KeeneticOS 4.2
KeeneticOS 4.2.1
04/10/2024
New
The Wi-Fi System Controller is now able to manage the KeeneticOS update channel on the Wi-Fi System Extenders. [NDM-3419]
mws member {member} update channel {channel}
— set KeeneticOS{channel}
on an extender{member}
Fixed
Fixed issue with saving of Wireguard®
connect via
setting. [NDM-3467]Fixed an issue where open Wi-Fi network settings were corrupted after restarting the device. [NDM-3485]
The following fixes have been applied to the next-generation Web interface.
Fixed the status of the Use Syslog checkbox on the Diagnostics page. [NWI-3689]
Removed overscrolling in the Transition log tab on the Mesh Wi-Fi System page. [NWI-3694]
Fixed Allow WPS option to be stored in the Wi-Fi System Extender settings. [NWI-3697]
Fixed autocomplete in the command line interface of the Web CLI page. [NWI-3715]
Fixed flashing of the segment description. [NWI-3716]
Fixed the display of the disabled Wi-Fi interface warning on the Wi-Fi Monitor page. [NWI-3717]
Fixed the display of the Wi-Fi Channel width in Wi-Fi settings. [NWI-3730]
Fixed layout issues on wide screens. [NWI-3731]
Fixed an issue where the Mesh Wi-Fi System would not work correctly with extenders using KeeneticOS version
3.7
. [NDM-3491]Fixed an issue with the
community
filtering for SNMPv1 protocol. [SYS-1203]
KeeneticOS 4.2 Beta 4
18/09/2024
New
The new public DNS resolver presets from ControlD are now accessible on the Internet Safety page. [NDM-3452]
A standalone
Policy Table
mode has been implemented, which disables the automatic addition of static routes to the selected connection policy. [NDM-3445]ip policy {name} standalone
— enablestandalone
mode for connection policy{name}
.
WireGuard client connections now select a random listen port each time the tunnel reconnects. [NDM-3469]
Fixed
Fixed a memory leak in the VirtualIP IPSec VPN server application. [NDM-3460]
Fixed DNS leakage for custom Connection policies. [NDM-3468]
Fixed the employment of the SA AEAD mode cypher suite in Phase 2 for Site-to-Site IPsec VPN settings after device reboot. [NDM-3470]
The following fixes have been applied to the next-generation Web interface.
Fixed visual issues in the Transition Log tab on the Wi-Fi system page. [NWI-3658]
Locked toggles for Access Points on Extenders in the Mesh Wi-Fi system. [NWI-3634]
Fixed the colour contrast of system notifications. [NWI-3667]
Fixed horizontal scrolling of tables on mobile screens. [NWI-3683]
Fixed the link in the Current user has no password notification to open in the same tab. [NWI-3719]
Fixed the column titles of the UPnP Port Forwarding Table. [NWI-3688]
Fixed the drop-down lists overlapping with buttons. [NWI-3721]
Added custom port selection to the Proxy server address for Proxy connections. [NWI-3713]
KeeneticOS 4.2 Beta 3
04/09/2024
New
Added a CLI command to unbind the DDNS service requests from the specified interface. [NDM-3420]
interface {name} dyndns nobind
— disable DynDNS bind on interface{name}
.
Implemented a CLI command to enable the sending of the
client ID
for the WireGuard connection peer. [NDM-3427]interface {name} wireguard peer {peer} client-id send {value}
— setclient-id
as a decimal{value}
of the required hexadecimal ID for Wireguard{peer}
.
Added a CLI command to configure the
authgroup
value for the OpenConnect connection to ensure third-party compatibility. [NDM-3430]interface {name} openconnect authgroup {authgroup}
— set the{authgroup}
value to use with OpenConnect interface{name}
connection.
When accessing the Internet over the tunnel, clients of IKEv1/IPsec and IKEv2/IPsec VPN Server applications now follow the connection policy selected for the bound network segment. [NDM-3431]
Fixed
Restored the correct work of access to my.keenetic.net restriction from local network segments configured to prohibit services hosted on the Keenetic device. [NDM-3346]
Fixed the display of the Mesh Wi-Fi System clients shifting between bands in the Transition Log. [NDM-3412]
Fixed the application of the routes automatically received by the OpenVPN connection. [NDM-3415]
Fixed the socket leak in
nf_queue
. [NDM-3428]Fixed the underlying connection selection for the OpenConnect connections. [NDM-3434]
The following fixes have been applied to the next-generation Web interface.
