convenience in configuring access to the services on your local network from the Internet. [NDW-1241, NDMS-909]
Configuration enriched: 4G USB modems featuring the
UsbLte
type interface now have a Mobile network type selector among their configuration options. Such manual options are useful to prevent modem software from re-assessing and changing network type on their own over a prolonged period online. [NDW-1284]Interface update: The Download Station application now has version 1.6.0 of the Transmission WEB Control interface. [NDMS-949]
Fixed
Dashboard stability: A fix has been implemented for a bug which sometimes caused the System Dashboard view to crash when the Cloud-based remote control and KeenDNS system component was not installed. [NDW-1247] [Forum topic]
Cleaner logs: After an unsuccessful attempt to establish SSL session(s) during SSTP VPN connection initiation, the
do_page_fault() SIGSEGV
error was appearing in the system log file - the problem causing this error has been fixed. [NDMS-933] [Forum topic]
KeeneticOS 3.5 Alpha 16
1/8/2020
New
Efficiency gain: The NTFS filesystem component now has sparse file support. The advantage of sparse files is that storage is only allocated when actually needed, and the period required for initial allocation, and the first writing of data, is reduced. [TFS-20200729]
LTE modules / IoT: The Quectel EG12 and EM12 LTE Advanced category 12 modules are now supported. [NDMS-928]
Tip
To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module.
Please install the 3G/4G QMI USB modems system component in the Management > System Settings section before connecting the modem.
New in NetFlow: The NetFlow Monitor system component is now enabled to set the version of flow records sent towards flow collectors. Specifically, NetFlow versions 5, 9 and 10 (IPFIX) are supported. Configuration is available from the command line interface only. [NDMS-631]
ip flow-export version {version}
Improved
Major security upgrade: Access from the Internet to web applications running on a home network via your registered KeenDNS domain name has been given a substantial security upgrade. If your application runs the HTTPS protocol, you can now select this protocol type in the configuration settings. Most importantly, the Allow access from the Internet configuration option is now independent from any decision you might make to allow remote access to the Web Interface of your Keenetic itself, as configured at the Management > Users and access > Remote access page. [NDMS-927, NDMS-215, NDW-1242, NDW-1237]
ip http proxy {name} security-level (public | private)
ip http proxy {name} upstream (http | https) (‹mac› | ‹ip› | ‹fqdn›) [‹port›]
Better USB visibility: The Usb Devices table in the Applications section now shows the file systems of connected USB-drives. KeeneticOS supports the NTFS, FAT32, Ext, HFS+ and ExFAT file systems via the installation of the corresponding system component in the Management > System Settings section. [NDW-1233]
Better USB security: Some applications running on your Keenetic device, for example WebDAV server, use temporary folders on attached USB-disks to store partially downloaded files, etc. Now these system folders and files are hidden from the users accessing the same disks via SMB/CIFS file server shares on the local network. [NDMS-689]
Network rules note facility: In the Network Rules > Routing section there is now a way to describe the purpose of a particular static route entry. A Description field is added to the Static route parameters form and User-defined routes table. Further, for your greater convenience, you can sort the table by clicking any column header row, including Description. [NDMS-911, NDW-1231]
Security efficiency: The IPsec encryption algorithms AES-CTR, AES-CCM and AES-GCM are now partially hardware-accelerated on devices equipped with the AES Crypto Engine.
Fixed
Even better Help: Context help signs are now perfectly aligned across the web interface. Clicking the context help sign lists the relevant topics from the Keenetic online user manual. [NDW-1223] [Forum topic]
The Enable download sequential option of the Download Station application has been fixed. An issue occurred after upgrading Transmission Torrent client to version 3. [NDMS-875] [Forum topic]
KeeneticOS 3.5 Alpha 15
25/7/2020
New
Better IPSec security: The IPsec VPN system component now has the latest and greatest security options for making your IPsec VPN tunelling as safe as possible. IPsec connections now support:
the AES-CTR encryption algorithm;
the AES-CCM, AES-GCM and CHACHA20-POLY1305 combined-mode/AEAD cipher algorithms;
new elliptic-curve Diffie–Hellman groups, including
ECP 192/256/384/521
andx25519/x448
.
