KeeneticOS 4.0
KeeneticOS 4.0.2
01/08/2023
Fixed
Restored Fast transition (802.11r) operation for wireless roaming in additional segments such as the Guest segment (
protected
). [NDM-2774] [Forum topic]The Ping Check now works correctly when the Operator DNS is disabled and secure DNS over HTTPS (DoH) or DNS over TLS (DoT) is enabled. [NDM-2784] [Forum topic]
Fixed issue with adding the default ISP route when setting up a static IPv6 Internet connection. [NDM-2839]
Wireless connection with WPA3-PSK (
SAE-H2E
method) security no longer triggers a system reboot. [SYS-932]The cause of the
not found: interface security-level
error message in the System log has been fixed when configuring the extender. [NDM-2868]The issue of unregistered devices originating from the Extender IP address in additional segments has been resolved. [NDM-2869] [Forum topic]
KeeneticOS 4.0.1
19/07/2023
Improved
Faster and more reliable operating system updates for Mesh Wi-Fi nodes. The structure of the Mesh Wi-Fi System and the connections between nodes now determine the order in which nodes are updated. [NDM-2816]
The Web interface now supports the Danish language. [SYS-907]
Fixed
The cause of the
port 0 is busy
error, which prevented the correct propagation of network segments, has been fixed. [NDM-2852]Network segmentation has been fixed to prevent Guest segment devices from accessing the settings of Extender nodes. [NDM-2744]
Fixed support for Microsoft Point-to-Point Encryption (MPPE) on L2TP/IPsec connections. [NDM-2859]
KeeneticOS 4.0.0
07/07/2023
Fixed
The name of the segment and other description fields are now protected against the XSS vulnerability in the Web interface. [NWI-2715]
Enabling the DNS transit requests feature correctly disables DNS packet interception. [NDM-2769]
Fixed an error that caused all WireGuard tunnels to disable when one of the tunnels was turned off. [NDM-2800] [Forum topic]
Fixed HTTP server configuration errors after changing the interface security level under certain conditions. [NDM-2832]
Fixed
GigabitEthernet1 is off-board
error when deleting Wired connection via port 0 in the Web interface. [NDM-2651]
KeeneticOS 4.0 Beta 3
23/06/2023
New
Implemented a new option to de-announce IPv6 prefixes for backup connections. [NDM-2805]
Improved
Added ICMPv6 support to
ipv6 static
rules, allowing pingv6 to local devices with IPv6 addresses. [NDM-2760]ipv6 static (... | icmpv6) [interface] {mac}
— enableicmpv6
protocol for specified{mac}
Fixed
The WireGuard connections no longer restart after NTP time synchronisation. [NDM-2773] [Forum topic]
Corrected traffic counting when multiple WAN connections are active. [SYS-880] [Forum topic]
Fixed Wi-Fi connection issue when switching channel width from 80 to 20 MHz. [SYS-893]
KeeneticOS 4.0 Beta 2
09/06/2023
New
There are no changes for Keenetic Speedster(KN-3010).
Fixed
It is now possible to add new extenders to the Wi-Fi system without an Internet connection. [NDM-2594]
Speed limits set for multiple registered devices no longer cause the system to spontaneously restart. [NDM-2730]
Corrected the display of the Network SSID tooltip for the Scan for networks results list on the Wi-Fi Monitor page. [NWI-2648] [Forum topic]
Fixed some minor visual issues with the Web interface layouts. [NWI-2675, NWI-2676] [Forum topic]
Fixed positioning of Web UI elements on the System Dashboard page when zooming in Safari iOS 16. [NWI-2626]
Fixed the GRE/IPsec connection issue when using IKEv2 and Cisco iOS/Nx-Os endpoints. [NDM-2789]
KeeneticOS 4.0 Beta 1
26/05/2023
New
There are no changes for Keenetic Speedster(KN-3010).