Fixed the items displayed in the Destination IP column of the Active Connections tab in Diagnostics menu. [NWI-3633]
Fixed the IP address data display on the My networks and Wi-Fi card on the System Dashboard page for Extender devices. [NWI-3636]
Fixed the display of the Wireless ACL page for Extender devices. [NWI-3640]
Removed the unnecessary saving of the System Dashboard cards layout when the user logs in. [NWI-3635]
Fixed the Proxy server address validation for the Proxy Connections on the Other Connections page to permit the
127.0.0.1
host to serve as a proxy server. [NWI-3642]Fixed tabs display to fit the screen at lower resolutions better. [NWI-3393]
Fixed the menu scroll bar positioning on mobile screens. [NWI-3654]
Disabled the automatic capitalization property for user input fields. [NWI-3655]
An IP address display was added for OpenConnect VPN connections in a connected state. [NWI-3656]
Fixed the DNS servers link on the System Dashboard's Internet card. [NWI-3660]
Fixed the WireGuard connection configuration import to ignore the invalid
PersistentKeepalive
property. [NWI-3659]Fixed the Packet size setting for the Network Connection Test tools on the Diagnostics page. [NWI-3661]
Fixed the width of notification banners. [NWI-3662]
Fixed the System Component Options links from the Applications card on the System Dashboard. [NWI-3664]
Fixed the copy-to-clipboard control for the Public key in WireGuard connection settings. [NWI-3666]
Fixed the false positive No new routes found error when importing network routes from the file. [NWI-3670]
KeeneticOS 4.2 Beta 2
08/08/2024
Improved
Mesh Wi-Fi system controller now propagates segments without Wi-Fi access points to extenders. [NDM-3210]
Disabled DTLS (Datagram Transport Layer Security) support for the OpenConnect VPN server in KeenDNS cloud mode to improve compatibility with the VPN Client Pro application. [NDM-3394]
Enabled caching of the saved configuration to improve the Web interface response time and reduce CPU load. [NWI-3643]
Fixed
Fixed an issue where IPv6 static DNS configuration entries were cleared after the device started. [NDM-3390]
Resolved the issue causing unstable connectivity between local and remote networks in a multi-subnet configuration of a site-to-site IPsec VPN tunnel, secured in Phase 1 by IKEv1. [NDM-3381]
Fixed the display of the Transition Log for Mesh Wi-Fi system clients on mobile devices. [NWI-3579]
KeeneticOS 4.2 Beta 1
24/07/2024
Improved
Added client names for IPv6 connections on the Diagnostics > Active Connections page for the Next-generation web interface (beta). [NDM-3381]
Fixed
Fixed incorrect application of a DNS query filtering rule for IPv6 link-local addresses that occurred under certain conditions. [NDM-3379]
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed bugs on the Diagnostics page. [NWI-3523]
Removed the change schedule link from My networks and Wi-Fi card on Wi-Fi system extenders. [NWI-3556]
Fixed search results to take into account installed components. [NWI-3568]
Connection types have been added to the description for interfaces (PPPoE, L2TP, PPTP) that use the same underlying wire interface. [NWI-3581]
Fixed the unintentional disabling of the DHCP Relay when saving segment settings. [NWI-3583]
Fixed the duplication of the Applications header. [NWI-3599]
Fixed the display of the Transition log content on the Mesh Wi-Fi System page. [NWI-3604]
Fixed the display of the current operating mode and selected country on the General System Settings page. [NWI-3606]
Fixed saving of interface order in the default policy. [NWI-3607]
Fixed the settings dialogue for the registered device using UPnP service. [NWI-3624]
KeeneticOS 4.2 Beta 0
16/07/2024
New
We are introducing the next-generation Web interface as the standard UI for configuring and managing your Keenetic device. [NDM-3378]
Improved