[WEB-4059]
New, up-to-the-minute, security: The IKEv2 VPN server application is now live. IKEv2 stands for Internet Key Exchange, version 2 (this VPN protocol is also referred to as IKEv2/IPsec, but as IKEv2 is never implemented without the IPsec encryption layer, it is generally shortened to just IKEv2). IKEv2 is one of the newest security protocols, with high speed, and with VPN clients available for all desktop and mobile platforms. [NDW-1208]
Improved
Traffic shaping improvements: When a traffic shaping rule is applied to a host in your network, or a network segment, it is now live almost instantly. Remember that the maximum Internet access speed can be shaped independently in each of the upload and download directions. [NDMS-898]
Remote web application access: KeenDNS allows you to enable access from the Internet to web applications running on your network. If your web application runs on HTTPS protocol, the new
https
option will help to set it up. [NDMS-215]ip http proxy {name} upstream (http | https) ({mac} | {ip} | {fqdn}) [{port}]
Download Station update: The Transmission Torrent client of the Download Station system application is updated to version 3.00. [NDM-875]
Fixed
An IPsec performance degradation issue introduced with the addition of ESP ALG was fixed. [NDMS-897]
KeeneticOS 3.5 Alpha 14
18/7/2020
New
Enriched KeenDNS service: An advanced configuration option is now available for users of the KeenDNS web applications feature — the real IP address of a remote client can be presented to the web application, instead of the Keenetic router's IP address.
ip http proxy {name} x-real-ip
Improved
Richer modem support: Compatibility with the latest USB modems has been improved by adding support for the
NTB-32
data transfer mode. [NDMS-704]
Fixed
Initial setup wizard could not start after restoring factory settings on device. [NDW-1198]
Device list cleaning: Occasionally, registered hosts appeared twice on the Registered devices list - this has now been fixed. [NDMS-884]
Better traffic counting: Part of the traffic was sometimes counted incorrectly in the Host Traffic Monitor as coming from unregistered hosts. The Host Traffic Monitor is a useful tool, valued by both consumer and small business users, that tracks Internet traffic consumption by devices in your home or office. [NDMS-738, NDMS-737]
Connectivity: A few Wi‑Fi clients had trouble connecting to a Keenetic Wi‑Fi network configured in WPA2-PSK + WPA3-PSK mixed mode. [NDMS-858]
More powerful remote activation: Sending a Wake-on-LAN magic packet from a remote location over the Internet to turn on a device in the local network did not work for network segments with Connection policy for unregistered devices set to No Internet access - this is now resolved. [NDMS-844]
Tidier readout: USB storage capable devices no longer show “not found: show/media” errors when the USB storage support system component is removed. [NDW-1194]
KeeneticOS 3.5 Alpha 13
11/7/2020
New
Performance improvement: Active queue management is now enabled in the traffic control module, to combat bufferbloat and reduce network latency. [NDMS-707]
New modems: Huawei E3372h-320 and AnyData W150 are added to the list of supported USB-modems.
Interface extension: It is now possible to integrate the Web Interface of your Keenetic into an interface of another system (for example a smart home automation system) using the
iFrame
option. For security reasons this option is disabled by default. Use the following CLI command to enable it. AniFrame
is an inline frame used inside a webpage to load another HTML document inside it.ip http x-frame-options {x-frame-options}
Improved
exFAT file system support backported from Linux Kernel 5.8.