KeeneticOS 4.0 Beta 0.3
20/05/2023
Fixed
Fixed a reboot issue caused by counting traffic going through the Hardware network accelerator. [SYS-860]
Fixed the cause of wireless clients rejoining a Wi-Fi network with Fast transition (802.11r) disabled under certain conditions. [SYS-845]
Sorting in the Channels column on the Wi-Fi Monitor page now works correctly. [NWI-2603] [Forum topic]
Corrected the layout of the dialogue box of the Fail-safe function. [NWI-2635] [Forum topic]
Fixed incorrect local and remote IKEv2 proposal IDs when using GRE/IPsec tunnels. [NDM-2750]
KeeneticOS 4.0 Beta 0.2
13/05/2023
New
Implemented a new
ip
format option for the DCHP server in the command line interface (CLI): [NDM-2755]ip dhcp pool {name} option {2..254} ip {address[,address]*}
— set IP addressip
for certain DCHPoption
number
KeeneticOS 4.0 Beta 0.1
06/05/2023
Fixed
The
HEAD
method for*.html
resources has been restored in the web server response. [NDM-2748] [Forum topic]The misclassification of traffic from registered devices as traffic from unregistered devices in the traffic accounting has been corrected. [SYS-846] [Forum topic]
KeeneticOS 4.0 Alpha 20
27/04/2023
Improved
Implemented propagation of Network Time Protocol settings to extenders in the Wi-Fi System. [NDM-2508]
Fixed
The incompatibility of the Ping Check service with DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) name servers has been fixed. [NDM-2739] [Forum topic]
Fixed incorrect assignment of VLAN roles to ports in the Web Interface. [NWI-2593]
KeeneticOS 4.0 Alpha 19
17/04/2023
Fixed
The KeeneticOS API is re-enabled for the Keenetic mobile application. [SYS-838] [Forum topic]
The cause of the
unable to obtain addresses
error message in the System log has been fixed when using DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) filtering. [NDM-2735] [Forum topic]Fixed cause of
resource deadlock avoided
error message in System log coming fromCloud agent service
. [NDM-2736] [Forum topic]
KeeneticOS 4.0 Alpha 18
14/04/2023
New
The new option to bind DNSv6 addresses is now available via the command line interface (CLI), as follows:
ipv6 name-server {address} [{domain} [on {interface}]]
— bind DNSv6{address}
on specified{interface}
;for example:
ipv6 name-server 123::456 "" on UsbLte0
Improved
The initial Ping Check state has been changed to a negative state to avoid using a non-working connection to access the Internet. Reduced initial Ping Check time. [NDM-1837]
Fixed
Disabled the use of name servers (DNS servers) on offline backup connections. [NDM-795]
The static route for the WireGuard® VPN remote peer is no longer removed after changes are made to the underlying connection of the WireGuard VPN tunnel. [NDM-2522]
The bandwidth control of the Connection policy now works as intended for IPsec IKEv2 client connections. [NDM-2537]
Fixed incorrect re-association logic when dealing with a roaming Wi-Fi client with PMKID. [SYS-810]
Asymmetric speed limiting now works correctly for registered devices when IntelliQoS is enabled. [SYS-836]
KeeneticOS 4.0 Alpha 17
07/04/2023
Fixed
The Wireless ISP connection now displays the password field correctly when connecting to a mixed
WPA1-PSK/WPA2-PSK
wireless network. [NWI-1544] [Forum topic]The Other Devices category returns to the Traffic monitor page. [NWI-2541]
Fixed the Safari browser's non-editable Clients isolation checkbox. [NWI-2501] [Forum topic]
Fixed adding a route with
/32
IP subnet or address mask on the OpenVPN interface. [NDM-2686]Fixed a phantom traffic display for unregistered devices. [NDM-2702]
The multipath policies now work correctly and do not use connections with negative Ping Check testing results. [NDM-2706]
KeeneticOS 4.0 Alpha 16
31/03/2023
Improved
The Firewall service now flushes corresponding sessions when firewall rules are enabled or disabled. [NDM-2690]
The maximum MTU size has been increased to
1514
bytes, providing PPPoE MTU =1500
bytes over VLAN. [SYS-812]
Fixed
There are no changes for Keenetic Speedster(KN-3010).