Implemented dynamic table size adjustment with
nf_conntrack_max
value forsoftware ppe
(Packet Processing Engine) when the user changes maximum NAT sessions via command line interface (CLI). [NDM-3344]
Fixed
Fixed the PPTP VPN connection stalling on the backup connection after the primary connection is restored. [NDM-3376]
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed some minor issues with Application tiles. [NWI-3549] [Forum topic]
Fixed unwanted visual effects when clicking on a pie chart on the Traffic monitor card. [NWI-3562] [Forum topic]
KeeneticOS 4.2 Alpha 17
06/07/2024
Improved
The SNTP service compatibility enhancement adds support for
Reference Identifier
andReference Timestamp
values in SNTP responses based on RFC4330. [NDM-3368]
Fixed
A problem that caused the
OpenVPN: Connection reset, restarting
error message to appear in the System log has been fixed. [NDM-3355]Fixed behaviour of toggle elements in tables in the Next-generation web interface (beta) component. [NWI-3524] [Forum topic]
KeeneticOS 4.2 Alpha 16
29/06/2024
Fixed
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed issues with the built-in search. [NWI-3547] [Forum topic]
Fixed the knowledge base article links for certain pages. [NWI-3265] [Forum topic]
Fixed the missing tiles on the System dashboard page. [NWI-3514] [Forum topic]
Fixed the display of the File browser popup on mobile screens. [NWI-3534] [Forum topic]
Fixed issues with the Wi-Fi System extender settings popup. [NWI-3536] [Forum topic]
Fixed the labelling of uninstalled applications on the Applications page. [NWI-3537] [Forum topic]
KeeneticOS 4.2 Alpha 15
23/06/2024
Fixed
Fixed IPv6 ULA (Unique local address) prefix announcements with incorrect
A
bit. [NDM-3350] [Forum topic]The L2TP/IPsec VPN client now uses a random source port to avoid connection problems when multiple VPN L2TP/IPsec connections are established behind NAT on an upstream router. [NDM-3349]
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed bug with Subnet mask changing for IP-encapsulated tunnels. [NWI-3511] [Forum topic]
Fixed the
undefined
value for the Persistent keepalive parameter in the VPN WireGuard settings. [NWI-3518] [Forum topic]Fixed issue with saving the Access to Web Applications Running on Your Network settings on the Domain Name page. [NWI-3519] [Forum topic]
Fixed the client's Static IP field validation to exclude IP addresses occupied by Mesh Wi-Fi System extenders. [NWI-3520] [Forum topic]
Fixed the reset of the Speed limit setting for the Unregistered clients. [NWI-3521] [Forum topic]
Fixed the display of the Traffic monitor statistics for the selected client. [NWI-3522] [Forum topic]
Fixed the display of Show installed applications only button on mobile screens. [NWI-3535] [Forum topic]
KeeneticOS 4.2 Alpha 14
15/06/2024
Fixed
Fixed selection of the best node for wireless backhaul connection in the Mesh Wi-Fi System. [SYS-1161]
KeeneticOS 4.2 Alpha 13
08/06/2024
Fixed
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed incorrect PSK key validation for the site-to-site IPsec VPN connections. The PSK key can be up to
96
characters in length. [NWI-3504]Fixed the refresh of USB drives and printers tile after moving. [NWI-3476] [Forum topic]
Fixed saving the configuration in the Network Ports section of the System settings page. [NWI-3488] [Forum topic]
Fixed the display of the Internet safety field on the Internet tile. [NWI-3467] [Forum topic]
KeeneticOS 4.2 Alpha 12
01/06/2024
New
You can now assign Network ports on Extender devices to any configured network segment using the Command Line Interface (CLI). Alternatively, you may wish to disable the Network ports for security reasons. [NDM-3162]
mws member {member} port {port} [no] access {interface}
— assign{port}
on a{member}
node to access an{interface}
segment;mws member {member} port {port} [no] disable
— disable{port}
on a{member}
node.