The WireGuard® VPN system component is updated to version 1.0.20200623. WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
The new firmware signing certificate is deployed to the cloud infrastructure. Previously saved firmware files can be uploaded using the TFTP recovery mode only. [NDMS-828]
Fixed
Acquisition of a Keenetic in extender mode into an existing Wi‑Fi system now works without errors. [NDMS-857]
KeeneticOS 3.5 Alpha 12
4/7/2020
New
The single-band Wi‑Fi Keenetic models can now acquire dual-band Wi‑Fi extenders to Wi‑Fi system and deploy 2.4 GHz back-haul connections between Wi‑Fi System nodes. [NDMS-819]
Fixed
The incorrect Wi‑Fi LED indication of hardware-accelerated network traffic is fixed. Now the Wi‑Fi LED indicator blinks as intended.
The stability of the File and printer sharing (TSMB CIFS) component has been improved. The fix includes elimination of a Windows network access problem and a risk of system restart under certain conditions. [NDMS-720] [Forum topic]
Anonymous Windows share access from select LinuxOS distributions via the File and printer sharing (TSMB CIFS) component has been improved. Now, entering a username in the network path with anonymous access is not required. [NDMS-825]
The wrong selection of Web Interface languages is fixed. Up to three languages can be installed at the same time. [NDW-1147] [Forum topic]
KeeneticOS 3.5 Alpha 11
27/6/2020
Improved
The Ethernet MAC table reading operation is optimized. The Device lists page loads much faster if you have many devices connected to your network. [NDMS-488]
The procedures of KeenDNS service SSL-certificate revocation and renewal are improved. [NDMS-49]
In case of Wireless ACL using Blacklist access control mode, newly registered devices will no longer be automatically added to the blacklist. [NDW-1108]
For the purpose of Keenetic firmware image size optimization, the maximum number of installed languages in the system is limited to three. [NDW-1127]
KeeneticOS 3.5 Alpha 10
20/6/2020
New
The new active queue management algorithm based on the CAKE (Common Applications Kept Enhanced) packet scheduler is implemented. CAKE is enabled for DSL and LTE connections by default. Otherwise the FQ-CoDel (Flow Queue-Controlled Delay) packet scheduler is in use. [NDMS-799]
Note
CAKE is a comprehensive queue management system — implemented as a queue discipline for the Linux kernel uses COBALT (AQM algorithm combining Codel and BLUE) and a variant of DRR++ for flow isolation.
The new QoS (Quality of Service) mechanism based on service class packet flows is implemented. QoS allows provision of different priorities to different applications, devices, or data flows, to guarantee a certain level of performance. [NDMS-722]
The CLI command to assign service class(es) to registered devices is implemented according to a new QoS mechanism. Traffic from devices with service class 1 are processed with the highest priority. If a service class is not set (by default), the traffic is processed with priority between class 5 and class 6. [NDMS-771]:
ip hotspot host {mac} service-class {1-6}
Fixed
The M9702 media player (Oppo UDP-203 clone) can now access USB drives attached to a Keenetic via the CIFS/SMB protocol without an issue. The
lsa_QueryInfoPolicy
response is fixed. [NDMS-767]
KeeneticOS 3.5 Alpha 9
15/6/2020
New
The exFAT file system is now supported. This file system was introduced by Microsoft and optimized for large volume USB flash drives. [NDMS-701]
Further modem support: The high-speed LTE Cat6 Sierra EM7455 modem is now supported. [NDMS-805]
Tip
To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module.
