KeeneticOS updates — Preview Channel

Improved compatibility and security: The EAP-PEAP authentication is implemented for both server and client components of the IKEv2 VPN, providing extended compatibility and stronger security. [NDMS-1324]

The aes256-sha256-modp2048 mode for IPsec connection is now enabled for better compatibility with the ProtonVPN service provider. [NDMS-1004]

The roaming area for wireless clients can now be restricted. By default all wireless clients can roam between all Wi‑Fi system nodes. This may introduce issues with sticky wireless clients in stationary Wi‑Fi-connected appliances like Smart TV. Sticky client remains connected to a distant node when there is better node nearby. This can severely impact the performance of device itself and Wi‑Fi network at whole. To address this issue you can now specify for for particular sticky wireless client the list of Wi‑Fi system nodes it can connect. The setting is available in both CLI and web interface on the Registered devices options page. [NDMS-1311]

If you don't want the LED indicators of your device to operate all day and night, you can use the new handy LED indicators control feature, available on the General system settings page of the web interface. It allows you to set up separate operating schedules for the LED indicators on your device's front and back. [NDW-1700]

The power-down schedule for LED indicators is now inverted. [NDMS-1265]

Do not use the obsolete command system led shutdown {mode} schedule {schedule}.

Instead, issue these new commands in the CLI to apply the setting:

A new feature for HTTP header enforcement is added. It can be used when you cannot access the web application in your home network remotely. [NDMS-1259]

Issue this command in the CLI to apply the force-host header value to the corresponding domain name

The debugging mode of STP processing is implemented, providing detailed information on Wi‑Fi system operations. It can be requested by the technical support engineer for additional diagnostics. You don't need to enable it for day-to-day operations. [NDMS-1204]

The Gigaset A220H and Gigaset A415H DECT handsets are now supported for VoIP calls via Keenetic Plus DECT phone station, connected to the USB port of your device.

A new PPPoE connection recovery algorithm is implemented. The series of multiple PADO packet timeouts now triggers the link restart action on the WAN Ethernet port of the device, restoring the remote equipment's correct port operation, and speeding up the re-establishment of the PPPoE connection. [NDMS-1179]

A new selector for Speed monitoring is added on the Host traffic monitor page. Use it to observe the speed of Internet connection for your home network clients over specific periods of time. [NDW-1580]

It is possible to set the description of your device's Ethernet ports using the interface {interface} description {description} command in the CLI. Now this description is displayed inside the icons of the Network ports section on the web interface's System dashboard page. If the description is longer than four symbols, then only three first of them are displayed inside the icon. To display the whole string, hover the cursor over the port's icon. [NDW-1594]

A static IP address can now be assigned to the Extender device in the web interface of the Controller device. [NDW-1520]

Open a particular Extender's node settings in the Members list on the Wi‑Fi system page and apply the desired IP address.

The Megafon M150-4 modem is now supported. [NDMS-1178]

Advanced Wi‑Fi settings of extender nodes now allow changing Channel width for radio interfaces shared with mesh back-haul connections. [NDW-1495]

The new algorithm now automatically switches the Beeline ISP's Internet connection types from L2TP to IPoE.

IKEv2 tunnels now feature DHCP Option 249 support. This delivers the static routes setting from the tunnel server-side to the remote clients in DHCP INFORM packets for automatic configuration. [NDMS-686]

The Huawei E8278s-602 modem is now supported. [NDMS-878]

A new scanning algorithm for the wireless environment is implemented. It starts once a new Extender device is added to the Mesh Wi‑Fi system and lets all nodes determine the proper neighbors for wireless back-haul connection. [NDMS-1087]

If your device has a public IP address, you can access it remotely using a convenient static domain name registered by a DDNS provider. The setting for OpenDNS and DNS-O-Matic DDNS providers is now supported. It is available within the DDNS tab on the web interface's Domain name page. [NDMS-1010]

The traffic Service class can now be applied to a registered device in the web interface. It defines the data processing priority for the particular device. When the ISP connection is reaching its utilization cap, requested bandwidth is allocated first for devices having higher priority. For instance, you can apply a higher priority service class to the host experiencing voice calls delays or online video freezes while another host is downloading files. [NDW-1347]

The Network ports settings list in the web interface is enhanced by additional auto-negotiation options providing improved compatibility. [NDW-1370]

IPv6 address detection for local hosts is improved. The problem of periodic Internet connection loss on registered local devices using IPv6 addressing when the strict No internet access setting is enabled on Connection policy for unregistered devices is now fixed. [NDMS-433]

A new pool for improved management of PMK-R1 keys is implemented. This change fixes the unstable connection of some wireless clients using WPA3 security while roaming between the nodes of your Wi‑Fi system. The fast and seamless transition mechanism, improving the usage of applications sensitive to packet delay and drops, is now completely available for WPA3 clients. [NDMS-1236, NDMS-1253, NDSM-1258, NDMS-1272].