Enhanced software packet processing engine to enable acceleration for traffic with a manually set TTL value. [SYS-1157] [Forum topic]
Fixed
Fixed IPv6 traffic accounting with the hardware packet processing engine disabled. [NDM-3234]
Fixed remote access over an IKEv2/IPsec VPN connection to a local network host for which a SNAT mapping rule is configured. [NDM-3310]
An issue that caused the error message
failed to lookup service for segment "WifiMaster1"
on Extender devices to appear in the System log has been fixed. [NDM-3325]The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed the colour of the selected application tile using the Dark theme. [NWI-3452] [Forum topic]
Fixed an error in the Roaming for Wireless Clients settings under certain conditions. [NWI-3462] [Forum topic]
Fixed issue where network segment would disappear after system restart, caused by enabling the Captive portal. [NWI-3479] [Forum topic]
KeeneticOS 4.2 Alpha 11
25/05/2024
New
The new IntelliQoS option allows 802.1p priority code point (PCP) mapping for egress packets in the command line interface (CLI). [NDM-3318] [Forum topic]
interface {name} vlan qos egress map {priority} {pcp}
{priority}
— NTCE priority queue number. Use0
to assign the same PCP value to any outgoing packet on the interface;{pcp}
— set the new value of the 802.1p priority code point.
The implementation of a ZeroTier connection now includes accepting managed routes and DNS servers published on the ZeroTier network controller. [NDM-3319] [Forum topic]
Improved
The OpenSSL library has been moved to a different branch with the latest version
3.0.13
. [SYS-1152]Improved robustness of the DNS over TLS and DNS over HTTPS server cache. [NDM-3320] [Forum topic]
The behaviour of toggles in tables has been improved in the Next-generation web interface (beta) component. [NWI-3465] [Forum topic]
Fixed
Fixed an issue where static DNS settings were cleared when the device was restarted. [NDM-3303]
Fixed the DynDNS domain name validation; now it's possible to use only one domain. [NDM-3309] [Forum topic]
Fixed incorrect behaviour of Hardware Network Accelerator toggle due to incorrect web-api settings format. [NDM-3311] [Forum topic]
KeeneticOS 4.2 Alpha 10
17/05/2024
New
The new OpenConnect VPN server application tile is now available in the Next-generation web interface (beta) component on the Applications page. [NWI-3407]
Improved
The clients of the VPN Server (PPTP, SSTP and OpenConnect) now access the Internet following the Connection Policy of the local network to which the server is bound. [NDM-3295]
Fixed
Fixed Connection Policies work with IPv6 protocol under certain conditions. [NDM-3289]
Enabled the SNMP reports by OID
ifAdminStatus
to monitor the operational state of device ports via third-party software. [NDM-3296]Fixed a problem where certain settings were disabled due to incorrect inversion of boolean variables. [NDM-3297] [Forum topic]
The problem of returning
null
for undefined boolean settings in the KeeneticOS core API has been fixed. [NDM-3298] [Forum topic]Fixed the continued reconnections of OpenVPN with more than one active client or server. [NDM-3301]
The following fixes have been applied to the Next-generation web interface (beta) component.
Server address input validation for the OpenConnect VPN client fixed. [NWI-3463] [Forum topic]
Fixed the display of the backup gateway address for site-to-site IPsec VPN connections. [NWI-3464] [Forum topic]
Fixed the display of using IPv4 over IPv6 connections. [NWI-3472]
KeeneticOS 4.2 Alpha 9
09/05/2024
Fixed
Fixed a problem that could cause the password argument to be parsed incorrectly during configuration. [NDM-3293] [Forum topic]
KeeneticOS 4.2 Alpha 8
09/05/2024
New
The new options have been implemented in the Next-generation web interface (beta) component.
Added a new Segment default policy to the Policy Bindings tab for the clients. [NWI-3415]
Improved
The implementation of IKEv1/IKEv2 IPsec VPN servers now allows to avoid IP address conflicts with other interfaces. [NDM-3250]
Implemented support for direct access mode to KeenDNS domain from browsers with
TLS 1.3 hybridized Kyber
enabled. [NDM-3284] [Forum topic]
Fixed
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed password reset on change of user account settings. [NWI-3438] [Forum topic]
Fixed sorting in the Mesh Wi-Fi System table. [NWI-3473] [Forum topic]
Removed the USB Devices section on the Applications page for models without USB ports. [NWI-3436] [Forum topic]
Fixed the colour of the Status LED symbol on the Web Interface Login page. [NWI-3435] [Forum topic]
KeeneticOS 4.2 Alpha 7
28/04/2024
Fixed
An issue that caused the
system failed [0xcffd0042]
error message to appear in the System log during client auto-registration has been fixed. [NDM-3275] [Forum topic]An issue that caused the
duplicate key
error message to appear in the System log when opening the IntelliQoS page has been fixed. [NDM-3276] [Forum topic]
KeeneticOS 4.2 Alpha 6
27/04/2024
New
The new options have been implemented in the Next-generation web interface (beta) component.