KeeneticOS 4.0 Alpha 15
24/03/2023
Improved
The
ip alias
configuration no longer affects the NAT translation for the primary PPPoE connection. [SYS-806]
KeeneticOS 4.0 Alpha 14
17/03/2023
New
The Web Interface's new custom HTTPS server port allows you to free up a standard
TCP/443
port and forward it to any device on your local network. [NDM-2670]ip http ssl port {port}
— assign a different{port}
for HTTPS server of the Web Interface
Added new optional
username
andpassword
parameters to thechilli login {mac}
command of the Captive portal system component: [NDM-2679]interface Chilli0 chilli login {mac} [username {username} password {password}]
— make manual authorization with specified{username}
and{password}
Improved
Added a
robots.txt
file to the Web Interface server to prevent indexing by search engines. [NDM-2673]
Fixed
Custom DNS resolution profiles are now correctly applied to Segments and registered devices. [NWI-1547] [Forum topic]
Prevented IPsec configuration failure using a cryptographic key
crypto ike key
with an unsupported length greater than 72 characters. [NDM-2562]Increased the packet queue length of the Captive portal system component to prevent packets from being dropped due to system log congestion errors under heavy load. [NDM-2572]
Reconnection of a wireless client to the access point with WPA3-PSK protection works correctly after accidental disconnection. [SYS-797]
KeeneticOS 4.0 Alpha 13
10/03/2023
New
The setting for the new On-demand type of Internet connection is available from the Command Line Interface (CLI). The On-demand type of connection is automatically disconnected if a higher priority Internet connection is running. [NDM-2643]
interface {name} standby enable
— switch connection type to On-demand for specified interface{name}
The new Captive Portal option is available for manual authorization of hotspot hosts in the command line interface (CLI): [NDM-2417]
interface Chilli0 chilli login {mac}
— make manual authorization for specified{mac}
Fixed
Corrected Partial data tooltip content display in Safari and Firefox browsers. [NWI-1527] [Forum topic]
The OpenVPN connection configuration parser handles the
<auth-user-pass>
inline password section correctly. [NDM-2640]The cause of the
lock precedence violation
error message in the System log that caused slow Web Interface responses has been fixed. [NDM-2663] [Forum topic]The parsing of the security parameters during a
site-survey
action now operates correctly for an Access Point (AP) that announces WPA2 and Fast Transition (FT). [SYS-796]
KeeneticOS 4.0 Alpha 12
07/03/2023
Improved
There are no changes for Keenetic Speedster(KN-3010).
Fixed
The Select Your Country or Region pop-up displays correctly in desktop and mobile Safari browsers. [NWI-1541] [Forum topic]
Fixed the BSS ranking algorithm for the
WifiStation
and Mesh Wi-Fi System backhaul connection. [SYS-782]The start up of the DHCP client now works correctly on extenders that are connected via wireless backhaul. [NDM-2655] [Forum topic]
OpenVPN interface state detection has been restored; this was causing the VPN connection to fail. [NDM-2661] [Forum topic]
Fixed a bug introduced in 4.0 Alpha 11 that prevented the Keenetic mobile application agent from starting correctly in KeeneticOS. [SYS-793]
Fixed DNS settings incorrectly removed on IKEv1/IPsec and IKEv2/IPsec VPN servers. [NDM-2662]
KeeneticOS 4.0 Alpha 11
03/03/2023
New
The new 464clat (RFC6877) option has been implemented for the IPv6 transition mechanism. [NDM-2121]
The SNMP server system component now supports IPv6 protocol operation. [NDM-2653]
Fixed
SNMP response now comes from the correct source IP address when accessing via a VPN connection. [NDM-2082]
The default route is now correctly assigned for HTTP/HTTPS/SOCKS5 proxy interfaces. [NDM-2366]
The Fast Transition (802.11r) option is displayed correctly after changing the network name (SSID) for one of the Wi-Fi bands. [NWI-1508]
The Clients tooltip now displays Wi-Fi device names on the Extender's Wi-Fi monitor page. [NWI-1528] [Forum topic]
The cause of the
group address 224.0.1.187 is not equal destination address
error message in the System log has been fixed. [SYS-775]The Hardware Network Accelerator operation is restored for the IPv6 protocol. [SYS-779] [Forum topic]
KeeneticOS 4.0 Alpha 10
20/02/2023
Improved
The username of the KeeneticOS account now allows the dot '
.