Fixed
Minor formatting issues across the Web Interface are fixed. [NDW-1101, NDW-1094, NDW-1058]
KeeneticOS 3.5 Alpha 8
11/6/2020
Fixed
The situation when a Wi‑Fi Extender can't establish a back-haul connection to the Wi‑Fi Controller is fixed. [NDMS-804] [Forum topic]
KeeneticOS 3.5 Alpha 7
10/6/2020
New
The new IKEv1 IPsec VPN connection client is now available. Go to the VPN connections section of the Other connections menu to configure it. [NDW-1025]
Improved
STP (Spanning Tree Protocol) is now disabled on the Wi‑Fi System controller if there are no systems members acquired. [NDMS-693]
Fixed
Wireless ISP (WISP) connection now works properly when Backhaul connection of Wi-FI System is in use. [NDMS-615] [Forum topic]
The client's VPN connections list of the VPN server connection statistics page in the multiple sign-in mode is fixed. Now all active VPN connections are visible. [NDW-1060]
The WebDAV server status description is now correct while the Ignore access control option is enabled. [NDW-1004] [Forum topic]
The lost tool-tip over registered devices Online, Offline, Blocked is returned to its previous place on the Device lists page. [NDW-1056] [Forum topic]
The incorrect code-style tool-tip of the WireGuard connection is fixed. Now it shows the correct status of the connection. [NDW-1055] [Forum topic]
The Domain name page formatting and help sign position are fixed. [NDW-1057] [Forum topic]
The style of the text is slightly changed to fill the available width value of the select box in Web Interface. [NDW-1053] [Forum topic]
The RTP port range option formatting is fixed under the Phone lines menu. [NDW-1052] [Forum topic]
KeeneticOS 3.5 Alpha 6
5/6/2020
New
Further modem support: The 3G modem Huawei E3131 is now supported. [NDMS-775]
The list of languages of the Web Interface is added to the system components. It is now possible to install only necessary languages and remove any unnecessary, to save flash memory for other applications. [NDW-1046]
Improved
The colon symbol
:
in HTTP Cookie headers is now supported. It allows the support of non-RFC based Web interfaces of network devices which are available via the Port forwarding setting. [NDMS-779]The new logic of the Application-layer gateway (ALG) for SIP protocol component with
Media Description > Media Type: Application
is added. [NDMS-680]
Fixed
The description of WebDAV server password status has been rewritten if the setting Ignore access control is active. [NDW-1004]
The incorrect empty list of Extenders in Wi‑Fi System is fixed. It occurred if one of Extenders was in offline mode. [NDW-1044] [Forum topic]
KeeneticOS 3.5 Alpha 5
2/6/2020
Fixed
The evaluation of nesting of bridged interfaces is corrected. Currently, the configuration order of
interface bridge[x]
interfaces is processed rightly. [NDMS-765] [Forum topic]
KeeneticOS 3.5 Alpha 4
30/5/2020
New
The Inbound management access control setting in the Web Interface of the Wi‑Fi system controller will apply to all Wi‑Fi system extenders. [NDW-1006]
Improved
Initialization of attached USB storage is improved to prevent errors on certain volumes. [NDMS-750]
Fixed
The QMI interface for 4G/3G USB modems system component now works properly with certain operator branded Huawei E392 modems. [NDMS-758]
An error in the Wi‑Fi Protected Setup (WPS) pairing process with WPA2-PSK + WPA3-PSK security enabled is fixed. [NDMS-747]
The internet access Schedule for the host can now be edited even when it is blocked manually in the Web Interface. [NDMS-753]
Tooltip formatting for a list of VPN connections in Other connections section is fixed. [NDW-1019] [Forum topic]
The
undefined
status of Extender connection in the Wi‑Fi system view is fixed. [NDW-1015] [Forum topic]The Speed limit setting and Asymmetric checkbox for unregistered devices are now saved correctly. [NDW-1020]
Wrong DHCP pool calculation and assignment of the DHCP server for newly created segments is fixed. [NDW-1017]
The use NAT setting for Segment page is now saved properly. [NDW-1018]
KeeneticOS 3.5 Alpha 3
27/5/2020
Fixed
Incorrect free storage space calculation in the Media Server application is fixed. [NDMS-684]
Incorrect display of 4G/3G signal quality information for the LTE Cat4 Huawei H3372 modem in HiLink mode is fixed. [NDMS-739]
