KeeneticOS updates — Dev Channel

Disabled dns-proxy rebind protection for the loopback IP address 127.0.0.1 since it caused some mobile applications to fail. [NDMS-688] [Forum topic]

Disabled dns-proxy rebind protection for the plex.direct domain, providing for proper operation of the Plex application. [NDMS-696]

Added the 4G/3G network signal level icon for USB modems. [NDW-800]

The Device list page now shows the Ethernet port number for wired devices. [NDW-829]

Gateway and DNS server information is added to the System dashboard page in extender mode. [NDW-872]

Fixed Schedule editor operation in mobile browsers. [NDW-738]

Fixed the toggle switch operation for the Private Cloud components on the Applications tile in the dashboard. [NDW-885]

Updated to the latest OpenSSL library version 1.1.1g, which fixes the CVE-2020-1967 vulnerability.

The listing of nested folders now works properly with the Rclone WebDAV client. [NDMS-658]

User can now cancel and clear the host Speed limit configuration for the Registered devices on the Device lists page. [NDW-869]

Enabled directory listing of WebDAV server resources in a web browser.

Internet availability and firmware updates checking are now working properly when AdGuard DNS service is active on the Internet safety page. [NDMS-648]

Implemented an option to turn off printer polling status. It's helpful for the printer models which do not return correct status. By default, polling status is turned on. [NDMS-209]

Implemented upstream speed limit for registered hosts. [NDW-815]

Redesigned the Private Cloud tile within the Applications section to provide easy management of WebDAV server, SFTP server and FTP server in one place. [NDW-825]

Removed the CONFIG_COMPACTION kernel option to improve memory operations within the task queue handler under heavy loads. [NDMS-423]

Deleted support for the Service-Route SIP header in the Keenetic Phone Station system component. [NVOX-185]

There are no changes for Keenetic Ultra (KN-1810).

Implemented automatic updating of shared disk resources via the Change Notification mechanism of the File and printer sharing (TSMB CIFS) system component. [NDMS-192] [Forum topic]

Updated to the latest OpenSSL library version 1.1.1f, which fixes the CVE-2020-1967 vulnerability.

Fixed the long reconnection time for backhaul links between Wi‑Fi System nodes. [NDMS-612]

Configuration saving with activated Mode — ICMP echo (ping) for Check the availability of the Internet (Ping Check) section on Web Interface is now working correctly. [NDW-780]

Multiple improvements to the Internet availability-checking algorithm: [NDMS-600]

Fixed SSL_read() failed error on Wi‑Fi system extenders affected by OpenSSL library usage. [Forum topic]

Added randomization for source port of L2TP/IPsec VPN connection, to reduce reconnect time. [NDMS-483]

Updated to the latest OpenSSL library version 1.1.1e, which fixes the CVE-2019-1551 vulnerability.

Removed IPsec forced rekey for every 20 GBytes of transferred traffic, to improve stability of high load VPN tunnels. [NDMS-483]

Restored client-to-client communication between VPN clients of different VPN servers of KeeneticOS, for example, PPTP and L2TP/IPsec. [NDMS-588]

Traffic counter for incoming and outgoing VPN IPsec tunnels on the Host traffic monitor page of Web Interface. [NDMS-228]

Handling of IP alias for IPIP (IP over IP) with IPsec protection. [NDMS-590] [Forum topic]

IPsec VPN tunnel connection now follows a user-defined schedule. [NDMS-594] [Forum topic]

Folders with restricted permissions are now appropriately displayed in the File browser. [NDW-285] [Forum topic]

Link to KeeneticOS Release notes is now visible on the Updates and component options section of the System setting page. [NDW-739] [Forum topic]

Unregistered devices and Multicast traffic tabs of the Host traffic monitor used to disappear on page refresh. [NDW-632] [Forum topic] 

Implemented advanced host traffic filtering based on MAC address ,to reduce discovery time on the Device lists page of the Web Interface and prevent devices with blocked access to the Internet from any outbound transactions. [NDMS-585, NDMS-586]

Listing files and directories of File and printer sharing (TSMB CIFS) application yields an empty response when uninstalled the Folder permissions control component. [NDMS-536] [Forum topic]

The printing via File and printer sharing (TSMB CIFS) system component is not possible on the Epson L120 printer due to an invalid printer name in the OpenPrinterEx response. [NDMS-381]

Implemented a new feature for ping-check service, which allows restarting a manually-specified interface. [NDMS-569]

The default MTU (Maximum transmission unit) size for WireGuard® VPN connections is set to 1324 bytes to optimize transfer of data through external networks. [NDMS-486]

Channel width value transfer from 2.4 GHz to 5 GHz Wireless Network band. These settings are now independent. [NDMS-568]

The Device lists are now cleared of hosts mistakenly retrieved from OpenVPN connections. [NDMS-567] [Forum topic]

gspca-ov519 kernel module added to the OPKG (Open Package) system for KeeneticOS, supporting GSPCA-based webcam devices.