' character. [NWI-1523]
Fixed
The Phase 1 Rekey time display is corrected in the Web Interface for Site-to-site IPsec VPN connections after changes in system statistics. [NWI-1518]
KeeneticOS 4.0 Alpha 9
18/02/2023
New
There are no changes for Keenetic Speedster(KN-3010).
Improved
There are no changes for Keenetic Speedster(KN-3010).
Fixed
The RADIUS settings propagate correctly from the Controller to all Extenders of the Wi-Fi System. [NDM-2243]
IPv4 connectivity restored via an IPv6 MAP-T Internet connection. [NDM-2613]
Fixed
connected
state for HTTP/HTTPS/SOCKSv5 proxy interfaces. [NDM-2627]
KeeneticOS 4.0 Alpha 8
11/02/2023
New
The Application traffic analyser now supports traffic classification for the ICMP protocol. [SYS-760]
Improved
The OpenSSL library is updated to the latest version,
3.0.8
, which fixes the following list of vulnerabilities: [SYS-759]
Fixed
The Ping Check > Automatic profile operation has been fixed. [NDM-2608]
The check box to Enable the SNTP service for local devices is available with a custom configuration of NTP servers. [NWI-1505]
KeeneticOS 4.0 Alpha 7
07/02/2023
Fixed
The DHCP renewal process no longer restarts L2TP/PPTP/IPoE Internet connections. [NDM-2590] [Forum topic]
Status detection of the interface with a static IPv6 address works as intended. [NDM-2591]
Disconnecting the underlying interface for WireGuard® VPN no longer causes traffic flooding. [NDM-2593] [Forum topic]
KeeneticOS 4.0 Alpha 6
03/02/2023
New
There are no changes for Keenetic Speedster(KN-3010).
Improved
The
ipv6 firewall
CLI command has been deprecated and removed. [NDM-1731]The network interface status tracking mechanism in KeeneticOS has been redesigned to provide better IPv6 protocol support and faster Web Interface response. [NDM-2415]
Warning
Different types of Internet connections and related functions may be affected. Please make a backup of your firmware image and startup configuration before updating.
Fixed
The PPPoE connection now works as intended with IPv6-only connections. [NDM-2585]
Disabled PAT (Port Address Translation) for locally generated traffic. This was particularly disruptive to MAP-T and DS-Lite Internet connections. [NDM-2587] [Forum topic]
System halt has been fixed when connecting to the cloud service under certain conditions. [NDM-2516]
KeeneticOS 4.0 Alpha 5
27/01/2023
Improved
The new WAN IPv6 address assignment option has been implemented in accordance with the RFC6204 (WAA-8) standard. [NDM-2549]
Fixed
The cause of the
ndnproxy:out of socket file descriptors
error message in the System log was fixed. It occurs under heavy loading of theDNS proxy
service. [SYS-727]The enabled DNS request transit option now operates as expected for unregistered hosts. [NDM-2547]
Fixed
watchdog timer interrupt on CPU0
system reboot when using the Traffic shaper system component. [SYS-397]The default route via the IPoE interface is now automatically restored after the PPP (PPPoE, L2TP, PPTP) interface is deleted. [NDM-2575]
KeeneticOS 4.0 Alpha 4
20/01/2023
Improved
KeeneticOS now allows you to assign
512
hosts with Static IP settings on the Device lists page for registered devices. [NDM-2501]Increased KeenDNS service web application records from
160
to256
. [NDM-2519]
Fixed
The
DNS proxy
service now handles TCP chunks correctly, resulting in better service stability. [SYS-726]Fixed
connected
state for interfaces with a statically configured IP address. [NDM-2551]Phase 1 Rekey time is now displayed correctly for site-to-site IPsec VPN connections. [NDM-2554]
Fixed the reason for spontaneous disconnection of remote connections to L2TP/IPsec VPN server. [NDM-2555]
The Traffic monitor page now displays the correct average speed for 3 minutes. [NDM-2556]
Corrected the "transmitted bytes" statistic in the host traffic monitor legend. [NDM-2560]
KeeneticOS 4.0 Alpha 3
12/01/2023
New
The new deSEC (desec.io) service is available for the Dynamic DNS (DDNS) client system component. [NDM-2540]
A new CLI command allows the deactivation of an internal
storm-control