Added support for the OpenConnect protocol to the Other Connections page. [NWI-3406]
Improved
Improved host detection using
EchoReq
in theICMPv6
protocol to ensure correct operation of port forwarding rules for the IPv6 protocol. [NDM-3265] [Forum topic]The Phase 2 of the site-to-site IPsec tunnel now supports the SHA512 HMAC algorithm. [NDM-3269]
crypto ipsec transform-set {name} hmac esp-sha512-hmac
— enableesp-sha512-hmac
algorithm for transform-set{name}
Added MAC address and registration time information to the name of devices registered automatically. This will help you easily identify and keep track of the devices on your network. [NDM-3253]
Fixed
Fixed the forwarding of the source IP address in the
X-Real-IP
header when accessing web applications via KeenDNS. [NDM-2214]Fixed random disconnection of IKEv2 tunnels to the Keenetic IKEv2/IPsec VPN server. [NDM-3059]
The Application traffic analyser engine now operates more efficiently with the IPv6 protocol under high network load. [NDM-3235]
Fixed problem with converting Band Steering settings after updating to KeeneticOS
4.1.x
version. [NDM-3241]Fixed hostname resolution for Ping Check in TCP/TLS port check mode when using secure DNS for domain name resolution. [NDM-3273] [Forum topic]
Fixed access to the KeenDNS Web Applications configured with prohibited remote access (
security-level private
) from the home network. [NDM-3264] [Forum topic]The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed the indents on the Client Lists settings popup. [NWI-3403] [Forum topic]
Fixed group operations on the Connection Policies page. [NWI-3404] [Forum topic]
Fixed the rule selection on the Firewall page. [NWI-3419] [Forum topic]
Fixed Internet connection toggles on the System Dashboard page. [NWI-3417] [Forum topic]
Fixed the blocked Add Server button when adding more than eight servers to the System DNS resolution profile. [NWI-3418] [Forum topic]
KeeneticOS 4.2 Alpha 5
20/04/2024
New
The
camouflage
mode option has been added to both SSTP VPN and OpenConnect VPN servers and clients, providing greater security against remote service scanning. [NDM-3257] [Forum topic]oc-server camouflage
— enablecamouflage
option for the OpenConnect VPN serversstp-server camouflage
— enablecamouflage
option for the SSTP VPN server
The Next-generation web interface (beta) component now supports Extender mode operation. [NWI-1861]
Fixed
Fixed spurious EoIP/IPsec connection attempts after device restart. [NDM-2518]
Incomplete application of static IPv6 routes when re-establishing an associated VPN connection after a reboot fixed. [NDM-3248] [Forum topic]
Fixed issue with absent route to remote Wireguard endpoint after device restart. [NDM-3223]
The problem that causes the error message
PingCheck::Resolve: "default": system failed [0xcffd003c], upstream is very slow to respond
in the System log has been fixed. [NDM-3244]UPnP service rules are now correctly applied to clients accessing the Internet using the Connection policy with active multipath mode. [NDM-3251]
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed the
statusLed
icon on the Web Interface Login page. [NWI-3363] [Forum topic]Fixed the height of the Search query input field. [NWI-3328] [Forum topic]
KeeneticOS 4.2 Alpha 4
13/04/2024
Improved
DNS over HTTPS (DoH) now supports secure name resolution over the HTTP/3 protocol. [NDM-3229] [Forum topic]
Implemented an
aggressive
mode option for the IKEv1 client in the command line interface (CLI) for compatibility with VPN (IPsec) servers running on Fritz!Box routers. [NDM-3227]interface {name} ipsec aggressive
— set theaggressive
Phase 1 mode for VPN connection{name}
Fixed
Fixed DNS query interception in the additional network segments. [NDM-3228] [Forum topic]
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed several issues with the System Dashboard page. [NWI-3323] [Forum topic]
KeeneticOS system component names are now displayed in English if the translation is not available. [NWI-3364] [Forum topic]
The IPv6 settings section now only appears in connection configurations when the IPv6 system component is installed. [NWI-3384] [Forum topic]
Fixed the display of shadows in the Dark theme. [NWI-3389] [Forum topic]
Fixed the display of the Save and Cancel buttons when changing Wi-Fi settings in the My Networks and Wi-Fi menu. [NWI-3392] [Forum topic]
The content of the More Information block on the Clients Lists page has been corrected. [NWI-3402] [Forum topic]