The appearance of IPsec traffic in the Host traffic monitor as traffic from unregistered devices is fixed. [NDMS-737]
The error preventing Phone Station from reading the serial number of a Keenetic Plus DECT device correctly is fixed. [NDMS-745] [Forum topic]
Dragging and dropping connections in the Internet connection policies now works as expected. [NDW-758] [Forum topic]
Ports and VLANs settings are now properly locked on extenders acquired to Wi‑Fi system. [NDW-989] [Forum topic]
Highlighting of selected time zone is fixed. [#3644] [Forum topic]
KeeneticOS 3.5 Alpha 2
22/5/2020
Improved
The Remote web interface connections setting from the Users and access management section is now propagated from the Wi‑Fi system controller to all extenders for better remote management control. [NDMS-727]
The Cloudflare DNS internet filtering service is added to the Web Interface. The user can select Service > Cloudflare DNS protection policy on the Internet safety page for each registered host, and Default policy for unregistered hosts. [NDW-971]
Fixed
A connectivity issue with Keenetic mobile application (iOS and Android) is fixed. [NDMS-735] [Forum topic]
Incorrect behaviour of the Cancel button on the Device list page is fixed. [NDW-964] [Forum topic]
An empty System dashboard page on acquired extenders of a Mesh Wi‑Fi System is fixed. [NDW-977]
Mounting of disk partitions with UTF-8 encoding in the label is fixed. [NDMS-729]
KeeneticOS 3.5 Alpha 1
19/5/2020
New
The new IPsec IKEv2 VPN client is now available as a system component in the Network functions category of KeeneticOS. This type of VPN is very popular among VPN service providers like NordVPN, SecureVPN and others. [NDMS-625, NDW-949] [Forum topic]
The new IPsec IKEv2 Virtual-IP VPN server, using a Let's Encrypt® certificate, is now available. [NDMS-703]
Note
The IPsec IKEv2 Virtual-IP VPN server allows authorized users to connect to your home network resources over the Internet, using a secure and robust tunneling protocol.
The IKEv2 client is available out-of-the-box in modern releases of Windows, MacOS and iOS operating systems, and most Linux distributions.
crypto virtual-ip-server-ikev2
The new Application-layer gateway (ALG) for ESP system component is added. This component provides customized NAT traversal filters to support address translation for the ESP protocol. It's a kind of IPsec pass-through feature, which helps to pass ESP packets of IPsec connection through the Keenetic router. [NDMS-683]
ip esp alg enable
The new WPA3-PSK Fast Transition (FT-SAE) mode is implemented. [NDMS-670, NDW-929]
Note
WPA3-PSK is a new and much stronger standard of Wi‑Fi security. SAE is Simultaneous Authentication of Equals, a password-based authentication and key establishment protocol initially introduced in IEEE 802.11s for mesh networks. Fast Transition is a standard for Wi‑Fi roaming between Wi‑Fi System nodes.
The independent Pairwise Master Key (PMK) cache storage for Fast Transition and WPA3 is implemented.
Support for Cloudflare DNS content filtering service is implemented in the Command Line Interface (CLI). There are three levels of protection:
standard
,malware
,family
. [NDMS-617] [Forum topic]cloudflare-dns check-availability
cloudflare-dns assign {mac} (standard | malware | family)
cloudflare-dns enable
show cloudflare-dns availability
show cloudflare-dns profiles
The randomized HTTP session cookie name is implemented. It enhances concurrent access to the Web Interface of customer network devices via port Forwarding. [NDMS-596]
Quectel EP06 series LTE Cat6 QMI-type modem module is now supported. [NDMS-718]
Improved
Connection statistics for the IPsec Virtual-IP VPN server are implemented, with traffic and time accounting for each incoming VPN connection. [NDMS-685]
SSTP VPN server compatibility with AnyVPN SSTP Connector application is improved. [NDMS-697]
The Private Cloud tile of the Web Interface now aggregates the status of three independent services — WebDAV server, SFTP server and FTP server. [NDW-827]
Fixed
Pairwise Master Key PMK-R1 key storage overflow is fixed.
The placement of the Delete schedule button is changed to provide better formatting. [NDW-963] [Forum topic]
The incorrect IP subnet validation in the IP setting of the network segment is fixed in the Web Interface. [NDW-943]