To give you more granular control of KeeneticOS features, we have separated the Keenetic mobile application and the Cloud based remote control and KeenDNS components. If the mobile application is not used, the corresponding component can now be removed from KeeneticOS completely. [NDMS-1174]

Improved security: The OpenSSL library is updated to version 1.1.1i. It fixes the CVE-2020-1971 vulnerability.

Mesh Wi‑Fi system extenders now have unique local MAC addresses in each network segment. This improves Wi‑Fi system operational stability, especially when connecting extenders via unmanaged Ethernet switches. [NDMS-1083]

Improved timezone setting: Extender devices now automatically apply timezone setting propagated by the Controller device of Wi‑Fi system. You don't need to set the timezone manually per node. [NDMS-1251]

The Host traffic monitor page of the web interface has received minor usability improvements. [NDW-1577]

The first tab shows the Top5 highest consumption devices or types of traffic in different colors. The last item in the list, colored gray, is the sum of the traffic from all Other devices that in total consume less than any one of Top5. The multicast traffic is shown separately from this item only when its amount becomes one of Top5. Otherwise, it is included in Other devices item. You can also add more tabs for particular registered devices of your home network, for detailed monitoring.

The IPsec protocol code was updated to remove obsolete elements, and to optimize the footprint, providing improved tunnel connection security, stability and compatibility. [NDMS-268]

The Mesh Wi‑Fi system Extender device's best path selection algorithm for wireless back-haul connection is improved. This change now provides greater stability and performance of the Mesh Wi‑Fi system's nodes interconnections. [NDMS-1120]

The Protected Management Frames (PMF) feature is now enabled on wireless back-haul interconnections of the Mesh Wi‑Fi system's nodes, improving network security and protection against disconnection attacks by intruders. [NDMS-951]

The processing of concatenated SMS messages on supported QMI-modems is fixed. The resulting message is now displayed correctly in the SMS lists menu of the web interface. [NDMS-1383]

Incorrect writing of files with a size smaller than 64KB to the attached USB-storage via the WebDAV protocol is now fixed. [NDMS-1316]

The spontaneous reboots that happened when using Huawei mobile modems operating CDC-NCM protocol are fixed now. USB-modems can be used for primary and backup connection. [NDMS-1191]

Internet connection policy employing the QMI-type modem link works properly now. [NDMS-1203]

The display of the force-host: not enough arguments error in the startup configuration is fixed. [NDMS-1259]

Cat 6 and above 4G LTE modems use multiple carriers to send and receive data. Information about multiple carriers reported by the modem is now displayed correctly. You can find it in the mobile connection details on the System dashboard and Mobile broadband connection pages. Or issue show interface {interface} command in CLI. [NDMS-1156]

A seamless Wi‑Fi roaming improvement is made: The unstable fast transition of wireless clients in Guest segment is fixed. The issue affected all network segments with the protected security level setting. [NDMS-1244]

STP processing is disabled for OpenVPN and EoIP interfaces included in the Bridge type of interface. This change prevents unstable behavior of the Wi‑Fi system triggering drops of the tunnel connections. [NDMS-986]

A bug in processing SIM card status on the QMI-type modem, leading to possible crashes, is fixed. [NDMS-1285]

The bug in domain name processing is fixed. Now clients of your home network can correctly resolve the domain name of the Keenetic device booked with KeenDNS service. [NDMS-1250]

Uploading a file with the same name as existing one to the attached USB storage caused appending of data instead of replacing the file. This was fixed. The built-in File browser allows you to manage files on attached USB storage through your device's web interface. [NDMS-1227]

Improved compatibility: the invalid transition error caused by the low power mode on the Sierra Wireless EM7455 modem is fixed. [NDMS-1230]

Wireless clients, roaming to the nodes of a Mesh Wi‑Fi system using a fast transition mechanism, could experience connection problems when the GTK (Group Temporal Key) renewal happened. An improvement, applied to the GTK re-keying procedure, resolved the connection stability for such clients, ensuring seamless roaming. [NDMS-1205]

Automatic WSD discovery of printers and storage devices attached to the Keenetic is now fixed to work continuously. [NDMS-826]

Sony Playstation®2 can now access storage devices attached to the Keenetic via SMBv1 protocol without an issue. [NDMS-1018]

Minor fixes in the appearance of the web interface's Device lists page. [NDW-1477]

The bug causing the unable to remove : directory not empty error and preventing deletion of folders on attached USB storage devices, is fixed. [NDMS-1014]