Fixed the Connection policy dropdown display on the Clients Lists page in mobile view. [NWI-3373] [Forum topic]
KeeneticOS 4.2 Alpha 3
06/04/2024
New
The new OpenConnect VPN client system component is now available, allowing you to establish a secure connection to a remote server via the command line interface (CLI). [NDM-3207]
Improved
Implemented a workaround to prevent certain Realtek Wi-Fi drivers from crashing on Windows OS when passing non-PMF authentication on a PMF-enabled access point. [SYS-1131]
Fixed
Fixed priority of user-defined
ip static
rules over automatic UPnP port forwarding rules to a host. [NDM-3078]Fixed home network access for L2TP/IPsec VPN server clients when
ip static
rules are configured on WAN IP aliases. [NDM-3110]Fixed binding to the WAN address and inbound access to the service port for the ZeroTier client connection. [NDM-3216] [Forum topic]
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed the display of the Network ports card in the Firefox browser. [NWI-3357] [Forum topic]
Fixed the display of the Network SSID tooltips on the Wi-Fi Monitor page. [NWI-3379] [Forum topic]
KeeneticOS 4.2 Alpha 2
30/03/2024
New
A new CLI
grep
extension is now available to filter the output of theshow
command. [NDM-3075]grep [-A <n>] [-B <n>] [-C <n>] regex
— trim theshow
command output using theregex
regular expression.-A
— number of XML nodes to show after match.-B
— number of XML nodes to show before match.-C
— displayed XML cluster depth.
For example:
(config)>
show interface | grep address
Interface, name = "Home" address: 192.168.2.1 ipv6: Interface, name = "Guest" address: 10.1.30.1 ipv6: (config)>show system | grep cpuload
cpuload: 5
Improved
A new read/send timeout option allows the session lifetime for Web applications of the KeenDNS proxy service to be set via the command line interface (CLI). [NDM-3157]
ip http proxy {name} timeout {timeout}
— set{timeout}
for KeenDNS{name}
proxy.
The WireGuard advanced security configuration (ASC) parameters are now available in the command line interface (CLI). [NDM-3202]
interface {name} wireguard asc {jc} {jmin} {jmax} {s1} {s2} {h1} {h2} {h3} {h4}
— set additional ASC parameters for WireGuard{name}
tunnel.
Fixed
Fixed iOS L2TP/IPsec client disconnecting under heavy load. [NDM-3180]
The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed display of the Wireless ISP (WISP) connection details on the System Dashboard page under certain conditions. [NWI-3339] [Forum topic]
Fixed display of notifications in the Dark theme. [NWI-3358] [Forum topic]
Fixed HTML code appearing as text in certain headers. [NWI-3359] [Forum topic]
Fixed errors occurring when the Cloud-based content filtering and ad blocking component is uninstalled. [NWI-3360] [Forum topic]
Added missing translations for some UI elements. [NWI-3361] [Forum topic]
KeeneticOS 4.2 Alpha 1
22/03/2024
New
A new segment default policy for hosts has been implemented and is now enabled by default. Registered devices with this connection policy assigned will follow the default connection policy of the network segment they are connecting to. [NDM-2237]
ip hotspot host {MAC} conform
— set host with specified{MAC}
to follow the current segment's connection policy.
The new application filtering option is now available in the Application traffic analyser service via command line interface (CLI). This option allows to create a filtering profile, add required applications, assign a host or segment to the filtering profile and enable the operation schedule. [NDM-3069]
ntce filter profile {name} application {application}
— add an application to the profile.ntce filter profile {name} group {group}
— add an application group to the profile.ntce filter profile {name} type {type}
— set the profile type, which can bepermit
ordeny
.ntce filter profile {name} description {description}
— set the profile description.ntce filter profile {name} schedule {schedule}
— set the profile schedule.ntce filter assign host {host} {profile}
— assign a profile to a registered host (MAC address).ntce filter assign interface {interface} {profile}
— assign a profile to an interface.
The new option to automatically register hosts in the Home segment is now available (enabled by default). You can disable this behaviour using the command line interface (CLI). [NDM-3101]
ip hotspot auto-register disable
— disable automatic host registration for the Home segment.