KeeneticOS service internet-checker adds captive portal examination for reliable Internet availability detection. [NDMS-553] [Forum topic]

Excessive logging of WireGuard® handshake has been reduced to save space for helpful messages in the System log. [NDMS-555] [Forum topic]

Router icon display on particular DLNA clients or Smart TV for Media Server component of KeeneticOS. [NDMS-181]

IGMP proxy service deactivation on the bridge interface of the network Segment for the case when both the multicast source and clients are in the same Segment. [NDMS-231]

Reset to the default values of Phase 1 — IKE lifetime and Phase 2 — SA (Security Association) lifetime for L2TP/IPsec and Virtual IP VPN connections when some other VPN settings are changed. [NDMS-546]

Folder creation errors while copying folder to WebDAV server on attached USB storage. [NDMS-531] [Forum topic]

The reason for lock precedence violation: IPV6_SUBNETS error messages in the System log. [Forum topic]

Network mask parsing in ip nat command. It's now possible to use a short notation of IP network mask — ip nat 192.168.1.0/24. [NDMS-552] [Forum topic]

Private key validation in the Connection settings section of the WireGuard® VPN. [NDW-653]

Added the Safe eject button for USB storage devices to the USB drives and printers section of the System dashboard. It's best practice to do a proper eject before removing your USB drive from your Keenetic device. [NDW-648]

Added WebDAV settings in the Private Cloud application page, providing easy management to your WebDAV (Web Distributed Authoring and Versioning) resources on the attached USB drive. [NDW-291]

gspca_sonixj kernel module added to the OPKG (Open Package) system for KeeneticOS, supporting GSPCA based webcam devices.

The new configuration option upstream-rate allows asymmetric Internet access speed restriction in the upload direction for any given interface/host/unknown-host. [NDMS-512]

DNS response with IP address 0.0.0.0 is removed from the anti-rebind list of the dns-proxy service of KeeneticOS because some supported Internet security and content filtering services use such IP address to filter blocked media content and links. [NDMS-528] [Forum topic]

Updated pppd daemon responsible for Point-to-Point Protocol (PPP protocol) of KeeneticOS, which fixes the CVE-2020-8597 vulnerability.

Restored access to the Web Interface when the system admin account has no password. [NDMS-526]

Corrected the USB storage status on the Applications section of the System dashboard. [NDW-647] [Forum topic]

Implemented PMF (Protected Management Frames) and WPA3-PSK/OWE (Opportunistic Wireless Encryption) for Wireless ISP (WISP) client providing wireless connection to the Internet. [NDMS-498, NDMS-226]

Added the new CLI commands — for safe disconnect and for detailed information display about connected USB drives. [NDMS-510]

The SSH server system component of KeeneticOS now supports new modern and robust security algorithms: ChaCha20 symmetric cipher encryption and Poly1305 message authentication code across ed25519 public-key cryptography. [NDMS-516, NDMS-517]

Fixed one-way RTP (Real-time Transport Protocol) voice communication for VoIP calls via WireGuard VPN tunnel. Now both subscribers can hear each other well. [NDMS-503]

Addressed the shared network discovery issue with the Popcorn PCH-C300 and Dune media players. [NDMS-456]

Fixed the uptime calculation in the show ip hotspot CLI command. The uptime value is now refreshing properly for all Registered devices. [NDMS-520] [Forum topic]

Repaired the task queue corruption related to the Linux kernel CONFIG_COMPACTION option. The change avoids system restart under the heavy system load of applications that use external storage, e.g. Media Server and Download Station. [NDMS-423] [Forum topic]

WireGuard® VPN tunnel sometimes could not reconnect, after system restart and in some other circumstances. [NDMS-497] [Forum topic]

Fixed the System name field's validation to prevent the use of the space symbol. [NDW-620] [Forum topic]

Fixed the KeenDNS domain name proxy option to preserve the HTTP Host header. [NDMS-490]

Execution of Wireless ACL rules on Wi‑Fi system extenders is now working correctly. [NDMS-398]

A manually configured static IP address on a Wi‑Fi system extender no longer prevents it from connecting to the Internet. [NDMS-89]

Fixed display of Internet connection Status on the System dashboard. [NDW-608] [Forum topic]

Repaired the Activate toggle switch on 4G/3G modem page. Toggle is helpful when you need to manage a modem manually. [NDW-615] [Forum topic]

Added the WebDAV (Web Distributed Authoring and Versioning) file server. To access, use https://{hostname}/webdav link. The CLI commands for setting up the WebDAV server are listed below: [NDMS-275] [Forum topic]

Added the SFTP (SSH File Transfer Protocol) file server. The following CLI commands are available for setting up the SFTP server: [NDMS-244] [Forum topic]

Added support for the following modems with QMI (Qualcomm MSM Interface) type control interface:

Further USB modems support:

Wireless Backhaul connection shutdown for the Wi‑Fi system controller is now available. It helps to maximize the performance of the Wi‑Fi system if all nodes are connected via wired Ethernet connection. The CLI command is below. [NDMS-314] [Forum topic ]

Added DNS Rebinding protection feature for the dns-proxy service of KeeneticOS. [NDMS-437] [Forum topic]

Implemented NOTIMPL response to IQUERY for the dns-proxy service of KeeneticOS, which means Not Implemented error for DNS requests from network devices. The IQUERY method of performing inverse DNS lookups is made obsolete. [NDMS-465]

Added DLNA accessibility for PPP-based VPN servers like PPTP or L2TP/IPsec. It enables the access to DLNA server content via external VPN connection. [NDMS-284]

PEAP/MS-CHAPv2 authentication now works properly for 802.1x connections. [NDMS-402] [Forum topic]

Accelerated WEB Interface response time when thousands of dynamic routes are uploaded to KeeneticOS routing table via OPKG (Open Package) system packages. [Forum topic]

Updated the mini_snmpd system service with fixes for the CVE-2020-6058, CVE-2020-6059, CVE-2020-6060 vulnerabilities.