feature for a specific interface:interface {name} storm-control disable
— disable storm-control on{name}
interface
Fixed
Ethernet ports are now operating correctly after re-enabling of the previously disabled ports. [NDM-2529] [Forum topic]
Connection priority change no longer modifies the interface state. [NDM-2526] [Forum topic]
The
ip6 prefix auto
setting no longer disappears from the running configuration. [NDM-2528] [Forum topic]The
ICMP
andGRE
protocols are now available for the new IPsec traffic selectors with multiple subnets. [NDM-2534] [Forum topic]The use of WireGuard® tunnels as the default route with the IPv6 protocol is now fixed. [NDM-2535]
Restored the working of IPv6 in IPv4 tunnels after switching to new routing table logic. [NDM-2544] [Forum topic]
The
interface ipv6 force-default
CLI command has been brought back into support for backward compatibility. [NDM-2545] [Forum topic]
KeeneticOS 4.0 Alpha 2
30/12/2022
Fixed
The Fail-safe configuration mode no longer causes an unnecessary reboot. The timeout is set to three minutes. [NWI-1496]
The Provider name description now displays correctly on the Dashboard and Connection priorities pages. [NWI-1495] [Forum topic]
The cause of the
not found: show/ip6/routes
error messages in the System log was fixed. [NWI-1497] [Forum topic]Restored PPPoE interface management when it changes up or down state. [NDM-2523] [Forum topic]
The SSTP VPN server now supports legacy
TLSv1/SHA1
algorithms for correct SSTP connection with particular Windows 7 clients. [NDM-2525] [Forum topic]
KeeneticOS 4.0 Alpha 1
27/12/2022
New
The new IPv6 Prefix Delegation option has been implemented for subnetting. [NDM-1976]
Use the following CLI commands to set:
ipv6 subnet {name} prefix length {length}
— set subnet prefix lengthipv6 subnet {name} prefix delegate {delegate}
— set delegated prefix length (must be shorter than prefix length)
A typical configuration Prefix Delegation for a Home segment looks like follows:
ipv6 subnet Default bind Home mode dhcp prefix length 63 prefix delegate 64 number 0
The new multiple subnets option is available for Site-to-site IPsec VPN connections in Phase 2, providing network connectivity between several subnets over a VPN tunnel. [NDM-313]
Use the following CLI commands to set:
object-group ip {name}
— create a new object groupinclude (ip | tcp | udp | tcpudp | icmp) {address} [{port} [{end-port}]]
exclude (ip | tcp | udp | tcpudp | icmp) {address} [{port} [{end-port}]]
crypto map {name} traffic-selectors {local} {remote}
— assign local/remote object groups as Phase 2 selectors
The new Add local subnet and Add remote subnet options are available for Site-to-site IPsec VPN connections on the Internet > Other connections page.
Implemented host traffic accounting for IPv6 protocol, providing correct calculation for the incoming/outgoing data of your home devices. [SYS-648]
The Application traffic analyser now supports traffic classification for the IPv6 protocol. [SYS-652]
The Traffic shaper system component now supports operation with the IPv6 protocol, providing correct traffic limitation for data flows of IPv4/IPv6 together. [SYS-658]
The Web Interface receives core support for IPv6 connections. [NDM-2448]
The OpenVPN client and server system component now supports the IPv6 protocol for VPN connection. [NDM-2451]
The Wireguard VPN component now internally supports the IPv6 protocol for VPN connection. [NDM-2452]
Implemented support for 802.1Q tagged VLAN traffic over
AccessPoint
andWifiStation
(Wireless ISP) interfaces. [SYS-682]The new HTTP/HTTPS URI mode of the Ping Check allows you to specify the host address to check using a URI (Uniform Resource Identifier). [NDM-2490] [Forum topic]
Use the following CLI commands to set:
ping-check profile {name} mode (icmp | connect | tls | uri)
— enable URI checking for Ping Check profile{name}
ping-check profile {name} uri {uri}
— set URI
Connection policy now operates with the IPv6 protocol. [NDM-2515]
Improved
Fixed
DNS IPv6 responses now sent from the correct and expected port 53. [NDM-2439]