The new OpenConnect VPN server system component is now available, providing a remote SSL VPN connection to your Keenetic. [NDM-3141]
oc-server interface {interface}
— bind OpenConnect server to an interface.oc-server pool-range {begin} {size}
— set OpenConnect address pool.oc-server static-ip {name} {address}
— set static IP address for a user.oc-server mtu {mtu}
— set OpenConnect server MTU.oc-server multi-login
— enable multiple connections with the same user account.ip nat oc
— enable NAT for OpenConnect clients.service oc-server
— enable OpenConnect service.
Improved
Disabling Port Forwarding (
ip static
) rules now forces matching active sessions to be dropped. [NDM-3067]Implemented new options to preserve Referer and Origin headers for Web applications of the KeenDNS proxy service in the command line interface (CLI). [NDM-3089] [Forum topic]
ip http proxy {name} preserve-referer
— preserve Referer header for{name}
of the web proxy rule.ip http proxy {name} preserve-origin
— preserve Origin header for{name}
of the web proxy rule.
A NetFlow monitor system component can now collect IPv6 traffic information and monitor network flows. [NDM-3109]
The
MOBIKE
extension (RFC 4555) has been enabled for both the IKEv2/IPsec VPN Server and the IKEv2 client. [NDM-3164]The improvements have been applied to the Next-generation web interface (beta) component.
Updated Applications card on the System Dashboard page. [NWI-3188] [Forum topic]
Added links to non-mesh extenders on the Client Lists page. [NWI-3189] [Forum topic]
Added a warning about possible connection loss when changing Wi-Fi settings. [NWI-3249] [Forum topic]
Removed the information via which node a client device is connected to when the Wi-Fi System controller component is not installed. [NWI-3334] [Forum topic]
The System Dashboard page now has an Active connections statistics string in the About the System card. [NWI-3326] [Forum topic]
Fixed
The CloudFlare content filter has been corrected to work properly on networks that do not support IPv6. [NDM-3163]
Fixed port forwarding issues after Hotspot (
ip hostspot
) code refactoring. [NDM-3127, NDM-3171] [Forum topic]The following fixes have been applied to the Next-generation web interface (beta) component.
Fixed column filters on the Mesh Wi-Fi System > Transition Log page. [NWI-3212] [Forum topic]
Fixed Subnet validation for the Source IP field in the Firewall rule editor. [NWI-3213] [Forum topic]
Fixed display of wired connections in the Mesh Wi-Fi System table when an Extender is connected via another Extender. [NWI-3214] [Forum topic]
Fixed alignment of input field names. [NWI-3239] [Forum topic]
Fixed header alignment on the login page for mobile devices. [NWI-3240] [Forum topic]
Fixed visibility of the Save and Cancel buttons on the System Component Options page. [NWI-3191] [Forum topic]
Fixed display of ACL (access list) rules and UI elements on the Firewall page. [NWI-3153] [Forum topic]
Fixed minor issues on the Application traffic analyser page. [NWI-3163] [Forum topic]
Removed the unnecessary horizontal scrolling from the Network Ports block in the General System Settings for mobile devices. [NWI-3169] [Forum topic]
Fixed display of the Change Operating Mode block in the Dark theme. [NWI-3170] [Forum topic]
Removed text truncation in pop-up dialogues on mobile devices. [NWI-3181] [Forum topic]
Fixed Scan the air dialog on the Mobile page. [NWI-3193] [Forum topic]
Fixed style of select boxes on mobile devices. [NWI-3192] [Forum topic]
Fixed Firewall Rule editor formatting. [NWI-3190] [Forum topic]
Fixed display of a larger list of knowledge base articles in the Related Articles popup. [NWI-3250] [Forum topic]
Fixed display of the chart on the Traffic Monitor page. [NWI-3254] [Forum topic]
Fixed saving of the Data compression (CCP) checkbox value when configuring a PPTP connection. [NWI-3296] [Forum topic]
Minor bugs fixed on the Mobile page. [NWI-3297] [Forum topic]
Fixed filtering of the System Component Options list on the General System Settings page. [NWI-3311] [Forum topic]
Fixed welcome popup message on mobile devices. [NWI-3312] [Forum topic]